Manuals / Polycom / Communications / IP Phone

Polycom SIP 2.2.0 manual Incoming Signaling Validation, Configuration File Encryption, Device.cfg

Models: SIP 2.2.0

1 254

Download 254 pages 57.53 Kb

Page 97

Configuring Your System

Incoming Signaling Validation

The three optional levels of security for validating incoming network signaling are:

•Source IP address validation

•Digest authentication

•Source IP address validation and digest authentication Configuration changes can performed centrally at the boot server:

Central	Configuration File:	Specify the type of validation to perform on a request-by-request
(boot server)	sip.cfg	basis, appropriate to specific event types in some cases.
		•	For more information, refer to Request Validation
			<requestValidation/> on page A-14.

Configuration File Encryption

Configuration files (excluding the master configuration file), contact directories, and configuration override files can all be encrypted.

Note	The SoundPoint IP 300 and 500 phones will always fail at decrypting files. These
	phones will recognize that a file is encrypted, but cannot decrypt it and will display
	an error. Encrypted configuration files can only be decrypted on the SoundPoint IP
	301, 320, 330, 430, 501,550, 600, 601, and 650 and the SoundStation IP 4000
	phones.
	The master configuration file cannot be encrypted on the boot server. This file is
	downloaded by the bootROM that does not recognize encrypted files. For more
	information, refer to Master Configuration Files on page A-2.

	For more information on encrypting configuration files including determining
	whether an encrypted file is the same as an unencrypted file and using the
	SDK to facilitate key generation, refer to Encrypting Configuration Files on
	page C-3.
	Configuration changes can performed centrally at the boot server:

Central	Configuration File:	Specify the phone-specific contact directory and the
(boot server)	sip.cfg	phone-specific configuration override file.
		• For more information, refer to Encryption <encryption/>
		on page A-74.

	Configuration file:	Change the encryption key.
	<device>.cfg	• For more information, refer to refer to Flash Parameter
		Configuration on page A-100.

4 - 49

Image 97

Polycom SIP 2.2.0 manual Incoming Signaling Validation, Configuration File Encryption, Device.cfg

