- Home
- /
- Article
In this articleThis Help article is for Cisco phones registered to Cisco BroadWorks. The information on this page includes profile resync, manually applying profile, and configuration syntax.
Configure your phone for profile resync
The phone supports multiple network protocols for retrieving configuration profiles. The most basic profile transfer protocol is TFTP (RFC1350). TFTP is widely used for the provisioning of network devices within private LAN networks. Although not recommended for the deployment of remote endpoints across the Internet, TFTP can be convenient for deployment within small organizations, for in-house preprovisioning, and for development and testing. In the following procedure, a profile is modified after downloading a file from a TFTP server.
| 1 |
Within a LAN environment, connect your computer and the phone to a hub, switch, or small router. |
| 2 |
On the computer, install and activate a TFTP server. |
| 3 |
Use a text editor to create a configuration profile. To verify if the profile has been provisioned to your phone later, you can set some of the values as marks. For example, set the value for GPP_A to 12345678 as shown in the following example:
|
| 4 |
Save the XML configuration file in the root directory of the TFTP server. You can verify that the TFTP server is properly configured: request the configuration profile file by using a TFTP client other than the phone. Preferably, use a TFTP client that is running on a separate host from the provisioning server. |
| 5 |
In the web browser on your computer, open the administration web page. For example, assume the IP address of the phone is 192.168.1.100, open the following URL in your web browser: |
| 6 |
Select the tab, and inspect the values of the general purpose parameters GPP_A through GPP_P. These should be empty. |
| 7 |
Resync the test phone to the configuration profile that you created by opening the resync URL in a web browser. Example: If the IP address of the TFTP server is 192.168.1.200, the command should be similar to the following example: When the phone receives this command, the device at address 192.168.1.100 requests the configuration profile file |
| 8 |
Verify that the parameter was correctly updated. Refresh the administration web page and go to . The GPP_A parameter should now contains the value 12345678. |
| 1 |
Obtain the MAC address of the phone from its product label. (The MAC address is the number, using numbers and lower–case hex digits, for example, 000e08aabbcc. |
| 2 |
Rename your configuration file to Example:
|
| 3 |
Move the new file to the virtual root directory of the TFTP server. |
| 4 |
Access the phone administration web page. |
| 5 |
Select . |
| 6 |
Enter the path of the profile file in the Profile Rule field. Example: Assume that the TFTP server IP address is 192.168.1.200 and the profile file name is |
| 7 |
Click Submit All Changes. This causes an immediate reboot and resync. When the next resync occurs, the phone retrieves the new file by expanding the $MA macro expression into its MAC address. |
| 1 |
Install an HTTP server on the local computer or other accessible host. The open source Apache server can be downloaded from the internet. |
| 2 |
Upload the configuration profile file onto the virtual root directory of the installed server. |
| 3 |
To verify proper server installation and access to the profile file, open the profile with a web browser. |
| 4 |
Modify the Profile_Rule of the test phone to point to the HTTP server in place of the TFTP server, so as to download its profile periodically. For example, assuming the HTTP server is at 192.168.1.300 and the profile filename is basic.txt, enter the following value: |
| 5 |
Click Submit All Changes. This causes an immediate reboot and resync. |
| 6 |
Observe the syslog messages that the phone sends. The periodic resyncs should now be obtaining the profile from the HTTP server. |
| 7 |
In the HTTP server logs, observe how information that identifies the test phone appears in the log of user agents. This information should include the manufacturer, product name, current firmware version, and serial number. |
A device can resync periodically to the provisioning server to ensure that any profile changes made on the server are propagated to the endpoint device (as opposed to sending an explicit resync request to the endpoint).
To cause the phone to periodically resync to a server, a configuration profile URL is defined by using the Profile_Rule parameter, and a resync period is defined by using the Resync_Periodic parameter.
| 1 |
Access the phone administration web page. |
| 2 |
Select . |
| 3 |
Define the Profile_Rule parameter. This example assumes a TFTP server IP address of 192.168.1.200. |
| 4 |
In the Resync Periodic field, enter a small value for testing, such as 30 seconds. |
| 5 |
Click Submit all Changes. With the new parameter settings, the phone resyncs twice a minute to the configuration file that the URL specifies. |
| 6 |
Observe the resulting messages in the syslog trace. |
| 7 |
Ensure that the Resync On Reset field is set to Yes. |
| 8 |
Power cycle the phone to force it to resync to the provisioning server. If the resync operation fails for any reason, such as if the server is not responding, the unit waits (for the number of seconds configured in Resync Error Retry Delay) before it attempts to resync again. If Resync Error Retry Delay is zero, the phone does not try to resync after a failed resync attempt. |
| 9 |
(Optional) Set the value of Resync Error Retry Delay field to a small number, such as 30. |
| 10 |
Disable the TFTP server, and observe the results in the syslog output. |
The following table defines the function and usage of the profile resync parameters in the Configuration Profile section under the tab in the phone web page. It also defines the syntax of the string that is added in the phone configuration file (cfg.xml) with XML code to configure a parameter.
|
Parameter |
Description |
|---|---|
|
Provision Enable |
Allows or denies configuration profile resync actions.
