Standalone Cisco 7941/7961 without a local PBX

Business SIP Providers
Provider Plan Details Monthly Rate *
Vonage Business SIP Trunking
  • One provider & nationwide coverage
  • Easily integrated into your existing infrastructure
  • More uptime, flexibility and disaster recovery options
$25.00
Details
GoTrunk Ultimate SIP Trunking Solution
  • Free trial
  • No contract
  • Quality control
$0.00
Details
Business PBX Solutions
Provider Solution Details
Bicom VoIP Become an ITSP Now!
  • Become a serious competitor in VoIP Immediately
  • FULL Consultancy, Installation, Training & Support
  • Sell Hosted IP PBXs, Biz Lines, Call Centre
  • Turnkey Provisioning at your data center
Details
3CX Software PBX for Windows
  • Windows Software Solution
  • Easy to Install and Manage
  • Auto Configures Phones & Trunks
  • Android, iOS, Windows & Mac clients
Details
This subject would not be worthy of its own page for most phones, but there are enough caveats and workarounds for these UAs that others may benefit from shared experience. Note that US part numbers are used throughout this write up.

Most of these caveats also apply to the 7945/7965 (the newer models with backlit color LCDs). See also: Standalone Cisco 7945/7965.

An additional set of configs etc have been posted here: Standalone Cisco 7941/7961 without a local PBX - Another

As Cisco has not yet documented the XML configuration file format for 79x1 phones, the best source of documentation is on the Asterisk phone cisco 79x1 xml configuration files for SIP page. This write up is a supplement, rather than a replacement. Some other good sources of information:

Motivation

  • Familiar office phone interface at home
  • Officially brighter future and higher resolution display than 79x0
  • Has a dynamic jitter buffer for SIP, something Asterisk (currently) has only for IAX
  • Potential integration with CallManager extranet (untested)
  • Compatible with widely available headsets
  • Support standard 803.af "Power Over Ethernet" (POE), whereas 79x0 only support a proprietary pre-standard POE variant

Planning

Model

The 7941G has two line buttons, the 7961G has six. Line buttons are configurable as outgoing SIP channels ("SIP lines") or as configurable speed dial buttons. Both models appear to support three simultaneous SIP streams/channels/calls

Finding the correct part


IANAL, but it is technically possible to use a "spare" part (e.g. CP-7961G=) rather than the part that includes the software license (e.g. CP-7961G-CH1). There is a difference of opinion on the Internet as to when the license is required, but Voiplink.com claims (Syburgh: I neither purchased from, nor have any affiliation with them):

The spare "CP-79xxG=" parts come with the phone, corded handset, English language stickers, cardboard box, and miscellaneous warranty/safety papers. They DO NOT include a power adapter, network cable, or SMARTnet contract.

Q. Do I need a Call Manager License to operate the phone with another IP PBX such as Asterisk?
A. No you only need a license to operate the phone with Call Manager or Call Manger Express. Licensing is the responsibility of the customer.

There appear to be many unscrupulous suppliers who "remark" spares as more expensive licensed phones and charge for the licensed model, beware: Exposing the Cisco Call Manager License Scam.

Power

The phone does not come with a power adapter, so unless you have a POE capable switch you will need either an external power brick that plugs into the phone's power jack (e.g. CP-PWR-CUBE-3=) or a "midspan" 803.af power injector (e.g. PowerDsine PD-3001) that delivers power through the Ethernet cable. POE offers a single cable solution, but may potentially result in lower audio quality (most corporate installations of these phones use POE). The 79x1 phones are also compatible with the proprietary/pre-standard POE implementation used by the 79x0 phones.

Firmware

From the factory Cisco 7900 series phones come with SCCP ("skinny") firmware installed, so you will need to procure and install the necessary SIP firmware. You should be able to talk Cisco support into providing access to the SIP firmware on a one-time basis by explaining that the phone is useless to you without it. Consider purchasing a service contract to secure access to future firmware upgrades

If your phone is still quite new, talk your distributor into opening a software warranty case. A Cisco technician will then provide him (not you) with a download link.

