Linksys SPA Provisioning Guide Version 3.01 Corporate Headquarters Linksys 121 Theory Drive Irvine, CA 92617 USA http://www.linksys.
Linksys SPA Provisioning Guide Copyright ©2007 Cisco Systems, Inc. All rights reserved.Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Other brands and product names are trademarks or registered trademarks of their respective holders. Disclaimer – Please Read: This document contains implementation examples and techniques using Linksys, a division of Cisco Systems, Inc.
CONTENTS Preface vii vii Document Audience Linksys VoIP Products vii How This Document is Organized Document Conventions viii Related Documentation ix Technical Support CHAPTER 1 viii ix Provisioning Linksys VoIP Devices 1-1 Residential Deployment Provisioning Requirements Remote Endpoint Control 1-2 Communication Encryption 1-2 1-1 Provisioning Overview 1-2 Initial Provisioning 1-3 Deploying RC Units 1-3 Redundant Provisioning Servers 1-4 Retail Provisioning 1-4 Automatic In-House Preprov
Contents Enabling HTTPS 1-13 Syslog Server 1-15 Where to Go From Here CHAPTER 2 1-15 Creating Provisioning Scripts SPA Configuration File 2-1 2-1 Open Format Configuration File 2-2 Configuration File Compression 2-5 File Encryption 2-5 SPA Configuration Profile Compiler 2-6 Proprietary Plain-Text Configuration File Source Text Syntax 2-8 Comments 2-9 Macro Expansion 2-9 Conditional Expressions 2-10 Assignment Expressions 2-11 URL Syntax 2-12 Optional Resync Arguments 2-12 key 2-13 post 2-13 alias
Contents Unique Profiles and Macro Expansion URL Resolution 3-5 HTTP GET Resync 3-6 3-5 Secure Resync 3-7 Basic HTTPS Resync 3-7 HTTPS With Client Certificate Authentication 3-9 HTTPS Client Filtering and Dynamic Content 3-9 Profile Formats 3-10 Profile Compression 3-10 Profile Encryption 3-11 Partitioned Profiles 3-12 Parameter Name Aliases 3-12 Proprietary Profile Format 3-13 CHAPTER 4 Provisioning Field Reference 4-1 4-1 Configuration Profile Parameters 4-4 Firmware Upgrade Parameters General P
Contents Linksys SPA Provisioning Guide vi Version 3.
Preface This guide describes the provisioning of Linksys Voice over IP (VoIP) products.
Preface How This Document is Organized • Note • WAG310G—Wireless-G ADSL2+ gateway with VoIP and PSTN connectivity • RTP300—IP router with two FXS ports • WRP400—Wireless-G ADSL gateway with two FXS ports • WRTP54G—Wireless-G IP router with two FXS ports • WRT54GP2—Wireless-G IP router with two FXS ports • WAG54GP2—Wireless-G ADSL gateway with two FXS ports SPA900 Series IP phones: • SPA901—One line, small, affordable, no display • SPA921—One-line business phone • SPA922—One-line business
Preface Document Conventions Document Conventions The following are the typographic conventions used in this document. Typographic Element Meaning Boldface Indicates an option on a menu or a literal value to be entered in a field. Angle brackets (<>) are used to identify parameters that appear on the configuration pages of the Linksys device administration web server.
Preface Technical Support Linksys SPA Provisioning Guide x Version 3.
C H A P T E R 1 Provisioning Linksys VoIP Devices This chapter describes the features and functionality available when provisioning Linksys VoIP devices and explains the setup required.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Overview The ATA must be configured to match the account service parameters for the individual customer. Also, configuration may need to be modified because of newly introduced service provider features, modifications in the service provider network, or firmware upgrades in the endpoint.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Overview Note Remote customization (RC) units are introduced with Release 5.x. RC units are customized by Linksys so when the unit is started, it tries to contact the Linksys provisioning server to download its customized profile. User intervention is not required to initiate or complete a profile update or firmware upgrade.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Overview The following is a sample template for an RC unit: Restricted Access Domain "domain.com, domain1.com, domain2.com"; Primary_DNS * "x.y.w.z"; Secondary_DNS * "a.b.c.d"; Provision_Enable * "Yes"; Resync_Periodic * "30"; Resync_Error_Retry_Delay * "30"; Profile_Rule * "http://prov.domain.com/sipura/profile?id=$MA"; The Restricted Access Domain parameter is configured with the actual domain names of up to a maximum of five domains.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Overview Automatic In-House Preprovisioning Using the administration web server and issuing a resync URL is convenient for a customer in the retail deployment model, but it is not as convenient for preprovisioning a large number of units. The SPA supports a more convenient mechanism for in-house preprovisioning.
