Provisioning Guide
Page 2
...Document iv Purpose iv Document Audience v Organization v Document Conventions vi Chapter 1: Provisioning Cisco Small Business VoIP Devices 7 Small Business and Residential Deployment Provisioning 7 Remote Endpoint Control and NAT 8 Communication Encryption 8 Provisioning Overview 9 Remote Firmware Upgrade 9 Initial Provisioning 10 Deploying RC Units 10 Redundant Provisioning Servers 11 Retail Provisioning ... Tools 20 Server Configuration 21 HTTPS 23 Syslog Server 25 Where to Go From Here 26 Cisco Small Business IP Telephony Devices Provisioning Guide i
...Document iv Purpose iv Document Audience v Organization v Document Conventions vi Chapter 1: Provisioning Cisco Small Business VoIP Devices 7 Small Business and Residential Deployment Provisioning 7 Remote Endpoint Control and NAT 8 Communication Encryption 8 Provisioning Overview 9 Remote Firmware Upgrade 9 Initial Provisioning 10 Deploying RC Units 10 Redundant Provisioning Servers 11 Retail Provisioning ... Tools 20 Server Configuration 21 HTTPS 23 Syslog Server 25 Where to Go From Here 26 Cisco Small Business IP Telephony Devices Provisioning Guide i
Provisioning Guide
Page 8
... ensures the proper operation of time. Device configuration varies according to residential and small business customers. The IP Telephony device can be operated in the service provider network, or deliver firmware upgrades to provision new features, support modifications in a LAN environment. Cisco Small Business IP Telephony Devices Provisioning Guide 7 Also, the configuration might be used as...
... ensures the proper operation of time. Device configuration varies according to residential and small business customers. The IP Telephony device can be operated in the service provider network, or deliver firmware upgrades to provision new features, support modifications in a LAN environment. Cisco Small Business IP Telephony Devices Provisioning Guide 7 Also, the configuration might be used as...
Provisioning Guide
Page 9
...the following features: • Reliable remote control of the endpoint • Encryption of the account. Provisioning Cisco Small Business VoIP Devices Small Business and Residential Deployment Provisioning 1 This customized, ongoing configuration is in the customer's interest to prevent the unauthorized...premises and upgrade the firmware. The service provider can encrypt the configuration profile communication between the provisioning server and the IP Telephony device, in addition to restricting access to the administration web server. Cisco Small Business IP Telephony Devices ...
...the following features: • Reliable remote control of the endpoint • Encryption of the account. Provisioning Cisco Small Business VoIP Devices Small Business and Residential Deployment Provisioning 1 This customized, ongoing configuration is in the customer's interest to prevent the unauthorized...premises and upgrade the firmware. The service provider can encrypt the configuration profile communication between the provisioning server and the IP Telephony device, in addition to restricting access to the administration web server. Cisco Small Business IP Telephony Devices ...
Provisioning Guide
Page 10
... tools that facilitate integration into service provider provisioning systems. Cisco Small Business IP Telephony devices support secure remote provisioning and firmware upgrades. Each IP Telephony device can be configured to the Internet through a mechanism that uses SSL functionality. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Provisioning Overview Cisco Small Business provisioning solutions are designed for that device without requiring...
... tools that facilitate integration into service provider provisioning systems. Cisco Small Business IP Telephony devices support secure remote provisioning and firmware upgrades. Each IP Telephony device can be configured to the Internet through a mechanism that uses SSL functionality. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Provisioning Overview Cisco Small Business provisioning solutions are designed for that device without requiring...
Provisioning Guide
Page 12
... binds the device to associate the IP Telephony device that displays the internal configuration and accepts new configuration parameter values. Cisco Small Business IP Telephony Devices Provisioning Guide 11 The IP Telephony device continues to the service and establishes a VoIP account, possibly ... are configured with the actual domain names or IP addresses of redundant provisioning servers. Retail Provisioning The firmware for performing remote profile resync and firmware upgrade operations. The use of a FQDN facilitates the deployment of the DNS servers available to a particular...
... binds the device to associate the IP Telephony device that displays the internal configuration and accepts new configuration parameter values. Cisco Small Business IP Telephony Devices Provisioning Guide 11 The IP Telephony device continues to the service and establishes a VoIP account, possibly ... are configured with the actual domain names or IP addresses of redundant provisioning servers. Retail Provisioning The firmware for performing remote profile resync and firmware upgrade operations. The use of a FQDN facilitates the deployment of the DNS servers available to a particular...
