1. Manuals
  2. Brands
  3. Cisco Manuals
  4. VoIP
  5. SPA921 - Cisco - IP Phone
  6. Provisioning manual

Cisco SPA921 - - IP Phone Provisioning Manual

Voice system, voice gateways, and ip telephones
Hide thumbs Also See for SPA921 - Cisco - IP Phone:
Table of Contents

Quick Links

See also: Administration Manual
PROVISIONING
GUIDE
Cisco Small Business
Voice System, Voice Gateways, and IP Telephones
Table of Contents
loading

Related Manuals for Cisco SPA921 - Cisco - IP Phone

Summary of Contents for Cisco SPA921 - Cisco - IP Phone

  • Page 1 PROVISIONING GUIDE Cisco Small Business Voice System, Voice Gateways, and IP Telephones...
  • Page 2 Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc.

  • Page 3: Table Of Contents

    Contents Chapter 1: Provisioning Cisco Small Business VoIP Devices Residential Deployment Provisioning Requirements Remote Endpoint Control Communication Encryption Provisioning Overview Initial Provisioning Deploying RC Units Redundant Provisioning Servers Retail Provisioning Automatic In-House Preprovisioning Configuration Access Control Configuration Profiles Downloading the SIP Profile Compiler (SPC) Tool Provisioning States Using HTTPS How HTTPS Works...
  • Page 4 Contents Configuration File Compression File Encryption Encrypting a File with the SPC Proprietary Plain-Text Configuration File Source Text Syntax Comments Macro Expansion Conditional Expressions Assignment Expressions URL Syntax Optional Resync Arguments Using Provisioning Parameters General Purpose Parameters Enables Triggers Configurable Schedules Profile Rules Report Rule Upgrade Rule...
  • Page 5 Contents HTTPS With Client Certificate Authentication HTTPS Client Filtering and Dynamic Content Profile Formats Profile Compression Profile Encryption Partitioned Profiles Parameter Name Aliases Proprietary Profile Format Chapter 4: Provisioning Field Reference Configuration Profile Parameters Firmware Upgrade Parameters General Purpose Parameters Macro Expansion Variables Internal Error Codes Appendix A: Example Configuration Profile...

  • Page 6: About This Document

    Preface About This Document This guide describes the provisioning of Cisco Small Business Voice over IP (VoIP) products. It contains the following sections: • Purpose, page iv • Document Audience, page v • Organization, page v • Finding Information in PDF Files, page vi •...
  • Page 7 Preface SPA941—Four-line business phone. SPA942—Four-line business phone. Power over Ethernet (PoE) support and an extra 10/100 Ethernet port for connecting another device to the SPA962—Six lines, hi-resolution color display. Power over Ethernet (PoE) support and an extra 10/100 Ethernet port for connecting another device to the LAN SPA525G--Five lines, hi-resolution color display.
  • Page 8 Preface Chapter Contents Appendix A, “Example This appendix contains a sample profile that you Configuration Profile” may find helpful. Appendix B, “Acronyms” This appendix provides the expansion of acronyms used in this document. Appendix C, “Where to This appendix provides links to resources for Go From Here”...
  • Page 9 Preface Press Enter again to continue to more instances of the term. STEP 5 Finding Text in Multiple PDF Files Search window lets you search for terms in multiple PDF files that are stored on your PC or local network. The PDF files do not need to be open. Start Acrobat Professional or Adobe Reader.
  • Page 10 Preface When the Results appear, click + to open a folder, and then click any link to open STEP 4 the file where the search terms appear. For more information about the Find and Search functions, see the Adobe Acrobat online help.

  • Page 11: Document Conventions

    Preface Document Conventions The following typographic conventions are used in this document. Typographic Meaning Element Boldface Indicates an option on a menu or a literal value to be entered in a field. Angle brackets (<>) are used to identify parameters that appear on the configuration pages of the administration web server.

  • Page 12: Chapter 1: Provisioning Cisco Small Business Voip Devices

    Provisioning Cisco Small Business VoIP Devices This chapter describes the features and functionality available when provisioning Cisco Small Business IP Telephony Devices and explains the setup required. It includes the following sections: • Residential Deployment Provisioning Requirements, page 10 • Provisioning Overview, page 12 •...

  • Page 13: Remote Endpoint Control

    Provisioning Cisco Small Business VoIP Devices Residential Deployment Provisioning Requirements Device configuration varies according to the individual customer and with the same customer over a period of time. The IP Telephony Device must be configured to match the account service parameters for the individual customer. Also, the configuration may need to be modified because of new service provider features, modifications in the service provider network, or firmware upgrades in the endpoint.

  • Page 14: Provisioning Overview

    Provisioning Cisco Small Business VoIP Devices Provisioning Overview Provisioning Overview The Cisco Small Business IP Telephony Devices support secure remote provisioning and firmware upgrades. Configuration profiles can be generated by by using common, open source tools that facilitate integration into service provider provisioning systems.

  • Page 15: Initial Provisioning

    Provisioning Cisco Small Business VoIP Devices Provisioning Overview Initial Provisioning Cisco Small Business IP Telephony Devices provide convenient mechanisms for initial provisioning, based on two deployment models: • Retail distribution In this model, the customer purchases the IP Telephony Device from a retail outlet and subsequently requests VoIP service from the service provider.

  • Page 16: Redundant Provisioning Servers

    Provisioning Cisco Small Business VoIP Devices Provisioning Overview The following is a sample template for an RC unit: Restricted Access Domains "domain.com, domain1.com, domain2.com"; Primary_DNS * "x.y.w.z"; Secondary_DNS * "a.b.c.d"; Provision_Enable * "Yes"; Resync_Periodic * "30"; Resync_Error_Retry_Delay * "30"; Profile_Rule * "http://prov.domain.com/sipura/profile?id=$MA";...