Chapter 1 Provisioning Linksys VoIP Devices SPA Provisioning Flow plain-text file containing parameter-value pairs into an encrypted CFG file. The SPC tool is available from Linksys for the Win32 environment (spc.exe) and Linux-i386-elf environment (spc-linux-i386-static). Availability of the SPC tool for the OpenBSD environment is available on a case-by-case basis. SPA Provisioning Flow Firmware release 1.0 provides basic features in support of secure provisioning.
Chapter 1 Provisioning Linksys VoIP Devices SPA Provisioning Flow At a high level, the provisioning process involves four provisioning states described in Table 1-1. Table 1-1 Provisioning States Flow Step Step Description MFG-RESET Manufacturing reset Performing manufacturing reset on the SPA returns the device to a fully unprovisioned state. All configurable parameters regain their manufacturing default values.
Chapter 1 Provisioning Linksys VoIP Devices Using HTTPS Table 1-1 Provisioning States (continued) SEC-PRV-1 Secure Provisioning—Initial Configuration The initial device-unique CFG file should be targeted to each SPA by compiling the CFG file with the spc --target option. This provides an initial level of encryption that does not require the exchange of keys.
Chapter 1 Provisioning Linksys VoIP Devices Using HTTPS Server and client authentication is performed using public/private key encryption, using certificates containing the public key. Text encrypted with a public key can be decrypted only by its corresponding private key (and vice versa). The SPA supports the RSA algorithm for public/private key cryptography. Certificates are authenticated in the context of a certificate chain.
Chapter 1 Provisioning Linksys VoIP Devices Using HTTPS Figure 1-2 SPA Configuration and Provisioning Certificate Chain SPA Configuration-Provisioning Certificate Chain Sipura Technology, Inc Provisioning Server Root Authority 1 CERT PKEY Compiled into SPA Firmware Signs Provisioning Server Certificates SPA Provisioning Server Root CA Certificate List Authenticates Server in HTTPS Connection CERT PKEY VoIP Service Provider Provisioning Server Entity SPA Firmware Load HTTPS Server Configura
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Setup Provisioning Setup This section describes setup requirements for provisioning a SPA and includes the following topics: • License Keys, page 1-11 • Software Tools, page 1-11 • Server Configuration, page 1-11 • TFTP, page 1-12 • HTTP, page 1-12 • Enabling HTTPS, page 1-13 • Syslog Server, page 1-15 License Keys Certain products within the SPA product family provide for premium features.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Setup TFTP TFTP is convenient for managing small deployments of SPA units within an office LAN environment. It is also useful for in-house preprovisioning of SPAs in preparation for remote deployment. However, once deployed remotely, HTTP offers greater provisioning reliability, given NAT and router protection mechanisms. The SPA is able to obtain a TFTP server IP address directly from the DHCP server through DHCP option 66.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Setup For example, the following is the User-Agent request field from a SPA2102: User-Agent: Linksys/SPA-2102-2.0.5 (88012BA01234) Enabling HTTPS For increased security managing remotely deployed units, the SPA supports HTTPS for provisioning. To this end, each newly manufactured SPA carries a unique SLL Client Certificate (and associated private key), in addition to a Linksys CA server root certificate.
Chapter 1 Provisioning Linksys VoIP Devices Provisioning Setup To determine if a SPA carries an individualized certificate use the $CCERT provisioning macro variable, whose value expands to either Installed or Not Installed, according to the presence or absence of a unique client certificate. In the case of a generic certificate, it is possible to obtain the serial number of the unit from the HTTP request header, in the User-Agent field.
Chapter 1 Provisioning Linksys VoIP Devices Where to Go From Here Syslog Server If a syslog server is configured on the SPA (using the or parameters), the resync and upgrade operations log messages to the syslog server. A message can be generated at the start of a remote file request (configuration profile or firmware load), and at the conclusion of the operation (with either success or failure).
Chapter 1 Provisioning Linksys VoIP Devices Where to Go From Here Linksys SPA Provisioning Guide 1-16 Version 3.
C H A P T E R 2 Creating Provisioning Scripts This chapter describes the Linksys provisioning script and includes the following sections: • SPA Configuration File, page 2-1 • Open Format Configuration File, page 2-2 • SPA Configuration Profile Compiler, page 2-6 • Proprietary Plain-Text Configuration File, page 2-8 • Using Provisioning Parameters, page 2-14 • Data Types, page 2-19 SPA Configuration File The SPA configuration profile defines the parameter values for a specific SPA device.
Chapter 2 Creating Provisioning Scripts Open Format Configuration File Open Format Configuration File A configuration file in open, XML-style format can be sent from the provisioning server to the SPA during a resync operation without compiling them into a binary object. The SPA can accept configuration formats generated by standard tools. This eases development of back-end provisioning server software to generate SPA configuration profiles from existing databases.
