Cisco Systems 186 Manual De Usuario
3-11
Cisco ATA 186 and Cisco ATA 188 Analog Telephone Adaptor Administrator’s Guide (SIP)
OL-3410-01
Chapter 3 Configuring the Cisco ATA for SIP
Configuring the Cisco ATA Using a TFTP Server
Command Output
ata0a141e28323c
Note
The same functionality is available from the voice configuration menu (voice menu code 84#), which
will announce the Cisco ATA profile name.
will announce the Cisco ATA profile name.
Using the EncryptKey Parameter and cfgfmt Tool
The EncryptKey parameter encrypts binary files being transferred over TFTP. You can change this key
for each Cisco ATA, so that only one specific Cisco ATA can decode the information.
for each Cisco ATA, so that only one specific Cisco ATA can decode the information.
By default, the Cisco ATA-specific ata<macaddress> configuration file is not encrypted. If encryption
is required, however, you must manually configure the EncryptKey parameter before you boot up the
Cisco ATA so that the TFTP method is secure. Use either the voice configuration menu (see the
is required, however, you must manually configure the EncryptKey parameter before you boot up the
Cisco ATA so that the TFTP method is secure. Use either the voice configuration menu (see the
) or the Cisco ATA web configuration page (see the
) to configure the EncryptKey parameter.
Note
Because the factory-fresh ATA cannot accept encrypted configuration files, the first unencrypted file, if
intercepted, can easily be read. (You would still have to know the data structure format in order to
decode the binary information from the unencrypted file.) Therefore, the new encryption key in the
unencrypted file can be compromised.
intercepted, can easily be read. (You would still have to know the data structure format in order to
decode the binary information from the unencrypted file.) Therefore, the new encryption key in the
unencrypted file can be compromised.
Set the EncryptKey parameter to a nonzero value. When this value is nonzero, the Cisco ATA assumes
that the binary configuration file on the TFTP server is to be encrypted with this key by means of the
RC4 cipher algorithm. The Cisco ATA will use this key to decrypt the configuration file.
that the binary configuration file on the TFTP server is to be encrypted with this key by means of the
RC4 cipher algorithm. The Cisco ATA will use this key to decrypt the configuration file.
The Cisco ATA EncryptKey parameter and the encryption key used in the cfgfmt tool command syntax
must match.
must match.
Note
For security reasons, Cisco recommends that you set the UIPassword parameter (if desired) in the
configuration file and not by using one of the manual configuration methods.
configuration file and not by using one of the manual configuration methods.
The cfgfmt.exe syntax affects how the EncryptKey parameter is used, as shown in the following
examples. In these examples, input_text is the ata<macaddress>.txt file that you will convert to binary
to create the ata<macaddress> configuration file for the Cisco ATA; output_binary is that binary
ata<macaddress> file, and Secret is the encryption key.
examples. In these examples, input_text is the ata<macaddress>.txt file that you will convert to binary
to create the ata<macaddress> configuration file for the Cisco ATA; output_binary is that binary
ata<macaddress> file, and Secret is the encryption key.
Syntax examples
•
cfgfmt
-tpTagFile
input-text-file output-binary-file
If input-text-file sets the Cisco ATA EncryptKey parameter to 0, then output-binary-file is not
encrypted. If the input-text-file sets EncryptKey to a non-zero value, then output-binary-file is
encrypted with that value.
encrypted. If the input-text-file sets EncryptKey to a non-zero value, then output-binary-file is
encrypted with that value.
•
cfgfmt -eSecret
-tpTagFile
input-text-file output-binary-file
If the Cisco ATA EncryptKey parameter has the value of 0 or is not included in input-text-file, the
Secret is used to encrypt the output-binary-file. If input-text-file sets the Cisco ATA EncryptKey
parameter to a nonzero value and the -e option is used, then output-binary-file is encrypted with the
EncryptKey parameter set in input-text-file and Secret is ignored.
Secret is used to encrypt the output-binary-file. If input-text-file sets the Cisco ATA EncryptKey
parameter to a nonzero value and the -e option is used, then output-binary-file is encrypted with the
EncryptKey parameter set in input-text-file and Secret is ignored.