SMARTnet Service Contract

A SMARTnet contract is the easiest way to gain legal access to all versions of Cisco firmware. A much more complete discussion of SMARTnet contracts is on Cisco page. Outside the US it may be possible to buy an inexpensive SMARTnet contract for less than $10/year. Within the US the least expensive choice appears to be Bottom Line Telecom, for $12.95/yr + $2.00 handling = $14.95 out the door. They also sell a less comprehensive license for about $8, but orders under $10 may be subject to a "shipping" charge of ~$10.

See also: CON-SW-PKG1-VS, described as "Cisco SMARTnet Software Only - Category 1" for $56/year.

Syburgh: I found this contract listed among the comments on the Cisco page and purchased this from UK-based http://www.ithsc.com. They were quite helpful (following up on weekends and late at night) and even assisted in identifying that the phone I had received from an online vendor was a remarked spare.

Headset

There are many Cisco Phone Headsets: anything from Plantronics with a Quick Disconnect (QD) connector should work, meaning any "H Series" headset (e.g H81 Tristar). A $20 amplifier cable is also required (Plantronics Part: 26716-01), this is the same cable that connects a Plantronics headset to the M10/M12 amplifier and is sometimes listed as a "replacement amplifier cable". The Cisco 7900 series phones do not require any external amplifier so you will not need an M10/M12, just the adapter cable.


Configuration File

This is outside the scope of this write up and is described well enough to get you started on the Asterisk phone cisco 79x1 xml configuration files for SIP page. The file should be named appropriately (i.e. SEP[MAC address].cnf.xml) and ASCII encoded. This is where your SIP proxy information goes.

General configuration

The following settings are particularly important and referenced elsewhere in this write up:

timeZone
Sets local time zone (values described elsewhere). The SIP RFC requires that all dates be transmitted in UTC, so this setting enables the phone to convert to local time for the on-screen display

processNodeName
Must be either an IP address or a DNS name that resolves. In a CallManager PBX scenario, this would be the name of the CallManager server. www.yahoo.com works fine

outboundProxy, outboundProxyPort
Configure a local outbound SIP proxy (e.g. siproxd, OpenSER). If you have one VOIP provider and they require you to register using a different SIP domain than their SIP proxy's FQDN, then you may be able to add the SIP proxy's FQDN here and the SIP domain in the proxy setting for the SIP line. Otherwise leave this setting empty

registerWithProxy
true is a good choice as it instructs the phone to register with configured SIP lines

enableVad
true enables voice activity detection (VAD), which reduces bandwidth requirements but causes errors with Asterisk SIP proxies and may cause the beginning and end of the user's words to sound clipped

preferredCodec
Choices are g711ulaw, g711alaw, or g729a, though the phone will use a non-preferred codec when required

natReceivedProcessing
If true the phone will use the "Received" header from the SIP proxy (usually 401 Authentication Required) to masquerade its contact information. It works for some people but not others, and might be a way to avoid hard-coding your router's external address into the configuration if you can make it work

natEnabled
If true the phone will use the value of the natAddress option instead of its own IP address for SIP, SDP, and RTP messages. If natReceivedProcessing is true it will (reportedly) override the value of the natAddress setting. The documentation for the 79x0 equivalent nat_enable parameter describes how the various NAT settings are used

natAddress
Public IP address or DNS name of your router. You could use a dynamic DNS registration to ensure that this always matches your router's public IP address (e.g. myhome.dyndns.org), though configuring dynamic DNS is outside the scope of this write up. The value UNPROVISIONED is equivalent to an empty value

phoneLabel
As many as 11 characters to show in the upper right of the phone's display, if not set it defaults to the value of the name setting for the lowest number line button (i.e. button closest to top of phone)

startMediaPort
First UDP port to use for RTP audio streams (defaults to 16384). This should match your router's NAT mapping

stopMediaPort
Last UDP port to use for RTP audio streams (defaults to 32768), should be greater than startMediaPort. This should match your router's NAT mapping

voipControlPort
UDP port to listen for incoming SIP messages (defaults to 5060). Note that this is not the port the phone uses to send SIP messages. This odd behavior is RFC compliant but highly non-standard and breaks symmetric NAT traversal workarounds commonly deployed by VOIP providers

dialTemplate
Value should match name of dial plan file on TFTP server where the configuration file is found. The 79x1 can use 79x0 dial plan configuration files.

