Loading Files Securely By Disabling Tftp; Ftp- Or Nfs-Based Provisioning; Provisioning Using Audiocodes Ems - AudioCodes Mediant 3000 User Manual
Gateway & enterprise sbc, family of media gateways & session border controllers
Hide thumbs
Also See for Mediant 3000:
- User manual (1070 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
User's Manual
39.2.6 Loading Files Securely by Disabling TFTP
The TFTP protocol is not considered secure and some network operators block it using a
firewall. It is possible to disable TFTP completely, using the ini file parameter
EnableSecureStartup (set to 1). This way, secure protocols such as HTTPS may be used
to fetch the device configuration.
To download the ini file to the device using HTTPS instead of TFTP:
1.
Prepare the device's configuration file on an HTTPS server and obtain a URL to the
file (e.g., https://192.168.100.53/gateways.ini).
2.
Enable DHCP, if necessary.
3.
Enable SSH and connect to it.
4.
In the CLI, use the ini file parameters IniFileURL (for defining the URL of the
configuration file) and EnableSecureStartup (for disabling TFTP), and then restart the
device with the new configuration:
/conf/scp IniFileURL https://192.168.100.53/gateways.ini
/conf/scp EnableSecureStartup 1
/conf/sar bootp
Note:
EnableSecureStartup to 0 using the CLI. Loading a new ini file using BootP/TFTP is
not possible until EnableSecureStartup is disabled.
39.2.7 FTP- or NFS-based Provisioning
Some networks block access to HTTP(S). The Automatic Update feature provides limited
support for FTP/FTPS connectivity. Periodic polling for updates is not possible since these
protocols do not support conditional fetching, i.e., updating files only if it is changed on the
server.
The only difference between this method and those described in 'HTTP-based
Provisioning' on page
page
623
is that the protocol in the URL is "ftp" (instead of "http").
Notes:
•
Unlike FTP, NFS is not NAT-safe.
•
NFS v2/v3 is also supported.
39.2.8 Provisioning using AudioCodes EMS
AudioCodes EMS server functions as a core-network provisioning server. The device's
SNMP Manager should be configured with the IP address of the EMS server, using one of
the methods detailed in the previous sections. As soon as a registered device contacts the
EMS server through SNMP, the EMS server handles all required configuration
automatically, upgrading software as needed. This alternative method doesn't require
additional servers at the customer premises, and is NAT-safe.
Version 6.8
Once Secure Startup has been enabled, it can only be disabled by setting
624
and Provisioning from HTTP Server using DHCP Option 67 on
39. Automatic Update Mechanism
625
Mediant 3000
Advertisement
Table of Contents
