Register J100 Series SIP Handset to Avaya IP Office – Internal & External - Using Domain, FQDN and TLS with certificates

Register J100 Series SIP Handset to Avaya IP Office – Internal & External - Using Domain, FQDN and TLS with certificates

CommsPlus Distribution


Register J100 Series SIP Handset to Avaya IP Office - Using Domain, FQDN and TLS (with certificates)


Program Avaya IP Office System


System, System Tab


Use Preferred Phone Ports can be enabled if you require, this will mean you will need to use the port 411 to access the 46xxsettings.txt file of the system (this is referenced later in the document) 

It also means port 443 is not required to be used for port forwarding


Messaging Server should be set to Avaya Spaces (to allow instant messaging to be stored in Avaya Spaces)


Graphical user interface, applicationDescription automatically generated



System LAN1, VoIP Tab: SIP Registrar Enable  ticked


System LAN1, VoIP Tab: SIP Remote Extn Enable  ticked


System LAN1, VoIP Tab: SIP Domain Name - The entry should match the domain suffix part of the SIP Registrar FQDN below, for example, company.com.au 

(If the domain resolves to a different public IP address to the FQDN then enter the FQDN in the SIP Domain Name, for example avaya.companyname.com.au)


System LAN1, VoIP Tab: SIP Registrar FQDN - This is the SIP registrar fully qualified domain name, for example, avaya.companyname.com.au, to which the SIP endpoint should send its registration request. This address must be resolvable by DNS to the internal IP address of the Avaya phone system and resolvable by DNS to the external IP address of the router that uses the same public IP address programmed in the Avaya phone system (this router will also contain the port forwarding to the Avaya phone system IP address)


System LAN1, VoIP Tab: UDP – enabled – set UDP Port to 5060 and Remote UDP Port to 5060


System LAN1, VoIP Tab: TCP – enabled – set TCP Port to 506and Remote TCP Port to 5060


System LAN1, VoIP Tab: TLS – enabled – set TLS Port to 5061 and Remote TLS Port to 5061


Graphical user interface, textDescription automatically generated




System LAN1, VoIP Tab: RTP Port Number Range - Minimum 46750, Maximum 50750


System LAN1, VoIP Tab: Port Number Range (NAT) – Minimum 46750, Maximum 50750


System LAN1, VoIP Tab: Enable RTCP Monitoring on Port 5005 – Enabled


System LAN1, VoIP Tab: Scope – RTP-RTCP


System LAN1, VoIP Tab: Initial Keepalives – Enabled


System LAN1, VoIP Tab: Periodic Timeout - 5


Graphical user interface, textDescription automatically generated


NOTE

As port 5060 is a default port, if you were to open port 5060 and port forward on the router to the Avaya phone system, you will receive registration requests from hackers. A suggestion would be to change the port 5060 UDP and TCP for both local and remote to a different port number (example 5066) be aware that if this was done after existing SIP phones (J Series and IX Workplace would need to be reset to default to connect to the system using the new port 5066 if previously using port 5060)


NOTE

The RTP Port Number Range can be changed if required

If changed then any existing port forwarding of the original range will also need to be changed to match the new range

RTP ports are used for voice traffic (2 ports from the range are used at random when a call is established for inbound/outbound voice traffic)



System LAN1, Network Topology Tab: STUN Server Address - IP Address of STUN Server 0.0.0.0


System LAN1, Network Topology Tab: Firewall/NAT Type – One-To-One NAT


System LAN1, Network Topology Tab: Binding Refresh Time (seconds) – 0


System LAN1, Network Topology Tab: Public IP Address – Customers Public IP Address


System LAN1, Network Topology Tab: Stun Port: 19302


System LAN1, Network Topology Tab: Public Port UDP – 5060 (this will be blanked out)


System LAN1, Network Topology Tab: Public Port TCP – 5060 (this will be blanked out)

System LAN1, Network Topology Tab: Public Port TCP – 5061 (this will be blanked out)


Graphical user interface, textDescription automatically generated


NOTE

A STUN server might be required on some networks. In our example we are not using a STUN Server Address and the Firewall/NAT Type is One-To-One NAT which means the internal port and external ports are the same

