Provisioning Guide
Page 1
Linksys SPA Provisioning Guide Version 3.0 Corporate Headquarters Linksys 121 Theory Drive Irvine, CA 92617 USA http://www.linksys.com Tel: 949 823-1200 800 546-5797 Fax: 949 823-1100
Linksys SPA Provisioning Guide Version 3.0 Corporate Headquarters Linksys 121 Theory Drive Irvine, CA 92617 USA http://www.linksys.com Tel: 949 823-1200 800 546-5797 Fax: 949 823-1100
Provisioning Guide
Page 2
...the U.S. Any unauthorized disclosure, copying, distribution, or use of this document at any legal arrangement between Linksys, a division of Cisco Systems, Inc. Linksys is to change the features and functionalities for products described in forming your own opinions and decision regarding ...network, service and application requirements and should be used only by Linksys customers. Disclaimer - Linksys SPA Provisioning Guide Copyright ©2007 Cisco Systems, Inc. Use of Proprietary Information and Copyright Notice: This document contains proprietary information that is a registered ...
...the U.S. Any unauthorized disclosure, copying, distribution, or use of this document at any legal arrangement between Linksys, a division of Cisco Systems, Inc. Linksys is to change the features and functionalities for products described in forming your own opinions and decision regarding ...network, service and application requirements and should be used only by Linksys customers. Disclaimer - Linksys SPA Provisioning Guide Copyright ©2007 Cisco Systems, Inc. Use of Proprietary Information and Copyright Notice: This document contains proprietary information that is a registered ...
Provisioning Guide
Page 7
... who offer services using the information provided in this document. • SPA9000-IP PBX with two FXS ports Version 3.0 Linksys SPA Provisioning Guide vii can be used with the SPA400, which provides a SIP-PSTN gateway • Linksys Analog Telephone Adapters (ATAs): • PAPT2T-...Voice adapter with two FXS ports • SPA1001-Small VoIP adapter • SPA2102-Voice adapter with router • SPA3102-Voice adapter with router and PSTN gateway • RTP300-IP router with two FXS ports • WRTP54G-...
... who offer services using the information provided in this document. • SPA9000-IP PBX with two FXS ports Version 3.0 Linksys SPA Provisioning Guide vii can be used with the SPA400, which provides a SIP-PSTN gateway • Linksys Analog Telephone Adapters (ATAs): • PAPT2T-...Voice adapter with two FXS ports • SPA1001-Small VoIP adapter • SPA2102-Voice adapter with router • SPA3102-Voice adapter with router and PSTN gateway • RTP300-IP router with two FXS ports • WRTP54G-...
Provisioning Guide
Page 8
... the LAN • SPA962-Six lines, hi-res color display. Angle brackets () are the typographic conventions used in Chapter 4, "Provisioning Field Reference" Linksys SPA Provisioning Guide viii Version 3.0 How This Document is Organized Preface • SPA900 Series IP phones: • SPA901-One line, small, affordable, no display • SPA921-One-line...
... the LAN • SPA962-Six lines, hi-res color display. Angle brackets () are the typographic conventions used in Chapter 4, "Provisioning Field Reference" Linksys SPA Provisioning Guide viii Version 3.0 How This Document is Organized Preface • SPA900 Series IP phones: • SPA901-One line, small, affordable, no display • SPA921-One-line...
Provisioning Guide
Page 9
...Font Meaning Indicates a variable that should be replaced with ITSP Hosted Voicemail Guide • SPA900 Series IP Phones Administrator Guide • SPA 2.0 ATA Administrator Guide • Linksys Voice over IP Product Guide: SIP CPE for Massive Scale Deployment Technical Support Technical support contact information...Hours: 4am-6pm PST, 7 days a week • E-mail support [email protected] Version 3.0 Linksys SPA Provisioning Guide ix Related Documentation The following documentation provides additional information about features and functionality of Linksys ATAs: • AA Quick...
