Polycom SIP 2.2.0 manual It can decrypt the files that were encrypted on the server, Manner

Page 228

Administrator’s Guide SoundPoint IP / SoundStation IP

 

A key is generated by the utility and must be downloaded to the phone so that

 

it can decrypt the files that were encrypted on the server. The

 

device.sec.configEncryption.key configuration file parameter is used to

 

set the key on the phone. The utility generates a random key and the

 

encryption is Advanced Encryption Standard (AES) 128 in Cipher Block

 

Chaining (CBC) mode. An example key would look like this:

 

Crypt=1;KeyDesc=companyNameKey1;Key=06a9214036b8a15b512e03d534120006;

 

If the phone doesn't have a key, it must be downloaded to the phone in plain

 

text (a potential security hole if not using HTTPS). If the phone already has a

 

key, a new key can be downloaded to the phone encrypted using the old key

 

(refer to Changing the Key on the Phone on page C-5). At a later date, new

 

phones from the factory will have a key pre-loaded in them. This key will be

 

changed at regular intervals to enhance security

 

It is recommended that all keys have unique descriptive strings in order to

 

allow simple identification of which key was used to encrypt a file. This makes

 

boot server management easier.

 

After encrypting a configuration file, it is useful to rename the file to avoid

 

confusing it with the original version, for example rename sip.cfg to sip.enc.

 

However, the directory and override filenames cannot be changed in this

 

manner.

 

You can check whether an encrypted file is the same as an unencrypted file by:

 

1. Run the configFileEncrypt utility on the unencrypted file with the "-d"

 

option. This shows the "digest" field.

 

2. Look at the encrypted file using WordPad and check the first line that

 

shows a "Digest=…." field. If the two fields are the same, then the

 

encrypted and unencrypted file are the same.

Note

 

If a phone downloads an encrypted file that it cannot decrypt, the action is logged,

 

an error message displays, and the phone reboots. The phone will continue to do

 

this until the boot server provides an encrypted file that can be read, an

 

unencrypted file, or the file is removed from the master configuration file list.

Note

 

 

The SoundPoint IP 300 and 500 phones will always fail at decrypting files. These

 

phones will recognize that a file is encrypted, but cannot decrypt it and will display

 

an error. This information is logged. Encrypted configuration files can only be

 

decrypted on the SoundPoint IP 301, 320, 330, 430, 501,550, 600, 601, and 650

 

and the SoundStation IP 4000 phones.

 

The master configuration file cannot be encrypted on the boot server. This file is

 

downloaded by the bootROM that does not recognize encrypted files. For more

 

information, refer to Master Configuration Files on page 2-5.

 

 

