it's dangerous to go alone! take this. (loss4words) wrote,

how to set up a cisco 7940 and 7941 IP phone to do SIP



7940:

These phones still use the old style configuration files so first things first, you'll need to trick it into updating itself to some SIP firmware.

Things you will need:

- the SIP firmware itself, several files, in this example: POS03-08-2-00.loads
POS03-08-2-00.bin
POS03-08-2-00.sb2
PO003-08-2-00.sbn
- OS79XX.TXT, which contains a single line with the sbn file name in it. in this case: PO003-08-2-00
- a TFTP server and a DHCP server. any will do as long as it can supply option 66 or 150 to deliver the IP of a boot server. if you intend to do this under linux, here is a working example of my dhcpd.conf:

option boot-server code 66 = string;
ddns-updates on;
ddns-update-style ad-hoc;
option domain-name-servers 192.168.0.70;
option subnet-mask 255.255.255.0;
option domain-name "hgh.local";
option routers 192.168.0.1;
option boot-server "192.168.0.70";
# Local LAN
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.15 192.168.0.30;
}
# extension 100 - 7940
host ext100 {
ddns-updates on;
hardware ethernet 00:15:2B:22:31:56;
fixed-address 192.168.0.10;
}
# extension 101 - 7941
host ext101 {
ddns-updates on;
hardware ethernet 00:16:C7:64:23:14;
fixed-address 192.168.0.11;
}


Obviously substitute for your own IP ranges, in bold I have given the address of the TFTP server that is also my Asterisk server. Please substitute 192.168.0.70 throughout this document for whatever your phone server is going to be. I've put in manual assignments for my phones there, the MAC addresses can be found on a sticker on the back of the phone itself. Other than that, check the dhcp leases for information about what IPs have been given to what phones.

Alternately, if you want to do this under windows, download tftpd32 from http://tftpd32.jounin.net/ as that works too.

Step zero, return the phone to factory defaults. I don't want to be fighting with whatever shit you've got on there already. There is a good walkthrough this procedure on the Cisco web site.

First things first, trick the phone into downloading its firmware files. Plug the phone in, power it on and let it start looking for a callmanager. If your DHCP option66 has worked properly you should see it requesting files from your TFTP server. You can watch this happening live in the Log tab of tftpd32 or in the log file from your tftp server. To watch it happen, SSH to your linux machine and type something like tail -f /var/log/tftpd.log. It will look for a bunch of them but when eventually it will look for a default setting for any phones, since it can't find its own. This file is XMLDefault.cnf.xml so create it and here is what it should contain:

<Default>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
</ports>
<processNodeName>192.168.0.70</processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
<loadInformation6 model="IP Phone 7910"></loadInformation6>
<loadInformation124 model="Addon 7914"></loadInformation124>
<loadInformation9 model="IP Phone 7935"></loadInformation9>
<loadInformation8 model="IP Phone 7940">P0S3-08-2-00</loadInformation8>
<loadInformation7 model="IP Phone 7960">P0S3-08-2-00</loadInformation7>
<loadInformation20000 model="IP Phone 7905"></loadInformation20000>
<loadInformation30008 model="IP Phone 7902"></loadInformation30008>
<loadInformation30007 model="IP Phone 7912"></loadInformation30007>
</Default>


The firmware version I'm using is listed there for 7940 under loadinformation. the processNodeName tag further up the file tells it where to try to load the new firmware from, in this case my tftp server. Stuff should happen on the screen to indicate it's gone looking for the firmware. If it hasn't, check back to the TFTP server logs and see which files the phone is looking for. This will be your biggest clue as to what the phone is doing since the phone will probably have its configuration locked down. There are some status messages you can get to in the Settings menu but they generally aren't useful. Anyway.

Look at the phone and the tftp logs to make sure it's actually downloading the firmware. Once it's got the SIP firmware on it, it will install it on its own, and then it will reboot itself. Whatever you are doing DO NOT TURN OFF THE PHONE OR REMOVE THE POWER while the firmware is being updated. This goes for ANY device. You will create a paperweight.

After it's rebooted it will start looking for its configuration file. Step 1 is to set the default configuration for all phones. For 7940s that take the old style ".cnf" configuration instead of the newer XML configs, this is called SIPDefault.cnf.