  • Page 17: Automatic In-House Preprovisioning

    Provisioning Cisco Small Business VoIP Devices Provisioning Overview To do so, the unprovisioned IP Telephony Device is instructed to resync with a specific provisioning server through a resync URL command. The URL command typically includes an account PIN number or alphanumeric code to associate the device with the new account.

  • Page 18: Configuration Access Control

    Provisioning Cisco Small Business VoIP Devices Provisioning Overview Configuration Access Control Besides configuration parameters that control resync and upgrade behavior, the IP Telephony Device provides mechanisms for restricting end-user access to various parameters. The firmware provides specific privileges for login to a User account and an Admin account.

  • Page 19: Downloading The Sip Profile Compiler (Spc) Tool

    Provisioning Cisco Small Business VoIP Devices Provisioning Overview • Proprietary, plain-text format The plain-text configuration file uses a proprietary format, which can be encrypted to prevent unauthorized use of confidential information. By convention, the profile is named with the extension .cfg (for example, spa962.cfg).

  • Page 20: Provisioning States

    Provisioning Cisco Small Business VoIP Devices Provisioning States Provisioning States The provisioning process involves four provisioning states, as described in the following table. Flow Step Step Description MFG-RESET Manufacturing Reset: The device returns to a fully unprovisioned state. All configurable parameters regain their manufacturing default values.

  • Page 21: Using Https

    Provisioning Cisco Small Business VoIP Devices Using HTTPS Flow Step Step Description SEC-PRV-1 Secure Provisioning—Initial Configuration: The initial device- unique CFG file should be targeted to each IP Telephony Device by compiling the CFG file with the spc --target option. This provides an initial level of encryption that does not require the exchange of keys.

  • Page 22: How Https Works

    Provisioning Cisco Small Business VoIP Devices Using HTTPS How HTTPS Works HTTPS encrypts the communication between a client and a server, protecting the message contents from other intervening network devices. The encryption method for the body of the communication between a client and a server is based on symmetric key cryptography.

  • Page 23: Client Certificates

    Provisioning Cisco Small Business VoIP Devices Using HTTPS Client Certificates In addition to a direct attack on an IP Telephony Device, an attacker might attempt to contact a provisioning server by using a standard web browser or other HTTPS client, to obtain the configuration profile from the provisioning server. To prevent this kind of attack, each IP Telephony Device also carries a unique client certificate, also signed by Cisco, including identifying information about each individual endpoint.
  • Page 24 Provisioning Cisco Small Business VoIP Devices Using HTTPS Certificate Authority Flow Cisco Small Business IP Telephony Devices Provisioning Guide...

  • Page 25: Provisioning Setup

    Provisioning Cisco Small Business VoIP Devices Provisioning Setup As indicated in the lower half of the diagram, a Cisco Small Business Client Certificate Root Authority signs each unique certificate. The corresponding root certificate is made available to service providers for client authentication purposes.

  • Page 26: Server Configuration

    Provisioning Cisco Small Business VoIP Devices Provisioning Setup Server Configuration Provisioning requires the availability of servers, which for testing purposes can be installed and run on a local PC: • TFTP (UDP port 69) • HTTP (TCP port 80) • HTTPS (TCP port 443) •...
  • Page 27 Provisioning Cisco Small Business VoIP Devices Provisioning Setup As an alternative to HTTPS, the IP Telephony Device can resync to a configuration profile using HTTP. In this case, a separate explicit profile encryption can be used to protect confidential information. The IP Telephony Device supports 256-bit AES in CBC mode to pre-encrypt individual profiles.

  • Page 28: Enabling Https

    Provisioning Cisco Small Business VoIP Devices Provisioning Setup Enabling HTTPS For increased security managing remotely deployed units, the IP Telephony Device supports HTTPS for provisioning. To this end, each newly manufactured IP Telephony Device carries a unique SLL Client Certificate (and associated private key), in addition to a Sipura CA server root certificate.
  • Page 29 Provisioning Cisco Small Business VoIP Devices Provisioning Setup In addition, Cisco also provides a Sipura CA Client Root Certificate to the service provider. This root certificate certifies the authenticity of the client certificate carried by each IP Telephony Device. The unique client certificate offered by each device during an HTTPS session carries identifying information embedded in its subject field.

  • Page 30: Syslog Server

    Provisioning Cisco Small Business VoIP Devices Provisioning Setup Refer to the documentation provided for an HTTPS server for specific information. Firmware release 2.0.6 supports the following cipher suites for SSL connection to a server using HTTPS. Future release updates may implement additional cipher suites.

  • Page 31: Where To Go From Here

    Provisioning Cisco Small Business VoIP Devices Where to Go From Here • For firmware upgrades: Log_Upgrade_Request_Msg Log_Upgrade_Success_Msg Log_Upgrade_Failure_Msg These parameters are macro expanded into the actual syslog messages. Where to Go From Here The following table summarizes the location of specific information in this document for completing different provisioning tasks.

  • Page 32: Chapter 2: Creating Provisioning Scripts

    Creating Provisioning Scripts This chapter describes the provisioning script and includes the following sections: • Configuration Profile and the SIP Profile Compiler, page 30 • Open Format Configuration File, page 31 • Encrypting a File with the SPC, page 38 •...

