By far, this was one of the most difficult things I have ever had to deploy. The documentation is poor, and wifi varies so much from company to company. This is by no means the all mighty documentation, and actually looking at Spectralink’s documentation, it is getting much better. This guide is just designed to get you started at a very basic level. This is what I needed to do in the past to get one working on a corporate network. There was actually a specific WiFi SSID used for things like this so it made it easier. But if you have more complex, where things need to be “on-boarded” or white listed, or a certificate used for authentication that gets a little more complex.
There are three steps to doing this
- Creating the configuration file
- Setting up an FTP server to get configurations. If you have ever done the old school Polycom deployment with FTP, this is the exact same thing.
- Configuring the phone through the USB port
- Updating the configuration on the phone
This document assumes that you already have Skype for Business (or Lync) already deployed and working, and that you have configured DHCP options already. I am working on a document on how to make this a little easier than what is already provided by Microsoft (which does all the subnets as a default, mine does it per subnet)
Setting Things up
Before we start, I need to clarify there are four different IP addresses we are going to be working with on this.
- The IP address of the phone when you connect via USB, that is 169.254.1.2
- The IP address of your network interface when you connect your phone via USB, that is 169.254.1.1 (see below for more)
- The IP address of your laptop over your company network.
- The IP address of your management provisioning server. This and the one above could be the same thing if you are only doing a couple of phone and not updating it very often. However in a large deployment you will want a dedicated one.
Connecting your phone to your laptop
- Connect the phone via the USB connector to your laptop and open up the network settings. When you see a network connection like this; USB Ethernet/RNDIS Gadget you are ready to continue.<
- To make it quicker for future reboots set the IP address of that network connection to the following. When setting up FTP on your local machine for initial configuration make sure that FTP is using 192.168.1.1
- IP: 169.254.1.1
- Subnet : 255.255.0.0
- No Gateway, nor DNS
- Open a web browser, either firefox or chome (IE does not work well)
- Go to https://169.254.1.2
- Login as admin password: 456
- Disconnect the USB cable and connect it again to make sure the connection is available, and the Ethernet adapter shows Unidentified network.
Setting up FTP
This involves setting up an FTP Server. I like FileZilla for this, just simple and easy to use. You will need to setup FTP on your local machine and on a provisioning server. We need to do this so we can get the initial configuration, once saved, from your laptop to the phone. Then once the phone has the wifi connection, it will go to the provisioning server for software updates, and other configurations. You only need to the FTP on your local computer for the intital configuration, once you have done that, you will not need it again. It is not recommended to use the USB connection for doing firmware updates. In the instructions I am doing here, I use a central server for doing firmware updates and other configurations so that if the IP address of my laptop changes, I don’t have to touch each phone.
- Make sure the local firewall on your computer allows for port 21 in (FTP)
- You will need to install an FTP server on your local computer. This is how to do it with Filzilla FTP Server from https://filezilla-project.org/
- Create a folder for your FTP files, for example c:\ftp Then create a subfolder called spectralink. You don’t have to create the sub folder, just make sure to update your settings from my documentation.
- Configure filezilla
- The install is straight forward.
- Connect to the Server (in this example I am using port 8080 and not the default. This is configured during setup)
- Under Settings–>Options
- Enable Passive modes settings and set the port range fomr port 8080 to 8080
- Under settings–>ging and Disable logging to file
- Under Users–>eral Click Add
- Create a username Administrator
- Check the box for password and use the password: admin123
- Make sure to check the box Enable account
- Under users–>Shared Folders Add a new Shared Folder (The folder must already exist). Pick a folder under the top level of the root drive, not under a specific user
- In the left window select the directory and in the right select the user Administrator.
- Under files and Directories check all options
You may need to get a copy of the certificate chain used by your APs. You don’t need the cert on the AP itself, just the intermediate and trusted root, and then need to be in a X509. This is pretty easy. Your networking team should be able to tell you the certificate chain you will need. Some will use a public, some will use internal. Non-the-less you will need the certificate chain. In reality you only need up to the common point, this is usually the intermediate. But in general I like to get the entire chain. This is pretty easy from your PC (assuming you push down the certs from your internal PKI, or can get them from a public provider).