loadInformation
Name of firmware to load, which should match the name of a file on the TFTP server where the configuration file is found without the .loads extension. (e.g. SIP41.8-0-2SR1S.loads corresponds to a value of SIP41.8-0-2SR1S for loadInformation in the configuration)

Configuring SIP lines for your VOIP provider

Each line button on the phone can be configured as a SIP line by setting the appropriate featureID value

line
button attribute value identifies the button to configure, 1 is the top button and either 2 (7941G) or 6 (7961G) is the bottom button

featureID
Should be 9 for a SIP line

featureLabel
Text to display next to the line button, if not set the value of the name setting will be displayed. This is reported as shortName in the SSH debug console, which is the equivalent setting for the 79x0

proxy
FQDN or realm to use in SIP registration request (the latter if outboundProxy is set)

port
UDP port on proxy to send SIP messages, normally 5060

name
Username value for SIP registration request

authName
Username value used in response to an authentication challenge

authPassword
Password value used in response to an authentication challenge

messagesNumber
Number to dial when Messages button is pressed

contact
Username value for SIP contact in registration request. If your SIP username is scott and you have an incoming DID of 15555551212 then your settings may be name=scott, and contact=15555551212 or the phone will ignore incoming SIP invitations (incoming calls)

Putting it all together

Procure necessary hardware & services

  1. Cisco 7941G or 7961G phone
  2. Power source: POE, midspan POE injector, or power brick
  3. Cisco SMARTnet service contract (optional)
  4. Headset (optional)
  5. Headset adapter cable (optional)

Set up a TFTP server

The phone downloads its firmware and configuration file using TFTP to flash memory when it powers on. The TFTP server is identified from the DHCP option 82 ("next-server") option, or failing that, by keying in the IP address of the TFTP server using the phone's keypad.

If the TFTP server is not available the phone will use the last loaded firmware and config file from flash, so the TFTP server is only required when the configuration is changed.

Tftp32 is a free TFTP and DHCP server for Windows that works well, its root directory will be referred to as TFTPBOOT hereafter

Unpack firmware

The 79x1 firmware is packaged in a file with an extension .cop (e.g. cmterm-7941_7961-sip.8-0-2SR1.cop), which is really a gzipped tar file. Unpack it in TFTPBOOT.

Once the firmware is unpacked, TFTPBOOT will contain a number of files, several with a .loads extension. Take note of one that begins with SIP (e.g. SIP41.8-0-2SR1S.loads) as you will need to include this value (without the .loads extension) in the loadInformation setting of your phone's configuration.

Configure port mapping on gateway router

See also: "Connecting to the outside world," below. Unlike most SIP devices, these phones send SIP requests from a high-numbered source port, but expect the response back on port 5060. There are two different ways to approach the problem:

Modify router settings and provider behavior

In the likely event that your phone has a private IP address and is behind a router performing Network Address Translation (NAT), you will need to map external/WAN ports to your phone. All SIP and RTP communication uses UDP ports. You will need to map two ranges to enable your phone to communicate using NAT:
Router Port Mappings
Description First Port Last Port Matches Setting
SIP UDP/5060 voipControlPort
RTP UDP/16384 UDP/32768 startMediaPort, stopMediaPort


The phone's default startMediaPort is UDP/16384 and stopMediaPort is UDP/32768, though the phone supports only three simultaneous RTP streams. A much lower stopMediaPort value would deliver equivalent function (one port is used per simultaneous stream/channel/call). Note that if more than one phone is behind your router, each phone will need to have its own dedicated SIP and RTP ports configured on the router and in its own configuration (mapping WAN UDP/6060 to phone UDP/5060 will not work, because the port numbers may be included in the packet payload produced by the phone).

