<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Configuring SIP Telephones</title><link rel="stylesheet" href="styles.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.69.1" /><link rel="start" href="index.html" title="Asterisk™: The Future of Telephony" /><link rel="up" href="asterisk-CHP-4.html" title="Chapter 4. Initial Configuration of Asterisk" /><link rel="prev" href="asterisk-CHP-4-SECT-6.html" title="Configuring an FXS Channel for an Analog Telephone" /><link rel="next" href="I_sect14_tt599.html" title="Connecting to a SIP Service Provider" /></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Configuring SIP Telephones</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="asterisk-CHP-4-SECT-6.html">Prev</a> </td><th width="60%" align="center">Chapter 4. Initial Configuration of Asterisk</th><td width="20%" align="right"> <a accesskey="n" href="I_sect14_tt599.html">Next</a></td></tr></table><hr /></div><div class="sect1" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="asterisk-CHP-4-SECT-7"></a>Configuring SIP Telephones</h2></div></div></div><p>The<a id="ch04_sipconfig" class="indexterm"></a> Session Initiation Protocol (SIP),<sup>[<a id="id4117935" href="#ftn.id4117935">57</a>]</sup> commonly used in VoIP phones (either hard phones, or softphones), takes care of the setup and teardown of calls, along with any changes during a call such as call transfers. The purpose of SIP is to help two endpoints talk to each other (if possible, <span class="emphasis"><em>directly</em></span> to each other). The SIP protocol is simply a signaling protocol, which means that its purpose is only to get the two endpoints talking to each other, and not to deal with the media of the call (your voice). Rather, your voice is carried using another protocol called the <a id="I_indexterm4_tt508" class="indexterm"></a><a id="I_indexterm4_tt509" class="indexterm"></a>Real-Time Transport Protocol (RTP; RFC 3550) to transfer media directly between the two endpoints.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>We use the term <span class="emphasis"><em>media</em></span> to refer <a id="I_indexterm4_tt510" class="indexterm"></a>to the data transferred between endpoints and used to reconstruct your voice at the other end. It may also refer to music or prompts from the PBX.</p></div><p>In the world of SIP, we call our endpoints user agents, of which there are two types: client and server. The<a id="I_indexterm4_tt511" class="indexterm"></a> <span class="emphasis"><em>client</em></span> is the endpoint that generates the request, and the <span class="emphasis"><em>server</em></span> processes the request and generates a response. When an endpoint wishes to place a call to another endpoint (such as our softphone calling another softphone), we generate our request and send this to a SIP proxy.<sup>[<a id="id4118046" href="#ftn.id4118046">58</a>]</sup> A proxy server will take the request, determine where the request is destined for, and forward it on. Once the two user agents have negotiated a successful call setup, the media is transported via the RTP protocol and sent directly between the two user agents. SIP proxies do not handle media; they simply deal with the SIP packets.</p><p>Asterisk, on the other hand, is called a<a id="I_indexterm4_tt514" class="indexterm"></a> Back-To-Back User Agent (B2BUA). This means that Asterisk acts like a user agent in either the server (receiving) or client (sending) role. So when our softphone dials an extension number, the call is set up between the softphone and Asterisk directly. If the logic we’ve built into Asterisk determines that you mean to call another user agent, then Asterisk acts as a user agent client and sets up another connection (known as a channel) to the other phone. The media between the two phones then flows directly through Asterisk.<sup>[<a id="id4118104" href="#ftn.id4118104">59</a>]</sup> From the viewpoint of the phones, they are talking with Asterisk directly.</p><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4118129"></a>Basic SIP Telephone Configuration in Asterisk</h3></div></div></div><p>Configuring a SIP phone to work<a id="I_indexterm4_tt515" class="indexterm"></a> with Asterisk does not require much. However, because there are so many options possible in both Asterisk and the configuration of the particular telephone set or softphone, things can get confusing. Add to this the fact that similar things can have different names, and you have a recipe for frustration. What we are going to do, therefore, is give you the bare-bones basics. If you follow our advice, you should be able to get the sets we cover working (and be well on your way to getting a phone that we have not covered to work as well). We are not saying that this is the best way, or even the right way, but it is the simplest way, and from a working foundation, it is much easier to take a basic configuration and tweak things until you get the solution you need.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Just as we did with the <span class="emphasis"><em>extensions.conf</em></span> file; run the following commands in your bash shell:</p><a id="I_programlisting4_tt516"></a><pre class="programlisting"> <strong class="userinput"><code># mv sip.conf sip.conf.sample # touch sip.conf</code></strong> </pre></div><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4118185"></a>Defining the SIP device in Asterisk</h4></div></div></div><p>If you put the following in a <span class="emphasis"><em>sip.conf </em></span>file, you<a id="I_indexterm4_tt517" class="indexterm"></a> will be able to register a phone to the system. <a id="I_programlisting4_tt518"></a></p><pre class="programlisting">[general] [1000] type=friend context=phones host=dynamic</pre><p>Not pretty, not secure, not flexible, not fully-featured, but this will work.</p><p>Even though we have named this SIP device <code class="literal">1000</code>, and we are probably going to assign it that extension number, you should note that we could have named it whatever we wanted. Names such as <code class="literal">mysipset</code>, <code class="literal">john</code>, <code class="literal">0004f201ab0c</code> are all valid, popular, and may suit your needs better.<sup>[<a id="id4118250" href="#ftn.id4118250">60</a>]</sup> What we are doing is assigning a unique identifier to a device, which will form part of the credentials when a call is placed using the SIP channel.