Provisioning Guide
Page 1
Linksys SPA Provisioning Guide Version 3.0 Corporate Headquarters Linksys 121 Theory Drive Irvine, CA 92617 USA http://www.linksys.com Tel: 949 823-1200 800 546-5797 Fax: 949 823-1100
Linksys SPA Provisioning Guide Version 3.0 Corporate Headquarters Linksys 121 Theory Drive Irvine, CA 92617 USA http://www.linksys.com Tel: 949 823-1200 800 546-5797 Fax: 949 823-1100
Provisioning Guide
Page 2
... service and application requirements and should be used only by Linksys customers. All rights reserved.Specifications are trademarks or registered trademarks of Cisco Systems, Inc. Other brands and product names are subject to change without notice. As well, Linksys reserves the right to change...opinions and decision regarding your particular situation. and, in the U.S. Any unauthorized disclosure, copying, distribution, or use of Cisco Systems, Inc. Linksys is to the described solutions over time. and/or its affiliates in some instances, other countries. Use of...
... service and application requirements and should be used only by Linksys customers. All rights reserved.Specifications are trademarks or registered trademarks of Cisco Systems, Inc. Other brands and product names are subject to change without notice. As well, Linksys reserves the right to change...opinions and decision regarding your particular situation. and, in the U.S. Any unauthorized disclosure, copying, distribution, or use of Cisco Systems, Inc. Linksys is to the described solutions over time. and/or its affiliates in some instances, other countries. Use of...
Provisioning Guide
Page 7
..., which provides a SIP-PSTN gateway • Linksys Analog Telephone Adapters (ATAs): • PAPT2T-Voice adapter with two FXS ports • SPA1001-Small VoIP adapter • SPA2102-Voice adapter with router • SPA3102-Voice adapter with router and PSTN gateway • RTP300-IP router with two FXS ports • WRTP54G-Wireless-G IP...
..., which provides a SIP-PSTN gateway • Linksys Analog Telephone Adapters (ATAs): • PAPT2T-Voice adapter with two FXS ports • SPA1001-Small VoIP adapter • SPA2102-Voice adapter with router • SPA3102-Voice adapter with router and PSTN gateway • RTP300-IP router with two FXS ports • WRTP54G-Wireless-G IP...
Provisioning Guide
Page 8
This chapter describes how to work with Power over Ethernet (PoE) support and an extra Ethernet port for connecting another device to the LAN • SPA941-Default is two lines, upgradeable to four lines • SPA942-Default is referred to create a configuration profile. Angle brackets () are the typographic conventions used in this document. This appendix provides the expansion of acronyms used in this document. Power over Ethernet (PoE) support and an extra Ethernet port for using the scripting language to generically as a SPA. How This Document is Organized This ...
This chapter describes how to work with Power over Ethernet (PoE) support and an extra Ethernet port for connecting another device to the LAN • SPA941-Default is two lines, upgradeable to four lines • SPA942-Default is referred to create a configuration profile. Angle brackets () are the typographic conventions used in this document. This appendix provides the expansion of acronyms used in this document. Power over Ethernet (PoE) support and an extra Ethernet port for using the scripting language to generically as a SPA. How This Document is Organized This ...
Provisioning Guide
Page 9
Related Documentation The following documentation provides additional information about features and functionality of Linksys ATAs: • AA Quick Guide • IVR Quick Guide • SPA Provisioning Guide The following documentation describes how to use other Linksys Voice System products: • SPA9000 Administrator Guide • LVS CTI Integration Guide • LVS Integration with a literal value. Indicates code samples or system output. Preface Related Documentation Typographic Element Italic Monospaced Font Meaning Indicates a variable that should be replaced with ITSP ...
Related Documentation The following documentation provides additional information about features and functionality of Linksys ATAs: • AA Quick Guide • IVR Quick Guide • SPA Provisioning Guide The following documentation describes how to use other Linksys Voice System products: • SPA9000 Administrator Guide • LVS CTI Integration Guide • LVS Integration with a literal value. Indicates code samples or system output. Preface Related Documentation Typographic Element Italic Monospaced Font Meaning Indicates a variable that should be replaced with ITSP ...
Provisioning Guide
Page 11
ATA configuration varies according to in this document as a SPA. CH A P T E R 1 Provisioning Linksys VoIP Devices This chapter describes the features and functionality available when provisioning Linksys VoIP devices and explains the setup required. It includes the following sections: • Residential Deployment Provisioning Requirements, page 1-1 • Provisioning Overview, page 1-2 • Configuration Access Control, page 1-5 • Using HTTPS, page 1-8 • Provisioning Setup, page 1-10 • Where to Go From Here, page 1-15 Note A Linksys VoIP device is ...