  • Page 33: Open Format Configuration File

    Creating Provisioning Scripts Open Format Configuration File • Proprietary Plain-Text Format. See Proprietary Plain-Text Configuration File, page You will use the SIP Profile Compiler to create your configuration profile. You can use SPC to to generate an XML file that contains all the existing settings for a particular device, and then you can edit the file as needed to input the new settings.
  • Page 34 Creating Provisioning Scripts Open Format Configuration File tftp://prov.telco.com:6900/cisco/config/spa962.cfg A file can include element tags, attributes, and formatting features. Element tags: • The IP Telephony Device recognizes elements with proper parameter names, when encapsulated in the special element. •...
  • Page 35 Creating Provisioning Scripts Open Format Configuration File • Element tags are case sensitive. • Empty element tags are allowed. • Unrecognized element names are ignored. • You can use an empty element tag to prevent the overwriting of any user- supplied values during a resync operation.
  • Page 36 Creating Provisioning Scripts Open Format Configuration File • The user-access attribute defines access to the administration web server for a specific parameter by the User account. Access by the Admin account is unaffected by this attribute. • The ua attribute, if present, must have one of the following values: na—no access ro—read-only rw—read/write...
  • Page 37 Creating Provisioning Scripts Open Format Configuration File • An XML header of the form is allowed, but is ignored by the IP Telephony Device. • To enter special characters, use basic XML character escapes, as shown in the following table.

  • Page 38: Configuration File Compression

    Creating Provisioning Scripts Open Format Configuration File Configuration File Compression Optionally, the XML configuration profile can be compressed to reduce the network load on the provisioning server. The supported compression method is the gzip deflate algorithm (RFC1951). The gzip utility and a compression library that implements the same algorithm (zlib) are readily available from Internet sites.
  • Page 39 Creating Provisioning Scripts Open Format Configuration File If the file is encrypted, the profile expects the file to have the same format as generated by the following command: # example encryption key = SecretPhrase1234 openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml –out profile.cfg # analogous invocation for a compressed xml file openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml.gz –out...

  • Page 40: Encrypting A File With The Spc

    Creating Provisioning Scripts Encrypting a File with the SPC Encrypting a File with the SPC The SPC can generate different types of configuration files, using different types of encryption. • Generic, non-targeted CFG file, without an explicit key • Targeted (--target option), also encrypts the CFG file without an explicit key, but uses the MAC address of the target IP Telephony Device, and only that device can decode it •...
  • Page 41 Creating Provisioning Scripts Encrypting a File with the SPC Two algorithms are available for this type of encryption: • RC4 (--rc4) • AES (--aes) In addition, the key can be specified either explicitly as a hexadecimal digit sequence (--hex-key) or by hashing a secret phrase (--ascii-key). With the --hex- key option, the key can be up to 256 bits in length.

  • Page 42: Proprietary Plain-Text Configuration File

    Creating Provisioning Scripts Proprietary Plain-Text Configuration File Proprietary Plain-Text Configuration File The plain-text configuration file uses a proprietary format, which can be encrypted to prevent unauthorized use of confidential information. By convention, the profile is named with the extension .cfg (for example, spa962.cfg). The SPC tool is used to compile the plain-text file into an encrypted CFG file.
  • Page 43 Creating Provisioning Scripts Proprietary Plain-Text Configuration File • Each element name must be unique. For fields that are duplicated on multiple Line, User, or Extension pages, you must append [n] to indicate the line, user, or extension number. For example, the Dial Plan for Line 1 is represented by the following element: ...

  • Page 44: Comments

    Creating Provisioning Scripts Proprietary Plain-Text Configuration File When compiled, spa1234.txt becomes: Param1 “base value 1” ; Param2 “base value 2” ; Param1 “new value overrides base” ; Param7 “particular value 7” ; Comments During development and scripting, it is often convenient to temporarily disable a provisioning parameter by entering a # character at the start of the parameter value.
  • Page 45 Creating Provisioning Scripts Proprietary Plain-Text Configuration File During macro expansion, expressions of the form $NAME and $(NAME) are replaced by the contents of the named variables. These variables include general purpose parameters, several product identifiers, certain event timers, and provisioning state values. For a complete list, see the “Macro Expansion Variables”...

  • Page 46: Conditional Expressions

    Creating Provisioning Scripts Proprietary Plain-Text Configuration File Conditional Expressions Conditional expressions can trigger resync events and select from alternative URLs for resync and upgrade operations. Conditional expressions consist of a list of comparisons, separated by the and operator. All comparisons must be satisfied for the condition to be true. Each comparison can relate one of three types of literals: •...
  • Page 47 Creating Provisioning Scripts Proprietary Plain-Text Configuration File Operator Alternate Description Applicable to Applicable to Syntax Integer and Quoted String Version Operands Operands > greater than >= greater than or equal to For legacy support to firmware versions prior to 2.0.6, the not-equal-to operator can also be expressed as a single ! character (in place of the two-character != string).

  • Page 48: Assignment Expressions

    Creating Provisioning Scripts Proprietary Plain-Text Configuration File Assignment Expressions Arbitrary parameters can be pre-assigned values within the context of Profile_Rule* and Upgrade_Rule parameter. This causes the assignment to be performed before the profile if retrieved. The syntax for performing these assignments is a list of individual parameter assignments, enclosed within parentheses ( assignments )!, with each assignment taking the form: ParameterXMLName = “Value”...