Chapter 2 Creating Provisioning Scripts Open Format Configuration File The profiles in Example 2-1 and Example 2-2 are functionally equivalent. Example 2-2 contains additional information and comments, which are ignored by the SPA. Also, in Example 2-2 the element is encapsulating within the element. Such extra encapsulation is allowed, and the parameters within it are still recognized. Example 2-2 XML Profile with Comments
Chapter 2 Creating Provisioning Scripts Open Format Configuration File The element names that are recognized by the SPA can be derived from the SPA administration web server field names as follows: • Append [n] to each of the numbered parameters, where n is the line, user, or extension number (for example Dial_Plan[1] and Dial_Plan[2]).
Chapter 2 Creating Provisioning Scripts Open Format Configuration File ua=”rw”/> ua=”rw”/> ua=”rw”/> ua=”rw”/> ua=”rw”/> ua=”rw”/> ua=”rw”/> Configuration File Compression Optionally, the XML configuration profile can be compressed to reduce the network load on the provisioning server.
Chapter 2 Creating Provisioning Scripts SPA Configuration Profile Compiler Example 2-8 Encrypting the Configuration Profile # example encryption key = SecretPhrase1234 openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml –out profile.cfg # analogous invocation for a compressed xml file openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml.gz –out profile.cfg A lower case –k precedes the secret key, which can be any plain text phrase and is used to generate a random 64-bit salt.
Chapter 2 Creating Provisioning Scripts SPA Configuration Profile Compiler A generic, non-targeted CFG file is accepted as valid by any SPA that resyncs to it. The following command generates a basic CFG file: spc spa2102.txt spa2102.cfg This example compiles the plain-text spa2102.txt file into the binary spa2102.cfg file understood by the SPA2102. The --scramble option performs encryption that does not require the explicit transmission of a key to the target SPA. It requires one randomizing argument.
Chapter 2 Creating Provisioning Scripts Proprietary Plain-Text Configuration File spc –-sample-profile plain.txt # sample config.xml to be fed directly to an SPA running 2.0.6 or above: spc --sample-xml config.xml Proprietary Plain-Text Configuration File The plain-text format is an alternative to the open format and is the only format recognized by firmware releases prior to 2.0.6.
Chapter 2 Creating Provisioning Scripts Proprietary Plain-Text Configuration File Some_Entry ! ; # user read-write, leaves value unchanged Multiple plain text files can be spliced together to generate the source for the final binary CFG file. This is accomplished using the import directive at the start of a new line followed by one or more spaces and the file name to splice into the stream of parameter-value pairs. File splicing can be nested several files deep. For example, the file base.
Chapter 2 Creating Provisioning Scripts Proprietary Plain-Text Configuration File During macro expansion, expressions of the form $NAME and $(NAME) are replaced by the contents of the named variables. See the “Macro Expansion Variables” section on page 4-7 for the complete list of variables available for macro expansion. These include general purpose parameters, several product identifiers, certain event timers, and provisioning state values.
Chapter 2 Creating Provisioning Scripts Proprietary Plain-Text Configuration File 2.0.6 Quoted strings can be compared for equality or inequality. Integers and version numbers can also be compared arithmetically. The comparison operators can be expressed as symbols or as acronyms, as indicated in the table below. Acronyms are particularly convenient when expressing the condition in an XML-style profile.
Chapter 2 Creating Provisioning Scripts Proprietary Plain-Text Configuration File Any parameter can be assigned a new value in this way, and macro-expansion applies. For example, the following is a valid assignment expression: ( User_ID_1_ = “uid$B” ; GPP_C = “” ; GPP_D = “$MA” ; )! For conciseness, the general purpose parameters GPP_A through GPP_P can also be referred to by the single lowercase letters a through p.
Chapter 2 Creating Provisioning Scripts Proprietary Plain-Text Configuration File Some usage examples: [--key VerySecretValue] [--key “my secret phrase”] [--key a37d2fb9055c1d04883a0745eb0917a4] The bracketed optional arguments are macro expanded.
Chapter 2 Creating Provisioning Scripts Using Provisioning Parameters To map these three parameters directly to the SPA Display_Name_1_, User_ID_1_, and Password_1_ parameters (Line 1), enter this mapping in a general purpose parameter (for example, GPP_M): /CPE/SIP-Credentials/name = /flat-profile/Display_Name_1_ ; /CPE/SIP-Credentials/number = /flat-profile/User_ID_1_ ; /CPE/SIP-Credentials/auth-secret = /flat-profile/Password_1_ ; Then, request the customer credentials profile with the following URL
Chapter 2 Creating Provisioning Scripts Using Provisioning Parameters General Purpose Parameters The general purpose parameters GPP_* are used as free string registers when configuring the SPA to interact with a particular provisioning server solution. The GPP_* parameters are empty by default.
Chapter 2 Creating Provisioning Scripts Using Provisioning Parameters Triggers The SPA is designed to resync with the provisioning server periodically. The resync interval is configured in Resync_Periodic (seconds). If this value is left empty, the SPA does not resync periodically. The resync typically takes place when the voice lines are idle. In case a SPA voice line is active when a resync is due, the SPA delays the resync procedure until the line becomes idle again.