</p><p>Since we want to be able to both send calls to the softphone and allow the client to place calls, we have defined the <code class="literal">type</code> as <code class="literal">friend</code>. The other two types are <code class="literal">user</code> and <code class="literal">peer</code>. From the viewpoint of Asterisk, a <code class="literal">user</code> is configured to enter the dialplan, and a <code class="literal">peer</code> is created for calls leaving the dialplan (via the <code class="literal">Dial()</code> application). A <code class="literal">friend</code> is simply a shortcut that defines both a user and a peer. If in doubt, define the type as <code class="literal">friend</code>.</p><p>The <code class="literal">host</code> option is used to define where the client exists on the network when Asterisk needs to send a call to it. This can either be defined statically by defining something like <code class="literal">host=192.168.1.100</code>, or if the client has a dynamic IP address, then we set <code class="literal">host=dynamic</code>. When the <code class="literal">host</code> option is set as <code class="literal">dynamic</code>, and the client is configured to register, Asterisk will receive a REGISTER packet from the endpoint (i.e., telephone set or softphone), telling Asterisk which IP address the SIP peer is using.</p><p>If you do not trust your network, you should probably also force the use of a password by adding the following to the device definition. This is one of those things that is not technically necessary, but is probably a good idea:</p><p> <a id="I_programlisting4_tt519"></a></p><pre class="programlisting">secret=guessthis</pre><p> </p></div></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4118375"></a>Configuring the Device Itself</h3></div></div></div><p>In the configuration menus of the phone itself (which could be via a web GUI, through menus on the phone itself, or possibly using configuration files that are stored on a server), the unique identifier (which in this case is <code class="literal">1000</code>) again forms part of the credentials for the authentication process. Naturally, for a connection to be successful, this has to match in both Asterisk and in the set itself. The fun begins when you realize that there is no set rule as to what this identifier is formally called. We have elected simply to call it the Unique Identifier. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>In the<a id="I_indexterm4_tt520" class="indexterm"></a> SIP RFC (<a href="http://www.faqs.org/rfcs/rfc3261.html" target="_top">http://www.faqs.org/rfcs/rfc3261.html</a>), section 19.1 calls this user token, “the identifier of a particular resource at the host being addressed,” verbiage consistent with our usage of <code class="literal">[1000]</code> as the set identifier in the <code class="filename">sip.conf</code> file of Asterisk.</p></div><p>Instead, you will want to look for fields that are labeled <code class="code">user name</code>, <code class="code">auth name</code>, <code class="code">authentication</code> <code class="code">name</code>, and so on. The thing to remember is that since you know that the Asterisk end of the equation is configured simply and correctly, you can experiment with the phone setting until you find a combination that works. This is much better than the usual suffering that new users go through, as they change settings in both places and have no luck getting a phone to register.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>We’re gonna say it again: configure <span class="emphasis"><em>sip.conf</em></span> in the simplest manner possible, and then don’t change your Asterisk configuration. Trust us; what we have written here will work. Get your set working (i.e., where you can make and receive calls), and you will be in a far better position to begin experimenting with different settings. We have seen too much suffering (including our own), and we want it to end.</p></div><div class="sidebar"><a id="I_sidebar4_tt521"></a><p class="title"><b>Simplifying sip.conf</b></p><p>The <span class="emphasis"><em>sip.conf</em></span> file (which was copied to the <span class="emphasis"><em>/etc/asterisk</em></span> directory by the <code class="literal">make samples</code> command we ran in the previous chapter) contains a large number of options and documentation inside it, but the file is actually very minimal if you remove all the commented parameters. The default file really breaks down to just the following few lines being uncommented by default:</p><p> <a id="I_programlisting4_tt522"></a></p><pre class="programlisting">[general] context=default ; Default context for incoming calls allowoverlap=no ; Disable overlap dialing support. (Default is yes) bindport=5060 ; UDP Port to bind to (SIP standard port is 5060) ; bindport is the local UDP port that Asterisk will ; listen on bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0 binds to all) srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; Note: Asterisk only uses the first host ; in SRV records ; Disabling DNS SRV lookups disables the ; ability to place SIP calls based on domain ; names to some other SIP users on the Internet [authentication]</pre><p> </p><p>The <code class="literal">[general]</code> section contains the<a id="I_indexterm4_tt523" class="indexterm"></a> options that will apply to all SIP clients and trunks. Some settings elsewhere are set only in the <code class="literal">[general]</code> section, and others can be set in the <code class="literal">[general]</code> section as defaults for all conditionals unless overridden. These options are listed under the two columns labeled <code class="literal">[users]</code> and <code class="literal">[peers]</code> below the <span class="keep-together"><code class="literal">[authentication]</code></span> header.</p><p>Generally, the commented-out options will show you the default setting Asterisk uses, or will tell you the default option in the option’s description.</p><p>You can also check the current state of the SIP channel in Asterisk with the <code class="literal">sip show settings</code> CLI command.</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>If you are running Asterisk and a softphone<a id="I_indexterm4_tt524" class="indexterm"></a> on the same system (i.e., running an X-Lite softphone and Asterisk on a laptop or desktop), then you will need to modify the SIP port that client listens on. It will need to be changed from 5060 to 5061 (or some other unused port) so that Asterisk and the softphone do not interfere with each other.