...Font Meaning Indicates a variable that should be replaced with ITSP Hosted Voicemail Guide • SPA900 Series IP Phones Administrator Guide • SPA 2.0 ATA Administrator Guide • Linksys Voice over IP Product Guide: SIP CPE for Massive Scale Deployment Technical Support Technical support contact information...Hours: 4am-6pm PST, 7 days a week • E-mail support [email protected] Version 3.0 Linksys SPA Provisioning Guide ix Related Documentation The following documentation provides additional information about features and functionality of Linksys ATAs: • AA Quick...
Provisioning Guide
Page 11
... physical analog telephone line connection from a customer premise to the SPA9000, Linksys Analog Telephone Adapters (ATAs), and SPA900 Series IP phones. Version 3.0 Linksys SPA Provisioning Guide 1-1 Unless otherwise noted, the instructions in this scenario, units are primarily intended for many of the service provider back-end equipment. In this document as...
... physical analog telephone line connection from a customer premise to the SPA9000, Linksys Analog Telephone Adapters (ATAs), and SPA900 Series IP phones. Version 3.0 Linksys SPA Provisioning Guide 1-1 Unless otherwise noted, the instructions in this scenario, units are primarily intended for many of the service provider back-end equipment. In this document as...
Provisioning Guide
Page 12
...Streamlined endpoint account binding. In a residential deployment, the endpoint itself is supported. It is intended to supplement the product administration guides, which severely restricts the packets that device without requiring an explicit key. This may attempt to enter the protected network from ...Encryption of profiles is typically connected in the ATA after the unit has been deployed to the customer. Note This Provisioning Guide is also necessary to protect the service provider from unauthorized use of newly introduced service provider features, modifications in the ...
...Streamlined endpoint account binding. In a residential deployment, the endpoint itself is supported. It is intended to supplement the product administration guides, which severely restricts the packets that device without requiring an explicit key. This may attempt to enter the protected network from ...Encryption of profiles is typically connected in the ATA after the unit has been deployed to the customer. Note This Provisioning Guide is also necessary to protect the service provider from unauthorized use of newly introduced service provider features, modifications in the ...
Provisioning Guide
Page 13
... Linksys so when the unit is not required to service providers for initial provisioning, based on a provisioning server maintained by Linksys. Version 3.0 Linksys SPA Provisioning Guide 1-3 Initial Provisioning Linksys ATAs provide convenient mechanisms for volume deployments of automating multi-stage upgrades, if intermediate upgrades are customized by using HTTPS because the...
... Linksys so when the unit is not required to service providers for initial provisioning, based on a provisioning server maintained by Linksys. Version 3.0 Linksys SPA Provisioning Guide 1-3 Initial Provisioning Linksys ATAs provide convenient mechanisms for volume deployments of automating multi-stage upgrades, if intermediate upgrades are customized by using HTTPS because the...
Provisioning Guide
Page 14
... subsequently subscribes to process A-records until the first server responds. Through this example, 1234abcd is the PIN number of redundant provisioning servers. Linksys SPA Provisioning Guide 1-4 Version 3.0 Secondary_DNS * "a.b.c.d"; Provision_Enable * "Yes"; Profile_Rule * "http://prov.domain.com/sipura/profile?id=$MA"; The Primary_DNS and Secondary_DNS parameters are supported for performing remote profile resync...
... subsequently subscribes to process A-records until the first server responds. Through this example, 1234abcd is the PIN number of redundant provisioning servers. Linksys SPA Provisioning Guide 1-4 Version 3.0 Secondary_DNS * "a.b.c.d"; Provision_Enable * "Yes"; Profile_Rule * "http://prov.domain.com/sipura/profile?id=$MA"; The Primary_DNS and Secondary_DNS parameters are supported for performing remote profile resync...
Provisioning Guide
Page 15
.... SPA Configuration Profiles The SPA configuration profile defines the parameter values for compiling the Version 3.0 Linksys SPA Provisioning Guide 1-5 The configuration profile can be totally disabled. The plain-text configuration file uses a proprietary format, which can..., but it is not as one of the device. Among other features are completely configurable in administration guides for each new SPA to a LAN environment configured to contact for its internal state in the configuration profile...connected to this type of units. On power-up for example, spa2102.cfg).