  • Page 49: Optional Resync Arguments

    /$MA.cfg /cisco/spa021025.bin 192.168.1.130/profiles/init.cfg tftp://prov.call.com/cpe/cisco$MA.cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Optional Resync Arguments The URLs entered in Profile_Rule* parameters may be preceded by optional arguments, collectively enclosed by square brackets. The recognized options are key, post, and alias. The key option is used to specify an encryption key. It is required to decrypt profiles which have been encrypted with an explicit key.
  • Page 50 Creating Provisioning Scripts Proprietary Plain-Text Configuration File In the case of XML-style profiles, the argument to --key must be the same as the argument to the -k option given to openssl. In the case of SPC compiled profiles, the argument to --key must be the same as the argument to either the --ascii-key or the --hex-key options, as given to SPC.
  • Page 51 Creating Provisioning Scripts Proprietary Plain-Text Configuration File To map these three parameters directly to the Display_Name_1_, User_ID_1_, and Password_1_ parameters (Line 1), enter this mapping in a general purpose parameter (for example, GPP_M): /CPE/SIP-Credentials/name = /flat-profile/Display_Name_1_ ; /CPE/SIP-Credentials/number = /flat-profile/User_ID_1_ ; /CPE/SIP-Credentials/auth-secret = /flat-profile/Password_1_ ;...

  • Page 52: Using Provisioning Parameters

    Creating Provisioning Scripts Using Provisioning Parameters Using Provisioning Parameters This section describes the provisioning parameters broadly organized according to function. It includes the following topics: • General Purpose Parameters, page 50 • Enables, page 51 • Triggers, page 51 • Configurable Schedules, page 52 •...

  • Page 53: Enables

    Creating Provisioning Scripts Using Provisioning Parameters Enables All profile resync and firmware upgrade operations are controlled by the Provision_Enable and Upgrade_Enable parameters. These parameters control resyncs and upgrades independently of each other. These parameters also control resync and upgrade URL commands issued through the administration web server.

  • Page 54: Configurable Schedules

    Creating Provisioning Scripts Using Provisioning Parameters If a resync operation fails because the IP Telephony Device was unable to retrieve a profile from the server, if the downloaded file is corrupt, or an internal error occurs, the device tries to resync again after a time specified in Resync_Error_Retry_Delay (seconds).

  • Page 55: Profile Rules

    Creating Provisioning Scripts Using Provisioning Parameters In this example, the IP Telephony Device periodically resyncs every two hours. In case of a resync failure, the device retries in 30 minutes, then again in 1 more hour, then after two more hours, and then after four more hours, continuing at four-hour intervals until it successfully resyncs.
  • Page 56 Creating Provisioning Scripts Using Provisioning Parameters 3. Profile_Rule_C 4. Profile_Rule_D Each evaluation may result in a profile being retrieved from a remote provisioning server, possibly updating some number of internal parameters. If an evaluation fails, the resync sequence is interrupted, and is retried again from the beginning specified by the Resync_Error_Retry_Delay parameter (seconds).

  • Page 57: Report Rule

    Creating Provisioning Scripts Using Provisioning Parameters In the following example, the device resyncs to two different URLs, depending on the registration state of Line 1. In case of lost registration, the device performs an HTTP POST to a CGI script, transmitting the contents of the macro expanded GPP_A (which may provide additional information on the state of the device).

  • Page 58: Upgrade Rule

    Creating Provisioning Scripts Using Provisioning Parameters The Report_Rule parameter is evaluated like a profile rule parameter. In other words, it accepts a URL, optionally qualified with a bracketed expression. The URL specifies the target destination for the report and an encryption key can be included as an option.

  • Page 59: Data Types

    Creating Provisioning Scripts Data Types If the Upgrade_Rule contains a URL without a conditional expression, the device upgrades to the firmware image specified by the URL. Subsequently, it does not attempt to upgrade again until either the rule itself is modified or the effective combination of scheme + server + port + filepath is changed, following macro expansion and evaluation of the rule.
  • Page 60 Creating Provisioning Scripts Data Types • Time—Time duration in seconds, with up to n decimal places. Extra decimal places specified are ignored. • PwrLevel—Power level expressed in dBm with 1 decimal place, such as – 13.5 or 1.5 (dBm). • Bool—Boolean value of either “yes”...
  • Page 61 Creating Provisioning Scripts Data Types Example 1: 60(2/4) Number of Cadence Sections = 1 Cadence Section 1: Section Length = 60 s Number of Segments = 1 Segment 1: On=2s, Off=4s Total Ring Length = 60s Example 2—Distinctive ring (short,short,short,long): 60(.2/.2,.2/.2,.2/.2,1/4) Number of Cadence Sections = 1 Cadence Section 1: Section Length = 60s...
  • Page 62 Creating Provisioning Scripts Data Types Number of Frequencies = 1 Frequency 2 = 440 Hz at –10 dBm Example 2—Dial Tone: 350@-19,440@-19 Number of Frequencies = 2 Frequency 1 = 350 Hz at –19 dBm Frequency 2 = 440 Hz at –19 dBm •...
  • Page 63 Creating Provisioning Scripts Data Types Example 2—Stutter tone: 350@-19,440@-19;2(.1/.1/1+2);10(*/0/1+2) Number of Frequencies = 2 Frequency 1 = 350 Hz at –19 dBm Frequency 2 = 440 Hz at –19 dBm Number of Cadence Sections = 2 Cadence Section 1: Section Length = 2s Number of Segments = 1 Segment 1: On=0.1s, Off=0.1s with Frequencies 1 and 2 Cadence Section 2: Section Length = 10s...
  • Page 64 Creating Provisioning Scripts Data Types • ProvisioningRuleSyntax—Scripting syntax used to define configuration resync and firmware upgrade rules. • DialPlanScript—Scripting syntax used to specify Line 1 and Line 2 dial plans. NOTE • represents a configuration parameter name. In a profile, the corresponding tag is formed by replacing the space with an underscore “_”, such as Par_Name.

  • Page 65: Chapter 3: Provisioning Tutorial

    Provisioning Tutorial This chapter describes the procedures for transferring configuration profiles between the IP Telephony Device and the provisioning server and includes the following sections: • Preparation, page 63 • Basic Resync, page 64 • Secure Resync, page 72 • Profile Formats, page 77 For information about creating configuration profiles, refer to Chapter 2, “Creating...