</p></div></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4118615"></a>Essential Server Components</h3></div></div></div><p>Before we get <a id="I_indexterm4_tt525" class="indexterm"></a>into how to define these files, there are a few things that need to be configured on your server. Running the right services on your network will ensure your<a id="I_indexterm4_tt526" class="indexterm"></a> Polycom sets can autoconfigure from the moment you plug them in. There’s a little work involved here, but we promise that the payoff is worth it. Once you’ve done this a few times, it only really takes a few minutes on each new system, and going forward, it’ll save you a lot of mucking about with web interfaces. When you take your new Polycom phone out of the box, plug it into your network, watch it autoconfigure itself, and then successfully register with your Asterisk machine, you will know the sort of joy that only geeks can experience.<sup>[<a id="id4118654" href="#ftn.id4118654">61</a>]</sup></p><p>It’s not really that complicated. Where we think people get confused is in making sense of the various ways this can be achieved, because there are a lot of choices.</p><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="dhcp_server"></a>DHCP server</h4></div></div></div><p>Typically, a DHCP<a id="I_indexterm4_tt527" class="indexterm"></a> server is used to configure basic IP parameters for a device (IP address, default gateway, and DNS), but the DHCP protocol can actually pass many other parameters. In our case, we want it to pass some information to the sets that will tell them where to download their config files from. Here is a sample config from a Linux DHCP server that will do what is required:</p><p><a id="I_programlisting4_tt528"></a></p><pre class="programlisting">ddns-update-style interim; ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.1.1; option ntp-servers pool.ntp.org; option time-offset -18000; range dynamic-bootp 192.168.1.128 192.168.1.254; default-lease-time 21600; max-lease-time 43200; }</pre><p>Keep in mind that this assumes that the only things on this network are devices that belong to the phone system (this setup will hand out an IP address to any device that requests it). If you have a more complex environment, you will need to configure the DHCP daemon to handle the various devices it is serving. For example, you might want to devise a scope that restricts IP addresses in your voice LAN to Polycom phones. Since all Polycom IP desk phones have 00:04:f2 as their OUI (Organizationally Unique Identifier), you might choose to restrict scope based on that.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>In a Microsoft DHCP environment, <a id="I_indexterm4_tt529" class="indexterm"></a>the tftp-server-name is referred to as<a id="I_indexterm4_tt530" class="indexterm"></a> <span class="emphasis"><em>Boot server host name</em></span>. It is defined under <span class="emphasis"><em>option 66</em></span>.</p></div><p>The DHCP protocol is far more flexible than is often realized, because in most environments it is not used for complex provisioning tasks. With a little care and attention, you can devise a DHCP environment that serves both your voice and data devices and greatly simplifies administrative workload when adding new devices.</p></div><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4118762"></a>FTP server</h4></div></div></div><p>FTP is currently our<a id="I_indexterm4_tt531" class="indexterm"></a> favorite<sup>[<a id="id4118781" href="#ftn.id4118781">62</a>]</sup>way to configure Polycom sets. We would recommend it over<a id="I_indexterm4_tt532" class="indexterm"></a> TFTP for any set that allows for both. To install it on your CentOS system, the following command will install<a id="I_indexterm4_tt533" class="indexterm"></a><a id="I_indexterm4_tt534" class="indexterm"></a> VSFTPD, the Very Secure FTP Daemon:</p><p><a id="I_programlisting4_tt535"></a></p><pre class="programlisting"># <strong class="userinput"><code>yum -y install vsftpd</code></strong></pre><p>Then, in order to lock things down, we need to prevent anonymous logins with a simple change<a id="I_indexterm4_tt536" class="indexterm"></a> to the <span class="emphasis"><em>vsftpd</em></span> config file, <code class="filename">/etc/vsftpd/vsftpd.conf</code>:</p><p> <a id="I_programlisting4_tt537"></a></p><pre class="programlisting"># anonymous_enable=NO</pre><p> </p><p>Restart the server with <code class="literal">service vsftpd restart</code>. To ensure that the daemon runs after every reboot, run <code class="literal">chkconfig vsftpd on</code>.</p><p>Now, we have to create a user account and group for the sets to use. In this case, we will create an account for the Polycom sets:</p><p> <a id="I_programlisting4_tt538"></a></p><pre class="programlisting"># groupadd PlcmSpIp # useradd PlcmSpIp -g PlcmSpIp -p PlcmSpIp # passwd PlcmSpIp</pre><p> </p><p>Set the password to <span><strong class="command">PlcmSpIp</strong></span> (the default FTP password for Polycom sets). This can be changed, but will then require manual configuration from each set in order to advise them of their nonstandard credentials.<sup>[<a id="id4118921" href="#ftn.id4118921">63</a>]</sup></p><p>For added security, let’s make sure the FTP server keeps that account in a chroot jail:</p><p><a id="I_programlisting4_tt539"></a></p><pre class="programlisting"># echo PlcmSpIp >> /etc/vsftpd/vsftpd.chroot_list</pre><p>That pretty much does it as far as preparing the operating system to provide the required services to the phones.</p><p>In the next few sections we have provided instructions for various popular SIP telephones. Choose the section that applies best to the phone that you are planning to use (whether a hard- or soft-phone). You will note that we have given all of these phones the exact same unique identifier. If you plan on installing more than one of them, you will need to ensure that they have unique names, and be sure to update your <code class="filename">sip.conf</code> file to include those device definitions.</p></div></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4118972"></a>CounterPath’s X-Lite Softphone</h3></div></div></div><p>CounterPath’s X-Lite softphone<a id="ch04_conterpath" class="indexterm"></a><a id="ch04_xlite" class="indexterm"></a> has become very popular with the Asterisk community. It is simple, functional, easy on the eyes, and—most importantly—free.</p><p>In this section we will be configuring the X-Lite softphone to connect to Asterisk. The<a id="I_indexterm4_tt540" class="indexterm"></a> IP address of the phone is 192.168.1.250, and Asterisk is located at 192.168.1.100. The X-Lite is available for Microsoft Windows, Mac, and Linux. You can obtain a copy of X-Lite from <a href="http://www.counterpath.com/index.php?menu=download" target="_top">http://www.counterpath.com/index.php?menu=download</a>.</p><p>Now let’s configure our softphone for connecting to our Asterisk box. To configure X-Lite, click on the Settings button, as circled in <a href="asterisk-CHP-4-SECT-7.html#asterisk-CHP-4-FIG-2" title="Figure 4.2. X-Lite configuration">Figure 4.2, “X-Lite configuration”</a>.</p><div class="figure"><a id="asterisk-CHP-4-FIG-2"></a><p class="title"><b>Figure 4.2. X-Lite configuration</b></p><div class="mediaobject"><a id="I_mediaobject4_tt541"></a><img src="figs/web/ast2_0402.png" alt="X-Lite configuration" /></div></div><p>Select <span class="emphasis"><em>System Settings</em></span> → <span class="emphasis"><em>SIP Proxy</em></span> → <span class="emphasis"><em>[Default]</em></span>, which will display the default configuration for the softphone. Configure the screen as shown in <a href="asterisk-CHP-4-SECT-7.html#asterisk-CHP-4-FIG-3" title="Figure 4.3. X-Lite user configuration">Figure 4.3, “X-Lite user configuration”</a>.</p><div class="figure"><a id="asterisk-CHP-4-FIG-3"></a><p class="title"><b>Figure 4.3. X-Lite user configuration</b></p><div class="mediaobject"><a id="I_mediaobject4_tt542"></a><img src="figs/web/ast2_0403.png" alt="X-Lite user configuration" /></div></div><p>If you have not already started Asterisk, then start it now (see <a href="asterisk-CHP-3.html" title="Chapter 3. Installing Asterisk">Chapter 3, <i>Installing Asterisk</i></a> for help installing and starting Asterisk). If Asterisk is running in the background, you can reconnect to the CLI by running the following command:</p><p> <a id="I_programlisting4_tt543"></a></p><pre class="programlisting"># <strong class="userinput"><code>asterisk -rvvv</code></strong></pre><p> </p><p>You will then be given the Asterisk CLI like so:<a id="I_programlisting4_tt544"></a></p><pre class="programlisting">*CLI></pre><p>If Asterisk was already running before changing the <code class="filename">sip.conf</code> as instructed in this chapter, then reload the dialplan and SIP channel with the following two commands:</p><p><a id="I_programlisting4_tt545"></a></p><pre class="programlisting">*CLI> <strong class="userinput"><code>dialplan reload</code></strong> *CLI> <strong class="userinput"><code>sip reload</code></strong></pre><p>In your X-Lite softphone client, close the Settings windows by clicking the BACK button until the windows are all closed. You should see X-Lite try to register to Asterisk, and if successful, you will see the following at the Asterisk CLI:</p><p><a id="I_programlisting4_tt546"></a></p><pre class="programlisting">-- Registered SIP '1000' at 192.168.1.250 port 5061 expires 3600</pre><p>You can verify the registration status at any time like so:</p><p> <a id="I_programlisting4_tt547"></a></p><pre class="programlisting">*CLI> <strong class="userinput"><code>sip show peers</code></strong> Name/username Host Dyn Nat ACL Port Status 1000/1000 192.168.1.250 D N 5061 OK (63 ms) 1 sip peers [1 online , 0 offline] </pre><p> </p><p>More detailed stats of the peer can be shown as follows with <code class="literal">sip show peer 1000</code>:<a id="I_indexterm4_tt548" class="indexterm"></a><a id="I_indexterm4_tt549" class="indexterm"></a></p><p> <a id="I_programlisting4_tt550"></a></p><pre class="programlisting">*CLI> <strong class="userinput"><code>sip show peer</code></strong> 1000 * Name : 1000 Secret : <Not set> MD5Secret : <Not set> Context : phones Subscr.Cont. : <Not set> Language : AMA flags : Unknown Transfer mode: open CallingPres : Presentation Allowed, Not Screened Callgroup : Pickupgroup : Mailbox : VM Extension : asterisk LastMsgsSent : 32767/65535 Call limit : 0 Dynamic : Yes Callerid : "" <> MaxCallBR : 384 kbps Expire : 1032 Insecure : no Nat : RFC3581 ACL : No T38 pt UDPTL : No CanReinvite : Yes PromiscRedir : No User=Phone : No Video Support: No Trust RPID : No Send RPID : No Subscriptions: Yes Overlap dial : Yes DTMFmode : rfc2833 LastMsg : 0 ToHost : Addr->IP : 192.168.1.250 Port 5061 Defaddr->IP : 0.0.0.0 Port 5060 Def. Username: 1000 SIP Options : (none) Codecs : 0x8000e (gsm|ulaw|alaw|h263) Codec Order : (none) Auto-Framing: No Status : Unmonitored Useragent : X-Lite release 1105d Reg. Contact : sip:1000@192.168.1.250:5061 </pre><p> </p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4119324"></a>Polycom’s IP 430</h3></div></div></div><p>A lot of folks<a id="ch04_polycom" class="indexterm"></a><a id="ch04_ip430" class="indexterm"></a> say configuring Polycom phones is difficult. From what we can tell, they base this on one of two reasons: 1) The Polycom web-based interface is horrible, or 2) the automatic provisioning process is painful and confusing.</p><p>With respect to item 1, we agree. The web interface on the Polycom phones has got to be one of the most annoying web interfaces ever developed for an IP telephone. We don’t use it, and we don’t recommend it.<sup>[<a id="id4119368" href="#ftn.id4119368">64</a>]</sup></p><p>So that leaves us with some sort of server-based configuration. Fortunately, in this regard, the Polycom IP phones are superb—so much so that we can pretty much forgive the web interface. Set configurations are stored in files on a server, and each set navigates to the server, downloads the configuration files that are relevant to it, and applies them to itself.</p><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4119384"></a>DHCP server</h4></div></div></div><p>If you cannot<a id="I_indexterm4_tt551" class="indexterm"></a> control your DHCP server, you may have to manually specify the FTP server information on the phone. This is done by rebooting the set, pressing the <span><strong class="command">setup</strong></span> button before the set begins the load process, and specifying the address of the FTP server in the small boot menu that these phones offer.</p></div><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4119416"></a>Protocol to use for downloading</h4></div></div></div><p>The Polycom phones are able to download<a id="I_indexterm4_tt552" class="indexterm"></a> their configuration by one of three protocols: TFTP, HTTP, and FTP.</p><p>Right off the bat we are going to tell you to avoid<a id="I_indexterm4_tt553" class="indexterm"></a> TFTP. It is not secure, and the set cannot use date information to determine which versions of various files are the most current. It works, but there are better ways, and we are not going to discuss it further.</p><p>Polycom phones can pull their config data using HTTP as well, but it <a id="I_indexterm4_tt554" class="indexterm"></a>has not proven to be popular, and so we are going to move on.</p><p>FTP is currently the preferred method of allowing Polycom phones to obtain their configuration. It works well, is fairly easy to configure, and is well supported by the community.</p></div><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4119475"></a>FTP</h4></div></div></div><p>FTP is <a id="I_indexterm4_tt555" class="indexterm"></a>currently our favorite way to configure Polycom sets. To install it on your CentOS system, the following command will <a id="I_indexterm4_tt556" class="indexterm"></a>install VSFTPD, the Very Secure FTP Daemon:</p><p><a id="I_programlisting4_tt557"></a></p><pre class="programlisting"># <strong class="userinput"><code>yum -y install vsftpd</code></strong></pre><p>Then, in order to lock things down, we need to prevent anonymous logins, with a simple change to the<a id="I_indexterm4_tt558" class="indexterm"></a><span class="emphasis"><em>vsftpd</em></span> config file, <code class="filename">/etc/vsftpd/vsftpd.conf</code>:</p><p> <a id="I_programlisting4_tt559"></a></p><pre class="programlisting"># anonymous_enable=NO</pre><p> </p><p>Restart the server with <code class="literal">service vsftpd restart</code>. To ensure that the daemon runs after every reboot, run <code class="literal">chkconfig vsftpd on</code>.</p><p>Now, we have to create a user account and group for the Polycom sets to use:</p><p> <a id="I_programlisting4_tt560"></a></p><pre class="programlisting"># groupadd PlcmSpIp # useradd PlcmSpIp -g PlcmSpIp -p PlcmSpIp # passwd PlcmSpIp </pre><p> </p><p>Set the password to <span><strong class="command">PlcmSpIp</strong></span> (the default FTP password for Polycom sets). This can be changed, but will then require manual configuration from each set in order to advise them of their nonstandard credentials.<sup>[<a id="id4119604" href="#ftn.id4119604">65</a>]</sup></p><p>For added security, let’s make sure the FTP server keeps that account in a chroot jail:</p><p><a id="I_programlisting4_tt561"></a></p><pre class="programlisting"># echo PlcmSpIp >> /etc/vsftpd/vsftpd.chroot_list</pre><p>That pretty much does it as far as preparing the operating system to provide the required services to the phones.</p></div><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4119636"></a>The Polycom configuration files</h4></div></div></div><p>While there seem<a id="I_indexterm4_tt562" class="indexterm"></a> to be a lot of different files that are needed to make a Polycom set work, they are each fairly easy to understand.</p><div class="sect4" lang="en" xml:lang="en"><div class="titlepage"><div><div><h5 class="title"><a id="id4119660"></a>The bootROM</h5></div></div></div><p>This can best be described<a id="I_indexterm4_tt563" class="indexterm"></a> as the BIOS and operating system of the phone. Perhaps there is a more technical explanation, but why make things confusing? The bootROM should not need to be updated regularly, but it is good to keep an eye on the current releases to see if a newer bootROM has features that will be of benefit in your environment. This file will be named <code class="filename">bootrom.ld</code>.</p></div><div class="sect4" lang="en" xml:lang="en"><div class="titlepage"><div><div><h5 class="title"><a id="id4119690"></a>The application image</h5></div></div></div><p>Since Polycom sets are capable of supporting other VoIP protocols (MGCP is supported, for example), the protocol that this set will employ forms part of the application image that the phone will download and run. If the image on the set is already correct, this file is not actually needed on the FTP server; however, it is common to have this file available to ensure that the most recent version of the protocol is available for the sets to download. You will sometimes receive phones that are not running the latest version, so having the most current image will ensure that all sets are up-to-date.</p></div><div class="sect4" lang="en" xml:lang="en"><div class="titlepage"><div><div><h5 class="title"><a id="id4119705"></a>The sip.cfg file</h5></div></div></div><p>There is normally only one <a id="I_indexterm4_tt564" class="indexterm"></a>version of this file on a system, but it can be named anything you want, and there can be as many different versions of this file as are needed. For example, if you had an office where there were two different languages in use, some users might prefer French on their set, and others English. In that case, you’d create a <code class="filename">french.sip.conf</code> file and an <code class="filename">english.sip.conf</code> file to handle each case. Name this file as you see fit, but pick a name that makes sense so that future administrators have a chance to make sense of your design choices.</p></div><div class="sect4" lang="en" xml:lang="en"><div class="titlepage"><div><div><h5 class="title"><a id="id4119746"></a>The master config file for each phone</h5></div></div></div><p>This file is very simple and small. It is named to match the <a id="I_indexterm4_tt565" class="indexterm"></a>MAC address of each phone (so each set will need its own copy of this file) and tells the set what other files it needs to download in order to configure itself. This is the first config file each set will read. In this file will be a reference to the application image this set will use (currently named <span class="emphasis"><em>sip.ld</em></span>), as well as the names of the XML files that have the parameters for this phone (the <span class="emphasis"><em>.cfg</em></span> files). A master config file for a set might look something like this:</p><a id="I_programlisting4_tt566"></a><pre class="programlisting">'<?xml version="1.0" standalone="yes"?>' '<!-- Default Master SIP Configuration File-->' '<!-- Edit and rename this file to <Ethernet-address>.cfg for each phone.-->' '<!-- $Revision: 1.14 $ $Date: 2005/07/27 18:43:30 $ -->' '<APPLICATION APP_FILE_PATH="sip.ld" CONFIG_FILES="phone1.cfg, sip.cfg" MISC_FILES="" LOG_FILE_DIRECTORY="" OVERRIDES_DIRECTORY="" CONTACTS_DIRECTORY="" />' </pre><p>Note the name of the application file that we want this set to use, and the config files that it will be trying to find and apply.</p></div><div class="sect4" lang="en" xml:lang="en"><div class="titlepage"><div><div><h5 class="title"><a id="id4119800"></a>The set-specific config file</h5></div></div></div><p>We recommend giving the <code class="filename">phone1.cfg</code> files<a id="I_indexterm4_tt567" class="indexterm"></a> names that make sense. For example, <code class="filename">SET<xxx>.cfg</code> (such as <code class="filename">SET201.cfg</code>) to match the extension number of the phone, or <code class="filename">FLOOR4CUBE23.cfg</code>, or maybe <code class="filename">BOB_SMITHS_IP430_SET.cfg</code>, or whatever seems best to you. What’s the best way to name them? We’re going to answer that question by asking a question. Let’s say you have 100 of these phones. When you list the contents of the <code class="filename">/home/PlcmSpIp</code> folder, how do you want the 100 config files for the sets to appear?</p></div><div class="sect4" lang="en" xml:lang="en"><div class="titlepage"><div><div><h5 class="title"><a id="id4119863"></a>Gotchas</h5></div></div></div><p>Settings that are configured directly on the telephone will be stored on the filesystem of the set, and may take precedence over parameters passed in config files. If you are having any problems applying changes to a set, try reformatting the phone. This will force the set to accept the parameters contained in the config files.<a id="I_indexterm4_tt568" class="indexterm"></a><a id="I_indexterm4_tt569" class="indexterm"></a></p></div></div></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="cisco_7960"></a>Cisco 7960 Telephone</h3></div></div></div><p>The venerable<a id="ch04_cisco7960" class="indexterm"></a><a id="ch04_7960" class="indexterm"></a><a id="ch04_c7960" class="indexterm"></a> old C7960 is now a part of VoIP history. One of the first SIP telephones that could actually be taken seriously, the only real complaint one can have about this phone is the price: they are the Cadillac of SIP phones (meaning that they have all the bells and whistles but are tough to justify at the price, and are a little out of date <span class="keep-together">sometimes).</span></p><p>If you can get one of these, you are getting an excellent SIP telephone. If you buy one new, be prepared to pay.</p><p>One of the ways this phone is out of date is the lack of remote provisioning from anything other than<a id="I_indexterm4_tt570" class="indexterm"></a> TFTP. TFTP has lost favor with networking professionals due to the lack of authentication and encryption, but since it is the only method of remotely provisioning the phone, we are going to have to use the tftp-server daemon. We can install tftp-server with the following command:</p><p><a id="I_programlisting4_tt571"></a></p><pre class="programlisting"># <strong class="userinput"><code>yum install -y tftp-server</code></strong></pre><p>Once installed, we need to enable the server by modifying the <span class="emphasis"><em>/etc/xinetd.d/tftp</em></span> file. To enable the TFTP server, change the <code class="literal">disable=yes</code> line to <code class="literal">disable=no</code>.</p><p><a id="I_programlisting4_tt572"></a></p><pre class="programlisting">service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot <strong class="userinput"><code> disable = no</code></strong> per_source = 11 cps = 100 2 flags = IPv4 } </pre><p>Then start the TFTP server by running:</p><p><a id="I_programlisting4_tt573"></a></p><pre class="programlisting"># <strong class="userinput"><code>service xinetd restart</code></strong></pre><p>We can verify the server is running with the following command:</p><p><a id="I_programlisting4_tt574"></a></p><pre class="programlisting"># <strong class="userinput"><code>chkconfig --list | grep tftp</code></strong> tftp: on</pre><p>As long as <code class="literal">tftp: on</code> was returned, the server is up and running.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Cisco phones by default are loaded with their own communication protocol known<a id="I_indexterm4_tt575" class="indexterm"></a><a id="I_indexterm4_tt576" class="indexterm"></a> as SCCP (or Skinny). We will be showing you how to configure the phone, but due to the proprietary nature of Cisco and its phones, you will need to obtain the SIP firmware from your distributor. Also, there are both <span class="emphasis"><em>chan_sccp</em></span> and <span class="emphasis"><em>chan_skinny</em></span> modules for Asterisk, but they are beyond the scope of this book.</p></div><p>We will be registering our Cisco phone to the SIP friend we configured in <a href="asterisk-CHP-4-SECT-6.html#asterisk-CHP-4-SECT-6.1" title="Zaptel Hardware Configuration">the section called “Zaptel Hardware Configuration”</a>.” The following configuration file should be saved into a file taking the format of <code class="filename">SIP<mac>.cnf</code>, where <code class="filename"><mac></code> represents the MAC address of the telephone device you are configuring. Place this file into the <code class="filename">/tftpboot/</code> directory on your server:</p><p><a id="I_programlisting4_tt577"></a></p><pre class="programlisting"># Line 1 Configuration line1_name: "1000" line1_authname: "1000" line1_shortname: "Jimmy Carter" line1_password: "" line1_displayname: "" # The phone label, displayed in the upper-righthand corner of the phone phone_label: "aristotle" ; Has no effect on SIP messaging # Phone password used for console or telnet access, limited to 31 characters phone_password: "cisco"</pre><p>Then configure the address to register in the <code class="filename">SIPDefault.cnf</code><a id="I_indexterm4_tt578" class="indexterm"></a>file, also placed in the <span class="keep-together"><code class="filename">/tftpboot/</code></span> directory of your server. <code class="literal">proxy1_address</code> will contain the IP address of your Asterisk server of where the phone should register for line 1. The <code class="literal">image_version</code> contains the version of the <span class="emphasis"><em>.loads</em></span> and <span class="emphasis"><em>.sb2</em></span> files the phone will load into memory.