Chapter 2 Creating Provisioning Scripts Using Provisioning Parameters In this example, the SPA periodically resyncs every hour (plus an additional random delay of up to 10 minutes). In case of resync failure, the SPA retries in 30 minutes (plus up to five minutes more). If it fails again, it waits an additional hour (plus up to 10 minutes). If again unsuccessful, it waits two more hours (plus up to 15 minutes), and so also thereafter, until it successfully resyncs.
Chapter 2 Creating Provisioning Scripts Using Provisioning Parameters If all alternatives have conditional expressions, and none evaluates to true (or if the whole profile rule is empty), then the entire Profile_Rule* parameter is skipped, and the next profile rule parameter in the sequence is evaluated. The following are some examples of valid programming for a single Profile_Rule* parameter.
Chapter 2 Creating Provisioning Scripts Data Types The following is an example of the corresponding Report_Rule configuration: [ --key secretphrase ] http://prov.serv.net/spa/$MA/rep.xml.enc Once the report rule is configured, an actual report can be generated and transmitted by sending the SPA a SIP NOTIFY message, with the Event: report type.
Chapter 2 Creating Provisioning Scripts Data Types • Uns—Unsigned n-bit value, where n = 8, 16, or 32. It can be specified in decimal or hex format such as 12 or 0x18 as long as the value can fit into n bits. • Sig—Signed n-bit value. It can be specified in decimal or hex format. Negative values must be preceded by a “-“ sign. A + sign before positive value is optional. • Str—A generic string with up to n non-reserved characters.
Chapter 2 Creating Provisioning Scripts Data Types Number of Cadence Sections = 1 Cadence Section 1: Section Length = 60s Number of Segments = 4 Segment 1: On=0.2s, Off=0.2s Segment 2: On=0.2s, Off=0.2s Segment 3: On=0.2s, Off=0.2s Segment 4: On=1.0s, Off=4.0s Total Ring Length = 60s • FreqScript—A mini-script that specifics the frequency and level parameters of a tone. Up to 127 characters.
Chapter 2 Creating Provisioning Scripts Data Types Cadence Section 2: Section Length = 10s Number of Segments = 1 Segment 1: On=forever, with Frequencies 1 and 2 Total Tone Length = 12s Example 3—SIT tone: 985@-16,1428@-16,1777@-16;20(.380/0/1,.380/0/2,.380/0/3,0/4/0) Number of Frequencies = 3 Frequency 1 = 985 Hz at –16 dBm Frequency 2 = 1428 Hz at –16 dBm Frequency 3 = 1777 Hz at –16 dBm Number of Cadence Sections = 1 Cadence Section 1: Section Length Number of Segments = 4 Segment 1: On=0.
C H A P T E R 3 Provisioning Tutorial This chapter describes the procedures for transferring configuration profiles between the SPA and the provisioning server and includes the following sections: • Preparation, page 3-1 • Basic Resync, page 3-2 • Secure Resync, page 3-7 • Profile Formats, page 3-10 For information about creating configuration profiles, refer to Chapter 2, “Creating Provisioning Scripts.
Chapter 3 Provisioning Tutorial Basic Resync Basic Resync This section demonstrates the basic resync functionality of Linksys VoIP devices. It includes the following topics: • TFTP Resync, page 3-2 • Syslog, page 3-3 • Automatic Resync, page 3-4 • Unique Profiles and Macro Expansion, page 3-5 • URL Resolution, page 3-5 • HTTP GET Resync, page 3-6 TFTP Resync The SPA supports multiple network protocols for retrieving configuration profiles.
Chapter 3 Provisioning Tutorial Basic Resync http://192.168.1.100/admin/advanced Step 8 The Provisioning tab in the admin/advanced page contains a number of configurable parameters specific to provisioning. Select the Provisioning tab, and inspect the values of the general purpose parameters GPP_A through GPP_P. These should be empty. Step 9 To resync the test SPA to the basic.txt configuration profile, open the following URL from the PC browser. Assuming the PC IP address is 192.168.1.200: http://192.
Chapter 3 Provisioning Tutorial Basic Resync • Log_Resync_Failure_Msg. If any of these parameters are cleared, the corresponding syslog message is not generated. Occasionally, it may also be informative to capture an Ethernet packet trace of the interaction between the SPA and the provisioning server. You can run the Ethernet packet analyzer (such as Ethereal/Wireshark) on a PC connected through a hub to the same subnet as the SPA.
Chapter 3 Provisioning Tutorial Basic Resync Unique Profiles and Macro Expansion In a large deployment, each SPA needs to be configured with distinct values for specific parameters, such as User_ID or Display_Name. This requires the service provider to generate distinct profiles, one for each deployed SPA. Each SPA, in turn, must be configured to resync to its own profile, according to some predetermined profile naming convention.