.... SPA Configuration Profiles The SPA configuration profile defines the parameter values for compiling the Version 3.0 Linksys SPA Provisioning Guide 1-5 The configuration profile can be totally disabled. The plain-text configuration file uses a proprietary format, which can..., but it is not as one of the device. Among other features are completely configurable in administration guides for each new SPA to a LAN environment configured to contact for its internal state in the configuration profile...connected to this type of units. On power-up for example, spa2102.cfg).
Provisioning Guide
Page 16
... Flow Chapter 1 Provisioning Linksys VoIP Devices plain-text file containing parameter-value pairs into an encrypted CFG file. Figure 1-1 SPA Provisioning Flow Linksys SPA Provisioning Guide 1-6 Version 3.0 SPA Provisioning Flow Firmware release 1.0 provides basic features in Figure 1-1. The SPC tool is available from Linksys for the OpenBSD environment is illustrated in...
... Flow Chapter 1 Provisioning Linksys VoIP Devices plain-text file containing parameter-value pairs into an encrypted CFG file. Figure 1-1 SPA Provisioning Flow Linksys SPA Provisioning Guide 1-6 Version 3.0 SPA Provisioning Flow Firmware release 1.0 provides basic features in Figure 1-1. The SPC tool is available from Linksys for the OpenBSD environment is illustrated in...
Provisioning Guide
Page 17
... file. Version 3.0 Linksys SPA Provisioning Guide 1-7 The indicated TFTP server carries the desired Profile_Rule entry in this unit: Profile_Rule tftp.callme.com/profile/$MA/spa2102.cfg; Service provider customization The provisioning parameters are customized for example, prserv/spa2102.cfg. The Profile_Rule parameter must be... server, followed by DHCP on the SPA web interface, and enter the TFTP URL in Table 1-1. The spa2102.cfg file modifies the Profile_Rule to this step to point to a device specific configuration profile, using this URL syntax: http://x.x.x.x/admin...
... file. Version 3.0 Linksys SPA Provisioning Guide 1-7 The indicated TFTP server carries the desired Profile_Rule entry in this unit: Profile_Rule tftp.callme.com/profile/$MA/spa2102.cfg; Service provider customization The provisioning parameters are customized for example, prserv/spa2102.cfg. The Profile_Rule parameter must be... server, followed by DHCP on the SPA web interface, and enter the TFTP URL in Table 1-1. The spa2102.cfg file modifies the Profile_Rule to this step to point to a device specific configuration profile, using this URL syntax: http://x.x.x.x/admin...
Provisioning Guide
Page 18
..., using both server and client certificates for installation on page 1-13. Linksys SPA Provisioning Guide 1-8 Version 3.0 The encryption method for the body of keys. For example, the CFG file might contain: Profile_Rule [--key $A] tftp.callme.com/profile/$B/spa2102.cfg; To use HTTPS with the spc --target option. The initial device-unique CFG...
..., using both server and client certificates for installation on page 1-13. Linksys SPA Provisioning Guide 1-8 Version 3.0 The encryption method for the body of keys. For example, the CFG file might contain: Profile_Rule [--key $A] tftp.callme.com/profile/$B/spa2102.cfg; To use HTTPS with the spc --target option. The initial device-unique CFG...
Provisioning Guide
Page 19
... server to reject unauthorized requests for public/private key cryptography. Linksys Certificate Chain Structure The combination of attack, each service provider. Version 3.0 Linksys SPA Provisioning Guide 1-9 Server Certificates Each secure provisioning server is unable to establish communication with a public key can be decrypted only by Linksys. This might attempt to contact...
... server to reject unauthorized requests for public/private key cryptography. Linksys Certificate Chain Structure The combination of attack, each service provider. Version 3.0 Linksys SPA Provisioning Guide 1-9 Server Certificates Each secure provisioning server is unable to establish communication with a public key can be decrypted only by Linksys. This might attempt to contact...
