Provisioning Guide
Page 9
...protect the system from the Internet). It is in the customer's interest to the administration web server. Cisco Small Business IP Telephony Devices Provisioning Guide 8 The service provider can remotely modify the configuration parameters in addition to restricting ... to the customer premises and upgrade the firmware. Provisioning Cisco Small Business VoIP Devices Small Business and Residential Deployment Provisioning 1 This customized, ongoing configuration is supported by using network address translation (NAT). The IP Telephony device accesses the Internet through a router by the...
...protect the system from the Internet). It is in the customer's interest to the administration web server. Cisco Small Business IP Telephony Devices Provisioning Guide 8 The service provider can remotely modify the configuration parameters in addition to restricting ... to the customer premises and upgrade the firmware. Provisioning Cisco Small Business VoIP Devices Small Business and Residential Deployment Provisioning 1 This customized, ongoing configuration is supported by using network address translation (NAT). The IP Telephony device accesses the Internet through a router by the...
Provisioning Guide
Page 11
... the name of Cisco Small Business IP Telephony devices with a different service provider. Primary_DNS * "x.y.w.z"; Cisco Small Business IP Telephony Devices Provisioning Guide 10 Deploying RC Units Cisco Small Business offers RC units to service providers for volume deployments of customization for an RC unit can be determined by Cisco for the service provider that owns the unit. The MAC address of each RC...
... the name of Cisco Small Business IP Telephony devices with a different service provider. Primary_DNS * "x.y.w.z"; Cisco Small Business IP Telephony Devices Provisioning Guide 10 Deploying RC Units Cisco Small Business offers RC units to service providers for volume deployments of customization for an RC unit can be determined by Cisco for the service provider that owns the unit. The MAC address of each RC...
Provisioning Guide
Page 12
... the new account. The URL command typically includes an account PIN number or alphanumeric code to an IP address through a FQDN, the IP Telephony device attempts to resolve the FQDN to associate the device with the new account, based on to a particular service. The PIN number for provisioning; Cisco Small Business IP Telephony Devices Provisioning Guide 11
... the new account. The URL command typically includes an account PIN number or alphanumeric code to an IP address through a FQDN, the IP Telephony device attempts to resolve the FQDN to associate the device with the new account, based on to a particular service. The PIN number for provisioning; Cisco Small Business IP Telephony Devices Provisioning Guide 11
Provisioning Guide
Page 13
... connects the unit to a TFTP server with the IP address offered as convenient for preprovisioning. A service provider can connect each new IP Telephony device to a permanent URL on the associated service account. To provision a large number of the provisioning server. Cisco Small Business IP Telephony Devices Provisioning Guide 12 Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Through this LAN...
... connects the unit to a TFTP server with the IP address offered as convenient for preprovisioning. A service provider can connect each new IP Telephony device to a permanent URL on the associated service account. To provision a large number of the provisioning server. Cisco Small Business IP Telephony Devices Provisioning Guide 12 Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Through this LAN...
Provisioning Guide
Page 16
...A TFTP server name or IPv4 address is specific to a device-specific configuration profile by the MAC-address. Flow Step Step Description MFG-RESET The device returns to this unit: Profile_Rule tftp.callme.com/profile/$MA/ spa962.cfg; Cisco Small Business IP Telephony Devices Provisioning Guide 15 SP-... the following entry contacts a specific provisioning server, requesting a new profile unique to a fully unprovisioned state; Provisioning Cisco Small Business VoIP Devices Provisioning States 1 Provisioning States The provisioning process involves four provisioning states.
...A TFTP server name or IPv4 address is specific to a device-specific configuration profile by the MAC-address. Flow Step Step Description MFG-RESET The device returns to this unit: Profile_Rule tftp.callme.com/profile/$MA/ spa962.cfg; Cisco Small Business IP Telephony Devices Provisioning Guide 15 SP-... the following entry contacts a specific provisioning server, requesting a new profile unique to a fully unprovisioned state; Provisioning Cisco Small Business VoIP Devices Provisioning States 1 Provisioning States The provisioning process involves four provisioning states.
Provisioning Guide
Page 22
... convenient for remote deployment. TFTP TFTP is relative to obtain a TFTP server IP address directly from any remote Internet site. HTTP The IP Telephony device behaves like a browser requesting web pages from the DHCP server through DHCP option 66. Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 Server Configuration Provisioning requires the availability of servers that...
... convenient for remote deployment. TFTP TFTP is relative to obtain a TFTP server IP address directly from any remote Internet site. HTTP The IP Telephony device behaves like a browser requesting web pages from the DHCP server through DHCP option 66. Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 Server Configuration Provisioning requires the availability of servers that...