  • Page 66: Basic Resync

    Provisioning Tutorial Basic Resync An IP Telephony Device can retrieve a configuration profile from a provisioning server and update its internal configuration accordingly. IP Telephony Devices accept two different profile formats, one based on an open published syntax, and one based on an unpublished binary definition. The open configuration profile format uses a simple XML-like syntax.
  • Page 67 Provisioning Tutorial Basic Resync The element tag encloses all parameter elements to be recognized by the IP Telephony Device. The example above defines one parameter value, the first general purpose parameter (GPP_A), with a value of 12345678. Exercise Within a LAN environment connect a PC and an IP Telephony Device to a hub, STEP 1 switch, or small router.

  • Page 68: Logging With Syslog

    Provisioning Tutorial Basic Resync This resync URL method is designed for development and testing. When it receives this command, the IP Telephony Device at address 192. 1 68. 1 . 1 00 requests the file from the TFTP server at IP address 192. 1 68. 1 .200. It then basic.txt parses the downloaded file and updates the GPP_A parameter with the value 12345678.

  • Page 69: Automatic Resync

    Provisioning Tutorial Basic Resync More detailed messages are available by programming the Debug_Server parameter (instead of the Syslog_Server parameter) with the IP address of the syslog server, and setting the Debug_Level to a value between 0 and 3 (3 being the most verbose).

  • Page 70: Unique Profiles And Macro Expansion

    Provisioning Tutorial Basic Resync In the Resync_Periodic parameter enter a small value for testing such as 30 STEP 4 (meaning 30 seconds). Click Submit all Changes. STEP 5 With the new parameter settings, the IP Telephony Device now resyncs to the configuration file specified by the URL twice a minute.
  • Page 71 Provisioning Tutorial Basic Resync The profile rule undergoes macro expansion internally before being applied. The macro expansion understands a number of values including the following: • $MA expands to the unit MAC address, using lower case hex digits (for example, 000e08abcdef) •...

  • Page 72: Url Resolution

    Provisioning Tutorial Basic Resync URL Resolution The profile URL can contain a provisioning server name instead of an explicit IP address. In this case, the IP Telephony Device performs a DNS lookup to resolve the name. A non-standard server port can be specified in the URL, using the standard syntax :port following the server name.

  • Page 73: Http Get Resync

    Provisioning Tutorial Basic Resync HTTP GET Resync HTTP provides a more reliable resync mechanism than TFTP because HTTP establishes a TCP connection and TFTP uses UDP, which is less reliable. In addition, HTTP servers offer improved filtering and logging features compared to TFTP servers.

  • Page 74: Secure Resync

    Provisioning Tutorial Secure Resync In the HTTP server logs, observe how information identifying the test IP Telephony STEP 6 Device appears in the log of user agents. This should include the manufacturer, product name, current firmware version, and serial number. Secure Resync This section demonstrates the preferred mechanisms available on the IP Telephony Device for securing the provisioning process.
  • Page 75 Provisioning Tutorial Secure Resync Exercise Install an HTTPS server on a host whose IP address is known to the network DNS STEP 1 server, through normal hostname translation. The open source Apache server can be configured to operate as an HTTPS server, when installed with the open source mod_ssl package.

  • Page 76: Https With Client Certificate Authentication

    Provisioning Tutorial Secure Resync Inspect the server certificate supplied by the server. STEP 9 The browser probably does not recognize it as valid unless the browser has been preconfigured to accept Cisco as a root CA. However, the IP Telephony Devices expect the certificate to be signed this way.

  • Page 77: Https Client Filtering And Dynamic Content

    Provisioning Tutorial Secure Resync Exercise Enable client certificate authentication on the HTTPS server. STEP 1 In Apache (v.2), set the following in the server configuration file: STEP 2 SSLVerifyClient require Also ensure that the spacroot.cert has been stored as shown in the previous exercise.
  • Page 78 Provisioning Tutorial Secure Resync Exercise Install Perl on the host running the HTTPS server. STEP 1 Generate the following Perl reflector script: STEP 2 #!/usr/bin/perl -wT use strict; print “Content-Type: text/plain\n\n”; print “”; print “OU=$ENV{‘SSL_CLIENT_I_DN_OU’},\n”; print “L=$ENV{‘SSL_CLIENT_I_DN_L’},\n”; print “S=$ENV{‘SSL_CLIENT_I_DN_S’}\n”; print “”; Save this file with the file name reflect.pl, with executable permission (chmod 755 STEP 3 on Linux), in the CGI scripts directory of the HTTPS server.

  • Page 79: Profile Formats

    Provisioning Tutorial Profile Formats Profile Formats This section demonstrates the generation of configuration profiles. To explain the functionality in this section, TFTP from a local PC is used as the resync method, although HTTP or HTTPS can be used for testing as well, if it is convenient. This section includes the following topics: •...

  • Page 80: Profile Encryption

    Provisioning Tutorial Profile Formats Upon resync, the new file is downloaded by the IP Telephony Device and used to update its parameters. The file size of such a small profile is not reduced by gzip. Compression is only useful with larger profiles. For integration into customized back-end provisioning server solutions, the open source zlib compression library can be used in place of the standalone gzip utility to perform the profile compression.

  • Page 81: Partitioned Profiles

    Provisioning Tutorial Profile Formats Click Submit All Changes. STEP 5 Observe the syslog trace from the IP Telephony Device. STEP 6 On resync, the new file is downloaded by the IP Telephony Device and used to update its parameters. Partitioned Profiles An IP Telephony Device downloads multiple separate profiles during each resync.

