Saturday 26 March 2016

Flash Cisco IP phones with SIP firmware for non Cisco PBX

In order to make Cisco IP phones work with a non-Cisco PBX (Asterisk, 3CX for example) you need to flash them with Cisco SIP firmware.

Information regarding this process is a little thin so I thought I would share my experience of doing this successfully on a Cisco 6921 phone.

To be able to do this you'll need several things:

  1. The MAC address of the phone you're going to flash
  2. Cisco SIP Firmware files
  3. DHCP server
  4. TFTP server
  5. A custom SEP<MACof Phone>.cnf.xml file
  6. A dialplan.xml file
In this example I am using the 9.4.1.3 firmware for a 69xx (6921) phone that I'll boot to a file server that's running a Solarwinds TFTP server.

Once you have everything ready you can flash these phones very quickly and get them talking to a non-Cisco PBX, in my case Elastix.

OK, lets get started,

The process we'll use is as follows:
  1. Install a TFTP server and specify a TFTP root folder.
  2. Extract the Cisco SIP firmware into the root.
  3. Create the SEP<MACof Phone>.cnf.xml file in the TFTP root.
  4. Create the dialplan.xml file in the TFTP root.
  5. Configure DHCP to direct TFTP to the file server.
  6. Ensure that you have no firewall in the way or create an any>any rule from source to destination.
Installing the Solarwinds TFTP server is pretty straightforward, specify the root folder and start the server.

Extract the files from the Cisco SIP firmware zip file into the TFTP root:











Get the MAC of your phone and create the SEP<MACof Phone>.cnf.xml file in the TFTP root.

Paste the following into the file observing the bold/italic/large elements of where you should edit the file for your environment (Cisco Timezone strings can be found online):