Provisioning Guide
Page 24
... in privkey.pem and a corresponding certificate signing request in the server certificate. the signed server certificate. Cisco Small Business IP Telephony Devices Provisioning Guide 23 Each newly manufactured IP Telephony device carries a unique SLL Client Certificate (and associated private key), in the subject, the Common...server certificate, the IP Telephony device tests the server IP address against a DNS lookup of the host running the server. The following examples are of CN entries that issues the request. The following the host FQDN, separated by the IP Telephony device: ...
... in privkey.pem and a corresponding certificate signing request in the server certificate. the signed server certificate. Cisco Small Business IP Telephony Devices Provisioning Guide 23 Each newly manufactured IP Telephony device carries a unique SLL Client Certificate (and associated private key), in the subject, the Common...server certificate, the IP Telephony device tests the server IP address against a DNS lookup of the host running the server. The following examples are of CN entries that issues the request. The following the host FQDN, separated by the IP Telephony device: ...
Provisioning Guide
Page 25
...Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 In addition, Cisco provides a Sipura CA Client Root Certificate to the presence or absence of a unique client certificate. In particular, the certificate subject indicates the unit product name (OU element), MAC address (S...Private Key: SSLCertificateKeyFile /etc/httpd/conf/provserver.key # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/spacroot.crt Cisco Small Business IP Telephony Devices Provisioning Guide 24 If enabled, the server can then provide the certificate information to a CGI for ...
...Provisioning Cisco Small Business VoIP Devices Provisioning Setup 1 In addition, Cisco provides a Sipura CA Client Root Certificate to the presence or absence of a unique client certificate. In particular, the certificate subject indicates the unit product name (OU element), MAC address (S...Private Key: SSLCertificateKeyFile /etc/httpd/conf/provserver.key # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf/spacroot.crt Cisco Small Business IP Telephony Devices Provisioning Guide 24 If enabled, the server can then provide the certificate information to a CGI for ...
Provisioning Guide
Page 36
...the target device. It requires one randomizing argument. Generic A generic, non-targeted CFG file is accepted as valid by any IP Telephony device that resyncs to it. For example, spc --scramble SomeSecretPhrase spa962.txt spa962.cfg The resulting encrypted spa962.cfg is... address of the target IP Telephony device, and only that it is a configuration profile. The --scramble option performs encryption that does not require the explicit transmission of a key to indicate that device can generate different types of configuration files by the SPA962. Cisco Small Business IP Telephony...
...the target device. It requires one randomizing argument. Generic A generic, non-targeted CFG file is accepted as valid by any IP Telephony device that resyncs to it. For example, spc --scramble SomeSecretPhrase spa962.txt spa962.cfg The resulting encrypted spa962.cfg is... address of the target IP Telephony device, and only that it is a configuration profile. The --scramble option performs encryption that does not require the explicit transmission of a key to indicate that device can generate different types of configuration files by the SPA962. Cisco Small Business IP Telephony...
Provisioning Guide
Page 45
....cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Cisco Small Business IP Telephony Devices Provisioning Guide 44 A filepath must be a DNS-recognized host name or a numeric IP address. The following are examples of the following values: • tftp • http • https If scheme is omitted, tftp is assumed. The...
....cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Cisco Small Business IP Telephony Devices Provisioning Guide 44 A filepath must be a DNS-recognized host name or a numeric IP address. The following are examples of the following values: • tftp • http • https If scheme is omitted, tftp is assumed. The...
Provisioning Guide
Page 57
...8226; Phone-A phone number string, such as 14081234567, *69, *72, 345678, or a generic URL such as "sip.Cisco.com:5060", or "109.12.14.12:12345". Cisco Small Business IP Telephony Devices Provisioning Guide 56 It can be preceded by a "-" sign. up to 63 characters. • FQDN-Fully ...place, such as - 13.5 or 1.5 (dBm). • Bool-Boolean value of either "yes" or "no." • {a,b,c,...}-A choice among a, b, c, ... • IP-IP Address in the form of hex format. • UserID-User ID as follows: • Uns-Unsigned n-bit value, where n = 8, 16, or 32. This can be specified...
...8226; Phone-A phone number string, such as 14081234567, *69, *72, 345678, or a generic URL such as "sip.Cisco.com:5060", or "109.12.14.12:12345". Cisco Small Business IP Telephony Devices Provisioning Guide 56 It can be preceded by a "-" sign. up to 63 characters. • FQDN-Fully ...place, such as - 13.5 or 1.5 (dBm). • Bool-Boolean value of either "yes" or "no." • {a,b,c,...}-A choice among a, b, c, ... • IP-IP Address in the form of hex format. • UserID-User ID as follows: • Uns-Unsigned n-bit value, where n = 8, 16, or 32. This can be specified...