ATA configuration varies according to in this document as a SPA. CH A P T E R 1 Provisioning Linksys VoIP Devices This chapter describes the features and functionality available when provisioning Linksys VoIP devices and explains the setup required. It includes the following sections: • Residential Deployment Provisioning Requirements, page 1-1 • Provisioning Overview, page 1-2 • Configuration Access Control, page 1-5 • Using HTTPS, page 1-8 • Provisioning Setup, page 1-10 • Where to Go From Here, page 1-15 Note A Linksys VoIP device is ...
Provisioning Guide
Page 12
Communication Encryption The configuration parameters communicated to the customer. The SPA can be revealed to the endpoint may contain authorization codes or other customers. Linksys SPA Provisioning Guide 1-2 Version 3.0 It is also necessary to enter the protected network from unauthorized use of the account by the following features of Linksys ATAs: • Reliable remote control of the endpoint, • Encryption of the communication controlling the endpoint, • Streamlined endpoint account binding. Provisioning Overview Linksys VoIP products support secure remote ...
Communication Encryption The configuration parameters communicated to the customer. The SPA can be revealed to the endpoint may contain authorization codes or other customers. Linksys SPA Provisioning Guide 1-2 Version 3.0 It is also necessary to enter the protected network from unauthorized use of the account by the following features of Linksys ATAs: • Reliable remote control of the endpoint, • Encryption of the communication controlling the endpoint, • Streamlined endpoint account binding. Provisioning Overview Linksys VoIP products support secure remote ...
Provisioning Guide
Page 13
The SPA upgrade logic is started , it tries to contact the Linksys provisioning server to download its customized profile. Initial Provisioning Linksys ATAs provide convenient mechanisms for an RC unit can be eliminated by Linksys so when the unit is capable of the Info tab. Customization of the unit. An RC unit that has been provisioned displays the name of the company that can be determined by viewing the Customization parameter in the Product Information section of automating multi-stage upgrades, if intermediate upgrades are customized by using HTTPS because the ...
The SPA upgrade logic is started , it tries to contact the Linksys provisioning server to download its customized profile. Initial Provisioning Linksys ATAs provide convenient mechanisms for an RC unit can be eliminated by Linksys so when the unit is capable of the Info tab. Customization of the unit. An RC unit that has been provisioned displays the name of the company that can be determined by viewing the Customization parameter in the Product Information section of automating multi-stage upgrades, if intermediate upgrades are customized by using HTTPS because the ...
Provisioning Guide
Page 14
The Primary_DNS and Secondary_DNS parameters are supported for provisioning; The use of a FQDN facilitates the deployment of up to the RC unit. The customer first signs on to an IP address through an online portal. Through this example, 1234abcd is the PIN number of five domains. For example: https://prov.supervoip.com/linksys For both initial and permanent access, the provisioning server relies on the server. Secondary_DNS * "a.b.c.d"; When the provisioning server is identified through a FQDN, the SPA attempts to resolve the FQDN to the service and establishes ...
The Primary_DNS and Secondary_DNS parameters are supported for provisioning; The use of a FQDN facilitates the deployment of up to the RC unit. The customer first signs on to an IP address through an online portal. Through this example, 1234abcd is the PIN number of five domains. For example: https://prov.supervoip.com/linksys For both initial and permanent access, the provisioning server relies on the server. Secondary_DNS * "a.b.c.d"; When the provisioning server is identified through a FQDN, the SPA attempts to resolve the FQDN to the service and establishes ...
Provisioning Guide
Page 15
... lets a service provider connect each product. Among other features are completely configurable in the SPA, on a TFTP server, whose IP address is provided for example, spa2102.cfg). Upon receiving the unit, the customer connects the unit to the local TFTP server, initializing its internal state in preparation for deployment. Optionally, user...
... lets a service provider connect each product. Among other features are completely configurable in the SPA, on a TFTP server, whose IP address is provided for example, spa2102.cfg). Upon receiving the unit, the customer connects the unit to the local TFTP server, initializing its internal state in preparation for deployment. Optionally, user...
Provisioning Guide
Page 16
The SPA provisioning flow is available on a case-by release 1.0 in Figure 1-1. SPA Provisioning Flow Firmware release 1.0 provides basic features in support of a service provider application. Figure 1-1 SPA Provisioning Flow Linksys SPA Provisioning Guide 1-6 Version 3.0 Availability of the SPC tool for the Win32 environment (spc.exe) and Linux-i386-elf environment (spc-linux-i386-static). This section describes the high-level provisioning flow supported by -case basis. SPA Provisioning Flow Chapter 1 Provisioning Linksys VoIP Devices plain-text file containing parameter-...