<device>
  <deviceProtocol>SIP</deviceProtocol>
  <sshUserId>admin</sshUserId>
  <sshPassword>Password</sshPassword>
  <devicePool>
    <dateTimeSetting>
      <dateTemplate>D.M.Y</dateTemplate>
      <timeZone>Greenwich Standard Time</timeZone>
      <ntps>
        <ntp>
          <name>time.windows.com</name>
          <ntpMode>Unicast</ntpMode>
        </ntp>
      </ntps>
    </dateTimeSetting>
    <callManagerGroup>
      <members>
        <member priority="0">
          <callManager>
            <ports>
              <ethernetPhonePort>2000</ethernetPhonePort>
              <sipPort>5060</sipPort>
              <securedSipPort>5061</securedSipPort>
            </ports>
            <processNodeName>PBX.domain.local</processNodeName>
          </callManager>
        </member>
      </members>
    </callManagerGroup>
  </devicePool>
    <sipProfile>
    <sipProxies>
      <backupProxy></backupProxy>
<backupProxyPort></backupProxyPort>
      <emergencyProxy></emergencyProxy>
      <emergencyProxyPort></emergencyProxyPort>
      <outboundProxy></outboundProxy>
      <outboundProxyPort></outboundProxyPort>
      <registerWithProxy>true</registerWithProxy>
    </sipProxies>
    <sipCallFeatures>
      <cnfJoinEnabled>true</cnfJoinEnabled>
      <callForwardURI>x-serviceuri-cfwdall</callForwardURI>
      <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
      <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
      <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
      <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
      <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
      <rfc2543Hold>false</rfc2543Hold>
      <callHoldRingback>2</callHoldRingback>
      <localCfwdEnable>true</localCfwdEnable>
      <semiAttendedTransfer>true</semiAttendedTransfer>
      <anonymousCallBlock>2</anonymousCallBlock>
      <callerIdBlocking>2</callerIdBlocking>
      <dndControl>0</dndControl>
      <remoteCcEnable>true</remoteCcEnable>
    </sipCallFeatures>
    <sipStack>
      <sipInviteRetx>6</sipInviteRetx>
      <sipRetx>10</sipRetx>
      <timerInviteExpires>180</timerInviteExpires>
      <timerRegisterExpires>3600</timerRegisterExpires>
      <timerRegisterDelta>5</timerRegisterDelta>
      <timerKeepAliveExpires>120</timerKeepAliveExpires>
      <timerSubscribeExpires>120</timerSubscribeExpires>
      <timerSubscribeDelta>5</timerSubscribeDelta>
      <timerT1>500</timerT1>
      <timerT2>4000</timerT2>
      <maxRedirects>70</maxRedirects>
      <remotePartyID>true</remotePartyID>
      <userInfo>None</userInfo>
    </sipStack>
    <autoAnswerTimer>1</autoAnswerTimer>
    <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
    <autoAnswerOverride>true</autoAnswerOverride>
    <transferOnhookEnabled>false</transferOnhookEnabled>
    <enableVad>false</enableVad>
    <preferredCodec>none</preferredCodec>
    <dtmfAvtPayload>101</dtmfAvtPayload>
    <dtmfDbLevel>3</dtmfDbLevel>
    <dtmfOutofBand>avt</dtmfOutofBand>
    <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
<alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
    <kpml>3</kpml>
    <natEnabled>false</natEnabled>
    <natAddress></natAddress>
    <phoneLabel>phoneLabel</phoneLabel>
    <stutterMsgWaiting>0</stutterMsgWaiting>
    <callStats>false</callStats>
    <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
    <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
    <startMediaPort>10000</startMediaPort>
    <stopMediaPort>20000</stopMediaPort>
    <sipLines>
      <line button="1">
        <featureID>9</featureID>
        <featureLabel>Admin</featureLabel>
        <proxy>PBX.domain.local</proxy>
        <port>5060</port>
        <name>6002</name>
        <displayName>6002</displayName>
        <autoAnswer>
          <autoAnswerEnabled>2</autoAnswerEnabled>
        </autoAnswer>
        <callWaiting>3</callWaiting>
        <authName>6002</authName>
        <authPassword>password</authPassword>
        <sharedLine>false</sharedLine>
        <messageWaitingLampPolicy>1</messageWaitingLampPolicy>
        <messagesNumber>80</messagesNumber>
        <ringSettingIdle>4</ringSettingIdle>
        <ringSettingActive>5</ringSettingActive>
        <contact>105</contact>
        <forwardCallInfoDisplay>
          <callerName>true</callerName>
          <callerNumber>true</callerNumber>
          <redirectedNumber>false</redirectedNumber>
          <dialedNumber>true</dialedNumber>
        </forwardCallInfoDisplay>
      </line>
      <line button="2">
          <featureID>21</featureID>
          <featureLabel>test</featureLabel>
          <speedDialNumber>4444</speedDialNumber>
          <featureOptionMask>1</featureOptionMask>
      </line>
    </sipLines>
    <voipControlPort>5060</voipControlPort>
    <dscpForAudio>184</dscpForAudio>
    <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
    <dialTemplate>dialplan.xml</dialTemplate>
  </sipProfile>
<commonProfile>
    <phonePassword></phonePassword>
    <backgroundImageAccess>true</backgroundImageAccess>
    <callLogBlfEnabled>1</callLogBlfEnabled>
  </commonProfile>
  <loadInformation>SIP69xx.9-4-1-3</loadInformation>
  <vendorConfig>
    <disableSpeaker>false</disableSpeaker>
    <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
    <pcPort>0</pcPort>
    <settingsAccess>1</settingsAccess>
    <garp>0</garp>
    <voiceVlanAccess>0</voiceVlanAccess>
    <videoCapability>0</videoCapability>
    <autoSelectLineEnable>0</autoSelectLineEnable>
    <webAccess>1</webAccess>
    <g722CodecSupport></g722CodecSupport>
<daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>
    <displayOnTime>08:30</displayOnTime>
    <displayOnDuration>09:30</displayOnDuration>
    <displayIdleTimeout>01:00</displayIdleTimeout>
    <displayOnWhenIncomingCall>1</displayOnWhenIncomingCall>
    <spanToPCPort>1</spanToPCPort>
    <loggingDisplay>1</loggingDisplay>
    <loadServer></loadServer>
  </vendorConfig>
  <networkLocale></networkLocale>
  <networkLocaleInfo>
    <name></name>
    <version></version>
  </networkLocaleInfo>
  <deviceSecurityMode>1</deviceSecurityMode>
  <authenticationURL></authenticationURL>
  <directoryURL></directoryURL>
  <idleURL></idleURL>
  <informationURL></informationURL>
  <messagesURL></messagesURL>
  <proxyServerURL></proxyServerURL>
  <servicesURL></servicesURL>
  <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
  <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
  <dscpForCm2Dvce>96</dscpForCm2Dvce>
  <transportLayerProtocol>2</transportLayerProtocol>
  <capfAuthMode>0</capfAuthMode>
  <capfList>
    <capf>
      <phonePort>3804</phonePort>
    </capf>
  </capfList>
<certHash></certHash>
  <encrConfig>false</encrConfig>
</device>