Default: Yes |
|
Resync On Reset |
Specifies whether the phone resynchronizes configurations with the provisioning server after power-up and after each upgrade attempt.
Default: Yes |
|
Resync Random Delay |
Prevents an overload of the provisioning server when a large number of devices power-on simultaneously and attempt initial configuration. This delay is effective only on the initial configuration attempt, following a device power-on or reset. The parameter is the maximum time interval that the device waits before making contact with the provisioning server. The actual delay is a pseudo-random number between 0 and this value. This parameter is in units of 20 seconds. The valid value ranges between 0 and 65535.
The default value is 2 (40 seconds). |
|
Resync At (HHmm) |
The time (HHmm) that the phone resynchronizes with the provisioning server. The value for this field must be a four-digit number ranging from 0000 to 2400 to indicate the time in HHmm format. For example, 0959 indicates 09:59.
The default value is empty. If the value is invalid, the parameter is ignored. If this parameter is set with a valid value, the Resync Periodic parameter is ignored. |
|
Resync At Random Delay |
Prevents an overload of the provisioning server when a large number of devices power on simultaneously. To avoid flooding resync requests to the server from multiple phones, the phone resynchronizes in the range between the hours and minutes, and the hours and minutes plus the random delay (hhmm, hhmm+random_delay). For example, if the random delay = (Resync At Random Delay + 30)/60 minutes, the input value in seconds is converted to minutes, rounding up to the next minute to calculate the final random_delay interval.
The valid value ranges between 600 and 65535. If the value is less than 600, the random delay internal is between 0 and 600. The default value is 600 seconds (10 minutes). |
|
Resync Periodic |
The time interval between periodic resynchronization with the provisioning server. The associated resync timer is active only after the first successful sync with the server. The valid formats are as follows:
Set this parameter to zero to disable periodic resynchronization. The default value is 3600 seconds. |
|
Resync Error Retry Delay |
If a resync operation fails because the phone was unable to retrieve a profile from the server, or the downloaded file is corrupt, or an internal error occurs, the phone tries to resync again after a time specified in seconds. The valid formats are as follows:
If the delay is set to 0, the device does not try to resync again following a failed resync attempt.
Default: 60,120,240,480,960,1920,3840,7680,15360,30720,61440,86400 |
|
Forced Resync Delay |
Maximum delay (in seconds) the phone waits before performing a resynchronization. The device does not resync while one of its phone lines is active. Because a resync can take several seconds, it is desirable to wait until the device has been idle for an extended period before resynchronizing. This allows a user to make calls in succession without interruption. The device has a timer that begins counting down when all of its lines become idle. This parameter is the initial value of the counter. Resync events are delayed until this counter decrements to zero. The valid value ranges between 0 and 65535.
The default value is 14,400 seconds. |
|
Resync From SIP |
Controls requests for resync operations via a SIP NOTIFY event sent from the service provider proxy server to the phone. If enabled, the proxy can request a resync by sending a SIP NOTIFY message containing the Event: resync header to the device.
Default: Yes |
|
Resync After Upgrade Attempt |
Enables or disables the resync operation after any upgrade occurs. If Yes is selected, sync is triggered after a firmware upgrade.
Default: Yes |
|
Resync Trigger 1 Resync Trigger 2 |
If the logical equation in these parameters evaluates to FALSE, resync is not triggered even when Resync On Reset is set to TRUE. Only the resync via direct action URL and SIP notify ignores these resync triggers. The parameters can be programmed with a conditional expression that undergoes macro expansion. For the valid macro expansions, see Macro expansion variables under Provisioning parameters.
Default: Blank |
|
User Configurable Resync |
Allows a user to resync the phone from the phone screen menu. When set to Yes, a user can resync the phone configuration by entering the profile rule from the phone. When set to No, the Profile rule parameter isn't displayed on the phone screen menu.
Default: Yes |
|
Resync Fails On FNF |
A resync is typically considered unsuccessful if a requested profile is not received from the server. This parameter override this behavior. When set to No, the device accepts a
Default: Yes |
|
Profile Authentication Type |
Specifies the credentials to use for profile account authentication. The available options are:
Default: Basic HTTP Authentication For more information, see Specify the profile authentication type under Specify the phone for profile resync. |
|
Profile Rule Profile Rule B Profile Rule C Profile Rule D |
Each profile rule informs the phone of a source from which to obtain a profile (configuration file). During every resync operation, the phone applies all the profiles in sequence. If you are applying AES-256-CBC encryption to the configuration files, specify the encryption key with the
You can enclose the encryption key in double-quotes (") optionally.