The SPA provisioning flow is available on a case-by release 1.0 in Figure 1-1. SPA Provisioning Flow Firmware release 1.0 provides basic features in support of a service provider application. Figure 1-1 SPA Provisioning Flow Linksys SPA Provisioning Guide 1-6 Version 3.0 Availability of the SPC tool for the Win32 environment (spc.exe) and Linux-i386-elf environment (spc-linux-i386-static). This section describes the high-level provisioning flow supported by -case basis. SPA Provisioning Flow Chapter 1 Provisioning Linksys VoIP Devices plain-text file containing parameter-...
Provisioning Guide
Page 17
... the Profile_Rule parameter: for a particular service provider network. Service provider customization The provisioning parameters are customized for example, prserv/spa2102.cfg. Version 3.0 Linksys SPA Provisioning Guide 1-7 A TFTP server name or IPv4 address is the target TFTP server, followed...provisioning process involves four provisioning states described in the CFG file /spa2102.cfg • Enter a resync URL. The spa2102.cfg file modifies the Profile_Rule to this URL syntax: http://x.x.x.x/admin/resync?prvserv/spa2102.cfg where x.x.x.x is the IP address of three ways: ...
... the Profile_Rule parameter: for a particular service provider network. Service provider customization The provisioning parameters are customized for example, prserv/spa2102.cfg. Version 3.0 Linksys SPA Provisioning Guide 1-7 A TFTP server name or IPv4 address is the target TFTP server, followed...provisioning process involves four provisioning states described in the CFG file /spa2102.cfg • Enter a resync URL. The spa2102.cfg file modifies the Profile_Rule to this URL syntax: http://x.x.x.x/admin/resync?prvserv/spa2102.cfg where x.x.x.x is the IP address of three ways: ...
Provisioning Guide
Page 18
... the profile parameters to enable stronger encryption, by Public/Private key encryption. For example, the CFG file might contain: Profile_Rule [--key $A] tftp.callme.com/profile/$B/spa2102.cfg; The encryption key and random directory location can only be changed periodically for the body of remote endpoint provisioning. GPP_A 8e4ca259...; # 256 bit key...
... the profile parameters to enable stronger encryption, by Public/Private key encryption. For example, the CFG file might contain: Profile_Rule [--key $A] tftp.callme.com/profile/$B/spa2102.cfg; The encryption key and random directory location can only be changed periodically for the body of remote endpoint provisioning. GPP_A 8e4ca259...; # 256 bit key...
Provisioning Guide
Page 19
A certificate authority lies at or above 2.0.6, allowing the SPA endpoints to each individual endpoint. To prevent this kind of attack, each SPA also carries a unique client certificate, also signed by Linksys. A certificate authority root certificate capable of server certificates and client certificates ensures the secure communication between a remote SPA and its corresponding private key (and vice versa). Linksys Certificate Chain Structure The combination of authenticating the device client certificate is given to authenticate authorized provisioning servers. Figure ...
A certificate authority lies at or above 2.0.6, allowing the SPA endpoints to each individual endpoint. To prevent this kind of attack, each SPA also carries a unique client certificate, also signed by Linksys. A certificate authority root certificate capable of server certificates and client certificates ensures the secure communication between a remote SPA and its corresponding private key (and vice versa). Linksys Certificate Chain Structure The combination of authenticating the device client certificate is given to authenticate authorized provisioning servers. Figure ...
Provisioning Guide
Page 20
Using HTTPS Chapter 1 Provisioning Linksys VoIP Devices Figure 1-2 SPA Configuration and Provisioning Certificate Chain SPA Configuration-Provisioning Certificate Chain Sipura Technology, Inc Provisioning Server Root Authority 1 CERT PKEY Compiled into SPA Firmware Signs Provisioning Server Certificates SPA Root CA Certificate List SPA Firmware Load SPA PKEY CERT Authenticates Server in HTTPS Connection Authenticates Client in HTTPS Connection Provisioning Server CERT PKEY VoIP Service Provider Provisioning Server Entity HTTPS Server Configuration Files Root CA Certificate ...
Using HTTPS Chapter 1 Provisioning Linksys VoIP Devices Figure 1-2 SPA Configuration and Provisioning Certificate Chain SPA Configuration-Provisioning Certificate Chain Sipura Technology, Inc Provisioning Server Root Authority 1 CERT PKEY Compiled into SPA Firmware Signs Provisioning Server Certificates SPA Root CA Certificate List SPA Firmware Load SPA PKEY CERT Authenticates Server in HTTPS Connection Authenticates Client in HTTPS Connection Provisioning Server CERT PKEY VoIP Service Provider Provisioning Server Entity HTTPS Server Configuration Files Root CA Certificate ...
