MIC,LSC, Security Endpoints

Regarding security endpoints, you have 2 opportunities :

  • Newer phones are using more an existing Mafufacturing Installed Certificate , this is the MIC
  • Meanwhile , old phones will use a Locally Significant Certificate ( LSC) which will be installed by the Certificate Authority Proxy Function (CAPF)

As LSC must be a transaction between the Ip phone and the CAPF , here is the process as it is issued :

  1. IP Phone generates a public/private key pair
  2. A TLS Session is established with the CAPF Service and the keys and identity are sent from the phone to CAPF
  3. The CAPF Service creates and sends an LSC to the phone
  4. The IP Phone installs the LSC

Also for info, the CAPF Service must be in the phone CTL file , which is downloaded from the TFTP when the phone boots .

CAST – Cisco Audio Session Tunnel

Cast is the protocol used into the conversation between the webcam and your IP Phone.

It uses TCP/4224 in both direction ( easy to implement if you are firewalling your networks).

Pay also attention that the communication is only between the IP Phone and the webcam . CUCM is not involved at all in that “conversation” except for the TFTP config download.


In order to your DHCP to give the TFTP address to your phones , the common configuration is to use the option 150 which is the main and the more expanded concept used for providing your TFTP. It can provide an IP Address as well an array of IP Address.

This is also the code which you are using under IOS configurations.

But in some old implementation , you can find also the option 66 to give the TFTP to the phones . Option 66 is different in the meaning that you must provide a server name so you need to have DNS enabled . Also you can only pass one parameter!!!

So don’t be too disturbed if you see this option 🙂

Page 20 of 22« First...10...1819202122