  • Page 82: Parameter Name Aliases

    Provisioning Tutorial Profile Formats Parameter Name Aliases When generating an XML profile for the IP Telephony Device, it may be convenient to assign names to certain configuration parameters that are different from the canonical names recognized by the IP Telephony Device. For example, a customer account database may generate XML element tags for a customer telephone number and SIP registration password with names such as SIP-number and SIP- password.

  • Page 83: Proprietary Profile Format

    Provisioning Tutorial Profile Formats Click Submit All Changes. STEP 5 When the IP Telephony Device resyncs, it receives the XML profile, remaps the elements, as indicated by the alias map, and populates the User_ID_1_ and Password_1_ parameters. View the Line 1 tab to verify the new configuration. STEP 6 The IP Telephony Device supports alias remapping of a limited number of NOTE...
  • Page 84 Provisioning Tutorial Profile Formats Compile the text profile into a binary file, account.cfg, using the following command: STEP 3 spc account.txt account.cfg Store account.cfg in the TFTP server virtual root directory. STEP 4 Modify the test profile rule to point to the new profile: STEP 5 tftp://192.168.1.200/account.cfg Click Submit All Changes.

  • Page 85: Chapter 4: Provisioning Field Reference

    Provisioning Field Reference This chapter provides a listing of the parameters provided on the administration web server Provisioning tab, which can be used in configuration profile scripts. It includes the following sections: • Configuration Profile Parameters, page 84 • Firmware Upgrade Parameters, page 89 •...

  • Page 86: Configuration Profile Parameters

    Provisioning Field Reference Configuration Profile Parameters Configuration Profile Parameters The following table defines the function and usage of each parameter in the Configuration Profile Parameters section under the Provisioning tab. Parameter Name Description and Default Value Provision_Enable Controls all resync actions independently of firmware upgrade actions.
  • Page 87 Provisioning Field Reference Configuration Profile Parameters Parameter Name Description and Default Value Resync_Periodic The time interval between periodic resyncs with the provisioning server. The associated resync timer is active only after the first successful sync with the server. Set this parameter to zero to disable periodic resyncing.
  • Page 88 Provisioning Field Reference Configuration Profile Parameters Parameter Name Description and Default Value Resync_From_SIP Enables a resync to be triggered via a SIP NOTIFY message. The default value is Yes. Resync_After_Upgrade_Attempt Triggers a resync after every firmware upgrade attempt. The default value is Yes. Resync_Trigger_1, Configurable resync trigger conditions.
  • Page 89 Provisioning Field Reference Configuration Profile Parameters Parameter Name Description and Default Value Profile_Rule_B, Profile_Rule_C, Defines second, third, and fourth resync Profile_Rule_D commands and associated profile URLs. These profile scripts are executed sequentially after the primary Profile Rule resync operation has completed. If a resync is triggered and Profile Rule is blank, Profile Rule B, C, and D are still evaluated and executed.
  • Page 90 Provisioning Field Reference Configuration Profile Parameters Parameter Name Description and Default Value Report_Rule The target URL to which configuration reports are sent. This parameter has the same syntax as the Profile_Rule parameter, and resolves to a TCP/IP command with an associated URL.

  • Page 91: Firmware Upgrade Parameters

    Provisioning Field Reference Firmware Upgrade Parameters Firmware Upgrade Parameters The following table defines the function and usage of each parameter in the Firmware Upgrade section of the Provisioning tab. Parameter Name Description and Default Value Upgrade_Enable Enables firmware upgrade operations independently of resync actions.

  • Page 92: General Purpose Parameters

    Provisioning Field Reference General Purpose Parameters Parameter Name Description and Default Value Log_Upgrade_Success_Msg The syslog message that is issued after a firmware upgrade attempt completes successfully. The default value is $PN $MAC -- Successful upgrade $SCHEME://$SERVIP:$PORT$PATH -- $ERR. Log_Upgrade_Failure_Msg The syslog message that is issued after a failed firmware upgrade attempt.

  • Page 93: Macro Expansion Variables

    Provisioning Field Reference Macro Expansion Variables Macro Expansion Variables Certain macro variables are recognized within the following provisioning parameters: • Profile_Rule • Profile_Rule_* • Resync_Trigger_* • Log_Resync_* • Upgrade_Rule • Log_Upgrade_* • GPP_* (under specific conditions) Within these parameters, syntax types, such as $NAME or $(NAME), are recognized and expanded.
  • Page 94 Provisioning Field Reference Macro Expansion Variables Parameter Name Description and Default Value SA through SD Replaced by the contents of the special purpose parameters GPP_SA through GPP_SD. These parameters are meant to hold keys or passwords used in provisioning. Note that $SA through $SD are only recognized as arguments to the optional resync URL qualifier --key, as in the following example: [--key $SA] http://ps.callme.com/profiles/...
  • Page 95 Provisioning Field Reference Macro Expansion Variables Parameter Name Description and Default Value PRVST Provisioning State, a numeric string: -1 = explicit resync request, 0 = power-up resync, 1 = periodic resync, 2 = resync failed, retry attempt UPGST Upgrade State, a numeric string: 1 = first upgrade attempt, 2 = upgrade failed, retry attempt UPGERR...

  • Page 96: Internal Error Codes

    Provisioning Field Reference Internal Error Codes Parameter Name Description and Default Value Result message of resync or upgrade attempt. Only useful in generating result syslog messages. The value is preserved in the UPGERR variable in the case of upgrade attempts. UID1 The contents of the Line 1 User_ID configuration parameter (Firmware 2.0.

