Introduction
The Avaya J-100 phone Series of SIP Phones provides a PoE enabled Gigabit ethernet interface and supports SIP communication to the UCX including the use of sRTP for media encryption. A variant of this phone adds on-hook security options to make it ideal for secure communications environments. The phones also provide superior audio quality with the amplified handsets and customization with low power requirements in a Session Initiation Protocol (SIP) environment.
J100 models
J139
J159
J169
J179
J189
Supported Functions
The Avaya SIP phone when registered to the UCX supports basic phone functions including message waiting indication. Advanced phone features are not supported, for example: Contact list, Speed dial, History, Paging, Auto answer, Forward button, etc.
This document focuses on the configuration of the sRTP capability from the Web Admin GUI of the J-100 SIP telephone and the corresponding UCX configuration. For any additional configuration of J-100 capabilities such as VLANs, DHCP options and other basic network functions refer to Avaya’s document for Installing and Administering Avaya J100 Series IP Phones.
Pre-Requisites
In order to use the Avaya J-100 Series telephone, you will need
- An E-MetroTel Universal Extension license for each J-100 Series device.
- UCX Release 7.0 or higher
- An installed DTLS Certificate on the UCX
- A copy of the UCX DTLS certificate downloaded to your PC
Configuration Process
Configure the UCX
Completing the UCX configuration first will prevent the UCX IP Block List functionality from blocking login requests from the subnet of the J-100 Series phone because of a series of unexpected login requests until the SIP credentials are set on the UCX.
- Open UCX Administration
- Navigate to the PBX / Settings /SIP Settings page
- Add the following values to the Other SIP Settings section at the bottom of the page:
- tlsenable = yes
- tlsbindaddr = 0.0.0.0 (if using an Galaxy appliance) Or tlsbindaddr = 0.0.0.0:5960 (if using UCX Cloud)
- tlscertfile = /var/lib/asterisk/keys/ucx.pem
- tlscafile = /var/lib/asterisk/keys/ca.crt
Configure the UCX SIP Extension(s)
For each SIP extension that requires security:
- Create the SIP Extension (refer to Adding a SIP Extension)
- In the Device options of the Extension configuration page, set the following values:
- Transport = TLS Only
- Enable Encryption = Yes (SRTP only)
Configure the J-100 Series phone (J139, J159, J169, J179, J189)
Enable the phone’s Web Admin GUI
- When the phone has powered on, say No to the Auto Provisioning screen.
- Press the Admin softkey
- Enter the passcode (default is 27238 which spells craft on the key pad)
- Scroll to the bottom of list to the Web Server entry and press the Select softkey
- Use the left-right keys to set the Web Server to On
- Press the Save softkey
- Press the Back softkey and the phone will restart
- Once the phone has re-booted and you know the IP address of the phone proceed to step 11.
- Press the center button of the phone twice
- The second line of the display will show the phone’s IP address
- Now you are able to access the phone’s Web GUI interface
Access the phone’s Web Admin GUI
- Launch a web browser pointing to the IP address of the phone
- Enter the username and password for the Web GUI. (default values are admin and 27238)
- If this is the first time logging in to the phone, it will prompt for a new password
- Navigate to the appropriate GUI page and set it to a value you wish to use.
- In the Environment Setting / Environment Setting section,set the following values:
- Aura Environment = Disable
- Discover AVAYA Environment = Disable
- IP Office Environment = Disable
- 3PCC Environment = Enable
- 3PCC Server Mode = Generic
- In the Management / Device Enrollment Service section,set the following values
- DES Discovery = Disable
- In the Management / Plug and Play (PNP) Provisioning section,set the following values
- PNP Configuration = Disabled
- In the Network / Advanced section,set the following values
- TLS = “Only 1.2”
- In the Certificates / Trusted certificates Configuration / Trusted Certificate / Import section, import /select the ca.crt file you downloaded from the UCX in the pre-requisite section above
- In the Certificates / Trusted certificates Configuration / Trusted Certificate / Match Identity to Trust Certificate section set the value to No
- Navigate to the Settings / Avaya Spaces / Spaces Access Mode (you may need to click on the Expand All button at the top of the page to access this)
- In the IP configuration / IP Version section, set the following:
- IP Mode = IPv4 only
- Note that if you press SAVE after changing this value, and the phone will immediately reboot
- Navigate to the SIP / SIP Global Settings and set the following:
- SIP Domain = UCX IP address
- Enable PPM = No
- Proxy Policy = Manual (use Phone Admin…))
- SIP Proxy Server = UCX.IP.Address:5061;transport=tls (if using an Galaxy appliance) Or = UCX.IP.Address:5961;transport=tls (if using UCX Cloud)
- Number of proxy server to register simultaneously = 1
- Authentication User ID Field = enabled
- Registration Interval = 120 (WHATEVER YOU PREFER)
- Navigate to the SIP / Codecs and DTMF
- OPUS = Disable
- G.726 = Disable
- Navigate to the SIP SRTP
- Media Encryption = aescm128-hmac80
- Encrypt RTCP = Yes
- Press SAVE after before proceeding
- Navigate to the SIP / SIP Account
- Display Name = Extension Number
- SIP user ID = Extension Number
- Authentication User ID = Extension Number
- Password = Phone Secret from UCX GUI configuration page
- Press the Login button