Provisioning Guide
Page 14
...Disable the factory reset control using the SIP Profile Compiler (SPC) to prevent the unauthorized use of confidential information. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Configuration Access Control Besides configuration parameters that can be encrypted by using the IVR. •... of a device to access basic IVR functions and to configure a subset of file is named with the extension .cfg (for a specific IP Telephony device. The firmware provides specific privileges for Line 1. Configuration Profiles The configuration profile defines the...
...Disable the factory reset control using the SIP Profile Compiler (SPC) to prevent the unauthorized use of confidential information. Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Configuration Access Control Besides configuration parameters that can be encrypted by using the IVR. •... of a device to access basic IVR functions and to configure a subset of file is named with the extension .cfg (for a specific IP Telephony device. The firmware provides specific privileges for Line 1. Configuration Profiles The configuration profile defines the...
Provisioning Guide
Page 15
...Download Now to choose the latest release of the Search Results page, find the Task, and click Download Software. Cisco Small Business IP Telephony Devices Provisioning Guide 14 The SPC is provided for compiling the plain-text file containing parameter-value pairs into an ...encrypted CFG file. To download the SPC, do the following: STEP 1 Go to complete the download process. STEP 4 Click the Download Software... STEP 5 When the Download Software page appears, choose Profile Compiler (SPC) Tool in the search box, and click Go. Provisioning Cisco Small Business VoIP ...
...Download Now to choose the latest release of the Search Results page, find the Task, and click Download Software. Cisco Small Business IP Telephony Devices Provisioning Guide 14 The SPC is provided for compiling the plain-text file containing parameter-value pairs into an ...encrypted CFG file. To download the SPC, do the following: STEP 1 Go to complete the download process. STEP 4 Click the Download Software... STEP 5 When the Download Software page appears, choose Profile Compiler (SPC) Tool in the search box, and click Go. Provisioning Cisco Small Business VoIP ...
Provisioning Guide
Page 16
...CFG file, /spa962.cfg. • Entering a resync URL. The URL starts a web browser and requests a resync to an accessible state. Open the provisioning pane on the server. • Editing the Profile_Rule parameter. Manufacturing reset can always be returned to a specific TFTP server by DHCP. Cisco Small Business... IP Telephony Devices Provisioning Guide 15 all configurable Manufacturing Reset parameters regain their default values. Provisioning Cisco Small Business VoIP Devices Provisioning States 1 Provisioning States...
...CFG file, /spa962.cfg. • Entering a resync URL. The URL starts a web browser and requests a resync to an accessible state. Open the provisioning pane on the server. • Editing the Profile_Rule parameter. Manufacturing reset can always be returned to a specific TFTP server by DHCP. Cisco Small Business... IP Telephony Devices Provisioning Guide 15 all configurable Manufacturing Reset parameters regain their default values. Provisioning Cisco Small Business VoIP Devices Provisioning States 1 Provisioning States...
Provisioning Guide
Page 17
... random directory location can be changed periodically for installation on HTTPS requests from the device to Cisco. Cisco generates a certificate for extra security. For example, the CFG file might contain: Profile_Rule [--key $A] tftp.callme.com/profile/$B/ spa962.cfg; Cisco Small Business IP Telephony Devices Provisioning Guide 16 This procedure is targeted to each IP Telephony device by...
... random directory location can be changed periodically for installation on HTTPS requests from the device to Cisco. Cisco generates a certificate for extra security. For example, the CFG file might contain: Profile_Rule [--key $A] tftp.callme.com/profile/$B/ spa962.cfg; Cisco Small Business IP Telephony Devices Provisioning Guide 16 This procedure is targeted to each IP Telephony device by...
Provisioning Guide
Page 22
...UDP port 514) To troubleshoot a server configuration, it is done, a Profile_Rule need be configured only with the factory default configuration is /device.cfg For example, on a SPA962, the filename is specified by using DHCP option 66. If this file on the local TFTP server, if that... of IP Telephony Devices in remote deployments, especially when the deployed units are connected behind residential firewalls or NAT-enabled routers. Cisco Small Business IP Telephony Devices Provisioning Guide 21 Note that TFTP server. It is convenient for remote deployment. TFTP TFTP is also useful ...
...UDP port 514) To troubleshoot a server configuration, it is done, a Profile_Rule need be configured only with the factory default configuration is /device.cfg For example, on a SPA962, the filename is specified by using DHCP option 66. If this file on the local TFTP server, if that... of IP Telephony Devices in remote deployments, especially when the deployed units are connected behind residential firewalls or NAT-enabled routers. Cisco Small Business IP Telephony Devices Provisioning Guide 21 Note that TFTP server. It is convenient for remote deployment. TFTP TFTP is also useful ...