</p><p><a id="I_programlisting4_tt579"></a></p><pre class="programlisting">image_version: P0S3-08-4-00 proxy1_address: 192.168.1.100</pre><p>We need one additional file<a id="I_indexterm4_tt580" class="indexterm"></a> called <span class="emphasis"><em>OS79XX.TXT</em></span>. This file contains only a single line―the <span class="emphasis"><em>.bin</em></span> and <span class="emphasis"><em>.sbn</em></span> file version to load into memory:</p><p><a id="I_programlisting4_tt581"></a></p><pre class="programlisting">P003-08-4-00</pre><p>In order for our Cisco 7960 to use these files, we need to tell the phone where to pull its configuration from. If using the DHCP server from your Linux server, you can modify the <code class="filename">/etc/dhcpd.conf</code> file in order to tell the phone where to pull its configuration from by adding the line:</p><a id="I_programlisting4_tt582"></a><pre class="programlisting">option tftp-server-name "192.168.1.100";</pre><p>which contains the IP address of the server hosting the TFTP server (assuming of course the TFTP server is configured at that address. This is the address we’ve been using for our Asterisk server, and we again assume you’ve installed the TFTP server on the same box as Asterisk). See <a href="asterisk-CHP-4-SECT-7.html#dhcp_server" title="DHCP server">the section called “DHCP server”</a>” for more information about configuring the DHCP server:</p><p> <a id="I_programlisting4_tt583"></a></p><pre class="programlisting">ddns-update-style interim; ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.1.1; <strong class="userinput"><code> option tftp-server-name "192.168.1.100";</code></strong> option ntp-servers pool.ntp.org; option time-offset -18000; range dynamic-bootp 192.168.1.128 192.168.1.254; default-lease-time 21600; max-lease-time 43200; }</pre><p> </p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Tip</h3><p>Alternatively, you can configure from the phone itself to manually use an alternative TFTP server than that given by the DHCP server. To do so, press the <span class="emphasis"><em>settings</em></span> button, (on the G version of the Cisco phones, this looks like a square with a check mark inside of it; G means Global). You will then need to unlock the settings by pressing the 9 key. The default password is <span class="emphasis"><em>cisco</em></span>. Once the phone is unlocked, press the 3 key on the dialpad to enter the Network Configuration. Scroll down to option 32 and set the Alternate TFTP to YES. Then scroll up to option 7 and enter the IP address of the TFTP server you wish to boot from. Accept the settings and back out of the menu until the phone reboots itself. You can also use the <span class="emphasis"><em>*-6-settings</em></span> three finger salute to reboot your phone at any time.</p></div><p>You can watch the phone pull its configuration from the TFTP server by using <code class="literal">tshark</code> (<code class="literal">yum install ethereal</code>). Filter on port 69 using the following command:</p><p><a id="I_programlisting4_tt584"></a></p><pre class="programlisting"># <strong class="userinput"><code>tshark port 69</code></strong></pre><p>You should then be able to watch the network traffic from the phone requesting data from your TFTP server.</p><p>If all goes well, then you should see your phone registered to <a id="I_indexterm4_tt585" class="indexterm"></a><a id="I_indexterm4_tt586" class="indexterm"></a><a id="I_indexterm4_tt587" class="indexterm"></a>Asterisk!</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4120413"></a>Linksys SPA-942</h3></div></div></div><p>Ever since they<a id="ch04_linksys942" class="indexterm"></a><a id="ch04_942" class="indexterm"></a> purchased<a id="I_indexterm4_tt588" class="indexterm"></a> Sipura Technologies, Linksys has been producing a line of economical VoIP telephones and<a id="I_indexterm4_tt589" class="indexterm"></a> <a id="I_indexterm4_tt590" class="indexterm"></a>ATAs (Analog Terminal Adaptors). Linksys has been stealing a lot of business from Cisco. If you have read<a id="I_indexterm4_tt591" class="indexterm"></a> Clayton M. Christensen’s <span class="emphasis"><em>The Innovator’s Dilemma</em></span> (HarperCollins), <a id="I_indexterm4_tt592" class="indexterm"></a>it becomes easier to understand Cisco’s strategy with respect to Linksys.</p><p>Linksys (and Sipura) products are well regarded for their excellent quality, especially relative to their price, but they are also famous for being painfully difficult to configure. This is mostly because their configuration GUI offers hundreds of configurable parameters.</p><p>We don’t care about that. Here’s what you need to know to get an SPA-942 working with your Asterisk system (and, we hope, most other Linksys VoIP devices as well).</p><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4120521"></a>Logging in to the phone</h4></div></div></div><p>The first thing you need to do is get the IP address of the phone so you can log in to the GUI interface. From the phone itself, select the icon that looks like a piece of paper with a dog-eared corner (right below the envelope icon). This is the Settings button, and is shown in <a href="asterisk-CHP-4-SECT-7.html#asterisk-CHP-4-FIG-4" title="Figure 4.4. SPA-942 keypad">Figure 4.4, “SPA-942 keypad”</a>.</p><div class="figure"><a id="asterisk-CHP-4-FIG-4"></a><p class="title"><b>Figure 4.4. SPA-942 keypad</b></p><div class="mediaobject"><a id="I_mediaobject4_tt593"></a><img src="figs/web/ast2_0404.png" alt="SPA-942 keypad" /></div></div><p>To get the IP address of the phone, press the Settings button, followed by 9 (or use directional pad and scroll down to Network). Then press the <span class="emphasis"><em>select</em></span> button (there is a row of 4 buttons under the LCD screen—<span class="emphasis"><em>select</em></span> is the leftmost button). The second field should show you the IP address of the phone.</p><p>Now open your browser, enter the IP address into the address bar, hit Enter, and you will be at the Info screen of the phone.</p></div><div class="sect3" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id4120601"></a>Registering your phone to Asterisk</h4></div></div></div><p>Select the Admin Login link in the upper-right corner of the screen. Once you’ve done this, you will be given several new tabs, such as Regional, Phone, Ext 1, Ext 2, and User.</p><p>Select the Ext 1 tab which will set up our first line. Then make the following menu selections:</p><div class="orderedlist"><ol type="1"><li><p>General → Line Enable → yes</p></li><li><p>NAT Settings → NAT Mapping Enable → no</p></li><li><p>NAT Settings → NAT Keep Alive Enable → no</p></li><li><p>Proxy and Registration → Proxy → enter the IP address of Asterisk <span class="keep-together">(e.g., 192.168.1.100)</span></p></li><li><p>Proxy and Registration → Register → yes</p></li><li><p>Proxy and Registration → Make Call Without Reg → no</p></li><li><p>Proxy and Registration → Ans Call Without Reg → no</p></li><li><p>Subscriber Information → Display Name → Caller ID information</p></li><li><p>Subscriber Information → User ID → 1000</p></li><li><p>Subscriber Information → Password → (leave blank if you’re using the simple configuration from earlier in this chapter)</p></li><li><p>Subscriber Information → Use Auth ID → yes</p></li><li><p>Subscriber Information → Auth ID → 1000</p></li><li><p>Audio Configuration → Preferred Codec → G711u</p></li><li><p>Audio Configuration → Use Pref Codec Only → no</p></li><li><p>Audio Configuration → Silence Supp Enable → no</p></li><li><p>Audio Configuration → DTMF Tx Method → Auto</p></li><li><p>Submit All Changes</p></li></ol></div><p>And that’s it! Your phone should be registered to Asterisk now. You’ll know this because the first lighted line button beside the LCD screen will change from orange to green.