Contents

SIP Copyright Notice DisclaimerAbout This Guide Administrator’s Guide SoundPoint IP / SoundStation IP Contents Administrator’s Guide SoundPoint IP / SoundStation IP Troubleshooting Your SoundPoint IP / SoundStation IP Phones Viii Contents Administrator’s Guide SoundPoint IP / SoundStation IP IP 320/330 IP 600/601 SoundPoint IP Desktop PhonesSoundStation IP Conference Phone SoundPoint IP Desktop Phones Introducing the SoundPoint IP / SoundStation IP Family SoundPoint IP 600/601 SoundStation IP Conference PhoneCurrently supported conference phone is SoundStation IP Key Features of Your SoundPoint IP / SoundStation IP PhonesAdministrator’s Guide SoundPoint IP / SoundStation IP Overview SoundPoint IP / SoundStation IP Phones on Where SoundPoint IP / SoundStation IP Phones FitSession Initiation Protocol Application Architecture BootROMApplication Master Configuration Files Application Configuration Files ConfigurationApplication Configuration Files Resource Files Ring tones Synthesized tones Contact directories Available FeaturesOverview Microsoft Live Communications Server Overview IP Type-of-Service-Allows for the setting of TOS settings Configured in your network Setting up Your SystemDhcp or Manual TCP/IP Setup Setting Up the NetworkFor more information on Dhcp options, go to FTP Tftp Http Https Supported Provisioning ProtocolsCertificate Authority List on page C-1 Modifying the Network ConfigurationMain Menu Dhcp Menu Server Menu Ethernet Menu Syslog Menu Name Possible Values Description Dhcp Client EM PowerDhcp Menu Phone IP AddressPossible Name Values Description Menu Name Possible Values Description MenuOr later. Passive FTP is still supported Using the method specified in RFC Password these characters if they are correctly escapedPassword, this will be ignored This will be ignoredCDP Ethernet menuTLS=3 Setting Up the Boot ServerCreate account and home directory Information, contact your Certified Polycom ResellerEach phone may open multiple connections to the server These permissions, but will not be able to upload filesYou must decide on a boot server security policy Deploying Phones From the Boot ServerSIP/ on page A-10 Configuration on page A-4PhoneMACaddress.cfg Supporting SoundPoint IP and SoundStation IP Phones Upgrading SIP ApplicationSupporting SoundPoint IP 300 and 500 Phones To upgrade your SIP application Cfg file can be used for all phones in a deployment Configuring SoundPoint IP / SoundStation IP Phones Locally Setting Up Basic FeaturesThis chapter also provides instructions on Administrator’s Guide SoundPoint IP / SoundStation IP Call Log Call TimerCall Waiting Calling Party Identification Called Party IdentificationMissed Call Notification Central boot server Context Sensitive Volume ControlConnected Party Identification Customizable Audio Sound EffectsDistinctive Incoming Call Treatment Message Waiting IndicationMessages and voice messages are waiting Distinctive Call Waiting Distinctive RingingAddress-directory Xml LocalDo Not Disturb Local Contact Directory Handset, Headset, and SpeakerphoneDirect Boot server Address-directoryOry.xml XmlDirectory LnSmith/ln FnBill/fn Ct1003/ct Sd3/sd Rt3/rt Ad0/adElement Permitted Values Interpretation UTF-8’s variable length encodingAuto-reject Local Digit MapSoft Key Activated User Interface Microphone MuteSpeed Dial Time and Date DisplayIdle Display Animation IP330/, IP400/, IP500/, IP600/, IP4000/ on Ethernet SwitchCall Hold Automatic Off-Hook Call PlacementLocal / Centralized Conferencing Call TransferCall Forward Directed Call Pick-Up Group Call Pick-Up Setting Up Advanced FeaturesCall Park/Retrieve Last Call ReturnConfigurable Feature Keys Multiple Line Keys per Registration Feature Key Layouts on page C-10Shared Call Appearances Multiple Call AppearancesBridged Line Appearance Busy Lamp Field Refer to Bridged Line Appearance Signaling on page B-10Central boot Customizable Fonts and IndicatorsInstant Messaging Attendant.uriMultilingual User Interface SoundStation IP 4000’s higher resolution displaySynthesized Call Progress Tones Downloadable FontsMicrobrowser Real-Time Transport Protocol Ports Voice Mail Integration Network Address TranslationMultiple Registrations Server server/ on page A-7 Automatic Call Distribution Feature depends on support from a SIP serverDepends on support from a SIP server Server Redundancy For Outgoing Calls Invite Fallback Reg.1.server.1.address=voipserver.serviceprovider.com Phone ConfigurationPhone Operation for Registration PresenceMasking, the automatic behavior Microsoft Live Communications Server 2005 IntegrationConfiguration File Example Refer to Roaming Privacy roamingprivacy/ on page A-99 Refer to Roaming Buddies roamingbuddies/ on page A-99Set the reg.x.server.y.address to the LCS server name Set reg.x.auth.password to the LCS passwordLocate the roamingprivacy attribute Low-Delay Audio Packet Transmission Setting Up Audio FeaturesJitter Buffer and Packet Error Concealment Dtmf Tone Generation Voice Activity DetectionNegative audio consequences Dtmf Event RTP Payload Acoustic Echo CancellationFollowing table summarizes the phone’s audio codec support Audio CodecsEffective Background Noise Suppression IP Type-of-ServiceComfort Noise Fill Automatic Gain ControlIeee 802.1p/Q Setting Up Security FeaturesConfiguration changes can performed locally Local User and Administrator Privilege LevelsCustom Certificates Configuration File Encryption Incoming Signaling ValidationDevice.cfg Passwords Configuring SoundPoint IP / SoundStation IP Phones LocallyTroubleshooting Your SoundPoint IP / SoundStation IP Phones BootROM Error Messages Error MessagesApplication Error Messages Log Files Status MenuApplication Logging Options Scheduled Logging Following figure shows a portion of a boot log file Reading a Boot LogFollowing figure shows a portion of an application log file Reading an Application LogSymptom Problem Corrective Action Power and StartupControls Access to Screens and Systems Calling Phone on page C-9 DisplaysUpgrading AudioConfiguration Files Master Configuration Files One will cause a reboot loop CONFIGFILES=phone1MACADDRESS.cfg, sip.cfg MISCFILES= Application ConfigurationConfiguration Files Protocol volpProt This configuration attribute is defined as followsMicrobrowser mb USB Port usb This attribute includesVoIpProt.server.x.transport is set to If voIpProt.server.x.address is aIf voIpProt.server.x.transport is set to If voIpProt.server.x.address is an IPVoIpProt.server.x.address is an IP VoIpProt.SIP.lcs To 1 default is Parameter if set to 1 when the parameterPermitted Attribute Values Default Interpretation Reg.x.auth.optimizedInFailover takes This attribute also includesOutbound Proxy outboundProxy Alert Information alertInfo Due to the additional signaling requiredRequest Validation requestValidation May have a negative performance impactAttribute Permitted Default Interpretation Values Conference Setup conferenceSpecial Events specialEvent Dialplan.applyToCallListDial Dial Plan dialplanConsidered a dial from directory Digit Map digitmap Routing routing This attributes also includesServer server Emergency emergency Attribute Permitted Values Default InterpretationServer server Localization lclEmergency emergency Multilingual ml Date and Time datetimeLcl.ml.lang.menu.1 Attribute Permitted Values InterpretationLcl.ml.lang.menu.2 Lcl.ml.lang.menu.3Lcl.datetime.date.dateTop Lcl.datetime.date.longFormat+FF00 U+FFFF Permitted Attribute Values Interpretation User Preferences upDual Tone Multi-Frequency Dtmf Chord-Sets chord Tones tonesOnIntensity, it will be replaced with OnIntensity valueDisabled Only be enabled when tone.dtmf.viaRtp isBe enabled when tone.dtmf.viaRtp is Ringer, or misc Sampled Audio for Sound Effects safFollowing table, x is the sampled audio file number Sound Effects seWave file format Tftp//host/pathnamefilename, for exampleInstruction Meaning Example Patterns pat Ring type rtCall Progress Patterns Miscellaneous PatternsCall progress Use within phone Pattern number Ringer Patterns Ringer pattern number Default descriptionCall progress Pattern number Use within phone Miscellaneous Pattern number Use within phone Miscellaneous PatternsPatterns on page A-31 SequentialFollowing voice codecs are supported Voice Settings voiceCodec Preferences codecPref Codec Profiles audioProfile These codecs includeCodec Preferences codecPref Codec Profiles audioProfile Attribute Default Attribute Default Attribute Default Acoustic Echo Cancellation aec Acoustic Echo Suppression aes Background Noise Suppression ns Feature Attribute Default Transmit Equalization txEq Attribute Default Following settings control the 802.1p/Q userpriority field Quality of Service QOSIf voice.vadEnable is set to 0, add attribute line Ethernet Ieee 802.1p/Q ethernet IP TOS IPCall Control callControl These parameters apply to RTP packetsOther other RTP rtp Call Control callControlRTP rtp Qos.ip.callControl… Basic TCP/IP TcpipAttribute Permitted Default Values Permitted Attribute Values Default Interpretation Start.dayOfWeek If fixedDayEnable is set toStart.date is ignored Stop.dayOfWeekWeb Server httpd Must be enabled for this to workRTP rtp TcpIpApp.port.rtp.filterByIpConfiguration cfg Call Handling Configuration callMore information, refer to No Answer Take precedence over this