C - 4

Image 228
Contents SIP Disclaimer Copyright NoticeAbout This Guide Administrator’s Guide SoundPoint IP / SoundStation IP Contents Administrator’s Guide SoundPoint IP / SoundStation IP Troubleshooting Your SoundPoint IP / SoundStation IP Phones Viii Contents Administrator’s Guide SoundPoint IP / SoundStation IP SoundPoint IP Desktop Phones IP 320/330 IP 600/601SoundStation IP Conference Phone SoundPoint IP Desktop Phones Introducing the SoundPoint IP / SoundStation IP Family SoundStation IP Conference Phone SoundPoint IP 600/601Key Features of Your SoundPoint IP / SoundStation IP Phones Currently supported conference phone is SoundStation IPAdministrator’s Guide SoundPoint IP / SoundStation IP Overview Where SoundPoint IP / SoundStation IP Phones Fit SoundPoint IP / SoundStation IP Phones onBootROM Session Initiation Protocol Application ArchitectureApplication Configuration Master Configuration Files Application Configuration FilesApplication Configuration Files Resource Files Available Features Ring tones Synthesized tones Contact directoriesOverview Microsoft Live Communications Server Overview IP Type-of-Service-Allows for the setting of TOS settings Setting up Your System Configured in your networkSetting Up the Network Dhcp or Manual TCP/IP SetupFor more information on Dhcp options, go to Supported Provisioning Protocols FTP Tftp Http HttpsModifying the Network Configuration Certificate Authority List on page C-1Main Menu Dhcp Menu Server Menu Ethernet Menu Syslog Menu EM Power Name Possible Values Description Dhcp ClientDhcp Menu Phone IP AddressPossible Name Values Description Menu Menu Name Possible Values DescriptionOr later. Passive FTP is still supported Password these characters if they are correctly escaped Using the method specified in RFCPassword, this will be ignored This will be ignoredEthernet menu CDPSetting Up the Boot Server TLS=3Information, contact your Certified Polycom Reseller Create account and home directoryEach phone may open multiple connections to the server These permissions, but will not be able to upload filesDeploying Phones From the Boot Server You must decide on a boot server security policyConfiguration on page A-4 SIP/ on page A-10PhoneMACaddress.cfg Upgrading SIP Application Supporting SoundPoint IP and SoundStation IP PhonesSupporting SoundPoint IP 300 and 500 Phones To upgrade your SIP application Cfg file can be used for all phones in a deployment Setting Up Basic Features Configuring SoundPoint IP / SoundStation IP Phones LocallyThis chapter also provides instructions on Administrator’s Guide SoundPoint IP / SoundStation IP Call Timer Call LogCall Waiting Called Party Identification Calling Party IdentificationMissed Call Notification Context Sensitive Volume Control Central boot serverConnected Party Identification Customizable Audio Sound EffectsMessage Waiting Indication Distinctive Incoming Call TreatmentMessages and voice messages are waiting Distinctive Ringing Distinctive Call WaitingAddress-directory Xml LocalDo Not Disturb Handset, Headset, and Speakerphone Local Contact DirectoryBoot server Address-directory DirectOry.xml XmlLnSmith/ln FnBill/fn Ct1003/ct Sd3/sd Rt3/rt Ad0/ad DirectoryElement Permitted Values Interpretation UTF-8’s variable length encodingLocal Digit Map Auto-rejectMicrophone Mute Soft Key Activated User InterfaceSpeed Dial Time and Date DisplayIdle Display Animation Ethernet Switch IP330/, IP400/, IP500/, IP600/, IP4000/ onAutomatic Off-Hook Call Placement Call HoldCall Transfer Local / Centralized ConferencingCall Forward Directed Call Pick-Up Setting Up Advanced Features Group Call Pick-UpCall Park/Retrieve Last Call ReturnConfigurable Feature Keys Feature Key Layouts on page C-10 Multiple Line Keys per RegistrationMultiple Call Appearances Shared Call AppearancesBridged Line Appearance Refer to Bridged Line Appearance Signaling on page B-10 Busy Lamp FieldCustomizable Fonts and Indicators Central bootInstant Messaging Attendant.uriSoundStation IP 4000’s higher resolution display Multilingual User InterfaceDownloadable Fonts Synthesized Call Progress TonesMicrobrowser Real-Time Transport Protocol Ports Network Address Translation Voice Mail IntegrationMultiple Registrations Server server/ on page A-7 Feature depends on support from a SIP server Automatic Call DistributionDepends on support from a SIP server Server Redundancy For Outgoing Calls Invite Fallback Phone Configuration Reg.1.server.1.address=voipserver.serviceprovider.comPresence Phone Operation for RegistrationMicrosoft Live Communications Server 2005 Integration Masking, the automatic behaviorConfiguration File Example Refer to Roaming Buddies roamingbuddies/ on page A-99 Refer to Roaming Privacy roamingprivacy/ on page A-99Set reg.x.auth.password to the LCS password Set the reg.x.server.y.address to the LCS server nameLocate the roamingprivacy attribute Setting Up Audio Features Low-Delay Audio Packet TransmissionJitter Buffer and Packet Error Concealment Voice Activity Detection Dtmf Tone GenerationNegative audio consequences Acoustic Echo Cancellation Dtmf Event RTP PayloadAudio Codecs Following table summarizes the phone’s audio codec supportEffective IP Type-of-Service Background Noise SuppressionComfort Noise Fill Automatic Gain ControlSetting Up Security Features Ieee 802.1p/QLocal User and Administrator Privilege Levels Configuration changes can performed locallyCustom Certificates Incoming Signaling Validation Configuration File EncryptionDevice.cfg Configuring SoundPoint IP / SoundStation IP Phones Locally PasswordsTroubleshooting Your SoundPoint IP / SoundStation IP Phones Error Messages BootROM Error MessagesApplication Error Messages Status Menu Log FilesApplication Logging Options Scheduled Logging Reading a Boot Log Following figure shows a portion of a boot log fileReading an Application Log Following figure shows a portion of an application log filePower and Startup Symptom Problem Corrective ActionControls Access to Screens and Systems Calling Displays Phone on page C-9Audio UpgradingConfiguration Files Master Configuration Files One will cause a reboot loop Application Configuration CONFIGFILES=phone1MACADDRESS.cfg, sip.cfg MISCFILES=Configuration Files This configuration attribute is defined as follows Protocol volpProtMicrobrowser mb USB Port usb This attribute includesIf voIpProt.server.x.address is a VoIpProt.server.x.transport is set toIf voIpProt.server.x.transport is set to If voIpProt.server.x.address is an IPVoIpProt.server.x.address is an IP VoIpProt.SIP.lcs Parameter if set to 1 when the parameter To 1 default isPermitted Attribute Values Default Interpretation This attribute also includes Reg.x.auth.optimizedInFailover takesOutbound Proxy outboundProxy Due to the additional signaling required Alert Information alertInfoRequest Validation requestValidation May have a negative performance impactConference Setup conference Attribute Permitted Default Interpretation ValuesSpecial Events specialEvent Dial Plan dialplan Dialplan.applyToCallListDialConsidered a dial from directory This attributes also includes Digit Map digitmap Routing routingAttribute Permitted Values Default Interpretation Server server Emergency emergencyLocalization lcl Server serverEmergency emergency Multilingual ml Date and Time datetimeAttribute Permitted Values Interpretation Lcl.ml.lang.menu.1Lcl.ml.lang.menu.2 Lcl.ml.lang.menu.3Lcl.datetime.date.longFormat Lcl.datetime.date.dateTop+FF00 U+FFFF User Preferences up Permitted Attribute Values InterpretationTones tones Dual Tone Multi-Frequency Dtmf Chord-Sets chordOnIntensity, it will be replaced with OnIntensity valueOnly be enabled when tone.dtmf.viaRtp is DisabledBe enabled when tone.dtmf.viaRtp is Sampled Audio for Sound Effects saf Ringer, or miscSound Effects se Following table, x is the sampled audio file numberWave file format Tftp//host/pathnamefilename, for examplePatterns pat Ring type rt Instruction Meaning ExampleMiscellaneous Patterns Call Progress PatternsCall progress Use within phone Pattern number Ringer pattern number Default description Ringer PatternsCall progress Pattern number Use within phone Miscellaneous Patterns Miscellaneous Pattern number Use within phoneSequential Patterns on page A-31Voice Settings voice Following voice codecs are supportedThese codecs include Codec Preferences codecPref Codec Profiles audioProfileCodec Preferences codecPref Codec Profiles audioProfile Attribute Default Attribute Default Attribute Default Acoustic Echo Cancellation aec Acoustic Echo Suppression aes Background Noise Suppression ns Feature Attribute Default Transmit Equalization txEq Attribute Default Quality of Service QOS Following settings control the 802.1p/Q userpriority fieldIf voice.vadEnable is set to 0, add attribute line Ethernet Ieee 802.1p/Q ethernet IP TOS IPThese parameters apply to RTP packets Call Control callControlOther other RTP rtp Call Control callControlRTP rtp Basic TCP/IP Tcpip Qos.ip.callControl…Attribute Permitted Default Values Permitted Attribute Values Default Interpretation If fixedDayEnable is set to Start.dayOfWeekStart.date is ignored Stop.dayOfWeekMust be enabled for this to work Web Server httpdRTP rtp TcpIpApp.port.rtp.filterByIpCall Handling Configuration call Configuration cfgTake precedence over this feature if enabled. For More information, refer to No