Cisco Systems SPA9000 manual Provisioning Capabilities, Configuration Profile

Chapter 2 Getting Started

Advanced Methods of Configuration

Note The SPA9000 reboots only when it is idle.

The Reboot URL is http://spa-ip-addr/admin/reboot.

Provisioning

This section describes the provisioning functionality of the SPA9000. This section includes the following topics:

•Provisioning Capabilities, page 2-26

•Configuration Profile, page 2-26

For detailed information about provisioning the SPA9000, refer to the LVS SPA Provisioning Guide.

Provisioning Capabilities

The SPA9000 provides for secure provisioning and remote upgrade. Provisioning is achieved through configuration profiles transferred to the device via TFTP, HTTP, or HTTPS.

The SPA9000 can be configured to automatically resync its internal configuration state to a remote profile periodically and on power up. The automatic resyncs are controlled by configuring the desired profile URL into the device.

The SPA9000 accepts profiles in XML format, or alternatively in a proprietary binary format, which is generated by a profile compiler tool available from Linksys. The SPA9000 supports up to 256-bit symmetric key encryption of profiles. For the initial transfer of the profile encryption key (initial provisioning stage), the SPA9000 can receive a profile from an encrypted channel (HTTPS with client authentication), or it can resync to a binary profile generated by the Linksys-supplied profile compiler. In the latter case, the profile compiler can encrypt the profile specifically for the target SPA9000, without requiring an explicit key exchange.

Remote firmware upgrade is achieved via TFTP or HTTP (firmware upgrades using HTTPS are not supported). Remote upgrades are controlled by configuring the desired firmware image URL into the SPA9000 via a remote profile resync.

For further information about remote provisioning refer to the LVS SPA Provisioning Guide. For further information about certificate generation for use with an HTTPS server, contact sipura-sales@cisco.com.

Configuration Profile

The SPA9000 configuration profile can be either an XML file or a binary file with a proprietary format.

The XML file consists of a series of elements (one per configuration parameter), encapsulated within the element tags <flat-profile> … </flat-profile>. The encapsulated elements specify values for individual parameters. Here is an example of a valid XML profile:

<flat-profile>

<Admin_Passwd>some secret</Admin_Passwd> <Upgrade_Enable>Yes</Upgrade_Enable> </flat-profile>

Binary format profiles contain SPA9000 parameter values and user access permissions for the parameters. By convention, the profile uses the extension .cfg (for example, spa2000.cfg). The Linksys Profile Compiler (SPC) tool compiles a plain-text file containing parameter-value pairs into a properly