feature if enabled. ForReg.x.callsPerLineKey. Refer to Registration Case the phone may select a different availableIf call.stickyAutoLineSeize is set to 1, this Shared Calls shared Hold, Local Reminder hold/localReminderIP 4000 phone. For other phones a quick press Directory dirRelease of the line key will resume a call Whereas pressing and holding down the lineReplaced by 2X the value Platform, this value is internallyFonts font Presence presSoundPoint IP 550, 600, 601, SoundPoint IP 320, 330, 430, 500IP330 font IP330 Keys key This configuration attribute is defined as followsFunctions Following table lists the functions that are availableFollowing indicators are used by the phone Indicators indBitmaps bitmap Platform IP300/, IP 330/, IP400 Attribute Permitted Interpretation Values Following table, x is the LED number LEDs ledLevel Interpretation Event Logging logTwo types of logging are supported Three formats are available for the event timestampType Example You do not change this value Log.render.level maps toServer is set up for this Support append mode unlessUploaded if no new events have Been logged since the last uploadSecurity sec Encryption encryption Password Lengths pwd/lengthLicense license You do not change these Provisioning provPlatform InFreeSpace is internallyRAM Disk ramdisk Delay delayRequest request ValueFeature feature Finder finder Quotas quotas Resource resInternally replaced by 2X the value Microbrowser mbRefresh parameter will be respected only Will be respected, even if this parameter is set toEvent that a refresh fails. Once a refresh is Successful, the value in the Http refreshDetrimental effect on performance of the phone Function is selectedThese settings control the bulk drive or memory stick Per-Phone ConfigurationUSB Port usb Bulk Drive bulkDriveRegistration reg Parameters will override the parameters Is non-Null, all of the reg.x.server.y.xxxSpecified in sip.cfg in Server server/ on A-7Refer to Call Handling Configuration call IP 300 and 500 phones Calls call If reg.x.serverFeatureControl.cf is notDo Not Disturb donotdisturb If call.missedCallTracking.x.enabled is Parameter is enabled Forwarding is enabled, thisDiversion divert Divert.x.contact will be Calls can be automatically diverted when the phone is busyServer-base call forwarding is Enabled, this parameter isDialplan.x.digitmap is not Dialplan.x.applyToUserDial When present, and if Digit Map digitmap/ on Messaging msg Message Waiting Indicator mwiNetwork Address Translation nat Attendant attendant VoIpProt.local.signalPort in sip.cfgRoaming Privacy roamingprivacy Roaming Buddies roamingbuddiesValue 0 if the call server is Microsoft Live Communications ServerFlash Parameter Configuration This flash attributes are defined as follows EnabledFor example, if device.net.ipAddress.set = Server address is preserved Refer to Basic Logging level/change/ Session Initiation Protocol SIP RFC and Internet Draft Support Following SIP request messages are supported Request SupportMethod Supported Following SIP request headers are supported Header SupportHeader Supported Header Supported Following SIP responses are supported Response SupportResponse Supported 3xx Responses Redirection 5xx Responses Server Failure Reliability of Provisional Responses Hold ImplementationTransfer Third Party Call ControlBridged Line Appearance Signaling Shared Call Appearance SignalingTrusted Certificate Authority List Miscellaneous Administrative TasksAdministrator’s Guide SoundPoint IP / SoundStation IP Encrypting Configuration Files It can decrypt the files that were encrypted on the server. Boot server management easierChaining CBC mode. An example key would look like this Changed at regular intervals to enhance securityChanging the Key on the Phone Adding a Background LogoRGB Values Model Width Height Color DepthColor RGB Values Decimal Hexadecimal BootROM/SIP Application Dependencies Migration Dependencies Model BootROM SIP ApplicationMultiple Key Combinations SoundPoint IP Default Feature Key LayoutsSoundPoint IP SoundStation IP SoundPoint IP 550/600/601/650Key IP 550 330 601 Function IP 550 Key 330 601 Function Assigning a Vlan ID Using Dhcp VLAN-A=10 VLAN-A=0x0a VLAN-A=012 Parsing Vendor ID Information End of sub-options Administrator’s Guide SoundPoint IP / SoundStation IP Third Party Software Administrator’s Guide SoundPoint IP / SoundStation IP Zlib Copyright and Permission Notice Third Party Software Administrator’s Guide SoundPoint IP / SoundStation IP Index Secondary server 3-3DHCP Inform DhcpIP TOS A-48 Administrator’s Guide SoundPoint IP / SoundStation IP SIP Administrator’s Guide SoundPoint IP / SoundStation IP