Create the dialplan.xml file in the tftp root and add something similar to the following (failing to do this will result in the phone blindly dialing as soon as you press a button):

<DIALTEMPLATE>
  <TEMPLATE MATCH="999" TIMEOUT="2"/><!-- UK emergency services. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="6..." TIMEOUT="2"/><!-- Internal extensions 6000 to 6999. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0......" TIMEOUT="2"/><!-- 7 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0......." TIMEOUT="2"/><!-- 8 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0........" TIMEOUT="2"/><!-- 9 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0........." TIMEOUT="2"/><!-- 10 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0.........." TIMEOUT="2"/><!-- 11 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0..........." TIMEOUT="2"/><!-- 12 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0............" TIMEOUT="2"/><!-- 13 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="0............." TIMEOUT="2"/><!-- 14 digits. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="*." TIMEOUT="2"/><!-- * and 1 digit for asterisk. Wait 2 seconds, then dial -->
  <TEMPLATE MATCH="*.." TIMEOUT="2"/><!-- * and 2 digits for asterisk. Wait 2 seconds, then dial-->
</DIALTEMPLATE>

Add the following DHCP options, I'm using a Sophos UTM 9 firewall and the options are as follows (in each option, specify the name/IP of the target TFTP server):


Now you should be ready to flash the phone. As a note I did not have to to configure the phone at all, I simply followed the procedure below and the phone found the firmware and flashed. There were some files not found in the TFTP root but these can be ignored.

A factory reset of the phone is the same as below but without the tftp server being available.

  1. Remove the power from the phone.
  2. Press and hold #
  3. Connect power (power cable or PoE)
  4. Wait a couple of seconds and your line lights should go solid. Mine went green other models go amber/red.
  5. Press 123456789*0# (note: as soon as the first button the previous sequence is pressed all the keypad lights go red).
  6. The phone restarts and boots to the TFTP server.
After approximately 30 seconds if all is well you'll see output in the TFTP log and a progress bar on the screen of the phone:


I had the file server on a different firewall controlled subnet to the phones and even thoughI had opened 69 UDP for TFTP I had failures to down load the files. Basically there are other dynamic ports used during the flash process, temporarily opening up everything to the TFTP server from the DHCP address range  solved TFTP boot failures...

You'll see failures for the TLV files, these are certificate lists that Cisco Call Manager uses and can be safely ignored in our non-Cisco SIP environment.

The phone will finally start and stay as 'not registered' for about 30-45 seconds after which, if you have configured the cnf.xml file correctly, it should register with the PBX.

Obviously test that everything works correctly for you, if you need to make changes to either the cnf.xml or dialplan.xml files, just edit them in the TFTP root and repeat the above process. The altered files are re-copied and the phone will reboot with the new config.








Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)