If you would like to use different ports for internal and external, then another Firewall/NAT Type would need to be selected to allow the external (Public Ports) to be configured




System, VoIP, VoIP Security: Set Media Security to Preferred


Graphical user interface, text, applicationDescription automatically generated



Create User


User, User Tab: Name – Enter Username


User, User Tab: Password – Enter Password (this password will be used by IX Workplace Softphone)


User, User Tab: Account Status – Enabled


User, User Tab: Full Name – Enter Full Name


User, User Tab: Extension – Enter Extension Number


User, User Tab: Email Address – Enter Email Address


User, User Tab: Profile – Power User (confirm the boxes are ticked as they show below)


Graphical user interface, text, application, emailDescription automatically generated


User, Telephony, Supervisor Settings Tab: Login Code – Enter Login Code and Confirm Login Code


Graphical user interface, text, applicationDescription automatically generated


Tick Reserve Last Call Appearance


Graphical user interfaceDescription automatically generated


Confirm there are a minimum 3x Appearance buttons


Graphical user interface, application, tableDescription automatically generated




User, SIP Tab: SIP Name - Enter the telephone number to display on outbound calls


User, SIP Tab: Contact - Enter the telephone number to display on outbound calls


Graphical user interface, text, application, emailDescription automatically generated


Select OK to create the user





Create SIP Extension


Once the User has been created, if prompted

Create a SIP Extension

Enter the Phone Password to match the User Login Code

Select OK


Graphical user interface, text, applicationDescription automatically generated


Extension – Check and confirm there is a SIP Extension created to match the Users extension number


If not, then create a SIP Extension

Set the Base Extension number to match the User extension number

Set the Phone Password to match the User Login Code

Select the VoIP tab and Disable Allow Direct Media Path


TableDescription automatically generated with medium confidence


Graphical user interface, text, applicationDescription automatically generated


Select OK to create the Extension




Save Configuration and Reboot the System


Select File, Save Configuration

Select Immediate (to save and restart the system immediately) or When Free (to save and restart the system when all calls and lines are not in use)


Graphical user interface, text, applicationDescription automatically generated






Creating a Self-Signed Avaya Certificate


In Manager

Select File, Advanced, Security Settings

Select the system and login


Select System, Certificates Tab

Select Regenerate


Graphical user interface, text, application, emailDescription automatically generated



Set the Default Subject Name as the system name, example HarryIP500v2

Set the Subject Alternate Name(s) FQDN, Domain, InternalIP, PublicIP


Example: DNS:avaya.companyname.com.au, DNS:companyname.com.au, IP:192.168.86.200, IP:159.121.42.241


Select OK on the Regenerate Certificate window

Graphical user interface, text, application, emailDescription automatically generated


Select FileSave Security Settings

Select File, Close Security Settings

Select File, Open

Select the system and login


Select System, Certificates Tab the Issue To: will display the subject name

Graphical user interface, text, application, emailDescription automatically generated


J1XX Series Handset Registration

Connect the J Series handset to the network the Avaya LAN is connected to (power via PoE or power adaptor)

When prompted select No to “Allow Auto Provisioning” 

A screenshot of a video gameDescription automatically generated with medium confidence

Select Admin, enter the access code CRAFT (27238), select Enter. Scroll down and select Reset to Defaults, then select Reset when it shows Clear and Reset phone

A screenshot of a video gameDescription automatically generated with medium confidenceA screenshot of a video gameDescription automatically generated with medium confidence 

A screenshot of a video gameDescription automatically generated with medium confidence

Wait till the handset reboots and when prompted select No to “Allow Auto Provisioning”

The handset will obtain IP address details from the local DHCP server (see below if you need to program this manually)


When prompted to enter the File Server Address / provisioning Details, select OK (middle button on phone)


Enter the FQDN and port 411 (example: https://FQDN:411)

Select Save (if the handset can reach the 46xxsettings file the phone will restart)

If it fails, then the phone cannot reach the 46xxsettings file and you will need to test access to the 46xxsettings file using a browser of a PC onsite. https://FQDN:411/46xxsettings.txt

Graphical user interfaceDescription automatically generatedA picture containing graphical user interfaceDescription automatically generated 