My SIPDefault.cnf looks like this:

# Image Version
image_version: "P0S3-08-2-00"

# Proxy Server
proxy1_address: "192.168.0.70"

# Proxy Server Port (default - 5060)
proxy1_port: "5060"

# Emergency Proxy info
proxy_emergency: "192.168.0.70"
proxy_emergency_port: "5060"

# Backup Proxy info
proxy_backup: "192.168.0.70"
proxy_backup_port: "5060"

# Outbound Proxy info
outbound_proxy: ""
outbound_proxy_port: "5060"

# NAT/Firewall Traversal
nat_enable: "0"
nat_address: ""
voip_control_port: "5061"
start_media_port: "16384"
end_media_port: "32766"
nat_received_processing: "0"

# Proxy Registration (0-disable (default), 1-enable)
proxy_register: "1"

# Phone Registration Expiration [1-3932100 sec] (Default - 3600)
timer_register_expires: "3600"

# Codec for media stream (g711ulaw (default), g711alaw, g729)
preferred_codec: "none"

# TOS bits in media stream [0-5] (Default - 5)
tos_media: "5"

# Enable VAD (0-disable (default), 1-enable)
enable_vad: "0"
# Allow for the bridge on a 3way call to join remaining parties upon hangup
cnf_join_enable: "1" ; 0-Disabled, 1-Enabled (default)

# Allow Transfer to be completed while target phone is still ringing
semi_attended_transfer: "0" ; 0-Disabled, 1-Enabled (default)

# Telnet Level (enable or disable the ability to telnet into this phone
telnet_level: "2" ; 0-Disabled (default), 1-Enabled, 2-Privileged

# Inband DTMF Settings (0-disable, 1-enable (default))
dtmf_inband: "1"

# Out of band DTMF Settings (none-disable, avt-avt enable (default), avt_always - always avt )
dtmf_outofband: "avt"

# DTMF dB Level Settings (1-6dB down, 2-3db down, 3-nominal (default), 4-3db up, 5-6dB up)
dtmf_db_level: "3"

# SIP Timers
timer_t1: "500" ; Default 500 msec
timer_t2: "4000" ; Default 4 sec
sip_retx: "10" ; Default 11
sip_invite_retx: "6" ; Default 7
timer_invite_expires: "180" ; Default 180 sec

# Setting for Message speeddial to UOne box
messages_uri: "*97"

# TFTP Phone Specific Configuration File Directory
tftp_cfg_dir: "./"

# Time Server
sntp_mode: "unicast"
sntp_server: "192.168.0.70"
time_zone: "EAST"
dst_offset: "0"
dst_start_month: "Mar"
dst_start_day: ""
dst_start_day_of_week: "Sun"
dst_start_week_of_month: "2"
dst_start_time: "02"
dst_stop_month: "Nov"
dst_stop_day: ""
dst_stop_day_of_week: "Sunday"
dst_stop_week_of_month: "1"
dst_stop_time: "2"
dst_auto_adjust: "1"

# Do Not Disturb Control (0-off, 1-on, 2-off with no user control, 3-on with no user control)
dnd_control: "0" ; Default 0 (Do Not Disturb feature is off)

# Caller ID Blocking (0-disabled, 1-enabled, 2-disabled no user control, 3-enabled no user control)
callerid_blocking: "0" ; Default 0 (Disable sending all calls as anonymous)

# Anonymous Call Blocking (0-disbaled, 1-enabled, 2-disabled no user control, 3-enabled no user control)
anonymous_call_block: "0" ; Default 0 (Disable blocking of anonymous calls)

# Call Waiting (0-disabled, 1-enabled, 2-disabled with no user control, 3-enabled with no user control)
call_waiting: "1" ; Default 1 (Call Waiting enabled)

# DTMF AVT Payload (Dynamic payload range for AVT tones - 96-127)
dtmf_avt_payload: "101" ; Default 100

# XML file that specifies the dialplan desired
dial_template: "dialplan"

# Network Media Type (auto, full100, full10, half100, half10)
network_media_type: "auto"

#Autocompletion During Dial (0-off, 1-on [default])
autocomplete: "1"

#Time Format (0-12hr, 1-24hr [default])
time_format_24hr: "0"