Chapter 3 Provisioning Tutorial Basic Resync Also, the configuration profile can be stored in a subdirectory of the server virtual root directory. Again, this is specified using standard URL notation. For example, the following is a valid Profile_Rule that requests the file spa2102.cfg, in the server subdirectory /Linksys/config, for the TFTP server running on host prov.telco.com, which listens for connection on port 6900. tftp://prov.telco.com:6900/Linksys/config/spa2102.
Chapter 3 Provisioning Tutorial Secure Resync http://192.168.1.200/basic.txt Step 5 Observe the syslog messages sent by the SPA. The periodic resyncs should now be obtaining the profile from the HTTP server. Also, the server should be logging each request if connection logging is enabled in the server configuration. Step 6 In the HTTP server logs, observe how information identifying the test SPA appears in the log of user agents.
Chapter 3 Provisioning Tutorial Secure Resync Step 3 For this step, you may need to install the open source OpenSSL package or equivalent software. If using OpenSSL, the command to generate the basic CSR file is as follows: openssl req –new –out provserver.csr This command generates a public/private key pair, which is saved in the privkey.pem file. Step 4 Submit the CSR file (provserver.csr) to Linksys for signing. A signed server certificate is returned (provserver.
Chapter 3 Provisioning Tutorial Secure Resync HTTPS With Client Certificate Authentication In the factory default configuration, the server does not request SSL client certificates from clients. After changing the configuration to enable client authentication, the server requires a client certificate to authenticate the SPA before accepting a connection request. Because of this, the resync operation in this exercise cannot be independently tested using a browser lacking the proper credentials.
Chapter 3 Provisioning Tutorial Profile Formats print “OU=$ENV{‘SSL_CLIENT_I_DN_OU’},\n”; print “L=$ENV{‘SSL_CLIENT_I_DN_L’},\n”; print “S=$ENV{‘SSL_CLIENT_I_DN_S’}\n”; print “”; Step 3 Save this file with the file name reflect.pl, with executable permission (chmod 755 on Linux), in the CGI scripts directory of the HTTPS server. Step 4 Verify accessibility of CGI scripts on the server (as in /cgi-bin/…).
Chapter 3 Provisioning Tutorial Profile Formats Step 2 Compress the basic.txt profile from earlier exercises, by invoking gzip from the command line: gzip basic.txt This generates the deflated file basic.txt.gz. Step 3 Save the deflated file in the TFTP server virtual root directory. Step 4 Modify the Profile_Rule on the test SPA to resync to the deflated file in place of the original XML file, as in the following example: tftp://192.168.1.200/basic.txt.gz Step 5 Click Submit All Changes.
Chapter 3 Provisioning Tutorial Profile Formats On resync, the new file is downloaded by the SPA and used to update its parameters. Partitioned Profiles The SPA download multiple separate profiles during each resync. This allows managing different kinds of profile information on separate servers and maintaining common configuration parameter values separate from account specific values. Exercise Step 1 Create a new XML profile, basic2.
Chapter 3 Provisioning Tutorial Profile Formats 17775551234 512835907884 Step 2 Store the file in the TFTP server virtual root directory. Step 3 Open the test SPA web interface on the admin/advanced page, Provisioning tab, and edit GPP_A to contain the alias map indicated above (do not enter new lines through the web interface, instead simply enter each alias consecutively).
Chapter 3 Provisioning Tutorial Profile Formats Step 5 Modify the test SPA profile rule to point to the new profile: tftp://192.168.1.200/account.cfg Step 6 Click Submit All Changes. Upon resync, the SPA retrieves the new file, recognizes its binary format and updates the two specified parameters. Step 7 Observe the syslog messages sent by the SPA during resync. Linksys SPA Provisioning Guide 3-14 Version 3.
C H A P T E R 4 Provisioning Field Reference This chapter provides a listing of the parameters provided on the administration web server Provisioning tab, which can be used in configuration profile scripts.
Chapter 4 Provisioning Field Reference Configuration Profile Parameters Table 4-1 Configuration Profile Parameters (continued) Parameter Name Description and Default Value Resync_Random_Delay The maximum value for a random time interval that the device waits before making its initial contact with the provisioning server. This delay is effective only on the initial configuration attempt following device power-on or reset. The delay is a pseudo-random number between zero and this value.
Chapter 4 Provisioning Field Reference Configuration Profile Parameters Table 4-1 Configuration Profile Parameters (continued) Parameter Name Description and Default Value Forced_Resync_Delay Maximum delay (in seconds) the SPA waits before performing a resync. The device does not resync while one of its phone lines is active. Because a resync can take several seconds, it is desirable to wait until the device has been idle for an extended period before resyncing.
Chapter 4 Provisioning Field Reference Configuration Profile Parameters Table 4-1 Configuration Profile Parameters (continued) Parameter Name Description and Default Value Profile_Rule_B Defines second, third, and fourth resync commands and associated profile URLs. These profile scripts are executed sequentially after the primary Profile Rule resync operation has completed. If a resync is triggered and Profile Rule is blank, Profile Rule B, C, and D are still evaluated and executed.