Default: |
|
DHCP Option To Use |
DHCP options, delimited by commas, used to retrieve firmware and profiles. Default: 66,160,159,150,60,43,125 |
|
DHCPv6 Option To Use |
DHCP options, delimited by commas, used to retrieve firmware and profiles. Default: 17,160,159 |
You can provision phones through Cisco XML functions.
You can send an XML object to the phone by a SIP Notify packet or an HTTP Post to the CGI interface of the phone: http://PhoneIPAddress/CGI/Execute.
The CP-xxxx-3PCC extends the Cisco XML feature to support provisioning via an XML object:
<CP-xxxx-3PCCExecute>
<ExecuteItem URL=Resync:[profile-rule]/>
</CP-xxxx-3PCCExecute>
After the phone receives the XML object, it downloads the provisioning file from [profile-rule]. This rule uses macros to simplify the development of the XML services application.
Subdirectories with multiple profiles on the server provide a convenient method for managing a large number of deployed devices. The profile URL can contain:
-
A provisioning server name or an explicit IP address. If the profile identifies the provisioning server by name, the phone performs a DNS lookup to resolve the name.
-
A nonstandard server port that is specified in the URL by using the standard syntax
:portfollowing the server name. -
The subdirectory of the server virtual root directory where the profile is stored, specified by using standard URL notation and managed by macro expansion.
For example, the following Profile_Rule requests the profile file ($PN.cfg), in the server subdirectory /cisco/config, from the TFTP server that is running on host prov.telco.com listening for a connection on port 6900:
<Profile_Rule>
tftp://prov.telco.com:6900/cisco/config/$PN.cfg
</Profile_Rule>
A profile for each phone can be identified in a general purpose parameter, with its value referred within a common profile rule by using macro expansion.
For example, assume GPP_B is defined as Dj6Lmp23Q.
The Profile_Rule has the value:
tftp://prov.telco.com/cisco/$B/$MA.cfg
When the device resyncs and the macros are expanded, the phone with a MAC address of 000e08012345 requests the profile with the name that contains the device MAC address at the following URL:
tftp://prov.telco.com/cisco/Dj6Lmp23Q/000e08012345.cfg
Profile Authentication allows phone users to resynchronize the provisioning profile onto the phone. Authentication information is required while the phone tries to resynchronize and download configuration file for the first time and gets an HTTP or HTTPS 401 authentication error. When you enable this feature, the Profile account setup screen is displayed on the phone for the following situations:
-
When the HTTP or HTTPs 401 authentication error occurs during first-time provisioning after the phone reboots
-
When the profile account username and password are empty
-
When there are no username and password in the Profile Rule
If the Profile account setup screen is missed or ignored, the user can also access the setup screen through the phone screen menu, or the Setup softkey, which displays only when no line on the phone is registered.
When you disable the feature, the Profile account setup screen doesn't display on the phone.
The username and password in the Profile Rule field have a higher priority than the profile account.
-
When you provide a correct URL in the Profile Rule field without a username and password, the phone requires authentication or digest to resynchronize the profile. With the correct profile account, authentication passes. With an incorrect profile account, authentication fails.
-
When you provide a correct URL in the Profile Rule field with a correct username and password, the phone requires authentication or digest to resynchronize the profile. The profile account is not used for phone resynchronization. Sign-in is successful.
-
When you provide a correct URL in the Profile Rule field with an incorrect username and password, the phone requires authentication or digest to resynchronize the profile. The profile account isn't used for phone resynchronization. Sign-in always fails.
-
When you provide an incorrect URL in the Profile Rule field, sign-in always fails.
You can also configure the parameters in the phone configuration file with XML(cfg.xml) code.
You can specify the profile authentication type from the phone administration web page.
| 1 |
Access the phone administration web page. |
| 2 |
Select . |
| 3 |
In the Configuration Profile section, set the Profile Authentication Type parameter to specify the credentials to use for profile account authentication. You can configure this parameter in the phone configuration XML file (cfg.xml) by entering a string in this format: Options:
Default: Basic HTTP Authentication |
| 4 |
Click Submit All Changes. |
Manually apply a profile to your phone
Complete these steps to download the configuration file to a TFTP server application on your PC.
| 1 |
Connect your computer to the LAN port of the phone. |
| 2 |
Run a TFTP server application on the computer and ensure that the configuration file is available in the TFTP root directory. |
| 3 |
In a web browser, enter the phone LAN IP address, the IP address of the computer, the filename, and the login credentials. Use this format: Example: |
Complete these steps to download the configuration to the phone by using cURL. This command-line tool is used to transfer data with a URL syntax. To download cURL, visit:
https://curl.haxx.se/download.html
 | We recommend that you don't use cURL to post the configuration to the phone because the username and password might get captured while using cURL. |
| 1 |
Connect your computer to the LAN port of the phone. |
| 2 |
Download the configuration file to the phone by entering the following cURL command: |
Configuration Profiles
The phone accepts configurations in XML format.