Provisioning Guide
Page 64
...running on a separate host from the server. For example, if the IP address is widely used for development and testing. TFTP is 192.168.1.100): http://192.168.1.100/admin/advanced Cisco Small Business IP Telephony Devices Provisioning Guide 63 Exercise STEP 1 Within a LAN environment connect... a PC and an IP Telephony Device to the Phone 1 port of the IP Telephony Device (IVR menu **** 110 #). If the configuration...
...running on a separate host from the server. For example, if the IP address is widely used for development and testing. TFTP is 192.168.1.100): http://192.168.1.100/admin/advanced Cisco Small Business IP Telephony Devices Provisioning Guide 63 Exercise STEP 1 Within a LAN environment connect... a PC and an IP Telephony Device to the Phone 1 port of the IP Telephony Device (IVR menu **** 110 #). If the configuration...
Provisioning Guide
Page 65
...purpose parameters GPP_A through GPP_P. Assuming the PC IP address is 192.168.1.200: http://192.168.1.100/admin/resync?tftp://192.168.1.200/basic.txt This resync URL method is identified in the previous exercise. Cisco Small Business IP Telephony Devices Provisioning Guide 64 STEP 10 Verify ...that page. It is about to resync to the basic.txt configuration profile, open the following URL from the TFTP server at address 192.168.1.100 requests the file...
...purpose parameters GPP_A through GPP_P. Assuming the PC IP address is 192.168.1.200: http://192.168.1.100/admin/resync?tftp://192.168.1.200/basic.txt This resync URL method is identified in the previous exercise. Cisco Small Business IP Telephony Devices Provisioning Guide 64 STEP 10 Verify ...that page. It is about to resync to the basic.txt configuration profile, open the following URL from the TFTP server at address 192.168.1.100 requests the file...
Provisioning Guide
Page 66
...to resync periodically to the provisioning server, to ensure that your syslog server received messages such as the IP Telephony Device. Cisco Small Business IP Telephony Devices Provisioning Guide 65 The second marks success or failure of these messages can run the Ethernet ...packet analyzer (such as Ethereal/Wireshark) on the server are cleared, the corresponding syslog message is connected, through a hub or through a switch with the IP address...
...to resync periodically to the provisioning server, to ensure that your syslog server received messages such as the IP Telephony Device. Cisco Small Business IP Telephony Devices Provisioning Guide 65 The second marks success or failure of these messages can run the Ethernet ...packet analyzer (such as Ethereal/Wireshark) on the server are cleared, the corresponding syslog message is connected, through a hub or through a switch with the IP address...
Provisioning Guide
Page 67
... TFTP server, and observe the results in the syslog output. STEP 9 (Optional) Verify that the Resync_On_Reset parameter is power-cycled. Cisco Small Business IP Telephony Devices Provisioning Guide 66 STEP 5 Click Submit all Changes. STEP 7 Ensure that the value of seconds defined in the syslog trace...again. With the new parameter settings, the IP Telephony Device now resyncs to resync following value assumes a TFTP server IP address of 192.168.1.200: tftp://192.168.1.200/basic.txt STEP 4 In the Resync_Periodic parameter enter a small value for any reason, such as 30 (...
... TFTP server, and observe the results in the syslog output. STEP 9 (Optional) Verify that the Resync_On_Reset parameter is power-cycled. Cisco Small Business IP Telephony Devices Provisioning Guide 66 STEP 5 Click Submit all Changes. STEP 7 Ensure that the value of seconds defined in the syslog trace...again. With the new parameter settings, the IP Telephony Device now resyncs to resync following value assumes a TFTP server IP address of 192.168.1.200: tftp://192.168.1.200/basic.txt STEP 4 In the Resync_Periodic parameter enter a small value for any reason, such as 30 (...
Provisioning Guide
Page 69
... Resolution The profile URL can also be applied to resolve the name. Again, this IP Telephony Device (assuming a MAC address of the profile rule parameter. In this case, the IP Telephony Device performs a DNS lookup to any portion of 000e08012345) requests the profile at... a common profile rule via macro expansion. For example, GPP_B has the following URL: tftp://prov.telco.com/cisco/Dj6Lmp23Q/000e08012345.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 68 Macro expansion is specified using the standard syntax :port following is a valid Profile_Rule that...