Chapter 4 Provisioning Field Reference Firmware Upgrade Parameters Firmware Upgrade Parameters The following table defines the function and usage of each parameter in the Firmware Upgrade section of the Provisioning tab. Table 4-2 Firmware Upgrade Parameters Parameter Name Description and Default Value Upgrade_Enable Enables firmware upgrade operations independently of resync actions. The default is Yes.
Chapter 4 Provisioning Field Reference General Purpose Parameters General Purpose Parameters The following table defines the function and usage of each parameter in the General Purpose Parameters section of the Provisioning tab. Table 4-3 General Purpose Parameters Parameter Name Description and Default Value GPP_SA Special purpose provisioning parameters, designed to hold encryption keys and passwords. To ensure the integrity of the encryption mechanism, these parameters must be kept secret.
Chapter 4 Provisioning Field Reference Macro Expansion Variables Macro Expansion Variables The following macro variables are recognized within the following provisioning parameters: • Profile_Rule • Profile_Rule_* • Resync_Trigger_* • Log_Resync_* • Upgrade_Rule • Log_Upgrade_* • GPP_* (under specific conditions) Within these parameters, syntax types, such as $NAME or $(NAME), are recognized and expanded.
Chapter 4 Provisioning Field Reference Macro Expansion Variables Table 4-4 Macro Expansion Variables (continued) Macro Name Macro Expansion PSN Product Series Number, for example 2102. SN Serial Number string, for example 88012BA01234. CCERT SSL Client Certificate status: Installed or Not Installed. IP IP address of the SPA within its local subnet, for example 192.168.1.100. EXTIP External IP of the SPA, as seen on the Internet, for example 66.43.16.52.
Chapter 4 Provisioning Field Reference Internal Error Codes Table 4-4 Macro Expansion Variables (continued) Macro Name Macro Expansion PORT Request target UDP/TCP port, as obtained after parsing resync or upgrade URL. PATH Request target file path, as obtained after parsing resync or upgrade URL. ERR Result message of resync or upgrade attempt. Only useful in generating result syslog messages. The value is preserved in the UPGERR variable in the case of upgrade attempts.
Chapter 4 Provisioning Field Reference Internal Error Codes Linksys SPA Provisioning Guide 4-10 Version 3.
A P P E N D I X A Acronyms A/D Analog To Digital Converter ANC Anonymous Call B2BUA Back to Back User Agent Bool Boolean Values.
Appendix A GW Gateway ITU International Telecommunication Union HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS HTTP over SSL ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol ILEC Incumbent Local Exchange Carrier IP Internet Protocol ISP Internet Service Provider ITSP IP Telephony Service Provider IVR Interactive Voice Response LAN Local Area Network LBR Low Bit Rate LBRC Low Bit Rate Codec MC Mini-Certificate MGCP Media G
Appendix A Acronyms SDRAM Synchronous DRAM sec seconds SIP Session Initiation Protocol SLA Shared line appearance SLIC Subscriber Line Interface Circuit SP Service Provider SPA Linksys Phone Adaptor SSL Secure Socket Layer TFTP Trivial File Transfer Protocol TCP Transmission Control Protocol UA User Agent uC Micro-controller UDP User Datagram Protocol URL Uniform Resource Locator VM Voicemail VMWI Visual Message Waiting Indication/Indicator VQ Voice Quality WAN Wide Area
Appendix A Acronyms Linksys SPA Provisioning Guide A-4 Version 3.
A P P E N D I X B Glossary ACD (Automatic Call Distribution)—A switching system designed to allocate incoming calls to certain positions or agents in the order received and to hold calls not ready to be handled (often with a recorded announcement). Area code—A 3-digit code used in North America to identify a specific geographic telephone location. The first digit can be any number between 2 and 9. The second and third digits can be any number. Billing increment—The division by which the call is rounded.
Appendix B Glossary Dedicated Access Line (DAL)—Provided by the local exchange carrier. An access line from the customer telephone equipment directly to the long-distance company switch or POP. Demarcation point—This is where the LEC ownership and responsibility (wiring, equipment) ends and the customer responsibilities begin. Direct Inward Dialing (DID)—Allows an incoming call to bypass the attendant and ring directly to an extension. Available on most PBX systems and a feature of Centrex service.
A P P E N D I X C Example SPA Configuration Profile What follows is a sample profile. An up-to-date profile template can be obtained from the SPC tool, with the command line invocation spc --sample-profile sample.txt.
Appendix C Resync_From_SIP Resync_After_Upgrade_Attempt Resync_Trigger_1 Resync_Trigger_2 Profile_Rule Profile_Rule_B Profile_Rule_C Profile_Rule_D Log_Resync_Request_Msg $SCHEME://$SERVIP:$PORT$PATH" ; Log_Resync_Success_Msg $SCHEME://$SERVIP:$PORT$PATH" ; Log_Resync_Failure_Msg Example SPA Configuration Profile "Yes" ; "Yes" ; "" ; "" ; "/spa$PSN.
