Avaya 1200 Series IP Phone Configuration Options

15
January 18, 2011
by Michael McNamara in , ,

While working with the Avaya 1220 IP Phones over this past week I discovered a few tricks that I thought I would share with everyone. It can be very difficult and time consuming to troubleshoot configuration issues and the 5 line LCD display makes scrolling through all the configuration options painful to say the least. While working with the provisioning files I recalled that the 1200 series IP phone supports SSH so I logged into the IP phone via  SSH and I found a great little command. prtcfg. This command appears to print the entire configuration of the IP phone. I’ve noticed that the documentation is sometimes lacking so this is a great little resource to not only see how the phone is configured but to see all the available options.

[root@centos ~]# ssh -l admin 192.168.100.99
admin@192.168.100.99's password:

Welcome to Avaya problem determination tool.

You are connected to IP Phone 1220.
HW version: 1800247F9984E9662A
FW version 04.00.04.00
MAC Address = 00247F99FFFF
IP = 192.168.100.99
Type "bye" to exit current shell.
PDT> prtcfg
*********************SYSTEM CONFIG************************
*** SIPdomain1 asterisk.home
***   defUser user1
***   S1 IP: 192.168.1.6
***   S1 Ports: (UDP:5060, TCP:0, TLS:0)
***   S1 Proto: 2
***   S2 IP: 0.0.0.0
***   S2 Ports: (UDP:5060, TCP:0, TLS:0)
***   S2 Proto: 2
*** CONFERENCE_URI: conference@avaya.com
*** ADHOC_ENABLED: 0
*** MAX_ADHOC_PORTS: 0
*** SIPdomain2
***   defUser user2
***   S1 IP: 0.0.0.0
***   S1 Ports: (UDP:5060, TCP:0, TLS:0)
***   S1 Proto: 2
***   S2 IP: 0.0.0.0
***   S2 Ports: (UDP:5060, TCP:0, TLS:0)
***   S2 Proto: 2
*** CONFERENCE_URI: conference@avaya.com
*** ADHOC_ENABLED: 0
*** MAX_ADHOC_PORTS: 0
*** SIPdomain3
***   defUser user3
***   S1 IP: 0.0.0.0
***   S1 Ports: (UDP:5060, TCP:0, TLS:0)
***   S1 Proto: 2
***   S2 IP: 0.0.0.0
***   S2 Ports: (UDP:5060, TCP:0, TLS:0)
***   S2 Proto: 2
*** CONFERENCE_URI: conference@avaya.com
*** ADHOC_ENABLED: 0
*** MAX_ADHOC_PORTS: 0
*** SIPdomain4
***   defUser user4
***   S1 IP: 0.0.0.0
***   S1 Ports: (UDP:5060, TCP:0, TLS:0)
***   S1 Proto: 2
***   S2 IP: 