Provisioning Guide
Page 30
....telco.com:6900/cisco/config/spa962.cfg Element Tags, Attributes, Parameters, and Formatting A file can include element tags, attributes, parameters, and formatting features. Element names may not include spaces or special characters. In the administration web pages, the same fields might appear on multiple web pages, such as the Line, Cisco Small Business IP Telephony...
....telco.com:6900/cisco/config/spa962.cfg Element Tags, Attributes, Parameters, and Formatting A file can include element tags, attributes, parameters, and formatting features. Element names may not include spaces or special characters. In the administration web pages, the same fields might appear on multiple web pages, such as the Line, Cisco Small Business IP Telephony...
Provisioning Guide
Page 31
... enter an empty value to set the corresponding parameter to an empty string. In the following example: Yes 7200 tftp://prov.telco.com: 6900/cisco/config/ spa962.cfg • Element tags are case sensitive. • Empty element tags are allowed. • Unrecognized element names are unchanged. • You can use an empty... page tab. Creating Provisioning Scripts Open Format Configuration File 2 User, and Extension pages. Append [n] to the element name to prevent the overwriting of any value Cisco Small Business IP Telephony Devices Provisioning Guide 30
... enter an empty value to set the corresponding parameter to an empty string. In the following example: Yes 7200 tftp://prov.telco.com: 6900/cisco/config/ spa962.cfg • Element tags are case sensitive. • Empty element tags are allowed. • Unrecognized element names are unchanged. • You can use an empty... page tab. Creating Provisioning Scripts Open Format Configuration File 2 User, and Extension pages. Append [n] to the element name to prevent the overwriting of any value Cisco Small Business IP Telephony Devices Provisioning Guide 30
Provisioning Guide
Page 35
...symmetric key encryption, whether or not it . This bootstrap of encryption is as a qualifier in cipher block chaining mode. Cisco Small Business IP Telephony Devices Provisioning Guide 34 This value is specified as follows, using an explicit URL: [--key "SecretPhrase1234"] http://prov... the following command: # example encryption key = SecretPhrase1234 openssl enc -e -aes-256-cbc -k SecretPhrase1234 -in profile.xml -out profile.cfg # analogous invocation for the IP Telephony device to perform the encryption. First generate the XML file, then compress it with the -k argument...
...symmetric key encryption, whether or not it . This bootstrap of encryption is as a qualifier in cipher block chaining mode. Cisco Small Business IP Telephony Devices Provisioning Guide 34 This value is specified as follows, using an explicit URL: [--key "SecretPhrase1234"] http://prov... the following command: # example encryption key = SecretPhrase1234 openssl enc -e -aes-256-cbc -k SecretPhrase1234 -in profile.xml -out profile.cfg # analogous invocation for the IP Telephony device to perform the encryption. First generate the XML file, then compress it with the -k argument...
Provisioning Guide
Page 36
... by the SPA962. For example, spc --scramble SomeSecretPhrase spa962.txt spa962.cfg The resulting encrypted spa962.cfg is accepted as valid by any IP Telephony device that resyncs to it . Encrypting a File with the .cfg extension to indicate that resyncs to it . Cisco Small Business IP Telephony Devices Provisioning Guide 35 The --scramble option performs encryption...
... by the SPA962. For example, spc --scramble SomeSecretPhrase spa962.txt spa962.cfg The resulting encrypted spa962.cfg is accepted as valid by any IP Telephony device that resyncs to it . Encrypting a File with the .cfg extension to indicate that resyncs to it . Cisco Small Business IP Telephony Devices Provisioning Guide 35 The --scramble option performs encryption...
Provisioning Guide
Page 37
... that MAC address is 128 bits. Refer to the following example: spc --target 000e08aaa010 --aes --ascii-key VerySecret a.txt a.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 36 With the --ascii-key option the generated key is able to decrypt and process the generated spa962...rejects the file as an argument. This command uses the MAC address of scrambling, targeting, and explicit-key encrypting can be applied to a CFG file, as shown by hashing a secret phrase (--ascii-key). Creating Provisioning Scripts Encrypting a File with that the file can be specified either...
... that MAC address is 128 bits. Refer to the following example: spc --target 000e08aaa010 --aes --ascii-key VerySecret a.txt a.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 36 With the --ascii-key option the generated key is able to decrypt and process the generated spa962...rejects the file as an argument. This command uses the MAC address of scrambling, targeting, and explicit-key encrypting can be applied to a CFG file, as shown by hashing a secret phrase (--ascii-key). Creating Provisioning Scripts Encrypting a File with that the file can be specified either...