  • Page 97: Appendix A: Example Configuration Profile

    An up-to-date profile template can be obtained from the SPC tool, with the command line invocation spc --sample-profile sample.txt. # *** # *** Linksys SPA Series Configuration Parameters # *** # *** System Configuration Restricted_Access_Domains "" ; Enable_Web_Server "Yes"...
  • Page 98 Example Configuration Profile Resync_Random_Delay "2" ; Resync_Periodic "3600" ; Resync_Error_Retry_Delay "3600" ; Forced_Resync_Delay "14400" ; Resync_From_SIP "Yes" ; Resync_After_Upgrade_Attempt "Yes" ; Resync_Trigger_1 "" ; Resync_Trigger_2 "" ; Profile_Rule "/spa$PSN.cfg" ; Profile_Rule_B "" ; Profile_Rule_C "" ; Profile_Rule_D "" ; Log_Resync_Request_Msg "$PN $MAC -- Requesting resync $SCHEME:// $SERVIP:$PORT$PATH"...
  • Page 99 Example Configuration Profile Max_Forward "70" ; Max_Redirection "5" ; Max_Auth "2" ; SIP_User_Agent_Name "$VERSION" ; SIP_Server_Name "$VERSION" ; SIP_Accept_Language "" ; DTMF_Relay_MIME_Type "application/dtmf-relay" ; Hook_Flash_MIME_Type "application/hook-flash" ; Remove_Last_Reg "No" ; Use_Compact_Header "No" ; # *** SIP Timer Values (sec) SIP_T1 ".5"...
  • Page 100 Example Configuration Profile G711u_Codec_Name "PCMU" ; G711a_Codec_Name "PCMA" ; G726r16_Codec_Name "G726-16" ; G726r24_Codec_Name "G726-24" ; G726r32_Codec_Name "G726-32" ; G726r40_Codec_Name "G726-40" ; G729a_Codec_Name "G729a" ; G729b_Codec_Name "G729ab" ; G723_Codec_Name "G723" ; # *** NAT Support Parameters Handle_VIA_received "No" ; Handle_VIA_rport "No" ; Insert_VIA_received "No"...
  • Page 101 Example Configuration Profile Outbound_Proxy[1] "" ; Use_OB_Proxy_In_Dialog[1] "Yes" ; Register[1] "Yes" ; Make_Call_Without_Reg[1] "No" ; Register_Expires[1] "3600" ; Ans_Call_Without_Reg[1] "No" ; Use_DNS_SRV[1] "No" ; DNS_SRV_Auto_Prefix[1] "No" ; Proxy_Fallback_Intvl[1] "3600" ; # *** Subscriber Information Display_Name[1] "" ; User_ID[1] "" ; Password[1] ""...
  • Page 102 Example Configuration Profile Echo_Canc_Enable[1] "Yes" ; G729a_Enable[1] "Yes" ; Echo_Canc_Adapt_Enable[1] "Yes" ; G723_Enable[1] "Yes" ; Echo_Supp_Enable[1] "Yes" ; G726-16_Enable[1] "Yes" ; FAX_CED_Detect_Enable[1] "Yes" ; G726-24_Enable[1] "Yes" ; FAX_CNG_Detect_Enable[1] "Yes" ; G726-32_Enable[1] "Yes" ; FAX_Passthru_Codec[1] "G711u" ; # options: G711u/G711a G726-40_Enable[1] "Yes"...
  • Page 103 Example Configuration Profile Cfwd_Sel8_Dest[1] ! "" ; Cfwd_Last_Caller[1] ! "" ; Cfwd_Last_Dest[1] ! "" ; Block_Last_Caller[1] ! "" ; Accept_Last_Caller[1] ! "" ; # *** Speed Dial Settings Speed_Dial_2[1] ! "" ; Speed_Dial_3[1] ! "" ; Speed_Dial_4[1] ! "" ; Speed_Dial_5[1] ! ""...
  • Page 104 Example Configuration Profile SAS_Enable[2] "No" ; MOH_Server[2] "" ; SAS_DLG_Refresh_Intvl[2] "30" ; NAT_Mapping_Enable[2] "No" ; SAS_Inbound_RTP_Sink[2] "" ; SIP_Port[2] "5061" ; NAT_Keep_Alive_Enable[2] "No" ; EXT_SIP_Port[2] "" ; NAT_Keep_Alive_Msg[2] "$NOTIFY" ; SIP_TOS/DiffServ_Value[2] "0x68" ; NAT_Keep_Alive_Dest[2] "$PROXY" ; RTP_TOS/DiffServ_Value[2] "0xb8" ; SIP_Debug_Option[2] "none"...
  • Page 105 Example Configuration Profile Cfwd_No_Ans_Serv[2] "Yes" ; Cfwd_Sel_Serv[2] "Yes" ; Cfwd_Last_Serv[2] "Yes" ; Block_Last_Serv[2] "Yes" ; Accept_Last_Serv[2] "Yes" ; DND_Serv[2] "Yes" ; CID_Serv[2] "Yes" ; CWCID_Serv[2] "Yes" ; Call_Return_Serv[2] "Yes" ; Call_Back_Serv[2] "Yes" ; Three_Way_Call_Serv[2] "Yes" ; Three_Way_Conf_Serv[2] "Yes" ; Attn_Transfer_Serv[2] "Yes"...
  • Page 106 Example Configuration Profile Caller_Conn_Polarity[2] "Forward" ; # options: Forward/Reverse Callee_Conn_Polarity[2] "Forward" ; # options: Forward/Reverse # *** Call Forward Settings Cfwd_All_Dest[2] ! "" ; Cfwd_Busy_Dest[2] ! "" ; Cfwd_No_Ans_Dest[2] ! "" ; Cfwd_No_Ans_Delay[2] ! "20" ; # *** Selective Call Forward Settings Cfwd_Sel1_Caller[2] ! ""...
  • Page 107 Example Configuration Profile Ring1_Caller[2] ! "" ; Ring2_Caller[2] ! "" ; Ring3_Caller[2] ! "" ; Ring4_Caller[2] ! "" ; Ring5_Caller[2] ! "" ; Ring6_Caller[2] ! "" ; Ring7_Caller[2] ! "" ; Ring8_Caller[2] ! "" ; # *** Ring Settings Default_Ring[2] ! "1"...
  • Page 108 Example Configuration Profile Ring5_Cadence "60(.2/.2,.2/.2,.2/.2,1/4)" ; Ring6_Cadence "60(.2/.4,.2/.4,.2/4)" ; Ring7_Cadence "60(.4/.2,.4/.2,.4/4)" ; Ring8_Cadence "60(0.25/9.75)" ; # *** Distinctive Call Waiting Tone Patterns CWT1_Cadence "30(.3/9.7)" ; CWT2_Cadence "30(.1/.1, .1/9.7)" ; CWT3_Cadence "30(.1/.1, .3/.1, .1/9.3)" ; CWT4_Cadence "30(.1/.1,.1/.1,.1/9.5)" ; CWT5_Cadence "30(.3/.1,.1/.1,.3/9.1)" ; CWT6_Cadence "30(.1/.1,.3/.2,.3/9.1)"...
  • Page 109 Example Configuration Profile Cfwd_All_Act_Code "*72" ; Cfwd_All_Deact_Code "*73" ; Cfwd_Busy_Act_Code "*90" ; Cfwd_Busy_Deact_Code "*91" ; Cfwd_No_Ans_Act_Code "*92" ; Cfwd_No_Ans_Deact_Code "*93" ; Cfwd_Last_Act_Code "*63" ; Cfwd_Last_Deact_Code "*83" ; Block_Last_Act_Code "*60" ; Block_Last_Deact_Code "*80" ; Accept_Last_Act_Code "*64" ; Accept_Last_Deact_Code "*84" ; CW_Act_Code "*56"...
  • Page 110 Example Configuration Profile Force_G729a_Code "*02729" ; # *** Miscellaneous Set_Local_Date_(mm/dd) "" ; Set_Local_Time_(HH/mm) "" ; Time_Zone "GMT-07:00" ; # options: GMT-12:00/GMT- 11:00/GMT-10:00/GMT-09:00/GMT-08:00/GMT-07:00/GMT-06:00/GMT-05:00/GMT-04:00/ GMT-03:30/GMT-03:00/GMT-02:00/GMT-01:00/GMT/GMT+01:00/GMT+02:00/GMT+03:00/ GMT+03:30/GMT+04:00/GMT+05:00/GMT+05:30/GMT+05:45/GMT+06:00/GMT+06:30/ GMT+07:00/GMT+08:00/GMT+09:00/GMT+09:30/GMT+10:00/GMT+11:00/GMT+12:00/ GMT+13:00 FXS_Port_Impedance "600" ; # options: 600/900/600+2.16uF/ 900+2.16uF/270+750||150nF/220+820||120nF/220+820||115nF/370+620||310nF FXS_Port_Input_Gain "-3" ; FXS_Port_Output_Gain "-3" ; DTMF_Playback_Level "-16"...