0.0.0.0
***   S2 Ports: (UDP:5060, TCP:0, TLS:0)
***   S2 Proto: 2
*** CONFERENCE_URI: conference@avaya.com
*** ADHOC_ENABLED: 0
*** MAX_ADHOC_PORTS: 0
*** SIPdomain5
***   defUser user5
***   S1 IP: 0.0.0.0
***   S1 Ports: (UDP:5060, TCP:0, TLS:0)
***   S1 Proto: 2
***   S2 IP: 0.0.0.0
***   S2 Ports: (UDP:5060, TCP:0, TLS:0)
***   S2 Proto: 2
*** CONFERENCE_URI: conference@avaya.com
*** ADHOC_ENABLED: 0
*** MAX_ADHOC_PORTS: 0
*** DNSdomain asterisk.home
*** Config version 000005
*** User Config version 000001
*** Language version 000001
*** Image version 000001
*** Tone version 000001
*** Licensing file version 000001
*** User keys version 000001
*** CTL file version 000001
*** Boot version 000001
*** Security Policy version 000001
*** CRL file version 000001
*** Nortel Key version 000001
*** Misc version 000001
*** Service Pack version 000001
*** SIP_PING 1
*** VMAIL 5000
*** VMAIL_DELAY 300
*** BANNER Avaya SIP Client
*** FORCE_BANNER 0
*** DST_ENABLED 1
*** TIMEZONE_OFFSET 0
*** MAX_INBOX_ENTRIES 100
*** MAX_OUTBOX_ENTRIES 100
*** MAX_REJECTREASONS 20
*** MAX_CALLSUBJECT 20
*** MAX_PRESENCENOTE 20
*** DEF_LANG English
*** DSCP_CONTROL 0
*** 802.1P_CONTROL -1
*** DSCP_MEDIA 0
*** 802.1P_MEDIA -1
*** DSCP_DATA -1
*** 802.1P_DATA -1
*** LOG_LEVEL 255
*** RECOVERY_LEVEL 2
*** AUTO_UPDATE 0
*** AUTO_UPDATE_TIME 0
*** AUTO_UPDATE_TIME_RANGE 1
*** DOS_PACKET_RATE 5
*** DOS_MAX_LIMIT 100
*** DOS_LOCK_TIME 20
*** DEF_AUDIO_QUALITY High
*** DEF_DISPLAY_IM NO
*** MAX_IM_ENTRIES 999
*** MAX_ADDR_BOOK_ENTRIES 100
*** ADDR_BOOK_MODE NETWORK
*** IM_MODE DISABLED
*** ADMIN_PASSWORD 26567*738
*** ADMIN_PASSWORD Expiry Time 0
*** ENABLE_LOCAL_ADMIN_UI 1
*** HASHED_ADMIN_PASSWORD 0
*** HASH_ALGORITHM SHA1
*** HOLD_TYPE rfc3261
*** AUTH_METHOD AUTH
*** ENABLE_3WAY_CALL 1
*** DISABLE_PRIVACY_UI 0
*** DIALTONE
*** RINGINGTONE
*** BUSYTONE
*** FASTBUSYTONE
*** CONGESTIONTONE
*** DISTINCTIVE_RINGING 1
*** CALL_WAITING SPEAKER
*** PCPORT_ENABLE 1
*** LLDP_ENABLE 0
*** BLUE TOOTH Disable
*** NAT_SIGNALLING NONE
*** NAT_MEDIA NONE
*** NAT_TYPE NONE
*** NAT_TTL 120
*** STUN_SERVER_IP1 0.0.0.0
*** STUN_SERVER_IP2 0.0.0.0
*** STUN_SERVER_PORT1 3478
*** STUN_SERVER_PORT2 3478
*** USE_RPORT 0