# URL for external Phone Services
services_url: "http://192.168.0.70/xmlservices/index.php"

# URL for external Directory location
directory_url: "http://192.168.0.70/xmlservices/PhoneDirectory.php"

# URL for branding logo
logo_url: "http://192.168.0.70/cisco/bmp/l4wlogo-new.bmp"

# Remote Party ID
remote_party_id: 1 ; 0-Disabled (default), 1-Enabled


I've bolded the parts you care about - specifically, your firmware version, the proxy (SIP server) address, an instruction to, yes, actually register with the proxy, to tell it it's not working with nat (unless you don't have your own asterisk server and are registering directly with an internet SIP server, then this should = 1 and the IP below should be your WAN IP), enabling telnetting to the phone (default password, cisco), there's some stuff about the timezone here, if you're in Australia on the east coast you'll want to leave it at Eastern Australia Standard Time EAST. There's settings for daylight savings and also at the end, the option to upload a logo to the phone to display.

Now when the phone should start looking for this file, and then for its own configuration file. This is pretty simple since you did all the main configuration that would be the same for all the phones at your site. It really just contains the registration information. The name of this file is SIP followed by your MAC address. Example config from my phone:

; phone-specific configuration file sample
phone_label: "Chris Pollock "
line1_name : 100
line1_authname : 100
line1_password : 100


Now this is very important. The line name gets sent in your SIP registration so for the love of god, do not do what I did and set it to something silly and arbitrary like the name of the server. If you're using Asterisk and FreePBX (or trixbox) this will probably be your extension number, so leave the authname and name the same in this config. You will be angry at yourself when you realise. Trust me. Please set a more secure password.

Voila - your phone should request these files from the TFTP server and download them, then set itself up with its config. You should've configured Asterisk by now to handle this extension, that is beyond the scope of this document. Please see one of the other hundred FAQs about how to configure Asterisk, probably at voip-info.org which is SO great. Alternately, if you don't want to use these other files, the phone itself can be configured from the handset. Unlock the config from the menu, the default password is cisco, then go in and edit the SIP lines. But it's easier this way. You can also telnet to the phone after it's been defaulted, this is pretty useful for debugging registration issues. This is how I found that the line1_name meant something so go in there and dig around.

NOW. ON TO THE 7941.

Factory reset the phone. This will erase the firmware that's on it so be prepared for a rude shock. When this phone boots up the first thing it will do is go looking for new firmware. The 7941 firmware is quite different to the 7940 so it doesn't do anything useful like request a whole bunch of files from the TFTP server, it'll just look for one file indefinitely - term41.default.loads. If you were smarter than me you may have tried to put the 7941 information into the XMLDefaults.cnf.xml - this may have worked, I don't know, but my 7941 never asked for that file. term41.default.loads is part of the 7941 firmware, which has a lot of files in it. Extract your firmware into the tftp server's root directory where all these other files are. term41.default.loads knows which firmware it came from and will instruct the phone on how to download all the other stuff it needs, the application launcher, all of it. Once the phone finds term41.default.loads it will just eat the rest of it automatically so go get a coffee and come back.

When it eventually finishes doing all that stuff and reboots, it'll restart and start looking for other files. It should have also enabled its web interface, and its SSH interface. These may be useful if you fuck up the next step. The files it'll look for will be CTLSEPmacaddress.cnf.xml and SEPmacaddress.cnf.xml - ignore CTLSEP, we're going to use the other one. It's quite big so bear with me. Most of this stuff can probably be put in XMLDefaults.cnf.xml but I'm not sure. If you're not doing this for a big office deployment (and lets face it, you're probably not, otherwise you'd be behaving like a professional and using either another brand of phone, or using a CallManager) then it really doesn't matter.