  • Page 111: Appendix B: Acronyms

    Acronyms Analog To Digital Converter Anonymous Call B2BUA Back to Back User Agent Bool Boolean Values. Specified as yes and no, or 1 and 0 in the profile Certificate Authority CPE Alert Signal Call Detail Record Caller ID CIDCW Call Waiting Caller ID Comfort Noise Generation Calling Party Control Customer Premises Equipment...
  • Page 112 Acronyms DRAM Dynamic Random Access Memory Digital Subscriber Loop Digital Signal Processor DTAS Data Terminal Alert Signal (same as CAS) DTMF Dual Tone Multiple Frequency FQDN Fully Qualified Domain Name Frequency Shift Keying Foreign eXchange Station Gateway International Telecommunication Union HTML Hypertext Markup Language HTTP...
  • Page 113 Acronyms Music On Hold Mean Opinion Score (1-5, the higher the better) Millisecond Music Source Adaptor Message Waiting Indication Open Switching Interval Printed Circuit Board Polarity Reversal Provisioning Server PSQM Perceptual Speech Quality Measurement (1-5, the lower the better) PSTN Public Switched Telephone Network Network Address Translation Out-of-band...
  • Page 114 Acronyms Service Provider Secure Socket Layer TFTP Trivial File Transfer Protocol Transmission Control Protocol User Agent Micro-controller User Datagram Protocol Uniform Resource Locator Voicemail VMWI Visual Message Waiting Indication/Indicator Voice Quality Wide Area Network Extensible Markup Language Cisco Small Business IP Telephony Devices Provisioning Guide...

  • Page 115: Appendix C: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco Small Business IP Telephony Device. Product Resources Resource Location Technical Voice System (SPA9000 and SPA400): Documentation www.cisco.com/en/US/products/ps10030/ tsd_products_support_series_home.html...
  • Page 116 Where to Go From Here Resource Location Open Source www.cisco.com/go/osln License Notices Regulatory See the Technical Documentation pages listed above. Compliance and Safety Information Cisco Partner www.cisco.com/web/partners/sell/smb Central site for Small Business Cisco Small www.cisco.com/smb Business Home Cisco Small Business IP Telephony Devices Provisioning Guide...

This manual is also suitable for:

Spa922 - ip phone with switchSpa942 - cisco - ip phoneSpa9000Pap2tSpa2102Spa3102 ... Show all

Table of Contents