Cisco Systems SPA9000 manual Remote Provisioning Features, Using Configuration Profiles

The SPA9000 provides for secure provisioning and remote upgrade. Provisioning is achieved through configuration profiles that are transferred to the device via TFTP, HTTP, or HTTPS.

Using Configuration Profiles

The SPA9000 accepts configuration profiles in XML format, or alternatively in a proprietary binary format, which is generated by a profile compiler tool available from Linksys. The SPA9000 supports up to 256-bit symmetric key encryption of profiles. For the initial transfer of the profile encryption key (initial provisioning stage), the SPA9000 can receive a profile from an encrypted channel (HTTPS with client authentication), or it can resync to a binary profile generated by the Linksys- supplied profile compiler. In the latter case, the profile compiler can encrypt the profile specifically for the target SPA9000, without requiring an explicit key exchange.

The XML file consists of a series of elements (one per configuration parameter), encapsulated within the element tags <flat-profile> … </flat-profile>. The encapsulated elements specify values for individual parameters.

Refer to the following example of a valid XML profile:

<flat-profile>

<Admin_Passwd>some secret</Admin_Passwd> <Upgrade_Enable>Yes</Upgrade_Enable> </flat-profile>

Binary format profiles contain SPA9000 parameter values and user access permissions for the parameters. By convention, the profile uses the extension .cfg (for example, spa2000.cfg). The Linksys Profile Compiler (SPC) tool compiles a plain-text file containing parameter-value pairs into a properly formatted and encrypted .cfg file. The SPC tool is available from Linksys for the Win32 environment and Linux-i386-elf environment. Requests for SPC tools compiled on other platforms are evaluated on a case-by-case basis. Please contact your Linksys sales representative for further information about obtaining the SPC tool.

The syntax of the plain-text file accepted by the profile compiler is a series of parameter-value pairs, with the value in double quotes. Each parameter-value pair is followed by a semicolon. Here is an example of a valid text source profile for input to the SPC tool:

Admin_Passwd “some secret”;

Upgrade_Enable “Yes”;