Here's an example of my SEP0016C7642314.cnf.xml file:

<device>

<deviceProtocol>SIP</deviceProtocol>

<sshUserId>admin</sshUserId>
<sshPassword>cisco</sshPassword>

<devicePool>
<dateTimeSetting>
<dateTemplate>D/M/Ya</dateTemplate>
<timeZone>E. Australia Standard Time</timeZone>
<ntps>
<ntp>
<name>192.168.0.70</name>
<ntpMode>Unicast</ntpMode>
</ntp>
</ntps>
</dateTimeSetting>

<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
<sipPort>5060</sipPort>
<securedSipPort>5061</securedSipPort>
</ports>
<processNodeName>192.168.0.70</processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
</devicePool>

<commonProfile>
<phonePassword></phonePassword>
true
<callLogBlfEnabled>2</callLogBlfEnabled>
</commonProfile>

<loadInformation>SIP41.8-4-3S.loads</loadInformation>

<vendorConfig>
<disableSpeaker>false</disableSpeaker>
<disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
<pcPort>0</pcPort>
<settingsAccess>1</settingsAccess>
<garp>0</garp>
<voiceVlanAccess>0</voiceVlanAccess>
<videoCapability>0</videoCapability>
<autoSelectLineEnable>0</autoSelectLineEnable>

<webAccess>1</webAccess>
<spanToPCPort>1</spanToPCPort>
<loggingDisplay>1</loggingDisplay>
<loadServer></loadServer>
</vendorConfig>

<networkLocale>Australia</networkLocale>

<networkLocaleInfo>
<name>Australia</name>
</networkLocaleInfo>

<deviceSecurityMode>1</deviceSecurityMode>

<authenticationURL>http://192.168.0.70/cisco/services/authentication.php</authenticationURL>
<directoryURL>http://192.168.0.70/xmlservices/PhoneDirectory.php</directoryURL>
<idleURL>http://192.168.0.70/xmlservices/index.php</idleURL>
<informationURL></informationURL>

<messagesURL></messagesURL>
<proxyServerURL></proxyServerURL>
<servicesURL>http://192.168.0.70/xmlservices/index.php</servicesURL>
<dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
<dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
<dscpForCm2Dvce>96</dscpForCm2Dvce>

<transportLayerProtocol>4</transportLayerProtocol>

<capfAuthMode>0</capfAuthMode>
<capfList>
<capf>
<phonePort>3804</phonePort>
</capf>
</capfList>

<certHash></certHash>
<encrConfig>false</encrConfig>

<sipProfile>
<sipProxies>
<backupProxy></backupproxy>
<backupProxyPort></backupproxyport>
<emergencyProxy></emergencyProxy>
<emergencyProxyPort></emergencyProxyPort>
<outboundProxy></outboundProxy>
<outboundProxyPort></outboundProxyPort>
<registerWithProxy>true</registerWithProxy>
</sipProxies>

<sipCallFeatures>
<cnfJoinEnabled>true</cnfJoinEnabled>
<callForwardURI>x--serviceuri-cfwdall</callForwardURI>
<callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
<callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
<callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
<meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
<abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
<rfc2543Hold>false</rfc2543Hold>
<callHoldRingback>2</callHoldRingback>
<localCfwdEnable>true</localCfwdEnable>
<semiAttendedTransfer>true</semiAttendedTransfer>
<anonymousCallBlock>2</anonymousCallBlock>
<callerIdBlocking>2</callerIdBlocking>
<dndControl>0</dndControl>
<remoteCcEnable>true</remoteCcEnable>
</sipCallFeatures>

<sipStack>
<sipInviteRetx>6</sipInviteRetx>
<sipRetx>10</sipRetx>
<timerInviteExpires>180</timerInviteExpires>
<timerRegisterExpires>3600</timerRegisterExpires>
<timerRegisterDelta>5</timerRegisterDelta>
<timerKeepAliveExpires>120</timerKeepAliveExpires>
<timerSubscribeExpires>120</timerSubscribeExpires>
<timerSubscribeDelta>5</timerSubscribeDelta>
<timerT1>500</timerT1>
<timerT2>4000</timerT2>
<maxRedirects>70</maxRedirects>
<remotePartyID>false</remotePartyID>
<userInfo>None</userInfo>
</sipStack>

<autoAnswerTimer>1</autoanswertimer>
<autoAnswerAltBehavior>false</autoansweraltbehavior>
<autoAnswerOverride>true</autoansweroverride>
<transferOnhookEnabled>false</transferOnhookEnabled>
<enableVad>false</enableVad>
<preferredCodec>none</preferredCodec>
<dtmfAvtPayload>101</dtmfAvtPayload>
<dtmfDbLevel>3</dtmfDbLevel>
<dtmfOutofBand>avt</dtmfOutofBand>
false
false
<kpml>3</kpml>