Appendix C Example SPA Configuration Profile # *** SIP Timer Values (sec) SIP_T1 SIP_T2 SIP_T4 SIP_Timer_B SIP_Timer_F SIP_Timer_H SIP_Timer_D SIP_Timer_J INVITE_Expires ReINVITE_Expires Reg_Min_Expires Reg_Max_Expires Reg_Retry_Intvl Reg_Retry_Long_Intvl ".
Appendix C STUN_Enable STUN_Test_Enable STUN_Server EXT_IP EXT_RTP_Port_Min NAT_Keep_Alive_Intvl Example SPA Configuration Profile "No" ; "No" ; "" ; "" ; "" ; "15" ; # *** Line_Enable[1] "Yes" ; SAS_Enable[1] "No" ; MOH_Server[1] "" ; SAS_DLG_Refresh_Intvl[1] "30" ; NAT_Mapping_Enable[1] "No" ; SAS_Inbound_RTP_Sink[1] "" ; SIP_Port[1] "5060" ; NAT_Keep_Alive_Enable[1] "No" ; EXT_SIP_Port[1] "" ; NAT_Keep_Alive_Msg[1] "$NOTIFY" ; SIP_TOS/DiffServ_Value[1] "0x68" ; NAT_Keep_Alive_Dest[1] "$PROXY" ; RTP_T
Appendix C Example SPA Configuration Profile Cfwd_All_Serv[1] Cfwd_Busy_Serv[1] Cfwd_No_Ans_Serv[1] Cfwd_Sel_Serv[1] Cfwd_Last_Serv[1] Block_Last_Serv[1] Accept_Last_Serv[1] DND_Serv[1] CID_Serv[1] CWCID_Serv[1] Call_Return_Serv[1] Call_Back_Serv[1] Three_Way_Call_Serv[1] Three_Way_Conf_Serv[1] Attn_Transfer_Serv[1] Unattn_Transfer_Serv[1] MWI_Serv[1] VMWI_Serv[1] Speed_Dial_Serv[1] Secure_Call_Serv[1] Referral_Serv[1] Feature_Dial_Serv[1] "Yes" "Yes" "Yes" "Yes" "Yes" "Yes" "Yes" "Yes" "Yes" "Yes" "Yes"
Appendix C Cfwd_All_Dest[1] Cfwd_Busy_Dest[1] Cfwd_No_Ans_Dest[1] Cfwd_No_Ans_Delay[1] ! ! ! ! Example SPA Configuration Profile "" ; "" ; "" ; "20" ; # *** Selective Call Forward Settings Cfwd_Sel1_Caller[1] Cfwd_Sel1_Dest[1] Cfwd_Sel2_Caller[1] Cfwd_Sel2_Dest[1] Cfwd_Sel3_Caller[1] Cfwd_Sel3_Dest[1] Cfwd_Sel4_Caller[1] Cfwd_Sel4_Dest[1] Cfwd_Sel5_Caller[1] Cfwd_Sel5_Dest[1] Cfwd_Sel6_Caller[1] Cfwd_Sel6_Dest[1] Cfwd_Sel7_Caller[1] Cfwd_Sel7_Dest[1] Cfwd_Sel8_Caller[1] Cfwd_Sel8_Dest[1] Cfwd_Last_Call
Appendix C Example SPA Configuration Profile Default_Ring[1] ! "1" ; Default_CWT[1] ! "1" ; Hold_Reminder_Ring[1] ! "8" ; Call_Back_Ring[1] ! "7" ; Cfwd_Ring_Splash_Len[1] ! "0" ; Cblk_Ring_Splash_Len[1] ! "0" ; VMWI_Ring_Splash_Len[1] ! ".