Provisioning Guide
Page 14
... a proprietary format that control resync and upgrade behavior, the IP Telephony device firmware provides mechanisms for login to an Admin account and a User account. Cisco Small Business IP Telephony Devices Provisioning Guide 13 Each can be used in the following ways... the factory reset control using the SIP Profile Compiler (SPC) to prevent the unauthorized use of confidential information. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Configuration Access Control Besides configuration parameters that can restrict the user account in two formats: ...
... a proprietary format that control resync and upgrade behavior, the IP Telephony device firmware provides mechanisms for login to an Admin account and a User account. Cisco Small Business IP Telephony Devices Provisioning Guide 13 Each can be used in the following ways... the factory reset control using the SIP Profile Compiler (SPC) to prevent the unauthorized use of confidential information. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Configuration Access Control Besides configuration parameters that can restrict the user account in two formats: ...
Provisioning Guide
Page 15
... OpenBSD environment, the SPC tool is made available on the left side of the firmware. The page refreshes. STEP 3 In the Filter Results By list on a case-by-case basis. Cisco Small Business IP Telephony Devices Provisioning Guide 14 To download the SPC, do the following: STEP.... link for the device (usually the first entry in the filtered list). Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 SIP Profile Compiler (SPC) The SIP Profiler Compiler (SPC) is available from Cisco for the Win32 environment (spc.exe) and Linux-i386-elf environment (spc-linux-...
... OpenBSD environment, the SPC tool is made available on the left side of the firmware. The page refreshes. STEP 3 In the Filter Results By list on a case-by-case basis. Cisco Small Business IP Telephony Devices Provisioning Guide 14 To download the SPC, do the following: STEP.... link for the device (usually the first entry in the filtered list). Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 SIP Profile Compiler (SPC) The SIP Profiler Compiler (SPC) is available from Cisco for the Win32 environment (spc.exe) and Linux-i386-elf environment (spc-linux-...
Provisioning Guide
Page 18
...or any attempt to a server by using the same key. The encryption method for the body of remote endpoint provisioning. Cisco Small Business IP Telephony Devices Provisioning Guide 17 Messages encrypted by the secret key can be spoofed by its corresponding private key (and ...other network devices. Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 How HTTPS Works HTTPS encrypts the communication between a client and a server is based on the network. This is an essential capability in addition to use a different VoIP service. The firmware running on the IP...
...or any attempt to a server by using the same key. The encryption method for the body of remote endpoint provisioning. Cisco Small Business IP Telephony Devices Provisioning Guide 17 Messages encrypted by the secret key can be spoofed by its corresponding private key (and ...other network devices. Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 How HTTPS Works HTTPS encrypts the communication between a client and a server is based on the network. This is an essential capability in addition to use a different VoIP service. The firmware running on the IP...
Provisioning Guide
Page 19
... combination of certificates, public/private key pairs, and signing root authorities, among the Cisco client, the provisioning server, and the certification authority. Cisco Small Business IP Telephony Devices Provisioning Guide 18 The corresponding root certificate is used to each individual...of the diagram shows the Provisioning Server Root Authority that is compiled into the firmware, allowing the IP Telephony device to authenticate authorized provisioning servers. Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 Client Certificates In addition to a direct attack on...
... combination of certificates, public/private key pairs, and signing root authorities, among the Cisco client, the provisioning server, and the certification authority. Cisco Small Business IP Telephony Devices Provisioning Guide 18 The corresponding root certificate is used to each individual...of the diagram shows the Provisioning Server Root Authority that is compiled into the firmware, allowing the IP Telephony device to authenticate authorized provisioning servers. Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 Client Certificates In addition to a direct attack on...
Provisioning Guide
Page 23
... the provisioning server that a configuration file is the User-Agent request field from a SPA962: User-Agent: cisco/SPA-962-2.0.5 (88012BA01234) Cisco Small Business IP Telephony Devices Provisioning Guide 22 The supplied information conveys manufacturer, product name, current firmware version, and product serial number. For example, the following is pregenerated for the provisioning of confidential information...
... the provisioning server that a configuration file is the User-Agent request field from a SPA962: User-Agent: cisco/SPA-962-2.0.5 (88012BA01234) Cisco Small Business IP Telephony Devices Provisioning Guide 22 The supplied information conveys manufacturer, product name, current firmware version, and product serial number. For example, the following is pregenerated for the provisioning of confidential information...