- Open Manage computer certficates (certlm.msc)
- expand Intermediate Certificates–>Certficates.
- Find the Certificate Authority you need and open it
- Go to the Path Tab and double click this (the phone will work best if using the root, or top most level certificate)
- Double click that certificate and go to the Details Tab and click copy to file
- Export the file as Base-64 encoded x.509, save them as a .txt file, this will make things easier in the long run.
Take the certficate and put them in the root of your FTP server you created above..
If you open the file with notepad it should look something like this:
You may also need to get any passwords, the SSID to connect to.
Configuring the Phone
Once you have one phone setup, you save the configuration and then just upload the file. if you have not already done so, follow the steps above Connecting your phone to your laptop
Importing the Certificates
Most of the time companies require a certificate chain to be trusted. There is a basic problem however, the phone is wireless, but to get the certs pulled down you have to be on wireless. Well luckily you can import them into the phone. This is the only reason you need the FTP server on your local machine for configuration. Though you may still want FTP for troubleshooting (see below on setting up logging)
- Make sure you have FTP running on your laptop, make sure the FTP server is bound to 192.168.1.2, or all IP addresses, and you have the certs from the previous step in there. It is best to do a ftp to test if you can get the files
- Under Settings–>Network–>TLS add the Root Certificate.
- Under Platform CA 1 Enter the FTP address to the root certificate.: ftp://administrator:email@example.com/spectralink/root.txt
WiFi is configured in so many ways depending on how your company does it. This is the hardest part of the entire process. In this example we are just using WEP. But the process is the same, it is just a matter of getting the correct configuration. A lot of testing was involved, and luckily I was able to find a network guy that could get me the answers easily.
- Under Settings choose network, Wi-Fi
- Under General make the following changes
- Wi-Fi: Enabled
- SSID: <SSID>
- Security: WPA2-Enterprise (or whatever you use)
- Under WPA2-Enterprise make the following changes. Depending on what security modle, the options will be disabled or enabled for certain sections)
- Fast Roaming: CCKM
- EAP Method: EAP-PEAPv0/MSCHAPv2
- Username: <domain\user>
- Password: <password>
- Under Radio make the following changes
- Regulatory Domain: 01
- Under 5GHz-Band make the following changes
- 5Ghz Band: Enable
- Under 2.4GHz-Band make the following changes
- 2.4GHz Band: Enable
Click Save and the phone will reboot. It will take about 30 minutes for the device to connect to wireless for the first time.
Setting Skype specific options and other things
- From the Simple setup, under Base Profile Choose Lync
- The phone will reboot. While the phone is rebooting, unplug the USB port and plug it back in after it has come back up.
Depending on if you have other devices that use provisioning you may want to set the provisioning server to a static entry. Though not recommended, it cans save some time.
- Setting–>Provisioning Server
- Under the Server type Section choose FTP
- for the username, use what you have set for your FTP server, if you go with anonymous leave them blank. The default is PlcmSpIp/PlcmSpIp, however spectalink uses something different administrator\admin123
- Set the boot server to static
- The phone will now reboot.
Exporting the configuration
Once you have WiFi setup and all the other configurations, and you can login to the phone, and skype is working, you can now export the configuration. Then you can simply upload the base file configuration with the USB connection and all set. you can export the configuration so you can easily import it again. Then once you connect to wifi you can then use DHCP options for the phone to get the configuration from an FTP server, or set the DHCP options to static under provisioning server to always use what is set on the phone (more on that later).
- Under Utilities–>Import/Export
- Export the Device Configuration
When you export the configuration, everything will be there, EXCEPT passwords, so if you use WPA, you will need to add that entry in. So in the example configuration above, it is using WPA2-Enterprise, so we need to add the password for that to the configuration file. There is a very easy way to find the setting. This trick is good for figuring out any setting actually.