The examples in this section use configuration profiles with XML syntax.
The configuration profile defines the parameter values for the phone.
The configuration profile XML format uses standard XML authoring tools to compile the parameters and values.
| Only the UTF-8 charset is supported. If you modify the profile in an editor, do not change the encoding format; otherwise, the phone cannot recognize the file. |
Each phone has a different feature set and therefore, a different set of parameters.
Open profile format
The open format profile is a text file with XML-like syntax in a hierarchy of elements, with element attributes and values. This format lets you use standard tools to create the configuration file. An XML configuration file can be sent from the provisioning server to the phone during a resync operation, without compilation as a binary object.
The phone can accept configuration formats that standard tools generate. This feature eases the development of back-end provisioning server software that generates configuration profiles from existing databases.
To protect confidential information in the configuration profile, the provisioning server delivers the XML configuration file to the phone over a channel secured by TLS. Optionally, the file can be compressed by using the gzip deflate algorithm (RFC1951).
The file can be encrypted with one of these encryption methods:
-
AES-256-CBC encryption
-
RFC-8188 based HTTP content encryption with AES-128-GCM ciphering
A configuration file can include these components:
-
Element tags
-
Attributes
-
Parameters
-
Formatting features
-
XML comments
Example: Open profile format
<flat-profile>
<Resync_On_Reset> Yes </Resync_On_Reset>
<Resync_Periodic> 7200 </Resync_Periodic>
<Profile_Rule> tftp://prov.telco.com:6900/cisco/config/CP_xxxx_MPP.cfg</Profile_Rule>
</flat-profile>
The <flat-profile> element tag encloses all parameter elements that the phone recognizes.
Element tag properties
Keep the following rules in mind when you create or update the configuration file.
-
The XML provisioning format and the Web UI allow the configuration of the same settings. The XML tag names and the field names in the Web UI are similar but vary due to XML element name restrictions. For example, underscores ( _ ) in XML configuration file instead of spaces on the Web UI.
-
The phone recognizes elements with proper parameter names that are encapsulated in the special
<flat-profile>element. -
Element names are enclosed in angle brackets.
-
Most element names are similar to the field names on the phone Web UI, with the following modifications:
-
Element names may not include spaces or special characters. To derive the element name from the web field name, substitute an underscore for every space or the special characters
[,],(,), or/.Example: The <Resync_On_Reset> element represents the Resync On Reset field.
-
Each element name must be unique. In the phone Web UI, the same fields can appear on multiple web pages, such as the Line, User, and Extension pages. Append
[n]to the element name to indicate the number that is shown in the page tab.Example: The
<Dial_Plan_1_>element represents the Dial Plan for Line 1.
-
-
Each opening element tag must have a matching closing element tag. For example:
<flat-profile> <Resync_On_Reset> Yes </Resync_On_Reset> <Resync_Periodic> 7200 </Resync_Periodic> <Profile_Rule>tftp://prov.telco.com: 6900/cisco/config/CP_xxxx_MPP.cfg </Profile_Rule> </flat-profile> -
Element tags are case-sensitive.
-
Empty element tags are allowed and will be interpreted as configuring the value to be empty. Enter the opening element tag without a corresponding element tag, and insert a space and a forward slash before the closing angle bracket (>). In this example, Profile Rule B is empty:
<Profile_Rule_B /> -
An empty element tag can be used to prevent the overwriting of any user-supplied values during a resync operation. In the following example, the user speed dial settings are unchanged:
<flat-profile> <Speed_Dial_2_Name ua="rw"/> <Speed_Dial_2_Number ua="rw"/> <Speed_Dial_3_Name ua="rw"/> <Speed_Dial_3_Number ua="rw"/> <Speed_Dial_4_Name ua="rw"/> <Speed_Dial_4_Number ua="rw"/> <Speed_Dial_5_Name ua="rw"/> <Speed_Dial_5_Number ua="rw"/> <Speed_Dial_6_Name ua="rw"/> <Speed_Dial_6_Number ua="rw"/> <Speed_Dial_7_Name ua="rw"/> <Speed_Dial_7_Number ua="rw"/> <Speed_Dial_8_Name ua="rw"/> <Speed_Dial_8_Number ua="rw"/> <Speed_Dial_9_Name ua="rw"/> <Speed_Dial_9_Number ua="rw"/> </flat-profile> -
Use an empty value to set the corresponding parameter to an empty string. Enter an opening and closing element without any value between them. In the following example, the GPP_A parameter is set to an empty string.