The handset will reboot and upgrade firmware if required, 

Then prompt for the Username (extension number) 

And

Password (login code)

Enter Extension Number and Login Code and select Enter

A picture containing diagramDescription automatically generatedDiagram, textDescription automatically generated


Confirm the screen shows the correct extension name and number and the button programming is correct



NO DHCP Server on Network

If no DHCP server is available on the network, select Admin and enter the passcode CRAFT and OK

Select IP Address and Ethernet IPv4, Disable Use DHCP

Statically Assign the below

Phone IP

Gateway IP

Mask IP

Save and Exit. The handset will reboot

Wait till the handset reboots and when prompted select No to “Allow Auto Provisioning”

Follow steps above for configuring the File Server Address


Troubleshooting


Delete the 46xxsettings.txt File (manually configure 46xxspecials.txt file if required)


The 46xxsettings file is auto generated by the IP Office 500v2 system as default

It contains the details of the system programming


In Manager

Select File, Advanced, Embedded File Management

Select the system and login

Select System SD, SYSTEM, PRIMARY

Check the files in the Primary folder and confirm there is not one named 46xxsettings

If there is a 46xxsettings file, then download the file first, then delete the file 


NOTE

Systems on older versions had this file as default

The file could have been created and programmed with manual settings on an existing system


If this file is in the Primary folder, it will be used instead of the auto generated file


This will mean the details in the system programming (such as SIP Domain and FQDN) will not be reflected in this 46xxsettings file unless the file has been manually updated to reflect the new programming


It is recommended to delete the 46xxsettings file from the Primary folder


Any manual settings that were in the deleted 46xxsettings or any manual settings required can be added to the 46xxspecials file


The command GET 46xxspecials.txt appears as the last line of the auto-generated 46xxsettings.txt file requested by phones, which means phones will check this file for any manual settings


The 46xxspecials.txt file needs to be manually created and then placed in the Primary folder


To obtain an example, you can browse to http://AvayaLocalIPAddress/46xxspecials.txt to obtain an empty file.

Save and edit that file with the manual settings required before uploading it back to the Primary folder


Graphical user interface, applicationDescription automatically generated





Check 46xxsettings.txt File


Browse to http://AvayaLocalIPAddress/46xxsettings.txt


Confirm the first line has the correct details and is AUTOGENERATED


## IPOFFICE/11.1.1.1.0 build 18 192.168.86.200 AUTOGENERATED



Confirm the details in the below settings are correct


# SIPXAUTOGENERATEDSETTINGS

IF $SIG_IN_USE SEQ H323 GOTO 96X1AUTOGENERATEDSETTINGS

SET RTP_PORT_LOW 46750

SET RTP_PORT_RANGE 4002

SET TLSSRVRID 1

SET ENABLE_G711A 1

SET ENABLE_G711U 1

SET ENABLE_G729 1

SET ENABLE_G722 0

SET ENABLE_G726 0

SET ENABLE_OPUS 0

SET DTMF_PAYLOAD_TYPE 101

SET SIPDOMAIN avaya.companyname.com.au

SET ENFORCE_SIPS_URI 0

SET DSCPAUD 46

SET DSCPSIG 34

SET TLSSRVR 159.121.42.241

SET TLSPORT 411

SET HTTPPORT 80

SET TRUSTCERTS WebRootCA.pem

SET COUNTRY Australia


# STIMULUSPHONECOMMONSETTINGS

SET SIP_CONTROLLER_LIST 192.168.86.200:5061;transport=tls

SET FQDN_IP_MAP "avaya.companyname.com.au=192.168.86.200"

SET AUTH 0

SET MEDIA_PRESERVATION 1

SET PRESERVED_CONNECTION_DURATION 120

SET MEDIAENCRYPTION 9



# EQNXAUTOGENERATEDSETTINGS

SET AUDIO_DEVICE_CALL_CONTROL_ENABLED 1

GOTO NONAUTOGENERATEDSETTINGS

# EQNXIOSSPECIFICSETTINGS

SET PUSH_NOTIFICATION_ENABLED 1

SET TELEPHONY_PUSH_NOTIFICATION_SERVICE_URL "https://avaya.companyname.com.au:411/PushNotification"