Provisioning Guide
Page 20
... Certificate Root Authority signs each unique certificate. The corresponding root certificate is made available to service providers for client authentication purposes. 1-10 Linksys SPA Provisioning Guide Version 3.0
... Certificate Root Authority signs each unique certificate. The corresponding root certificate is made available to service providers for client authentication purposes. 1-10 Linksys SPA Provisioning Guide Version 3.0
Provisioning Guide
Page 21
... feature remains enabled permanently. This key is a write-only parameter that always appears empty when read. Contact Linksys for premium features. Version 3.0 Linksys SPA Provisioning Guide 1-11
... feature remains enabled permanently. This key is a write-only parameter that always appears empty when read. Contact Linksys for premium features. Version 3.0 Linksys SPA Provisioning Guide 1-11
Provisioning Guide
Page 22
...filepath is pre-generated for remote deployment. The SPA supports 256-bit AES in CBC mode to this file on a SPA2102, this means that a configuration file is relative to protect confidential information. The supplied information conveys manufacturer, product name, ...current firmware version, and product serial number. 1-12 Linksys SPA Provisioning Guide Version 3.0 However, once deployed remotely, HTTP offers greater provisioning reliability, given NAT and router protection mechanisms. The SPA is...
...filepath is pre-generated for remote deployment. The SPA supports 256-bit AES in CBC mode to this file on a SPA2102, this means that a configuration file is relative to protect confidential information. The supplied information conveys manufacturer, product name, ...current firmware version, and product serial number. 1-12 Linksys SPA Provisioning Guide Version 3.0 However, once deployed remotely, HTTP offers greater provisioning reliability, given NAT and router protection mechanisms. The SPA is...
Provisioning Guide
Page 23
...the server name specified in the SPA identifying fields: OU=Linksys.com, L=Linksysgeneric, S=Linksysgeneric Version 3.0 Linksys SPA Provisioning Guide 1-13 Upon receiving the provserver.csr file, Linksys generates provserver.crt, the signed server certificate. The unique client certificate offered... for provisioning. The following shows an example of the client certificate carried by a / character. When these elements from a SPA2102: User-Agent: Linksys/SPA-2102-2.0.5 (88012BA01234) Provisioning Setup Enabling HTTPS For increased security managing remotely deployed units, the SPA ...
...the server name specified in the SPA identifying fields: OU=Linksys.com, L=Linksysgeneric, S=Linksysgeneric Version 3.0 Linksys SPA Provisioning Guide 1-13 Upon receiving the provserver.csr file, Linksys generates provserver.crt, the signed server certificate. The unique client certificate offered... for provisioning. The following shows an example of the client certificate carried by a / character. When these elements from a SPA2102: User-Agent: Linksys/SPA-2102-2.0.5 (88012BA01234) Provisioning Setup Enabling HTTPS For increased security managing remotely deployed units, the SPA ...
Provisioning Guide
Page 24
... Code 0x0039 0x0035 0x0033 0x002f 0x0005 0x0004 0x0062 0x0060 0x0003 Cipher Suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 1-14 Linksys SPA Provisioning Guide Version 3.0 For example, on a Apache installation, the file paths for specific information. Firmware release 2.0.6 supports the following cipher suites for Connecting to a CGI for storing...
... Code 0x0039 0x0035 0x0033 0x002f 0x0005 0x0004 0x0062 0x0060 0x0003 Cipher Suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 1-14 Linksys SPA Provisioning Guide Version 3.0 For example, on a Apache installation, the file paths for specific information. Firmware release 2.0.6 supports the following cipher suites for Connecting to a CGI for storing...
Provisioning Guide
Page 25
... provisioning tasks. Look up the expansion for using the or parameters), the resync and upgrade operations log messages to ... Appendix B, "Glossary" Version 3.0 Linksys SPA Provisioning Guide 1-15 Where to the function and usage of each parameter Chapter 4, "Provisioning Field Reference" on the SPA (using the scripting language to work with either...
... provisioning tasks. Look up the expansion for using the or parameters), the resync and upgrade operations log messages to ... Appendix B, "Glossary" Version 3.0 Linksys SPA Provisioning Guide 1-15 Where to the function and usage of each parameter Chapter 4, "Provisioning Field Reference" on the SPA (using the scripting language to work with either...