<flat-profile> <GPP_A> </GPP_A> </flat-profile> -
Unrecognized element names are ignored.
Parameter properties
These properties apply to the parameters:
Any parameters that are not specified by a profile are left unchanged in the phone.
Unrecognized parameters are ignored.
If the Open format profile contains multiple occurrences of the same parameter tag, the last such occurrence overrides any earlier ones. To avoid inadvertent override of configuration values for a parameter, we recommend that each profile specify at most one instance of a parameter.
The last profile processed takes precedence. If multiple profiles specify the same configuration parameter, the value of the latter profile takes precedence.
String formats
These properties apply to the formatting of the strings:
Comments are allowed through standard XML syntax.
<!-- My comment is typed here -->Leading and trailing white space is allowed for readability but is removed from the parameter value.
New lines within a value are converted to spaces.
An XML header of the form
<? ?>is allowed, but the phone ignores it.To enter special characters, use basic XML character escapes, as shown in the following table.
Special Character
XML Escape Sequence
& (ampersand)
&
< (less than)
<
> (greater than)
>
’ (apostrophe)
'
” (double quote)
"
In the following example, character escapes are entered to represent the greater than and less than symbols that are required in a dial plan rule. This example defines an information hotline dial plan that sets the <Dial_Plan_1_> parameter () equal to (S0 <:18005551212>).
<flat-profile> <Dial_Plan_1_> (S0 <:18005551212>) </Dial_Plan_1_> </flat-profile>Numeric character escapes, using decimal and hexadecimal values (s.a.
(and.), are translated.The phone firmware only supports ASCII characters.
The Open configuration profile can be compressed to reduce the network load on the provisioning server. The profile can also be encrypted to protect confidential information. Compression is not required, but it must precede encryption.
Open profile compression
The supported compression method is the gzip deflate algorithm (RFC1951). The gzip utility and the compression library that implements the same algorithm (zlib) are available from Internet sites.
To identify compression, the phone expects the compressed file to contain a gzip compatible header. Invocation of the gzip utility on the original Open profile generates the header. The phone inspects the downloaded file header to determine the file format.
For example, if profile.xml is a valid profile, the file profile.xml.gz is also accepted. Either of the following commands can generate this profile type:
-
>gzip profile.xmlReplaces original file with compressed file.
-
>cat profile.xml | gzip > profile.xml.gzLeaves original file in place and produces new compressed file.
Open profile encryption
Symmetric key encryption can be used to encrypt an open configuration profile, whether the file is compressed or not. Compression, if applied, must be applied before encryption.
The provisioning server uses HTTPS to handle initial provisioning of the phone after deployment. Pre-encrypting configuration profiles offline allows the use of HTTP for resynchronizing profiles subsequently. This reduces the load on the HTTPS server in large-scale deployments.
The phone supports two methods of encryption for configuration files:
-
AES-256-CBC encryption
-
RFC 8188-based HTTP content encryption with AES-128-GCM ciphering
The key or Input Keying Material (IKM) must be preprovisioned into the unit at an earlier time. Bootstrap of the secret key can be accomplished securely by using HTTPS.
The configuration file name doesn't require a specific format, but a file name that ends with the .cfg extension normally indicates a configuration profile.
AES-256-CBC Encryption
The phone supports AES-256-CBC encryption for configuration files.
The OpenSSL encryption tool, available for download from various Internet sites, can perform the encryption. Support for 256-bit AES encryption may require recompilation of the tool to enable the AES code. The firmware has been tested against version openssl-1.1.1d.
For an encrypted file, the profile expects the file to have the same format as generated by the following command:
# example encryption key = SecretPhrase1234
openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml –out profile.cfg
# analogous invocation for a compressed xml file
openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml.gz –out profile.cfg
A lowercase -k precedes the secret key, which can be any plain text phrase, and which is used to generate a random 64-bit salt. With the secret specified by the -k argument, the encryption tool derives a random 128-bit initial vector and the actual 256-bit encryption key.
When this form of encryption is used on a configuration profile, the phone must be informed of the secret key value to decrypt the file. This value is specified as a qualifier in the profile URL. The syntax is as follows, using an explicit URL:
[--key “SecretPhrase1234”] http://prov.telco.com/path/profile.cfg
This value is programmed by using one of the Profile_Rule parameters.
Macro expansion
Several provisioning parameters undergo macro expansion internally prior to being evaluated. This preevaluation step provides greater flexibility in controlling the phone resync and upgrade activities.
These parameter groups undergo macro expansion before evaluation:
-
Resync_Trigger_*
-
Profile_Rule*
-
Log_xxx_Msg
-
Upgrade_Rule
Under certain conditions, some general-purpose parameters (GPP_*) also undergo macro expansion, as explicitly indicated in the Optional resync arguments section below.
