AnsweredAssumed Answered

Enabling Security and encryption on CUCM 10.0

Question asked by Shobhiy@78 on Feb 13, 2014
Latest reply on Feb 20, 2014 by Shobhiy@78


I need come clarification on enabling the security and encryption on CUCM 10.0, I found one document on Cisco communities as per that it is mentioend that:

It required 2 USB eTokens to enable/disable Mixed Mode security for the UCM cluster

The new USB eTokens are made in China, so it is not Trade Agreement Act (TAA) compliant. This will block UCM sales to U.S. Government customers who intend on enabling media and signaling encryption.


Apart from this on the same document it is written that

  • CTL client plugin and safenet USB eToken are no longer required
  • Mixed mode operation can be enabled only on the U.S. Export Restricted version

Question: is this means that we can enable Mixed mode via CLI only in USA, if the customer is having cluster in many other place like Europe, Asia we can use the eToken and there is no compliance issue in that countries to use the eTokens?


  • CTL File would be generated using CLI option, instead of generating it by CTL client running on Windows machine.
  • CTL File is signed by Call Manager private key.
  • The new CLI commands are active only on the Publisher node.


Note: Phones should be SBD aware.

Question: What does this means? and which modles are SBD aware?


We can use the eToken in other countries other than USA and for USA we can generate CTL file for USA cluster by using the command line which is only available on Publisher?


is there any data available which can give us any idea that how much time this process( enabling security and encryption) will take in one standard size cluster having approximatly 5 CUCM servers and 2 CUC servers approximatly 5 voice gateway and 1500 IP phones?


Thanks and Regards