<a id="I_indexterm4_tt594" class="indexterm"></a><a id="I_indexterm4_tt595" class="indexterm"></a></p></div></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id4120735"></a>Configuring the Dialplan for Testing</h3></div></div></div><p>In order to allow our phone to <a id="I_indexterm4_tt596" class="indexterm"></a>call other phones (or, if a multiline phone, to call itself), we need to modify the <span class="emphasis"><em>extensions.conf</em></span> file. Building on what we had in <a href="setting_up_dialplan.html" title="Setting Up the Dialplan for Some Test Calls">the section called “Setting Up the Dialplan for Some Test Calls”</a>,” add the following parts to the <code class="literal">[internal]</code> context:</p><p><a id="I_programlisting4_tt597"></a></p><pre class="programlisting">exten => 1000,1,Verbose(1|Extension 1000) exten => 1000,n,Dial(SIP/1000,30) exten => 1000,n,Hangup()</pre><p>If you have two phones, or multiple lines configured, you can duplicate the previous configuration and change the 1000 to the other extension <a id="I_indexterm4_tt598" class="indexterm"></a>name.</p></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id4117935" href="#id4117935">57</a>] </sup>RFC 3261<a id="I_indexterm4_tt507" class="indexterm"></a> is available at <a href="http://www.ietf.org/rfc/rfc3261.txt" target="_top">http://www.ietf.org/rfc/rfc3261.txt</a>. While the document is fairly large, we strongly encourage anyone who wishes to become an Asterisk professional to read at least the first 100 or so pages of this document and to understand how calls are set up, as this knowledge will be imperative when you’re looking at a SIP trace (<code class="literal">sip debug</code> from the Asterisk console) trying to determine why your calls are not getting set up correctly.</p></div><div class="footnote"><p><sup>[<a id="ftn.id4118046" href="#id4118046">58</a>] </sup>An excellent open source SIP proxy is<a id="I_indexterm4_tt512" class="indexterm"></a><a id="I_indexterm4_tt513" class="indexterm"></a> OpenSER, available at <a href="http://www.openser.org" target="_top">http://www.openser.org</a>.</p></div><div class="footnote"><p><sup>[<a id="ftn.id4118104" href="#id4118104">59</a>] </sup>Yes, there are ways to making the media flow directly between the phones once the call is set up. This is done in the <span class="emphasis"><em>sip.conf</em></span> file using either <code class="literal">directrtpsetup=yes </code>(an experimental option allowing the media to be redirected in the initial call setup) or <code class="literal">canreinvite=yes</code> (where media initially goes through Asterisk until a re-INVITE happens, at which point the media can be sent directly between the phones).</p></div><div class="footnote"><p><sup>[<a id="ftn.id4118250" href="#id4118250">60</a>] </sup>The maximum length of a username is 255 characters.</p></div><div class="footnote"><p><sup>[<a id="ftn.id4118654" href="#id4118654">61</a>] </sup>Typically, it’s at 4 A.M. on the morning of a critical 8 A.M. meeting, after having worked all weekend. Red Bull is probably the most popular drink of the Asterisk developers. Dr. Pepper would be a close second. Red Bull, anyone?</p></div><div class="footnote"><p><sup>[<a id="ftn.id4118781" href="#id4118781">62</a>] </sup>FTP is preferred over TFTP due to the ability of a Polycom phone to see timestamps on FTP files. This allows the phone to avoid redownloading configuration files and firmware updates that it already has—thus shortening boot time.</p></div><div class="footnote"><p><sup>[<a id="ftn.id4118921" href="#id4118921">63</a>] </sup>You can get into assigning complex and unguessable passwords for the phones to use, but unless you are going to input the passwords into each phone manually, you’ll have to pass them their FTP username and password from the DHCP server. Any device that can get on the voice network can get the same information from the DHCP server. We’re not telling you to ignore security; just don’t assume that creating separate passwords for each phone is going to improve security.</p></div><div class="footnote"><p><sup>[<a id="ftn.id4119368" href="#id4119368">64</a>] </sup>Actually, it does serve one useful purpose, which is to allow you to log on to a set via a browser and query its configuration.</p></div><div class="footnote"><p><sup>[<a id="ftn.id4119604" href="#id4119604">65</a>] </sup>You can get into assigning complex and unguessable passwords for the phones to use, but unless you are going to input the passwords into each phone manually, you’ll have to pass them their FTP user name and password from the DHCP server. Any device that can get on the voice network can get the same information from the DHCP server. We’re not telling you to ignore security, just don’t assume that creating separate passwords for each phone is going to improve security.</p></div></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="asterisk-CHP-4-SECT-6.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="asterisk-CHP-4.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="I_sect14_tt599.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Configuring an FXS Channel for an Analog Telephone </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Connecting to a SIP Service Provider</td></tr></table></div><div xmlns="" id="svn-footer"><hr /><p>You are reading <em>Asterisk: The Future of Telephony</em> (2nd Edition for Asterisk 1.4), by Jim van Meggelen, Jared Smith, and Leif Madsen.<br /> This work is licensed under the <a href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Attribution-Noncommercial-No Derivative Works License v3.0</a>.<br /> To submit comments, corrections, or other contributions to the text, please visit <a href="http://oreilly.com/catalog/9780596510480/">http://www.oreilly.com/</a>.</p></div></body></html>