Tftp; Http - Linksys SPA2102-AU Provisioning Manual

Provisioning Setup

TFTP

TFTP is convenient for managing small deployments of SPA units within an office LAN environment.
It is also useful for in-house preprovisioning of SPAs in preparation for remote deployment. However,
once deployed remotely, HTTP offers greater provisioning reliability, given NAT and router protection
mechanisms.
The SPA is able to obtain a TFTP server IP address directly from the DHCP server through DHCP option
66. If this is done, a Profile_Rule need be configured only with the profile filepath on that TFTP server.
The Profile_Rule provided with the factory default configuration is as follows:
/spa$PSN.cfg
For example, on a SPA2102, this expands to /spa2102.cfg, which means that the unit resyncs to this file
on the local TFTP server, if that is specified via DHCP option 66. Note that the specified filepath is
relative to the TFTP server virtual root directory.

HTTP

The SPA behaves like a browser requesting web pages from any remote Internet site. This provides a
reliable means of reaching the provisioning server, even when a customer router implements symmetric
NAT or other protection mechanisms. HTTP and HTTPS works more reliably than TFTP in remote
deployments, especially when the deployed units are connected behind residential firewalls or
NAT-enabled routers.
As an alternative to HTTPS, the SPA can resync to a configuration profile using HTTP. In this case, a
separate explicit profile encryption can be used to protect confidential information. The SPA supports
256-bit AES in CBC mode to pre-encrypt individual profiles. These encrypted profiles can be
downloaded by the SPA using HTTP without danger of unauthorized use of confidential information in
the configuration profile. This resync mode may be useful to reduce the computational load on the
provisioning server required when using HTTPS for every resync request.
In a small deployment within a single LAN environment, it is common to rely on a simple TFTP server
for provisioning of network devices. Linksys voice devices support TFTP for both provisioning resync
and firmware upgrade operations. TFTP is especially useful for the in-house preprovisioning of a large
number of un-provisioned devices.
Basic HTTP-based SPA provisioning relies on the HTTP GET method for retrieving configuration
profiles. Typically, this means that a configuration file is pre-generated for each deployed SPA, and these
files are stored within an HTTP server directory. When the server receives the GET request, it simply
returns the file specified in the GET request header.
Alternatively, the requested URL can invoke a CGI script (still using the GET method). In this case, the
configuration profile might be generated dynamically, perhaps by querying a customer database and
producing the profile on-the-fly.
In the case of CGI handling resync requests, the SPA also supports the HTTP POST method as a
mechanism to request the resync configuration data. The SPA can be configured to convey certain status
and identification information to the server within the body of the HTTP POST request. The server can
use this information to help generate a desired response configuration file, or store the status information
for later analysis and tracking.
As part of both GET and POST requests, the SPA automatically includes basic identifying information
in the request header, in the User-Agent field. The supplied information conveys manufacturer, product
name, current firmware version, and product serial number.
Linksys SPA Provisioning Guide
1-12
Chapter 1 Provisioning Linksys VoIP Devices
Version 3.0