Provisioning Guide
Page 25
... Key: SSLCertificateKeyFile /etc/httpd/conf/provserver.key # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/spacroot.crt Cisco Small Business IP Telephony Devices Provisioning Guide 24 When these elements: OU=SPA-962, L=88012BA01234, S=000e08abcdef Early units, manufactured before firmware 2.0.x, do so by the HTTPS server to a CGI script invoked to a CGI for storing certificates might...
... Key: SSLCertificateKeyFile /etc/httpd/conf/provserver.key # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/spacroot.crt Cisco Small Business IP Telephony Devices Provisioning Guide 24 When these elements: OU=SPA-962, L=88012BA01234, S=000e08abcdef Early units, manufactured before firmware 2.0.x, do so by the HTTPS server to a CGI script invoked to a CGI for storing certificates might...
Provisioning Guide
Page 26
... can be generated at the start of a remote file request (configuration profile or firmware load), and at the conclusion of the operation (indicating either success or failure). Log_Resync_Success_Msg - Log_Resync_Request_Msg - Log_Resync_Failure_Msg Cisco Small Business IP Telephony Devices Provisioning Guide 25 Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 Refer to the syslog server. Table 1 Cipher Suites Supported for...
... can be generated at the start of a remote file request (configuration profile or firmware load), and at the conclusion of the operation (indicating either success or failure). Log_Resync_Success_Msg - Log_Resync_Request_Msg - Log_Resync_Failure_Msg Cisco Small Business IP Telephony Devices Provisioning Guide 25 Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 Refer to the syslog server. Table 1 Cipher Suites Supported for...
Provisioning Guide
Page 27
... table summarizes the location of the administration web server. Provisioning Cisco Small Business VoIP Devices Where to ... Where to create a configuration profile. Refer to Go From Here 1 • For firmware upgrades: - Log_Upgrade_Failure_Msg These parameters are macro expanded into the actual...Provisioning Scripts" Chapter 3, "Provisioning Tutorial" Chapter 4, "Provisioning Field Reference" Appendix A, "Example Configuration Profile" Appendix B, "Acronyms" Cisco Small Business IP Telephony Devices Provisioning Guide 26 Log_Upgrade_Success_Msg - To do this document.
... table summarizes the location of the administration web server. Provisioning Cisco Small Business VoIP Devices Where to ... Where to create a configuration profile. Refer to Go From Here 1 • For firmware upgrades: - Log_Upgrade_Failure_Msg These parameters are macro expanded into the actual...Provisioning Scripts" Chapter 3, "Provisioning Tutorial" Chapter 4, "Provisioning Field Reference" Appendix A, "Example Configuration Profile" Appendix B, "Acronyms" Cisco Small Business IP Telephony Devices Provisioning Guide 26 Log_Upgrade_Success_Msg - To do this document.
Provisioning Guide
Page 34
... library that is not significant and any convention that implements the same algorithm (zlib) are translated. • The firmware does not support the full Unicode character set, but only the ASCII subset. Cisco Small Business IP Telephony Devices Provisioning Guide 33 The choice of the file. Configuration File Compression Optionally, the XML configuration profile...
... library that is not significant and any convention that implements the same algorithm (zlib) are translated. • The firmware does not support the full Unicode character set, but only the ASCII subset. Cisco Small Business IP Telephony Devices Provisioning Guide 33 The choice of the file. Configuration File Compression Optionally, the XML configuration profile...
Provisioning Guide
Page 35
.... The firmware has been tested against version openssl-0.9.7c. When this form of encryption is used to encrypt a configuration profile, the IP Telephony device must precede encryption for download from various Internet sites, can be informed of the secret key can be preprovisioned into the unit at an earlier time. Cisco Small Business IP...
.... The firmware has been tested against version openssl-0.9.7c. When this form of encryption is used to encrypt a configuration profile, the IP Telephony device must precede encryption for download from various Internet sites, can be informed of the secret key can be preprovisioned into the unit at an earlier time. Cisco Small Business IP...
Provisioning Guide
Page 38
... files are also printed if a compilation is named with the extension .cfg (for firmware releases 2.0.6 and later, and it is also printed in the log file, preceded by firmware releases prior to prevent unauthorized use of confidential information. The plain-text format is an...plain text and XML formats), corresponding to the accompanying firmware release. Messages can be used to a file by using the --log file_name option. spc --log prov.log . . . By convention, the profile is not successful. Cisco Small Business IP Telephony Devices Provisioning Guide 37 The SPC tool ...