<natEnabled>false</natEnabled>
<natAddress></natAddress>

<stutterMsgWaiting>0</stutterMsgWaiting>

<callStats>false</callStats>
<silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
<disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>


<startMediaPort>16384</startMediaPort>
<stopMediaPort>32766</stopMediaPort>

<voipControlPort>5060</voipControlPort>
<dscpForAudio>184</dscpForAudio>
<ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
<dialTemplate>dialplan.xml</dialTemplate>

<phoneLabel>Chris Pollock</phoneLabel>
<sipLines>
<line button="1">
<featureID>9</featureID>
<featureLabel>101</featureLabel>
<name>101</name>
<displayName>101</displayName>
<contact>101</contact>

<proxy>192.168.0.70</proxy>
<port>5060</port>
<autoAnswer>
<autoAnswerEnabled>2</autoAnswerEnabled>
</autoAnswer>
<callWaiting>3</callWaiting>

<authName>101</authName>
<authPassword>101</authPassword>


<sharedLine>false</sharedLine>
<messageWaitingLampPolicy>1</messageWaitingLampPolicy>
<messagesNumber>*97</messagesNumber>
<ringSettingIdle>4</ringSettingIdle>
<ringSettingActive>5</ringSettingActive>

<forwardCallInfoDisplay>
<callerName>true</callerName>
<callerNumber>false</callerNumber>
<redirectedNumber>false</redirectedNumber>
<dialedNumber>true</dialedNumber>
</forwardCallInfoDisplay>
</line>
</sipLines>
</sipProfile>
</device>


As per usual, the bolded bits are the ones you care about. Put your info in there. Keep in mind that the latest version of Trixbox has a Cisco deployment tool in it. This may have worked for the 7940, I don't know as I didn't find it until after doing it manually, but it DOES NOT WORK for the 7941 with version 8 of the SIP firmware! DOES NOT. The config files it generates are designed for version 7 which, amongst other things, was had a few different config items that version 8 doesn't understand, and also used 0 instead of false to disable features. ALWAYS USE FALSE with Version 8 of SIP code on a 7941! Yes I'm aware that the auth values get repeated - don't ask, I don't know.

Basically what happens if you use the Trixbox version is that it will spit at your config file. It will just say that your config's invalid and remain Unprovisioned. This is impossible to debug from the web interface of the phone, but very possible from an SSH session. If you've done it properly, the phone should read its config, reboot, register, and be set up. Unlike a 7940, the 7941 cannot be configured from the handset. The SIP configuration is all done from these config files, whether you like it or not.

So. SSHing to the phone. When you attempt to SSH to the phone it will ask the TFTP server for a file called authorized_keys. You don't have this file so nothing you type in will work, even if the password is right. So you'll need to generate one. Download Putty, PuttyGen and pageant from the putty download page. Open up puttygen and hit Generate. save the private key somewhere useful on your computer, then save the public key too. Copy the contents of the public key file and dump it into authorized_keys on the TFTP server. Now open pageant and load your private key into it. This will send your key to the phone for validation.

SSH to the phone's IP address. It'll request authorized_keys and then ask you for a username. The username is Default.

Then it'll ask you for the real username and password. the defaults are:
Default/user - normal SSH shell, lets you into the phone's file system, not really useful)
log/log - shows normal phone status messages
debug/debug - useful for seeing whats going wrong

If your phone is rejecting your config and saying it's invalid, type debug then ? and hit enter. It'll show you a list of all the commands you can use but there's some useful ones in there about debugging XML, turn all the xml debugging that you can on. It'll go through piece by piece what the phone's doing and if it's complaining about your files or the registration is failing this will be where it lets you know. In my case, this is where I discovered the difference between the version 7 and 8 SIP firmware.

So that's it! You're done. You were probably done several paragraphs ago but I thought I should include that troubleshooting bit in there. Maybe this will be useful to someone at some point.

Do not contact me asking for Cisco firmware. Get your own support contract, they are well worth it even if they don't support SIP in a non-CCM environment.

For LJ friends: I'd love to be able to say this is the process I followed, but this is a subset of things that were successful. Figuring all this out was interspersed with lots of failure which explains why this took six days.
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments