Provisioning Guide
Page 2
... v Document Conventions vi Chapter 1: Provisioning Cisco Small Business VoIP Devices 7 Small Business and Residential Deployment Provisioning 7 Remote Endpoint Control and NAT 8 Communication Encryption 8 Provisioning Overview 9 Remote Firmware Upgrade 9 Initial Provisioning 10 Deploying RC Units 10 Redundant Provisioning Servers 11 Retail Provisioning 11 Automatic In-House Preprovisioning 12 Configuration Access Control 13 Configuration Profiles 13 Provisioning States 15...
... v Document Conventions vi Chapter 1: Provisioning Cisco Small Business VoIP Devices 7 Small Business and Residential Deployment Provisioning 7 Remote Endpoint Control and NAT 8 Communication Encryption 8 Provisioning Overview 9 Remote Firmware Upgrade 9 Initial Provisioning 10 Deploying RC Units 10 Redundant Provisioning Servers 11 Retail Provisioning 11 Automatic In-House Preprovisioning 12 Configuration Access Control 13 Configuration Profiles 13 Provisioning States 15...
Provisioning Guide
Page 3
... and the SIP Profile Compiler Open Format Configuration File Element Tags, Attributes, Parameters, and Formatting Configuration File Compression File Encryption Encrypting a File with the SPC Generic Targeted Explicit Key Status Messages Sample Configuration File Proprietary Plain-Text Configuration File Source Text Syntax Comments Macro Expansion Conditional Expressions ... Enables Triggers Configurable Schedules Profile Rules Report Rule Upgrade Rule Data Types Contents 27 28 28 29 33 34 35 35 36 36 37 37 37 38 40 40 41 43 44 45 47 48 48 49 50 51 53 55 56 Cisco Small Business IP Telephony ...
... and the SIP Profile Compiler Open Format Configuration File Element Tags, Attributes, Parameters, and Formatting Configuration File Compression File Encryption Encrypting a File with the SPC Generic Targeted Explicit Key Status Messages Sample Configuration File Proprietary Plain-Text Configuration File Source Text Syntax Comments Macro Expansion Conditional Expressions ... Enables Triggers Configurable Schedules Profile Rules Report Rule Upgrade Rule Data Types Contents 27 28 28 29 33 34 35 35 36 36 37 37 37 38 40 40 41 43 44 45 47 48 48 49 50 51 53 55 56 Cisco Small Business IP Telephony ...
Provisioning Guide
Page 6
... extra 10/100 Ethernet port for service providers who offer services using the scripting Tutorial" language to work with Cisco Small Business provisioning scripts and configuration profiles. Chapter 2, "Creating Provisioning Scripts" Describes how to create a configuration profile. Cisco Small Business IP Telephony Devices Provisioning Guide v Preface - Power over Ethernet (PoE), 10/100 switch, BlueTooth, WiFi 802.11g, USB...
... extra 10/100 Ethernet port for service providers who offer services using the scripting Tutorial" language to work with Cisco Small Business provisioning scripts and configuration profiles. Chapter 2, "Creating Provisioning Scripts" Describes how to create a configuration profile. Cisco Small Business IP Telephony Devices Provisioning Guide v Preface - Power over Ethernet (PoE), 10/100 switch, BlueTooth, WiFi 802.11g, USB...
Provisioning Guide
Page 7
... for information and support. Typographic Element Boldface Italic Monospaced Font Meaning An option on the configuration pages of the administration web server. Appendix C, "Where to Go From Here" Links to be replaced with a literal value. Angle brackets () identify parameters that should be entered in a field. Cisco Small Business IP Telephony Devices Provisioning Guide vi
... for information and support. Typographic Element Boldface Italic Monospaced Font Meaning An option on the configuration pages of the administration web server. Appendix C, "Where to Go From Here" Links to be replaced with a literal value. Angle brackets () identify parameters that should be entered in a field. Cisco Small Business IP Telephony Devices Provisioning Guide vi
Provisioning Guide
Page 8
... firmware upgrades to the individual customer and with the same customer over a period of time. Device configuration varies according to the endpoint. 1 Provisioning Cisco Small Business VoIP Devices This chapter describes the features and functionality available when provisioning Cisco Small Business IP Telephony devices and explains the setup required. The IP Telephony device can be modified to...
... firmware upgrades to the individual customer and with the same customer over a period of time. Device configuration varies according to the endpoint. 1 Provisioning Cisco Small Business VoIP Devices This chapter describes the features and functionality available when provisioning Cisco Small Business IP Telephony devices and explains the setup required. The IP Telephony device can be modified to...
Provisioning Guide
Page 9
...Cisco Small Business VoIP Devices Small Business and Residential Deployment Provisioning 1 This customized, ongoing configuration is in the customer's interest to prevent the unauthorized use of the communication controlling the endpoint • Streamlined endpoint account binding Remote Endpoint Control and NAT A service provider can remotely modify the configuration... features: • Reliable remote control of the endpoint • Encryption of the account. Cisco Small Business IP Telephony Devices Provisioning Guide 8 The IP Telephony device accesses the Internet through a router ...
...Cisco Small Business VoIP Devices Small Business and Residential Deployment Provisioning 1 This customized, ongoing configuration is in the customer's interest to prevent the unauthorized use of the communication controlling the endpoint • Streamlined endpoint account binding Remote Endpoint Control and NAT A service provider can remotely modify the configuration... features: • Reliable remote control of the endpoint • Encryption of the account. Cisco Small Business IP Telephony Devices Provisioning Guide 8 The IP Telephony device accesses the Internet through a router ...
Provisioning Guide
Page 10
...but not by using HTTPS because the firmware does not contain sensitive information. Each IP Telephony device can be configured to resynchronize its customized profile. An IP Telephony device can be generated by using common, open source tools... upgrades are designed for that when the unit is supported. Communication with a client certificate. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Provisioning Overview Cisco Small Business provisioning solutions are required to reach a current upgrade state from an older release. General purpose parameters...
...but not by using HTTPS because the firmware does not contain sensitive information. Each IP Telephony device can be configured to resynchronize its customized profile. An IP Telephony device can be generated by using common, open source tools... upgrades are designed for that when the unit is supported. Communication with a client certificate. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Provisioning Overview Cisco Small Business provisioning solutions are required to reach a current upgrade state from an older release. General purpose parameters...
Provisioning Guide
Page 11
...configuration of the device. • Bulk distribution-The service provider acquires IP Telephony devices in bulk quantity and either preprovisions the IP Telephony Devices in -house preprovisioning of the devices and reducing the need for volume deployments of Cisco Small Business IP Telephony devices with the connection information for the Cisco Small Business...the service provider. Resync_Periodic * "30"; Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Initial Provisioning Cisco Small Business IP Telephony devices provide convenient mechanisms for initial ...
...configuration of the device. • Bulk distribution-The service provider acquires IP Telephony devices in bulk quantity and either preprovisions the IP Telephony Devices in -house preprovisioning of the devices and reducing the need for volume deployments of Cisco Small Business IP Telephony devices with the connection information for the Cisco Small Business...the service provider. Resync_Periodic * "30"; Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Initial Provisioning Cisco Small Business IP Telephony devices provide convenient mechanisms for initial ...
Provisioning Guide
Page 12
...server. The remote provisioning server is configured to the service and establishes a VoIP account, possibly through a resync URL command. The server also accepts a special URL command syntax for provisioning; Cisco Small Business IP Telephony Devices Provisioning Guide 11... The customer signs on the URL and the supplied PIN. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 The Restricted Access Domain parameter is configured with the actual domain names...
...server. The remote provisioning server is configured to the service and establishes a VoIP account, possibly through a resync URL command. The server also accepts a special URL command syntax for provisioning; Cisco Small Business IP Telephony Devices Provisioning Guide 11... The customer signs on the URL and the supplied PIN. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 The Restricted Access Domain parameter is configured with the actual domain names...
Provisioning Guide
Page 13
... in -house preprovisioning. Automatic In-House Preprovisioning Using the administration web server and issuing a resync URL is convenient for a customer in a single step, and is configured for its MAC address or serial number before being shipped to the customer. Cisco Small Business IP Telephony Devices Provisioning Guide 12
... in -house preprovisioning. Automatic In-House Preprovisioning Using the administration web server and issuing a resync URL is convenient for a customer in a single step, and is configured for its MAC address or serial number before being shipped to the customer. Cisco Small Business IP Telephony Devices Provisioning Guide 12
Provisioning Guide
Page 14
... of a device to access basic IVR functions and to an Admin account and a User account. Cisco Small Business IP Telephony Devices Provisioning Guide 13 Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Configuration Access Control Besides configuration parameters that can be encrypted by using the IVR. • Restrict the Internet domains accessed by HTTPS. • Proprietary, plain-text...
... of a device to access basic IVR functions and to an Admin account and a User account. Cisco Small Business IP Telephony Devices Provisioning Guide 13 Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Configuration Access Control Besides configuration parameters that can be encrypted by using the IVR. • Restrict the Internet domains accessed by HTTPS. • Proprietary, plain-text...
Provisioning Guide
Page 16
... can be performed through the following entry contacts a specific provisioning server, requesting a new profile unique to contact a specific TFTP server and request a configuration file identified by DHCP. Provisioning Cisco Small Business VoIP Devices Provisioning States 1 Provisioning States The provisioning process involves four provisioning states. The URL starts a web browser and requests a resync to a specific...
... can be performed through the following entry contacts a specific provisioning server, requesting a new profile unique to contact a specific TFTP server and request a configuration file identified by DHCP. Provisioning Cisco Small Business VoIP Devices Provisioning States 1 Provisioning States The provisioning process involves four provisioning states. The URL starts a web browser and requests a resync to a specific...
Provisioning Guide
Page 17
... the profile parameters to enable stronger encryption by compiling the CFG file with the provisioning server. Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 Flow Step SEC-PRV-1 Secure Provisioning-Initial Configuration SEC-PRV-2 Secure Provisioning-Full Configuration Step Description The initial device-unique CFG file is described in a state synchronized to the IP Telephony...
... the profile parameters to enable stronger encryption by compiling the CFG file with the provisioning server. Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 Flow Step SEC-PRV-1 Secure Provisioning-Initial Configuration SEC-PRV-2 Secure Provisioning-Full Configuration Step Description The initial device-unique CFG file is described in a state synchronized to the IP Telephony...
Provisioning Guide
Page 18
... the provisioning server. Messages encrypted by the secret key can be able to reprovision the IP Telephony device, to gain configuration information, or to a server by Public/Private key encryption. HTTPS also provides for public/ private key cryptography. The firmware... public key. This mechanism protects the service provider from other devices on the IP Telephony device recognizes only a Cisco certificate as valid. Cisco Small Business IP Telephony Devices Provisioning Guide 17 HTTPS supports a wide range of remote endpoint provisioning. Server Certificate Each secure...
... the provisioning server. Messages encrypted by the secret key can be able to reprovision the IP Telephony device, to gain configuration information, or to a server by Public/Private key encryption. HTTPS also provides for public/ private key cryptography. The firmware... public key. This mechanism protects the service provider from other devices on the IP Telephony device recognizes only a Cisco certificate as valid. Cisco Small Business IP Telephony Devices Provisioning Guide 17 HTTPS supports a wide range of remote endpoint provisioning. Server Certificate Each secure...
Provisioning Guide
Page 19
... server to obtain the configuration profile from the provisioning server. Certificate Structure The combination of attack, each service provider. The corresponding root certificate is used to sign the individual provisioning server certificate. The upper half of authenticating the device client certificate is given to authenticate authorized provisioning servers. Cisco Small Business IP Telephony Devices...
... server to obtain the configuration profile from the provisioning server. Certificate Structure The combination of attack, each service provider. The corresponding root certificate is used to sign the individual provisioning server certificate. The upper half of authenticating the device client certificate is given to authenticate authorized provisioning servers. Cisco Small Business IP Telephony Devices...
Provisioning Guide
Page 21
... • HTTPS, page 26 • Syslog Server, page 28 Software Tools The following software tools are useful for provisioning Cisco Small Business IP Telephony devices: • Open source gzip compression utility, used when generating configuration profiles • Open source OpenSSL software package for profile encryption and HTTPS operations • Scripting language with CGI scripting...