During macro expansion, the contents of the named variables replace expressions of the form $NAME and $(NAME). These variables include general-purpose parameters, several product identifiers, certain event timers, and provisioning state values. For a complete list, see Macro expansion variables under Provisioning parameters.
In the following example, the expression $(MAU) is used to insert the MAC address 000E08012345.
The administrator enters: $(MAU)config.cfg
The resulting macro expansion for a device with MAC address 000E08012345 is: 000E08012345config.cfg
If a macro name is not recognized, it remains unexpanded. For example, the name STRANGE is not recognized as a valid macro name, while MAU is recognized as a valid macro name.
The administrator enters: $STRANGE$MAU.cfg
The resulting macro expansion for a device with MAC address 000E08012345 is: $STRANGE000E08012345.cfg
Macro expansion is not applied recursively. For example, $$MAU” expands into $MAU” (the $$ is expanded), and does not result in the MAC address.
The contents of the special purpose parameters, GPP_SA through GPP_SD, are mapped to the macro expressions $SA through $SD. These parameters are only macro expanded as the argument of the --key , --uid, and --pwd options in a resync URL.
Conditional expressions
Conditional expressions can trigger resync events and select from alternate URLs for resync and upgrade operations.
Conditional expressions consist of a list of comparisons, separated by the and operator. All comparisons must be satisfied for the condition to be true.
Each comparison can relate to one of the following three types of literals:
-
Integer values
-
Software or hardware version numbers
-
Doubled-quoted strings
Version Numbers
The software version for Cisco Video Phone 8875 uses this format (where BN is the Build Number):
PHONEOSyyyy.1-0-1-0001-BN
where yyyy indicates the phone model or phone series; 1 is the major version; 0 is the minor version; 1-0001 is the micro version; and BN is the build number.
The comparing string must use the same format. Otherwise, a format parsing error results.
When comparing the software version, the major version, minor version, and micro version are compared in sequence, and the leftmost digits take precedence over the latter ones. When version numbers are identical, the build number is compared.
Examples of Valid Version Number
PHONEOS-8875.1-0-1-0001-19
Comparison
Quoted strings can be compared for equality or inequality. Integers and version numbers can also be compared arithmetically. The comparison operators can be expressed as symbols or as acronyms. Acronyms are convenient for expressing the condition in an Open format profile.
|
Operator |
Alternate Syntax |
Description |
Applicable to Integer and Version Operands |
Applicable to Quoted String Operands |
|---|---|---|---|---|
|
= |
eq |
equal to |
Yes |
Yes |
|
!= |
ne |
not equal to |
Yes |
Yes |
|
< |
lt |
less than |
Yes |
No |
|
<= |
le |
less than or equal to |
Yes |
No |
|
> |
gt |
greater than |
Yes |
No |
|
>= |
ge |
greater than or equal to |
Yes |
No |
|
AND |
|
and |
Yes |
Yes |
It is important to enclose macro variables in double quotes where a string literal is expected. Don't do so where a number or version number is expected.
When used in the context of the Profile_Rule* and Upgrade_Rule parameters, conditional expressions must be enclosed within the syntax “(expr)?” as in this upgrade rule example. Remember to replace BN with the build number of your firmware load to upgrade to.
($SWVER ne PHONEOS-8875.1-0-1-0001-19)? http://ps.tell.com/sw/PHONEOS-8875.1-0-1-0001-BN.loadsDo not use the preceding syntax with parentheses to configure the Resync_Trigger_* parameters.
URL syntax
Use the Standard URL syntax to specify how to retrieve configuration files and firmware loads in Profile_Rule* and Upgrade_Rule parameters, respectively. The syntax is as follows:
[ scheme:// ] [ server [:port]] filepath
Where scheme is one of these values:
-
tftp
-
http
-
https
If scheme is omitted, tftp is assumed. The server can be a DNS-recognized hostname or a numeric IP address. The port is the destination UDP or TCP port number. The filepath must begin with the root directory (/); it must be an absolute path.
If server is missing, the tftp server specified through DHCP (option 66) is used.
| For upgrade rules, the server must be specified. |
If port is missing, the standard port for the specified scheme is used. Tftp uses UDP port 69, http uses TCP port 80, https uses TCP port 443.
A filepath must be present. It need not necessarily refer to a static file, but can indicate dynamic content obtained through CGI.
Macro expansion applies within URLs. The following are examples of valid URLs:
/$MA.cfg
/cisco/cfg.xml
192.168.1.130/profiles/init.cfg
tftp://prov.call.com/cpe/cisco$MA.cfg
http://neptune.speak.net:8080/prov/$D/$E.cfg
https://secure.me.com/profile?Linksys
When using DHCP option 66, the empty syntax is not supported by upgrade rules. It is only applicable for Profile Rule*.