... Resolution The profile URL can also be applied to resolve the name. Again, this IP Telephony Device (assuming a MAC address of the profile rule parameter. In this case, the IP Telephony Device performs a DNS lookup to any portion of 000e08012345) requests the profile at... a common profile rule via macro expansion. For example, GPP_B has the following URL: tftp://prov.telco.com/cisco/Dj6Lmp23Q/000e08012345.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 68 Macro expansion is specified using the standard syntax :port following is a valid Profile_Rule that...
Provisioning Guide
Page 72
...: SSLCertificateKeyFile /etc/httpd/conf/pivkey.pem # Certificate Authority: SSLCACertificateFile /etc/httpd/conf/spacroot.cert STEP 6 Restart the server. Cisco Small Business IP Telephony Devices Provisioning Guide 71 The open source Apache server can be configured to operate as an HTTPS server, when installed with...certificate in the privkey.pem file. Provisioning Tutorial Secure Resync 3 Exercise STEP 1 Install an HTTPS server on a host whose IP address is saved in the appropriate locations on Linux, these locations are typically as follows: openssl req -new -out provserver.csr ...
...: SSLCertificateKeyFile /etc/httpd/conf/pivkey.pem # Certificate Authority: SSLCACertificateFile /etc/httpd/conf/spacroot.cert STEP 6 Restart the server. Cisco Small Business IP Telephony Devices Provisioning Guide 71 The open source Apache server can be configured to operate as an HTTPS server, when installed with...certificate in the privkey.pem file. Provisioning Tutorial Secure Resync 3 Exercise STEP 1 Install an HTTPS server on a host whose IP address is saved in the appropriate locations on Linux, these locations are typically as follows: openssl req -new -out provserver.csr ...
Provisioning Guide
Page 85
...timer. If the command is not specified, TFTP is assumed, and the address of the server can have macros, such as $MA, which expands to the device MAC address. A resync is Yes. Cisco Small Business IP Telephony Devices Provisioning Guide 84 The default value is triggered when the logic ... is obtained through DHCP option 66. The file name can be triggered via a SIP NOTIFY message. In the URL, either the IP address or the FQDN of the TFTP server is a profile script that evaluates to the provisioning resync command. Resync_After_Upgrade_Attempt Triggers a resync after every...
...timer. If the command is not specified, TFTP is assumed, and the address of the server can have macros, such as $MA, which expands to the device MAC address. A resync is Yes. Cisco Small Business IP Telephony Devices Provisioning Guide 84 The default value is triggered when the logic ... is obtained through DHCP option 66. The file name can be triggered via a SIP NOTIFY message. In the URL, either the IP address or the FQDN of the TFTP server is a profile script that evaluates to the provisioning resync command. Resync_After_Upgrade_Attempt Triggers a resync after every...
Provisioning Guide
Page 91
...000e08aabbcc. Serial Number string, for example 1.88.1. SSL Client Certificate status: Installed or Not Installed. IP address of the IP Telephony Device, as in provisioning. Hardware version string, for example 88012BA01234. External IP of the IP Telephony Device within its local subnet, for example 2.0.6(b). Product Series Number, for example SPA962. Note that... parameters GPP_SA through $SD are not expanded outside of this limited context. Software version string, for example 192.168.1.100. Cisco Small Business IP Telephony Devices Provisioning Guide 90
...000e08aabbcc. Serial Number string, for example 1.88.1. SSL Client Certificate status: Installed or Not Installed. IP address of the IP Telephony Device, as in provisioning. Hardware version string, for example 88012BA01234. External IP of the IP Telephony Device within its local subnet, for example 2.0.6(b). Product Series Number, for example SPA962. Note that... parameters GPP_SA through $SD are not expanded outside of this limited context. Software version string, for example 192.168.1.100. Cisco Small Business IP Telephony Devices Provisioning Guide 90
Provisioning Guide
Page 92
... obtained after parsing resync or upgrade URL, possibly following DNS lookup. Request target server IP address, as obtained after parsing resync or upgrade URL. Seconds since Line 2 lost registration with SIP server. Result message of upgrade attempts. Cisco Small Business IP Telephony Devices Provisioning Guide 91 The value is preserved in the UPGERR variable in the...
... obtained after parsing resync or upgrade URL, possibly following DNS lookup. Request target server IP address, as obtained after parsing resync or upgrade URL. Seconds since Line 2 lost registration with SIP server. Result message of upgrade attempts. Cisco Small Business IP Telephony Devices Provisioning Guide 91 The value is preserved in the UPGERR variable in the...