Deployment and Provisioning
Provisioning Overview
Provisioning Guide for Cisco SPA100 and SPA200 Series Analog Telephone Adapters
13
1
Configuration Access Control
The IP Telephony device firmware provides mechanisms for restricting end-user
access to some parameters. The firmware provides specific privileges for login to
an
Admin
account or a
User
account. Each can be independently password
protected.:
•
Admin Account—Allows the service provider full access to all interactive
voice response (IVR) functions and to all administration web server
parameters.
•
User Account—Allows the user to access basic IVR functions and to
configure a subset of the administration web server parameters.
SEC-PRV-1
Secure
Provisioning—
Initial
Configuration
An initial, device-unique CFG file is targeted to a IP
Telephony device by compiling the CFG file with the SPC
-
-target
option. This provides an encryption that does not
require the exchange of keys.
The initial, device-unique CFG file reconfigures the device
profile to enable stronger encryption by programming a
256-bit encryption key and pointing to a randomly-
generated TFTP directory. For example, the CFG file might
contain:
Profile_Rule [--key $A] tftp.callme.com/profile/$B/
spa962.cfg;
GPP_A 8e4ca259…;
# 256 bit key
GPP_B Gp3sqLn…;
# random CFG file path directory
SEC-PRV-2
Secure
Provisioning—Full
Configuration
Profile resync operations subsequent to the initial SEC-
PRV-1 provisioning retrieve the 256-bit encrypted CFG files
that maintain the IP Telephony device in a state
synchronized to the provisioning server.
The profile parameters are reconfigured and maintained
through this strongly encrypted profile. The encryption key
and random directory location in the SEC-PRV-2
configuration can be changed periodically for extra
security.
State
Description
