Cisco Unified IP Phone 7975G with Sipgate

Back in the US I bought two Cisco Unified IP Phones 7975G, one of them I'm unsing as work phone, the second one is for testing and playing around with SIP.

The requirements for a working IP phone are:
1) Voice VLAN on Cisco switches
2) SIP image on IP phone
3) Set option 60 (tftp-server-name) on DHCP server
4) TFTP server with SEPMAC.cnf.xml file
5) Correct parameters for registering in SEPMAC.cnf.xml file
6) Set up firewall ACL for SIP traffic

Cisco Unified IP Phone 7975G

Cisco Unified IP Phone 7975G

For this type of setup you need some understanding of Network, Cisco IOS, Linux DHCP and TFTP server configuration and XML.

Voice VLAN on Cisco switches

On my Cisco core switch I'm using this configuration:


interface Vlan150
  description vlan-150-voice
  ip address n.n.n.n s.s.s.s
  !--- primary DHCP server
  ip helper-address n.n.n.n
  !--- secondary DHCP server 
  ip helper-address n.n.n.n
end
My Cisco access switch learn the VLAN configuration via VTP, therefore I just need to add the voice VLAN to the ports where an IP phone is connected. I'm just using the standard setup from Cisco for their phones:

interface GigabitEthernet1/0/1
  description TESTING-IP-PHONE
  switchport access vlan *****
  switchport mode access
  switchport voice vlan 150
  srr-queue bandwidth share 1 30 35 5
  priority-queue out
  mls qos trust device cisco-phone
  mls qos trust cos
  spanning-tree portfast
  spanning-tree bpduguard enable
  service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

SIP image on IP phone

Before I can use the IP phone with a SIP provider, it must be converted from SCCP to SIP. The convertion process is described on Cisco's website: Converting a Cisco 7940/7960 CallManager Phone to a SIP Phone and the Reverse Process.

Set option 60 (tftp-server-name) on DHCP server

In the next step I set DHCP option 60 (tftp-server-name) in my DHCP configuration file. Please note that I am using DHCP-failover, therefore I have to set it also on my second DHCP server.


subnet n.n.n.n netmask s.s.s.s {
  option broadcast-address n.n.n.n;
  option routers n.n.n.n;
  option domain-name-servers n.n.n.n, n.n.n.n;
  option domain-name "DOMAIN_NAME";
  option ntp-servers n.n.n.n, n.n.n.n;
  option time-servers n.n.n.n, n.n.n.n;
  # IP address of TFTP server
  option tftp-server-name "TFTP_SERVER";
  pool {
    failover peer "dhcp-failover";
    range r.r.r.r r.r.r.r;
  }
}

TFTP server with SEPMAC.cnf.xml file

For the 7975G IP phone I need a SEPMAC.cnf.xml file on the TFTP server. The MAC part of the file name needs to be replaced with the IP Phone's MAC address and should look like:


SEP0000ACAB0000.cnf.xml
I assume for this part that you know how to configure a TFTP server.

Correct parameters for registering in SEPMAC.cnf.xml file

To use the IP Phone with sipgate.de as SIP provider, I set as callManager:


sipPort:         5060
securedSipPort:  5061
processNodeName: sipgate.de
In the sipProfile I set:

backupProxy:        sipgate.de
backupProxyPort:    5060
emergencyProxy:     sipgate.de
emergencyProxyPort: 5060
outboundProxy:      sipgate.de
outboundProxyPort:  5060
registerWithProxy:  true
As line button I use:

featureID:    9
featureLabel: SIPGATE_NAME
name:         SIPGATE_USER
displayName:  SIPGATE_NAME
contact:      SIPGATE_USER
proxy:        USECALLMANAGER
port:         5060
authName:     SIPGATE_USER
authPassword: SIPGATE_PASSWORD
sharedLine:   false
Please note: USECALLMANAGER should not replaced with anything else. SIPGATE_NAME, SIPGATE_USER, SIPGATE_PASSWORD must be replaced with your credentials. If the IP Phones does not register with sipgate.de, it's also worth to wireshark the SIP packages exchanged.

Set up firewall ACL for SIP traffic

Because my firewall must pass SIP traffic for a working IP Phone I set up a simple ACL:

Firewall ACL for SIP IP Phone

Firewall ACL for SIP IP Phone

In the grp.sip-server the public IP address of sipgate.de is in there. SIP with ports 5060 and 5061 is allowed with UDP and TCP.

Search my web site