Provisioning Basics
Configuration Access Control
Cisco SPA500 Series and WIP310 IP Phone Administration Guide
126
6
preprovision phones. Any new Cisco IP phone connected to this LAN
automatically resyncs to the local TFTP server, initializing its internal state in
preparation for deployment. Among other parameters, this preprovisioning step
configures the URL of the Cisco IP phone provisioning server.
Subsequently, when a new customer signs up for service, the preprovisioned
Cisco IP phone can be simply bar-code scanned, to record its MAC address or
serial number, before being shipped to the customer. Upon receiving the unit, the
customer connects the unit to the broadband link. On power-up the Cisco IP
phone already knows the server to contact for its periodic resync update.
Configuration Access Control
Besides configuration parameters that control resync and upgrade behavior, the
Cisco IP phone provides mechanisms for restricting end-user access to various
parameters.
The Cisco IP phone firmware provides specific privileges for login to a User
account and an Admin account. The Admin account is designed to give the
service provider or VAR configuration access to the Cisco IP phone, while the User
account is designed to give limited and configurable control to the end user of the
device.
The User and Admin accounts can be independently password protected. The
configuration parameters available to the User account are completely
configurable in the Cisco IP phone, on a parameter-by-parameter basis. Optionally,
user access to the Cisco IP phone web UI can be totally disabled.
The Internet domains accessed by the Cisco IP phone for resync, upgrades, and
SIP registration for Line 1 can be restricted.
Using HTTPS
The Cisco IP phone provides a reliable and secure provisioning strategy based on
HTTPS requests from the Cisco IP phone to the provisioning server, using both
server and client certificates for authenticating the client to the server and the
server to the client.