RFC 8188-Based HTTP Content Encryption
The phone supports RFC 8188-based HTTP content encryption with AES-128-GCM ciphering for configuration files. With this encryption method, any entity can read the HTTP message headers. However, only the entities that know the Input Keying Material (IKM) can read the payload. When the phone is provisioned with the IKM, the phone and the provisioning server can exchange configuration files securely, while allowing third-party network elements to use the message headers for analytic and monitoring purposes.
The XML configuration parameter IKM_HTTP_Encrypt_Content holds the IKM on the phone. For security reasons, this parameter is not accessible on the phone administration web page. It is also not visible in the phone's configuration file, which you can access from the phone's IP address or from the phone's configuration reports sent to the provisioning server.
If you want to use the RFC 8188-based encryption, ensure the following:
-
Provision the phone with the IKM by specifying the IKM with the XML parameter
IKM_HTTP_Encrypt_Contentin the configuration file that is sent from the provisioning server to the phone. -
If this encryption is applied to the configuration files sent from the provisioning server to the phone, ensure that the Content-Encoding HTTP header in the configuration file has
aes128gcm
.In the absence of this header, the AES-256-CBC method is given precedence. The phone applies AES-256-CBC decryption if a AES-256-CBC key is present in a profile rule, regardless of IKM.
-
If you want the phone to apply this encryption to the configuration reports that it sends to the provisioning server, ensure that there is no AES-256-CBC key specified in the report rule.
Optional resync arguments
Optional arguments, key, uid, and pwd, can precede the URLs entered in Profile_Rule* parameters, collectively enclosed by square brackets.
key
The --key option tells the phone that the configuration file that it receives from the provisioning server is encrypted with AES-256-CBC encryption, unless the Content-Encoding header in the file indicates aes128gcm
encryption. The key itself is specified as a string following the term --key. The key can be enclosed in double-quotes (") optionally. The phone uses the key to decrypt the configuration file.
Usage Examples
[--key VerySecretValue]
[--key “my secret phrase”]
[--key a37d2fb9055c1d04883a0745eb0917a4]
The bracketed optional arguments are macro expanded. Special purpose parameters, GPP_SA through GPP_SD, are macro expanded into macro variables, $SA through $SD, only when they are used as key option arguments. See these examples:
[--key $SC]
[--key “$SD”]
In Open format profiles, the argument to --key must be the same as the argument to the -k option that is given to openssl.
uid and pwd
The uid and pwd options can be used to specify the userID and password that will be sent in response to HTTP Basic and Digest authentication challenges when the specified URL is requested. The bracketed optional arguments are macro expanded. Special purpose parameters, GPP_SA through GPP_SD, are macro expanded into macro variables, $SA through $SD, only when they are used as key option arguments. See these examples:
GPP_SA = MyUserID
GPP_SB = MySecretPassword
[--uid $SA --pwd $SB] https://provisioning_server_url/path_to_your_config/your_config.xml
would then expand to:
[--uid MyUserID --pwdMySecretPassword] https://provisioning_server_url/path_to_your_config/your_config.xml
These data types are used with configuration profile parameters:
-
{a,b,c,…}—A choice among a, b, c, …
-
Bool—Boolean value of either “yes” or “no.”
-
CadScript—A miniscript that specifies the cadence parameters of a signal. Up to 127 characters.
Syntax: S1[;S2], where:
-
Si=Di(oni,1/offi,1[,oni,2/offi,2[,oni,3/offi,3[,oni,4/offi,4[,oni,5/offi,5[,oni,6/offi,6]]]]]) and is known as a section.
-
oni,j and offi,j are the on/off duration in seconds of a segment. i = 1 or 2, and j = 1 to 6.
-
Di is the total duration of the section in seconds.
All durations can have up to three decimal places to provide 1 ms resolution. The wildcard character “*” stands for infinite duration. The segments within a section are played in order and repeated until the total duration is played.
Example 1:
60(2/4) Number of Cadence Sections = 1 Cadence Section 1: Section Length = 60 s Number of Segments = 1 Segment 1: On=2s, Off=4s Total Ring Length = 60sExample 2—Distinctive ring (short,short,short,long):
60(.2/.2,.2/.2,.2/.2,1/4) Number of Cadence Sections = 1 Cadence Section 1: Section Length = 60s Number of Segments = 4 Segment 1: On=0.2s, Off=0.2s Segment 2: On=0.2s, Off=0.2s Segment 3: On=0.2s, Off=0.2s Segment 4: On=1.0s, Off=4.0s Total Ring Length = 60s -
-
DialPlanScript—Scripting syntax that is used to specify Line 1 and Line 2 dial plans.