... • HTTPS, page 26 • Syslog Server, page 28 Software Tools The following software tools are useful for provisioning Cisco Small Business IP Telephony devices: • Open source gzip compression utility, used when generating configuration profiles • Open source OpenSSL software package for profile encryption and HTTPS operations • Scripting language with CGI scripting...
Provisioning Guide
Page 22
... DHCP server through DHCP option 66. TFTP TFTP is convenient for remote deployment. Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 Server Configuration Provisioning requires the availability of servers that for testing purposes can be configured only with the factory default configuration is /device.cfg For example, on the local TFTP server, if that is specified...
... DHCP server through DHCP option 66. TFTP TFTP is convenient for remote deployment. Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 Server Configuration Provisioning requires the availability of servers that for testing purposes can be configured only with the factory default configuration is /device.cfg For example, on the local TFTP server, if that is specified...
Provisioning Guide
Page 23
...the computational load on a TFTP server for the provisioning of both provisioning resync and firmware upgrade operations. Cisco Small Business voice devices support TFTP for retrieving configuration profiles. As part of network devices. Alternatively, the requested URL can invoke a CGI script (still using...as it is common to rely on the provisioning server that a configuration file is the User-Agent request field from a SPA962: User-Agent: cisco/SPA-962-2.0.5 (88012BA01234) Cisco Small Business IP Telephony Devices Provisioning Guide 22 The IP Telephony device supports ...
...the computational load on a TFTP server for the provisioning of both provisioning resync and firmware upgrade operations. Cisco Small Business voice devices support TFTP for retrieving configuration profiles. As part of network devices. Alternatively, the requested URL can invoke a CGI script (still using...as it is common to rely on the provisioning server that a configuration file is the User-Agent request field from a SPA962: User-Agent: cisco/SPA-962-2.0.5 (88012BA01234) Cisco Small Business IP Telephony Devices Provisioning Guide 22 The IP Telephony device supports ...
Provisioning Guide
Page 25
...crt # Server Private Key: SSLCertificateKeyFile /etc/httpd/conf/provserver.key # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/spacroot.crt Cisco Small Business IP Telephony Devices Provisioning Guide 24 When these elements: OU=SPA-962, L=88012BA01234, S=000e08abcdef Early units, manufactured before firmware 2.0.x,...value expands to either Installed or Not Installed, according to handle secure requests. If enabled, the server can be configured to request SSL certificates from a SPA962 client certificate subject field shows these units are upgraded to a CGI for ...
...crt # Server Private Key: SSLCertificateKeyFile /etc/httpd/conf/provserver.key # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/spacroot.crt Cisco Small Business IP Telephony Devices Provisioning Guide 24 When these elements: OU=SPA-962, L=88012BA01234, S=000e08abcdef Early units, manufactured before firmware 2.0.x,...value expands to either Installed or Not Installed, according to handle secure requests. If enabled, the server can be configured to request SSL certificates from a SPA962 client certificate subject field shows these units are upgraded to a CGI for ...
Provisioning Guide
Page 26
... 0x002f TLS_RSA_WITH_AES_128_CBC_SHA 0x0005 TLS_RSA_WITH_RC4_128_SHA 0x0004 TLS_RSA_WITH_RC4_128_MD5 0x0062 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0060 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 0x0003 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Syslog Server If a syslog server is configured on the IP Telephony device (using HTTPS. Log_Resync_Request_Msg - Log_Resync_Failure_Msg Cisco Small Business IP Telephony Devices Provisioning Guide 25 Log_Resync_Success_Msg - Firmware release 2.0.6 supports the following parameters: • For profile resync: - A message...
... 0x002f TLS_RSA_WITH_AES_128_CBC_SHA 0x0005 TLS_RSA_WITH_RC4_128_SHA 0x0004 TLS_RSA_WITH_RC4_128_MD5 0x0062 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0060 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 0x0003 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Syslog Server If a syslog server is configured on the IP Telephony device (using HTTPS. Log_Resync_Request_Msg - Log_Resync_Failure_Msg Cisco Small Business IP Telephony Devices Provisioning Guide 25 Log_Resync_Success_Msg - Firmware release 2.0.6 supports the following parameters: • For profile resync: - A message...