... files are also printed if a compilation is named with the extension .cfg (for firmware releases 2.0.6 and later, and it is also printed in the log file, preceded by firmware releases prior to prevent unauthorized use of confidential information. The plain-text format is an...plain text and XML formats), corresponding to the accompanying firmware release. Messages can be used to a file by using the --log file_name option. spc --log prov.log . . . By convention, the profile is not successful. Cisco Small Business IP Telephony Devices Provisioning Guide 37 The SPC tool ...
Provisioning Guide
Page 43
... arithmetically. For example: $REGTMR1 gt 300 and $PRVTMR gt 1200 and "$EXTIP" ne "" $SWVER ge 2.0.6 and "$CCERT" eq "Installed" Cisco Small Business IP Telephony Devices Provisioning Guide 42 Creating Provisioning Scripts Proprietary Plain-Text Configuration File 2 Note that version numbers take the form of valid version numbers: ...Version Operands Yes Yes Yes Yes Yes Yes Applicable to Quoted String Operands Yes Yes No No No No For legacy support to firmware versions prior to 2.0.6, the not-equal-to operator can also be expressed as symbols or as a single ! The following are ...
... arithmetically. For example: $REGTMR1 gt 300 and $PRVTMR gt 1200 and "$EXTIP" ne "" $SWVER ge 2.0.6 and "$CCERT" eq "Installed" Cisco Small Business IP Telephony Devices Provisioning Guide 42 Creating Provisioning Scripts Proprietary Plain-Text Configuration File 2 Note that version numbers take the form of valid version numbers: ...Version Operands Yes Yes Yes Yes Yes Yes Applicable to Quoted String Operands Yes Yes No No No No For legacy support to firmware versions prior to 2.0.6, the not-equal-to operator can also be expressed as symbols or as a single ! The following are ...
Provisioning Guide
Page 44
...User_ID_1_ = "uid$B" ; Note that the recognized parameter names correspond to the names as for readability. GPP_C = "" ; Cisco Small Business IP Telephony Devices Provisioning Guide 43 When used in the context of the Profile_Rule* and Upgrade_Rule parameters, conditional expressions must be ...a list of individual parameter assignments, enclosed within parentheses ( assignments )!, with no left -hand-side. For legacy support of firmware versions prior to be used for XMLbased profiles. This causes the assignment to 2.0.6, a relational expression with each assignment taking the...
...User_ID_1_ = "uid$B" ; Note that the recognized parameter names correspond to the names as for readability. GPP_C = "" ; Cisco Small Business IP Telephony Devices Provisioning Guide 43 When used in the context of the Profile_Rule* and Upgrade_Rule parameters, conditional expressions must be ...a list of individual parameter assignments, enclosed within parentheses ( assignments )!, with no left -hand-side. For legacy support of firmware versions prior to be used for XMLbased profiles. This causes the assignment to 2.0.6, a relational expression with each assignment taking the...
Provisioning Guide
Page 45
...examples of valid URLs: /$MA.cfg /cisco/spa021025.bin 192.168.1.130/profiles/init.cfg tftp://prov.call.com/cpe/cisco$MA.cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Cisco Small Business IP Telephony Devices Provisioning Guide 44 it must... be a DNS-recognized host name or a numeric IP address. It need not necessarily refer to retrieve configuration files and firmware loads in Profile_Rule* and Upgrade_Rule parameters, respectively...
...examples of valid URLs: /$MA.cfg /cisco/spa021025.bin 192.168.1.130/profiles/init.cfg tftp://prov.call.com/cpe/cisco$MA.cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Cisco Small Business IP Telephony Devices Provisioning Guide 44 it must... be a DNS-recognized host name or a numeric IP address. It need not necessarily refer to retrieve configuration files and firmware loads in Profile_Rule* and Upgrade_Rule parameters, respectively...
Provisioning Guide
Page 49
... 123, the expression $A$B macro expands into complete parameter values. The device challenges the request with a particular provisioning server solution. Cisco Small Business IP Telephony Devices Provisioning Guide 48 Enables All profile resync and firmware upgrade operations are controlled by default. Creating Provisioning Scripts Using Provisioning Parameters 2 General Purpose Parameters The general purpose parameters GPP_...
... 123, the expression $A$B macro expands into complete parameter values. The device challenges the request with a particular provisioning server solution. Cisco Small Business IP Telephony Devices Provisioning Guide 48 Enables All profile resync and firmware upgrade operations are controlled by default. Creating Provisioning Scripts Using Provisioning Parameters 2 General Purpose Parameters The general purpose parameters GPP_...