-
Float<n>—A floating point value with up to n decimal places.
-
FQDN—Fully Qualified Domain Name. It can contain up to 63 characters. Examples are as follows:
sip.Cisco.com:5060 or 109.12.14.12:12345
sip.Cisco.com or 109.12.14.12
-
FreqScript—A miniscript that specifics the frequency and level parameters of a tone. Contains up to 127 characters.
Syntax: F1@L1[,F2@L2[,F3@L3[,F4@L4[,F5@L5[,F6@L6]]]]], where:
-
F1–F6 are frequency in Hz (unsigned integers only).
-
L1–L6 are corresponding levels in dBm (with up to one decimal place).
White spaces before and after the comma are allowed but not recommended.
Example 1—Call Waiting Tone:
440@-10 Number of Frequencies = 1 Frequency 1 = 440 Hz at –10 dBmExample 2—Dial Tone:
350@-19,440@-19 Number of Frequencies = 2 Frequency 1 = 350 Hz at –19 dBm Frequency 2 = 440 Hz at –19 dBm -
-
IP— Valid IPv4 Address in the form of x.x.x.x, where x is between 0 and 255. Example: 10.1.2.100.
-
UserID—User ID as it appears in a URL; up to 63 characters.
-
Phone—A phone number string, such as 14081234567, *69, *72, 345678; or a generic URL, such as, 1234@10.10.10.100:5068 or jsmith@Cisco.com. The string can contain up to 39 characters.
-
PhTmplt—A phone number template. Each template may contain one or more patterns that are separated by a comma (,). White space at the beginning of each pattern is ignored. “?” and “*” represent wildcard characters. To represent literally, use %xx. For example, %2a represents *. The template can contain up to 39 characters. Examples: “1408*, 1510*”, “1408123????, 555?1.”.
-
Port—TCP/UDP Port number (0-65535). It can be specified in decimal or hex format.
-
ProvisioningRuleSyntax—Scripting syntax that is used to define configuration resync and firmware upgrade rules.
-
PwrLevel—Power level expressed in dBm with one decimal place, such as –13.5 or 1.5 (dBm).
-
RscTmplt—A template of SIP Response Status Code, such as “404, 5*”, “61?”, “407, 408, 487, 481”. It can contain up to 39 characters.
-
Sig<n>—Signed n-bit value. It can be specified in decimal or hex format. A “-” sign must precede negative values. A + sign before positive values is optional.
-
Star Codes—Activation code for a supplementary service, such as *69. The code can contain up to 7 characters.
-
Str<n>—A generic string with up to n nonreserved characters.
-
Time<n>—Time duration in seconds, with up to n decimal places. Extra specified decimal places are ignored.
-
ToneScript—A miniscript that specifies the frequency, level, and cadence parameters of a call progress tone. Script may contain up to 127 characters.
Syntax: FreqScript;Z1[;Z2].
The section Z1 is similar to the S1 section in a CadScript, except that each on/off segment is followed by a frequency components parameter: Z1 = D1(oni,1/offi,1/fi,1[,oni,2/offi,2/fi,2 [,oni,3/offi,3/fi,3 [,oni,4/offi,4/fi,4 [,oni,5/offi,5/fi,5 [,oni,6/offi,6/fi,6]]]]]) where:
-
fi,j = n1[+n2]+n3[+n4[+n5[+n6]]]]].
-
1 < nk < 6 specifies the frequency components in the FreqScript that are used in that segment.
If more than one frequency component is used in a segment, the components are summed together.
Example 1—Dial tone:
350@-19,440@-19;10(*/0/1+2) Number of Frequencies = 2 Frequency 1 = 350 Hz at –19 dBm Frequency 2 = 440 Hz at –19 dBm Number of Cadence Sections = 1 Cadence Section 1: Section Length = 10 s Number of Segments = 1 Segment 1: On=forever, with Frequencies 1 and 2 Total Tone Length = 10sExample 2—Stutter tone:
350@-19,440@-19;2(.1/.1/1+2);10(*/0/1+2) Number of Frequencies = 2 Frequency 1 = 350 Hz at –19 dBm Frequency 2 = 440 Hz at –19 dBm Number of Cadence Sections = 2 Cadence Section 1: Section Length = 2s Number of Segments = 1 Segment 1: On=0.1s, Off=0.1s with Frequencies 1 and 2 Cadence Section 2: Section Length = 10s Number of Segments = 1 Segment 1: On=forever, with Frequencies 1 and 2 Total Tone Length = 12s -
-
Uns<n>—Unsigned n-bit value, where n = 8, 16, or 32. It can be specified in decimal or hex format, such as 12 or 0x18, as long as the value can fit into n bits.
| Keep these under consideration:
|