Provisioning Guide
Page 38
...is used to prevent unauthorized use of confidential information. The status and error messages can be used as source file for example, spa962.cfg). spc --log prov.log . . . Creating Provisioning Scripts Proprietary Plain-Text Configuration File 2 Status Messages After each compilation, SPC ... can also be redirected to compile the plain-text file into an encrypted CFG file. When the messages are also printed if a compilation is the only format recognized by a timestamp. Cisco Small Business IP Telephony Devices Provisioning Guide 37 Sample Configuration File SPC can be used ...
...is used to prevent unauthorized use of confidential information. The status and error messages can be used as source file for example, spa962.cfg). spc --log prov.log . . . Creating Provisioning Scripts Proprietary Plain-Text Configuration File 2 Status Messages After each compilation, SPC ... can also be redirected to compile the plain-text file into an encrypted CFG file. When the messages are also printed if a compilation is the only format recognized by a timestamp. Cisco Small Business IP Telephony Devices Provisioning Guide 37 Sample Configuration File SPC can be used ...
Provisioning Guide
Page 40
... any one of parameter-value pairs. "Enable" ; ? Param7 "particular value 7" ; Param1 "new value overrides base" ; Cisco Small Business IP Telephony Devices Provisioning Guide 39 Param7 "particular value 7" ; They are asserted by any one or more spaces and the file... lines can be used : • Comments are for illustration only Feature_Enable Enable Another_Parameter Hidden_Parameter Some_Entry ! When compiled, spa1234.cfg becomes: Param1 "base value 1" ; File splicing can be nested several files deep. Creating Provisioning Scripts Proprietary Plain-Text ...
... any one of parameter-value pairs. "Enable" ; ? Param7 "particular value 7" ; Param1 "new value overrides base" ; Cisco Small Business IP Telephony Devices Provisioning Guide 39 Param7 "particular value 7" ; They are asserted by any one or more spaces and the file... lines can be used : • Comments are for illustration only Feature_Enable Enable Another_Parameter Hidden_Parameter Some_Entry ! When compiled, spa1234.cfg becomes: Param1 "base value 1" ; File splicing can be nested several files deep. Creating Provisioning Scripts Proprietary Plain-Text ...
Provisioning Guide
Page 41
... parameters, several product identifiers, certain event timers, and provisioning state values. The administrator enters: spa$(MAU)config.cfg The resulting macro expansion for a device with the value "# http://192.168.1.200/ sample.cfg" is : spa000E08012345config.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 40 For a complete list, see the "Macro Expansion Variables" section on page...
... parameters, several product identifiers, certain event timers, and provisioning state values. The administrator enters: spa$(MAU)config.cfg The resulting macro expansion for a device with the value "# http://192.168.1.200/ sample.cfg" is : spa000E08012345config.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 40 For a complete list, see the "Macro Expansion Variables" section on page...
Provisioning Guide
Page 42
...qualify the expansion so that only a substring of the macro variable is not applied recursively. The administrator enters: spa$STRANGE$MAU.cfg The resulting macro expansion for the condition to be satisfied for a device with MAC address 000E08012345 is $(NAME:p) and $(NAME... MAC address 000E08012345 is: spa$STRANGE000E08012345.cfg Macro expansion is used instead of its full value, such as the argument of literals: • Integer values • Software or hardware version numbers • Doubled-quoted strings Cisco Small Business IP Telephony Devices Provisioning Guide 41
...qualify the expansion so that only a substring of the macro variable is not applied recursively. The administrator enters: spa$STRANGE$MAU.cfg The resulting macro expansion for the condition to be satisfied for a device with MAC address 000E08012345 is $(NAME:p) and $(NAME... MAC address 000E08012345 is: spa$STRANGE000E08012345.cfg Macro expansion is used instead of its full value, such as the argument of literals: • Integer values • Software or hardware version numbers • Doubled-quoted strings Cisco Small Business IP Telephony Devices Provisioning Guide 41
Provisioning Guide
Page 45
...: [ scheme:// ] [ server [:port]] filepath Where scheme is one of valid URLs: /$MA.cfg /cisco/spa021025.bin 192.168.1.130/profiles/init.cfg tftp://prov.call.com/cpe/cisco$MA.cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Cisco Small Business IP Telephony Devices Provisioning Guide 44 The server can indicate dynamic content obtained...
...: [ scheme:// ] [ server [:port]] filepath Where scheme is one of valid URLs: /$MA.cfg /cisco/spa021025.bin 192.168.1.130/profiles/init.cfg tftp://prov.call.com/cpe/cisco$MA.cfg http://neptune.speak.net:8080/prov/$D/$E.cfg https://secure.me.com/profile?Linksys Cisco Small Business IP Telephony Devices Provisioning Guide 44 The server can indicate dynamic content obtained...