Appendix C Call_Waiting_Serv[2] Block_CID_Serv[2] Block_ANC_Serv[2] Dist_Ring_Serv[2] Cfwd_All_Serv[2] Cfwd_Busy_Serv[2] Cfwd_No_Ans_Serv[2] Cfwd_Sel_Serv[2] Cfwd_Last_Serv[2] Block_Last_Serv[2] Accept_Last_Serv[2] DND_Serv[2] CID_Serv[2] CWCID_Serv[2] Call_Return_Serv[2] Call_Back_Serv[2] Three_Way_Call_Serv[2] Three_Way_Conf_Serv[2] Attn_Transfer_Serv[2] Unattn_Transfer_Serv[2] MWI_Serv[2] VMWI_Serv[2] Speed_Dial_Serv[2] Secure_Call_Serv[2] Referral_Serv[2] Feature_Dial_Serv[2] "Yes" "Yes" "Yes" "Yes" "
Appendix C Example SPA Configuration Profile Caller_Conn_Polarity[2] Callee_Conn_Polarity[2] "Forward" ; "Forward" ; # options: Forward/Reverse # options: Forward/Reverse # *** Call Forward Settings Cfwd_All_Dest[2] Cfwd_Busy_Dest[2] Cfwd_No_Ans_Dest[2] Cfwd_No_Ans_Delay[2] ! ! ! ! "" ; "" ; "" ; "20" ; # *** Selective Call Forward Settings Cfwd_Sel1_Caller[2] Cfwd_Sel1_Dest[2] Cfwd_Sel2_Caller[2] Cfwd_Sel2_Dest[2] Cfwd_Sel3_Caller[2] Cfwd_Sel3_Dest[2] Cfwd_Sel4_Caller[2] Cfwd_Sel4_Dest[2] Cfwd_Sel5
Appendix C Ring7_Caller[2] Ring8_Caller[2] Example SPA Configuration Profile ! "" ; ! "" ; # *** Ring Settings Default_Ring[2] ! "1" ; Default_CWT[2] ! "1" ; Hold_Reminder_Ring[2] ! "8" ; Call_Back_Ring[2] ! "7" ; Cfwd_Ring_Splash_Len[2] ! "0" ; Cblk_Ring_Splash_Len[2] ! "0" ; VMWI_Ring_Splash_Len[2] ! ".
Appendix C Example SPA Configuration Profile # *** Distinctive Ring/CWT Pattern Names Ring1_Name Ring2_Name Ring3_Name Ring4_Name Ring5_Name Ring6_Name Ring7_Name Ring8_Name "Bellcore-r1" "Bellcore-r2" "Bellcore-r3" "Bellcore-r4" "Bellcore-r5" "Bellcore-r6" "Bellcore-r7" "Bellcore-r8" ; ; ; ; ; ; ; ; # *** Ring and Call Waiting Tone Spec Ring_Waveform Ring_Frequency Ring_Voltage CWT_Frequency "Sinusoid" ; "25" ; "70" ; "440@-10" ; # options: Sinusoid/Trapezoid # *** Control Timer Values (sec) Hook_F
Appendix C DND_Act_Code DND_Deact_Code CID_Act_Code CID_Deact_Code CWCID_Act_Code CWCID_Deact_Code Dist_Ring_Act_Code Dist_Ring_Deact_Code Speed_Dial_Act_Code Secure_All_Call_Act_Code Secure_No_Call_Act_Code Secure_One_Call_Act_Code Secure_One_Call_Deact_Code Referral_Services_Codes Feature_Dial_Services_Codes "*78" "*79" "*65" "*85" "*25" "*45" "*26" "*46" "*74" "*16" "*17" "*18" "*19" "" ; "" ; Example SPA Configuration Profile ; ; ; ; ; ; ; ; ; ; ; ; ; # *** Outbound Call Codec Selection Codes Prefe
INDEX CCERT macro Symbols certificates $CCERT macro $ macro 4-8 1-14 4-7 chain 1-10 server 1-9 certificate signing request Numerics 256-bit encryption 1-2 certification authority 1-9 CGI scripting support 1-11 CGI scripts 1-12 chain, certificate cipher suites A CN field initial and permanent access control 1-4 1-13 configuration profiles 1-5 administration web server 1-4 Analog Telephone Adapters Apache 1-4 Configuration Profile Parameters section 1-5 Admin account 1-10
Index explict profile need for IP macro 1-12 ISCUST macro 1-2 ERR macro 4-9 error codes 4-9 4-9 IVR functions Ethernet packet analyzer explicit profile encryption EXTIP macro 4-8 1-11 1-5 K 1-12 key pairs 4-8 location of 1-9 F factory default configuration firmware release 2.
Index redundant N 1-4 PRVST macro NAT devices 4-8 PRVTMR macro ATAs with 1-2 PSN macro 4-8 4-8 public/private key pairs generating O open (XML-style) format OpenBSD, SPC for 1-13 1-5 R 1-6 OpenSSL software package OpenSSL utility 1-11 1-13 redundant provisioning servers REGTMR1 macro 4-8 REGTMR2 macro 4-8 remote control P 5-vii PATH macro 1-5 resync 4-9 1-11 permanent access 1-4 plain-text format 1-5 URL command Resync_Fails_On_FNF parameter 1-11 1-5 Profile_Rule_B para
Index server U authentication 1-9 1-9 UID1 macro 4-9 server certificates UID2 macro 4-9 certificate generating UPGCOND macro 1-13 obtaining UPGERR macro 1-13 server configuration, troubleshooting SERVIP macro SERV macro UPGST macro 1-10 signing root authorities 5-vii SPA2102 5-vii SPA3102 5-vii SPA9000 5-vii User account 4-5 1-5 1-14 User-Agent request field 1-13 W SPA provisioning flow Win32 environment, SPC for 5-viii WRTP54G 1-6 1-6 5-vii 1-5 SP-CUST flow step SS