- Go to the setting you want to change in this case the WPA2-Enterprise Password
- Re-enter the password
- Click on View Modifications. This will bring up a window that shows all the modifications done to the phone
- Edit the exported file (It’s an XML file), I like use XML Notepad 2007 still
- Copy and paste the parameter into the notepad file, in this example it is device.wifi.wpa2Ent.password (the attribute may already be there, but is most likely blank)
- Then you need to tell the phone to set that option, so you need to add device.wifi.wpa2Ent.password.set to a value of 1
- Save that file as 00000000.cfg
Importing the Configuration
Importing the configuration is pretty straight forward. This is good for deploying phone’s general network configurations. Once the phone gets the network connection, it will go to the provisioning server for any other settings, for example firmware updates.
- Under Utilities–>Import/Export
- Browse to the file you just saved and click Import, the phone will reboot
Now assuming that your 000000000000.cfg file is correct, and I would say matches your config file you upload to the phone, you should be all set at this point. The next step is updating the firmware.
Important: I have noticed that if I do several resets of the phone the USB will have issues and I need to unplug it, and plug it back in.
Updating the phone software
This is not super straight forward, you need to create the file for the firmware to download from. Unlike a Polycom phone, Spectralink does not have a public server. You should only update the phone once connected to the network, do not try this over USB. You will also need to download the software from Spectralink, which requires a login. https://support.spectralink.com/ Make sure you download the version for Skype for Business not the SIP version (unless you are provisioning for a SIP service, like CUCM). Once downloaded the file you need is the *.ld file
Auto Update when connected
- Creating the software file in your FTP root, in this example I have it sitting under a subfolder called spectralink : Firmware.txt I use txt files for everything, this way I don’t worry about errors with XML extensions or any other extension type.
- In that file add the following lines: You will need to modify them slightly
- Depending on the version of software the Revision ID, Version, and the .ld file will change.
- The Revision ID can stay the same
- The version you can get by opening up the sip.ver file in the downloaded zip with notepad
- The Path needs to the correct file name for the *.ld file
- Place the *.ld file in the spectralink subfolder
If you want to make the firmware update part of your deployment configuration add the following line into the 000000000000.cfg
Updating the Phone Manually
- Open the webpage for the phone over the wireless IP (remember, you want to update the firmware via wireless)
- From utilities choose Software Upgrade
- Make the Following changes
- for Server Type Select Custom Server
- Under Custom Server address enter the following: ftp://anonymous:anonymous@<server IP Address>/spectralink/Firmware.txt
- Click on Check for Updates
- The drop-down menu will show the current version.
- Click Install. While the phone is rebooting, unplug the USB port and plug it back in after it has come back up.
Setting up Logging
In order to do this you will need to setup FTP on your local machine. Again, FileZilla is a good choice.
- Under settings choose Provisioning Server
- Under Provisioning server make the following changes
- Server Type: FTP
- Server Address: Your IP Address (10.x.x.x)
- Server User: Anonymous
- Server Password: Anonymous (or whatever you set it up in filezilla)
- Under DHCP Menu make the following changes
- Boot Server: Static
- Click Save and the phone will reboot.
- Under Settings Choose Logging
- Under Log File Upload make the following changes
- Upload Period (s): 3600
- Append When Uploading: Enable
- Upload Append Size Limit (Kbytes): 10000
- Upload Append Limit Mode: Delete
- Under Module Log Level Limits make the following changes
- Dot1X: Debug (this will debug wireless)
You can set the level to whatever you want for any modules. It is best to open the documents in wordpad or word, not notepad since it doesn’t understand line breaks. The file is in the FTP root of where you setup filezilla.
- Once you have all the issues resolved, make sure to turn reset Provisioning server back to defaults, specifically the DHCP Option
- Under Provisioning Server
- Server Type: http
- Server Address: <you server IP Address>
- Server User: PlcmSpIp
- Server Password: PlcmSpIp
- Under DHCP Menu, set the Boot Server to Custom+Opt66
- Under Provisioning Server
Here is a link to an EXAMPLE: spectralink-default configuration file. This will help you understand the .set parts and other common things. Also notice the CA Key, there is no ———–Begin Certificate———— nor end.