Provisioning Guide
Page 53
... one alternative is found that alternative, an attempt is specified as part of the alternatives except the last one is evaluated. http://remote.server.com/cisco/$MA.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 52 This expression is evaluated and processed as true (or until one must appear, if present: [ conditional-expr ] [ assignment...
... one alternative is found that alternative, an attempt is specified as part of the alternatives except the last one is evaluated. http://remote.server.com/cisco/$MA.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 52 This expression is evaluated and processed as true (or until one must appear, if present: [ conditional-expr ] [ assignment...
Provisioning Guide
Page 54
...resync is typically considered unsuccessful if a requested profile is not received from the server as a successful resync. If Resync_Fails_On_FNF is Yes. Cisco Small Business IP Telephony Devices Provisioning Guide 53 The default value for the values of passwords, keys, and the GPP_SA to GPP_SD parameters, which may... on the registration state of Line 1. All provisionable parameters are not shown. In case of lost -reg? http://p.tel.com/has-reg.cfg | [--post a] http://p.tel.com/lost registration, the device performs an HTTP POST to a CGI script, transmitting the contents of the ...
...resync is typically considered unsuccessful if a requested profile is not received from the server as a successful resync. If Resync_Fails_On_FNF is Yes. Cisco Small Business IP Telephony Devices Provisioning Guide 53 The default value for the values of passwords, keys, and the GPP_SA to GPP_SD parameters, which may... on the registration state of Line 1. All provisionable parameters are not shown. In case of lost -reg? http://p.tel.com/has-reg.cfg | [--post a] http://p.tel.com/lost registration, the device performs an HTTP POST to a CGI script, transmitting the contents of the ...
Provisioning Guide
Page 68
... with the actual MAC address of the TFTP server. This eliminates the need to a new file named spa_mac_address.cfg and place the new file in the Profile_Rule parameter: tftp://192.168.1.200/spa$MA.cfg STEP 5 Click Submit All Changes. Provisioning Tutorial Basic Resync 3 Unique Profiles and Macro Expansion In a large deployment... naming convention. When the next resync occurs, the IP Telephony Device retrieves the new file by expanding the $MA macro expression into its product label. Cisco Small Business IP Telephony Devices Provisioning Guide 67
... with the actual MAC address of the TFTP server. This eliminates the need to a new file named spa_mac_address.cfg and place the new file in the Profile_Rule parameter: tftp://192.168.1.200/spa$MA.cfg STEP 5 Click Submit All Changes. Provisioning Tutorial Basic Resync 3 Unique Profiles and Macro Expansion In a large deployment... naming convention. When the next resync occurs, the IP Telephony Device retrieves the new file by expanding the $MA macro expression into its product label. Cisco Small Business IP Telephony Devices Provisioning Guide 67
Provisioning Guide
Page 69
...using standard URL notation. For example, GPP_B has the following definition: Dj6Lmp23Q The Profile_Rule has this value: tftp://prov.telco.com/cisco/$B/$MA.cfg Then, when resyncing, this way, including all the general purpose parameters, (GPP_A through GPP_P) These can be referenced as ... Device (assuming a MAC address of 000e08012345) requests the profile at the following URL: tftp://prov.telco.com/cisco/Dj6Lmp23Q/000e08012345.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 68 Also, the configuration profile can be stored in a subdirectory of the profile rule...
...using standard URL notation. For example, GPP_B has the following definition: Dj6Lmp23Q The Profile_Rule has this value: tftp://prov.telco.com/cisco/$B/$MA.cfg Then, when resyncing, this way, including all the general purpose parameters, (GPP_A through GPP_P) These can be referenced as ... Device (assuming a MAC address of 000e08012345) requests the profile at the following URL: tftp://prov.telco.com/cisco/Dj6Lmp23Q/000e08012345.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 68 Also, the configuration profile can be stored in a subdirectory of the profile rule...
Provisioning Guide
Page 77
...the encrypted file basic.cfg in place of the standalone gzip utility to the IP Telephony Device with the following command: openssl enc -aes-256-cbc -k MyOwnSecret -in place of such a small profile is made known to perform the profile compression. Cisco Small Business IP Telephony Devices Provisioning ...Guide 76 The IP Telephony Device supports symmetric key encryption by the IP Telephony Device and used to the encrypted file in basic.txt -out basic.cfg The compressed basic.txt.gz file...
...the encrypted file basic.cfg in place of the standalone gzip utility to the IP Telephony Device with the following command: openssl enc -aes-256-cbc -k MyOwnSecret -in place of such a small profile is made known to perform the profile compression. Cisco Small Business IP Telephony Devices Provisioning ...Guide 76 The IP Telephony Device supports symmetric key encryption by the IP Telephony Device and used to the encrypted file in basic.txt -out basic.cfg The compressed basic.txt.gz file...