*** VQMON PUBLISH ADDRESS: 0.0.0.0
***   PUBLISH ENABLE: 0
***   LISTENING R ENABLE [0:= No, 1:=Yes]: 0
***   LISTENING R WARNING: 0 [0:= 80]
***   LISTENING R EXECSSIVE: 0 [0:= 70]
***   PACKET LOSS ENABLE [0:= No, 1:=Yes]: 0
***   PACKET LOSS WARNING : 0 [0:= 1]
***   PACKET LOSS EXECSSIVE: 0 [0:= 5]
***   DELAY ENABLE [0:= No, 1:=Yes]: 0
***   DELAY WARNING: 0 [0:= 300]
***   DELAY EXECSSIVE: 0 [0:= 500]
***   JITTER ENABLE [0:= No, 1:=Yes]: 0
***   JITTER WARNING: 0 [0:= 150]
***   JITTER EXECSSIVE: 0 [0:= 500]
***   SESSION_RPT_EN: 0
***   SESSION_RPT_INT: 60
***   VQMON CONFIG BLOCK *** END ***
***
*** TRANSFER_TYPE: rfc3261
*** ENABLE_PRACK: 0
*** ENABLE_UPDATE: 1
*** PROXY_CHECKING: 1
*** REDIRECT_TYPE: MCS
*** MADN_PRIVACY:
*** MADN_TIMER: 1800
*** MADN_DIALOG: 0
*** IM_NOTIFY: 1
*** DISABLE_OCT_ENDDIAL: 0
*** FORCE_OCT_ENDDIAL: 0
*** DISPLAY_CALL_SNDR_IM_KEY: 1
*** FORCE_CFWD_NOTIFY: 0
*** DEFAULT_CFWD_NOTIFY: 0
*** FORCE_TIME_ZONE: 0
*** SNTP_SERVER:
*** SNTP_ENABLE: 0
*** RTP_MIN_PORT: 50000
*** RTP_MAX_PORT: 50100
*** TOVM_SOFTKEY_ENABLE: 0
*** TOVM_VOICEMAIL_ALIAS: transfertovm
*** TOVM_VOICEMAIL_PARAM: mbid
*** AUTOLOGIN_ENABLE: 1
*** SCA_BROADWORKS: 0
*** SCA_LINE_SEIZE_EXPIRES: 15
*** SCA_HOLD_BEHAVIOR: PUBLIC
*** SCA_APPEARANCES: 12
*** MAX_RING_TIME: 0
*** EXP_MODULE_ENABLE: 0
*** PROMPT_ON_LOCATION_OTHER: 0
*** ENABLE_ANSWER_MODE: 0
*** ANSWER_MODE_MAXALLOWADDR: 100
*** ANSWER_MODE_MICMUTE: 0
*** AUDIO_CODEC1:
*** AUDIO_CODEC2:
*** AUDIO_CODEC3:
*** AUDIO_CODEC4:
*** AUDIO_CODEC5:
*** AUDIO_CODEC6:
*** AUDIO_CODEC7:
*** AUDIO_CODEC8:
*** AUDIO_CODEC9:
*** AUDIO_CODEC10:
*** AUDIO_CODEC11:
*** AUDIO_CODEC12:
*** AUDIO_CODEC13:
*** AUDIO_CODEC14:
*** AUDIO_CODEC15:
*** G729_ENABLE_ANNEXB: 0
*** G723_ENABLE_ANNEXA: 0
*** LOGOUT_WITHOUT_PASSWORD: 0
*** ENABLE_SERVICE_PACKAGE: 0
*** SECURE_INCALL_DIGITS: 0
*** AVAYA_AUTOMATIC_QOS: 0
*** REMOTE_CHECK_FOR_UPDATE: 0
*** INTERCOM_PAGING: 0
*** ALPHA_ORDER_LOC_LIST: 1
*** MAX_LOGINS: 1
*** AUTOCLEAR_NEWCALL_MSG: 0
*** E911_USERNAME: anonymous
*** E911_PROXY   :
*** E911_PASSWORD: 123456
*** E911_TXLOC   : INVITE
*** FM_PROFILES_ENABLE: 1
*** FM_LANGS_ENABLE: 1
*** FM_SOUNDS_ENABLE: 1
*** FM_IMAGES_ ENABLE: 1
*** FM_CERTS_ENABLE: 0
*** FM_CONFIG_ ENABLE: 0
*** FM_LOGS_ENABLE: 1
*** PORT_MIRROR_ENABLE: 0
*** LOGSIP_ENABLE: 0
*** MEMCHECK_PERIOD: 86400 secs
*** SIP_UDP_PORT: 5060
*** SIP_TCP_PORT: 5060
*** SIP_TLS_PORT: 0
*** KEEP_ALIVE_TYPE: OS
*** CONN_KEEP_ALIVE: 120
*** REGISTER_RETRY_TIME: 30
*** REGISTER_RETRY_MAXTIME: 1800
*** SECURE_UI_ENABLE: 0
*** LOGIN_NOTIFY: OFF
*** LOGIN_NOTIFY_TIME: 0
*** ENABLE_USB_PORT: Yes
*** USB_MOUSE: UNLOCK
*** USB_KEYBOARD: UNLOCK
*** USB_HEADSET: LOCK
*** USB_MEMORY_STICK: UNLOCK
*** USB_LOCK_OVERRIDE: No
*** ATA_REGION: NA
*** IPV6_ENABLE: 0
*** PREFER_IPV6: 0
*** IPV6_STATELESS: 1
*** SECONDARY_LOGOUT_ENABLE: 0
*** SRTP_ENABLED 0
*** SRTP_MODE BE-2MLines
*** SRTP_CIPHER_1 AES_CM_128_HMAC_SHA1_80
*** SRTP_CIPHER_2 AES_CM_128_HMAC_SHA1_32
*** SSH 1
*** SFTP 0
*** SSHID admin
*** SSHPWD ****
EAPConfigRead - migrating EAP Configuration data from TFFS
Failed to open file /flash0/EAPDATA.DAT
*** EAP DISABLED
*** EAPID1
*** EAPID2
*** EAPPWD ****
*** CA
*** CA_DOMAIN
*** HOST_NAME
*** SFTP_READ_PATTERNS .cfg,.dat
*** SFTP_WRITE_PATTERNS .cfg,.dat
*** DSCP_OAM: 18
*** DSCP_MEDIA_FLASHOVERRIDE: 41
*** DSCP_MEDIA_FLASH: 42
*** DSCP_MEDIA_IMMEDIATE: 44
*** DSCP_MEDIA_PRIORITY: 45
*** SESSION_TIMER_ENABLE: 1
*** SESSION_TIMER_DEFAULT_SE: 1800
*** SESSION_TIMER_MIN_SE: 1800
*** SET_REQ_REFRESHER: 0
*** SET_RESP_REFRESHER: 2
*** HOTLINE_ENABLE: 0
*** HOTLINE_URL: hotline
*** DoD_ENABLE: 0
*** MLPP_NETWORK_DOMAIN: DSN
*** MLPP_PRECEDENCE_DOMAIN: 000000
*** CALL_WAITING_TONE: 0
*** MAX_APEARANCE: 10
*** DISABLE_SPKRPHN: 0
*** CALL_ORIGIN_BUSY: 0
*** SLOW_START_200OK: 0
*** SPEEDLIST_KEY_INDEX: 0
*** SPEEDLIST_LABEL: SDL
*** SCRNSVR_ENABLE: 1
*** SCRNSVR_UNPRTCTD_ENABLE: 0
*** SCRNSVR_UPASS_ENABLE: 0
*** SCRNSVR_MODE: 0
*** SCRNSVR_DELAY: 10
*** SCRNSVR_TEXT: Screensaver active
*** SCRNSVR_IMAGE:
*** MENU_AUTO_BACKOUT: 30
*** LOGIN_BANNER_ENABLE: 0
*** BLF_ENABLE: 0
*** BLF_RESOURCE_LIST_URI:
*** BG_IMAGE_ENABLE: 1
*** BG_IMG_SELECT_ENABLE: 1
*** USE_BG_IMAGE:
*** USER_FILE_ENABLE: 0
*** USER_FILE_PATH: /
*** DEFAULT_ADDRESSBOOK_FILE:
*** DEFAULT_SPEEDDIALLIST_FILE:
*** DEFAULT_CUSTOMKEYS_FILE:
*** TECH_SUPPORT_LABEL:
*** TECH_SUPPORT_ADDRESS:
*** SERVICE_PACKAGE_PROTOCOL: HTTP
*** SELECT_LAST_INCOMING 0
*** MKI_ENABLE: 0
*** ALLOW_EMERGENCY_PRIORITY_HEADER: 0
*** CALLINFO_IMAGE_ENABLE 0
*** maskSectionDwnloaded 0x0
*** SURV_SIP_SVR_ENABLE: 0
*** REG_REFRESH_TIMER:  86400
*** OUTLINEFONT_ENABLE: 1
*** FONTSMOOTH_ENABLE: 0
*** FIPS_MODE: 0
*** LOGINALPHA_ENABLE: 0
*** PROMPT_AUTHNAME_ENABLE: 0
*** KEEPALIVE_RETRIES 3
*** IP_OFFICE_ENABLE 0
*** USE_PUBLISH_FOR_PRESENCE 0
*** FAIL_BACK_TO_PRIMARY 0
*** CONTACT_HDR_PORT_CS1K 0
*********************************************************