AnswerReg.x.callsPerLineKey. Refer to Registration Case the phone may select a different availableShared Calls shared Hold, Local Reminder hold/localReminder If call.stickyAutoLineSeize is set to 1, thisDirectory dir IP 4000 phone. For other phones a quick pressRelease of the line key will resume a call Whereas pressing and holding down the linePlatform, this value is internally Replaced by 2X the valuePresence pres Fonts fontSoundPoint IP 320, 330, 430, 500 SoundPoint IP 550, 600, 601,IP330 font IP330 This configuration attribute is defined as follows Keys keyFollowing table lists the functions that are available FunctionsIndicators ind Following indicators are used by the phoneBitmaps bitmap Platform IP300/, IP 330/, IP400 Attribute Permitted Interpretation Values LEDs led Following table, x is the LED numberEvent Logging log Level InterpretationThree formats are available for the event timestamp Two types of logging are supportedType Example Log.render.level maps to You do not change this valueSupport append mode unless Server is set up for thisUploaded if no new events have Been logged since the last uploadEncryption encryption Password Lengths pwd/length Security secLicense license Provisioning prov You do not change thesePlatform InFreeSpace is internallyDelay delay RAM Disk ramdiskRequest request ValueFeature feature Resource res Finder finder Quotas quotasMicrobrowser mb Internally replaced by 2X the valueWill be respected, even if this parameter is set to Refresh parameter will be respected onlyEvent that a refresh fails. Once a refresh is Successful, the value in the Http refreshFunction is selected Detrimental effect on performance of the phonePer-Phone Configuration These settings control the bulk drive or memory stickUSB Port usb Bulk Drive bulkDriveRegistration reg Is non-Null, all of the reg.x.server.y.xxx Parameters will override the parametersSpecified in sip.cfg in Server server/ on A-7Refer to Call Handling Configuration call IP 300 and 500 phones If reg.x.serverFeatureControl.cf is not Calls callDo Not Disturb donotdisturb If call.missedCallTracking.x.enabled is Forwarding is enabled, this Parameter is enabledDiversion divert Calls can be automatically diverted when the phone is busy Divert.x.contact will beEnabled, this parameter is Server-base call forwarding isDialplan.x.digitmap is not Dialplan.x.applyToUserDial When present, and if Digit Map digitmap/ on Message Waiting Indicator mwi Messaging msgNetwork Address Translation nat VoIpProt.local.signalPort in sip.cfg Attendant attendantRoaming Buddies roamingbuddies Roaming Privacy roamingprivacyValue 0 if the call server is Microsoft Live Communications ServerFlash Parameter Configuration Enabled This flash attributes are defined as followsFor example, if device.net.ipAddress.set = Server address is preserved Refer to Basic Logging level/change/ Session Initiation Protocol SIP RFC and Internet Draft Support Request Support Following SIP request messages are supportedMethod Supported Header Support Following SIP request headers are supportedHeader Supported Header Supported Response Support Following SIP responses are supportedResponse Supported 3xx Responses Redirection 5xx Responses Server Failure Hold Implementation Reliability of Provisional ResponsesTransfer Third Party Call ControlShared Call Appearance Signaling Bridged Line Appearance SignalingMiscellaneous Administrative Tasks Trusted Certificate Authority ListAdministrator’s Guide SoundPoint IP / SoundStation IP Encrypting Configuration Files Boot server management easier It can decrypt the files that were encrypted on the server.Chaining CBC mode. An example key would look like this Changed at regular intervals to enhance securityAdding a Background Logo Changing the Key on the PhoneModel Width Height Color Depth RGB ValuesColor RGB Values Decimal Hexadecimal BootROM/SIP Application Dependencies Model BootROM SIP Application Migration DependenciesMultiple Key Combinations Default Feature Key Layouts SoundPoint IPSoundPoint IP SoundPoint IP 550/600/601/650 SoundStation IPKey IP 550 330 601 Function IP 550 Key 330 601 Function Assigning a Vlan ID Using Dhcp VLAN-A=10 VLAN-A=0x0a VLAN-A=012 Parsing Vendor ID Information End of sub-options Administrator’s Guide SoundPoint IP / SoundStation IP Third Party Software Administrator’s Guide SoundPoint IP / SoundStation IP Zlib Copyright and Permission Notice Third Party Software Administrator’s Guide SoundPoint IP / SoundStation IP Index Dhcp Secondary server 3-3DHCP InformIP TOS A-48 Administrator’s Guide SoundPoint IP / SoundStation IP SIP Administrator’s Guide SoundPoint IP / SoundStation IP
Related manuals
Manual 36 pages 13.24 Kb