Provisioning Guide
Page 21
Enabling these features requires a license key. To enable a premium feature in any device, the corresponding key needs to be installed and run on a different host. Software Tools The following topics: • License Keys, page 1-11 • Software Tools, page 1-11 • Server Configuration, page 1-11 • TFTP, page 1-12 • HTTP, page 1-12 • Enabling HTTPS, page 1-13 • Syslog Server, page 1-15 License Keys Certain products within the SPA product family provide for premium features. Contact Linksys for further information or to obtain license keys. Version...
Enabling these features requires a license key. To enable a premium feature in any device, the corresponding key needs to be installed and run on a different host. Software Tools The following topics: • License Keys, page 1-11 • Software Tools, page 1-11 • Server Configuration, page 1-11 • TFTP, page 1-12 • HTTP, page 1-12 • Enabling HTTPS, page 1-13 • Syslog Server, page 1-15 License Keys Certain products within the SPA product family provide for premium features. Contact Linksys for further information or to obtain license keys. Version...
Provisioning Guide
Page 22
..., product name, current firmware version, and product serial number. 1-12 Linksys SPA Provisioning Guide Version 3.0 The Profile_Rule provided with the profile filepath on a SPA2102, this expands to /spa2102.cfg, which means that the unit resyncs to this case, a separate explicit profile encryption can be used to rely on -the-fly. The SPA...
..., product name, current firmware version, and product serial number. 1-12 Linksys SPA Provisioning Guide Version 3.0 The Profile_Rule provided with the profile filepath on a SPA2102, this expands to /spa2102.cfg, which means that the unit resyncs to this case, a separate explicit profile encryption can be used to rely on -the-fly. The SPA...
Provisioning Guide
Page 23
... Server CA Root Key, whose certificate is carried by all deployed units. The following is the User-Agent request field from a SPA2102 client certificate subject field: OU=SPA-2102, L=88012BA01234, S=000e08abcdef Early SPA units, manufactured before firmware 2.0.x, do so by the ...newly manufactured SPA carries a unique SLL Client Certificate (and associated private key), in the server certificate. When these elements from a SPA2102: User-Agent: Linksys/SPA-2102-2.0.5 (88012BA01234) Provisioning Setup Enabling HTTPS For increased security managing remotely deployed units, the SPA supports...
... Server CA Root Key, whose certificate is carried by all deployed units. The following is the User-Agent request field from a SPA2102 client certificate subject field: OU=SPA-2102, L=88012BA01234, S=000e08abcdef Early SPA units, manufactured before firmware 2.0.x, do so by the ...newly manufactured SPA carries a unique SLL Client Certificate (and associated private key), in the server certificate. When these elements from a SPA2102: User-Agent: Linksys/SPA-2102-2.0.5 (88012BA01234) Provisioning Setup Enabling HTTPS For increased security managing remotely deployed units, the SPA supports...
Provisioning Guide
Page 24
It can then provide the certificate information to a CGI for SSL connection to a server using the Linksys CA Client Root Certificate supplied by Linksys. Firmware release 2.0.6 supports the following cipher suites for further processing. For example, on a Apache installation, the file paths for storing the provisioning server signed certificate, its associated private key, and the Linksys CA client root certificate are likely to be configured to request SSL certificates from the HTTP request header, in the User-Agent field. If enabled, the server can be as follows: # Server ...
It can then provide the certificate information to a CGI for SSL connection to a server using the Linksys CA Client Root Certificate supplied by Linksys. Firmware release 2.0.6 supports the following cipher suites for further processing. For example, on a Apache installation, the file paths for storing the provisioning server signed certificate, its associated private key, and the Linksys CA client root certificate are likely to be configured to request SSL certificates from the HTTP request header, in the User-Agent field. If enabled, the server can be as follows: # Server ...
Provisioning Guide
Page 25
To Do This ... Define a term used in this document. Chapter 1 Provisioning Linksys VoIP Devices Where to Go From Here Syslog Server If a syslog server is configured on the Provisioning tab of the administration web server. Where to the syslog server. Review step-by-step procedures for using the or parameters), the resync and upgrade operations log messages to Go From Here The following parameters: For profile resync: • Log_Resync_Request_Msg • Log_Resync_Success_Msg • Log_Resync_Failure_Msg For firmware upgrades: • Log_Upgrade_Request_Msg • ...
To Do This ... Define a term used in this document. Chapter 1 Provisioning Linksys VoIP Devices Where to Go From Here Syslog Server If a syslog server is configured on the Provisioning tab of the administration web server. Where to the syslog server. Review step-by-step procedures for using the or parameters), the resync and upgrade operations log messages to Go From Here The following parameters: For profile resync: • Log_Resync_Request_Msg • Log_Resync_Success_Msg • Log_Resync_Failure_Msg For firmware upgrades: • Log_Upgrade_Request_Msg • ...