I should point out that this command is available for the 1100 and 1200 series IP phones.

Cheers!

Avaya 1100 Series IP Phone Upgrade to SIP

110
January 17, 2011
by Michael McNamara in , ,

Over the past weekend I set out to setup Asterisk, an open source communication server, to test some of the issues reported in a thread over on the discussion forums. I had an Avaya 1120e and 1165e IP phone available to test with, however, both phones were running the UNIStim software for the Avaya Communications Server 1000. I needed to upgrade them to support SIP.

About a year ago I posted how I setup Asterisk to work with an i2002 IP phone utilizing the UNIStim channel driver. This time around I was looking to utilize the standard SIP channel driver with the 1120e and 1165e.

SIP Software

You’ll need to download the SIP software from the Avaya Support website. You should be able to retreive the SIP software from this link without needing to log into Avaya’s website. You should download the software for the appropriate model you’ll be working with. In my case I downloaded the following two files;

  • SIP1120e04.00.04.00.bin
  • SIP1165e04.00.04.00.bin

TFTP Server

You’ll need a TFTP server to host the files that the IP phone will download. You can use any TFTP server you already have on the network. If you don’t have a TFTP server you can use TFTPD32 from Philippe Jounin on any Microsoft Windows XP, Vista or Windows 7 personal computer. I download the zip and exploded the files to D:\Temp.

TFTP Files

With the TFTPD32 software in D:\Temp I then copied the two firmware images (SIP1120e04.00.04.00.bin and SIP1165e04.00.04.00.bin) to the same directory. At this point I needed to create some configuration (provisioning) files which the IP phones would download. The first file 1120e.cfg will be used for the 1120e IP phone;

[FW]
DOWNLOAD_MODE AUTO
VERSION SIP1120e04.00.04.00
FILENAME SIP1120e04.00.04.00.bin
PROTOCOL TFTP
SERVER_IP 192.168.1.3
SECURITY_MODE 0

I also created a file 1165e.cfg that would be used for the 1165e IP phone;

[FW]
DOWNLOAD_MODE AUTO
VERSION SIP1165e04.00.04.00
FILENAME SIP1165e04.00.04.00.bin
PROTOCOL TFTP
SERVER_IP 192.168.1.6
SECURITY_MODE 0

You’ll need to substitute the IP address above (192.168.1.6) with the IP address of the personal computer that will be running TFTPD32. Now that you have all the files you’ll need for the upgrade, you can start the TFTPD32 executable. You should see a window similar to the figure to the right.

Upgrade

You need to make sure that the IP phones know which TFTP server to use. This can be accomplished via DHCP option 66 or it can be set in the device configuration on the actual IP phone itself. I was utilizing the DHCP server built into my Verizon FiOS router so I had to set the TFTP server manually via the IP phone configuration.

When you are ready just reboot the phone. As the IP phone boots up it will request an IP address from the DHCP server and it will check the TFTP serve. The IP phone should download the 1120e.cfg (or 1140e.cfg of 1165e.cfg depending on the model). Once the phone realizes there is a software update it will boot into BOOTPC mode in order to perform the actual upgrade.

You should see something similar to the following;

[FW] reading...
SIP1120e04.00.04.00.bin
VERSION SIP1120e04.00.04.00

Shortly followed by;

[FW] writing...
SIP1120e04.00.04.00.bin
VERSION SIP1120e04.00.04.00

Once the upgrade is complete the IP phone should reboot. I will warn you that you should I’ve seen some odd behavior between the settings on the IP phone and the settings that should be applied via the provisioning files. There have been a few cases where I needed to reconfigure the IP phone even though it appeared to be configured properly. In the few cases I’ve experienced reconfiguring the IP phone solved the problem.

Once the 1100 series IP phone is upgraded to SIP it will start looking for a new configuration file, 1120eSIP.cfg (or 1140eSIP.cfg or 1165eSIP.cfg depending on your model). Here’s a quick example;

[FW]
DOWNLOAD_MODE AUTO
VERSION SIP1120e04.00.04.00
FILENAME SIP1120e04.00.04.00.bin
PROTOCOL TFTP
#SERVER_IP 192.168.1.3
#SECURITY_MODE 0

[DEVICE_CONFIG]
DOWNLOAD_MODE FORCED
VERSION 000002
FILENAME users.dat

[DIALING_PLAN]
DOWNLOAD_MODE FORCED
VERSION 000002
FILENAME dialplan.txt

Here’s a copy of the users.dat file which gets called from the 1120eSIP.cfg file above;

DNS_DOMAIN asterisk.home
SIP_DOMAIN1 asterisk.home
SERVER_IP1_1 192.168.1.6
SERVER_PORT1_1 5060
SERVER_RETRIES1 3
DEF_USER2 ASTERISK
VMAIL 5000
VMAIL_DELAY 300
DEF_LANG English
DEF_AUDIO_QUALITY High
ENABLE_LLDP YES
ADMIN_PASSWORD 26567*738
ADMIN_PASSWORD_EXPIRY 0
# Settings to disable extended license
MAX_LOGINS 1
USB_HEADSET LOCK
EXP_MODULE_ENABLE NO
ENABLE_SERVICE_PACKAGE NO
IM_MODE DISABLED
AVAYA_AUTOMATIC_QoS NO
VQMON_PUBLISH NO
SIP_TLS_PORT 0
ENABLE_BT NO
# Enable SSH
SSH YES
SSHID admin
SSHPWD admin

The settings above disable any advanced features and allow the IP phone to run a basic SIP configuration.

Cheers!

Internet Safety at Home and Protecting your Identity

2
January 16, 2011
by Michael McNamara in

I’ll start by admitting that this topic probably won’t interest 99% of the audience I generally draw to this blog but I’ve personally encountered a number of situations recently where I thought I would at least try and do my part to educate and inform the masses on how they should be protecting their identity and securing their home personal computers.

In the past three months I’ve made several house calls for both neighbors and friends for various PC related problems and in every circumstance I found at least one personal computer with both expired AntiVirus software and uninstalled security updates. One PC I came across was so infected and unreliable that the only solution was to format the hard disk and reinstall the operating system.

Anti-Virus

I can’t stress enough how important it is to have an up-to-date AntiVirus solution running on your personal computer. When I asked a few of the individuals why they hadn’t renewed the AntiVirus subscription they told me basically two answers, 1) they didn’t want to spend the $40 to renew or 2) they just hadn’t found the time to do it.  I realize money is tight for everyone these days with the economy and all but there are free solutions out there if your budget is tight;

I’ve used both AVG and Microsoft’s Security Essentials and both get the basic job done. I’m currently running Microsoft Security Essentials on all of my testlab machines (some virtual). MSE is very easy on resources so it’s great for older, slower PCs yet provides you that basic protection. If your looking to step up from the free solutions I would suggest either of the following;

I’m personally using Kaspersky Internet Security on three personal computers within my household. I believe both products are licensed to allow you to install the software on three different personal computers. You can also purchase multi-year subscriptions which provides additional savings. You can often find either solution on-sale at your local Best Buy at an even better price but for at most $70/year you can protect upwards of three personal computers.

Security Updates

You need to keep your software up-to-date to avoid falling victim to some of the latest Internet threats.

If you’re an Apple customer let’s not forget about all the potential security updates for Mac OS, QuickTime, Safari,  iTunes, etc.

Phishing Scams (SPAM)

Phishing is a scam in which the attacker sends an email purporting to be from a financial or other official institution. The email will often contain links to fraudulent websites which look legitimate to the everyday user, however, the purpose of the website is to capture the victims sensitive financial information such as their username, password, bank PIN number, their Social Security number, mother’s maiden name, etc. This information is then surreptitiously sent to the attacker who then uses it to engage in credit card and bank fraud or outright identity theft. Other phishing scams may ask to you to reply with sensitive confidential information. In all of this the email messages usually appear to be quite legitimate.

You should never provide your username, password, credit card number, PINs, or other sensitive information via email. If you receive an email message from any institution make sure the link in the URL is actually from a legitimate domain. I’ve seen numerous phishing scams where users happily reply with their username and password giving the attackers “the keys to the kingdom”.

Is there any real danger?

Yes, the dangers of identity theft, theft and fraud are real. Virus’s and trojans are no longer just annoyances written by hackers looking for bragging rights and publicity. Real world criminals are utilizing virus’s and trojans to steal identities, personal information and in growing cases user credentials to commit theft and fraud. Take the case of United Shortline Insurance Service Inc. of Michigan which lost $150,000.00 back in February 2010 when a personal computer used by the firm’s controller had been infected with ZeuS, a highly sophisticated banking Trojan that steals passwords and allows criminals to control infected hosts remotely.

Conclusion

With the growth of the Internet and online banking criminals are themselves turning to the Internet finding new ways to make/steal money. I have no doubt that almost everyone reading this probably locks their doors every night to keep any unwanted intruders out, are you doing the same for your personal computer?

References

I recently purchased a Sandisk Cruzer 4GB flash drive which including the following documents. I thought they did a pretty good job of articulating all the major points in a concise manner for the common user.

Help Keep Families Safer Online
Protecting Tweens and Teens on the Internet
Protecting Yourself from Identity Theft on the Internet
Top Tips for Internet Safety at Home

If you are looking for additional information I suggest you visit either of the following sites;

http://www.microsoft.com/protect/
http://www.staysafeonline.org/

Cheers!

Go to Top