This requires that the SIP proxy send all responses on port 5060 (i.e. disable symmetric NAT).

Use a NAT router based on Linux Netfilter

Netfilter includes two modules, nf_conntrack_sip and nf_nat_sip, which inspect SIP traffic in order to open the appropriate ports. Patches to accommodate the special Cisco IP phone behavior have been submitted to the kernel mailing list and to OpenWRT. The objective is for seamless Cisco 79xx support to eventually become a standard "plug and play" feature on all Linux NAT routers.

In this case:

The provider should have symmetric NAT enabled, i.e. when it sees a SIP request from port 49xxx it should send the response back to 49xxx.

The Linux NAT router will recognize (by looking at the SIP headers in the phone's request datagram) that it wants the response to be sent to port 5060.

Additionally, the Linux NAT router parses the SDP payload in order to figure out which ports to open for the media streams. It should not be necessary to set up inbound port forwarding.

Note that any time NAT is in use, timerRegisterExpires should be set to a reasonably low value (e.g. 180) to prevent the NAT connection from timing out. If the connection times out, the router will throw away the unsolicited INVITE messages that indicate incoming calls so your callers will be diverted to voice mail.

Connect phone

It will power up and load its configuration and firmware automatically based on the DHCP lease it receives.

Debug

Packet captures are highly useful if things don't work as expected (a simple network hub and Ethereal are helpful to analyze protocol issues). Note that the phone will not copy SIP and RTP traffic to its PC port, so you cannot capture traffic using a computer connected to the PC port of the phone.

Enjoy

Hopefully your upstream bandwidth will be sufficient to provide good call quality.

Observations & Practical Advice

DHCP

The phone will configure itself using settings from a DHCP server, if available. DHCP leases are stored, so the phone will remember the details of its DHCP lease after resetting. The DNS name or IP address of the TFTP server can be set using DHCP option 82 (often called "next-server"). Tftp32 can set option 82 if you use its DHCP service.

DNS

The 79x1 attempts to lookup SIP resource records using DNS during registration. If the appropriate RR is configured for example.com, then the phone will register successfully when example.com is entered as the value for the proxy setting for a SIP line. Presumably the phone could also lookup the SIP RR for outgoing calls when not using a proxy.

SSH

The phone replaces telnet (found in 79x0) with SSHv2. The username and password are set using the sshUserId and sshPassword configuration settings. Once logged in via SSH possible views include
Default Logins On The 79x1
Login Password Result
log log See debug messages
debug debugEnter a management console similar to that of the 79x0
default user Non-Superuser Unix Shell

You cannot reboot the phone remotely via any of these logins or the web interface.

The above comment on rebooting the phone is not entirely true, yes you cannot reboot the phone through an explicit command from the CLI however you can still reboot the phone from the CLI through a round about method. I accomplish the task through the debug console via the test key command. Simply open test session "test open" then "test key set" then "test key **#**" and you will have just given the phone the reset command as if you had punched it in on the keypad.

From the debug console show help will display a list of possible commands. To register a line use the register line command:


  register line [option] [line]
    options = 0: unregister
              1: register
    line    = 1 through 6
              backup (line 1 to backup proxy)


Here are the contents of the /etc/passwd file..

$ cat /etc/passwd
root:8:0:0:Superuser:/:/bin/nologin
syslog:8:1:0:System Logging:/usr:/bin/nologin
netwk:8:2:0:Network Admin:/etc/inetd:/bin/nologin
security:8:3:1:Security Processes:/usr:/bin/nologin
debug:BQTMQYWL:4:256:Debug Shell:/usr/local:/bin/debugsh
log:OYPTEZXR:5:256:trace shell:/var:/sbin/strace
default:MZPUHGQY:256:256:Default User:/home/default:/bin/sh

When you try to login as root, syslog or security, you are issued a challenge like so..

james@schwer:~$ ssh phone@192.168.1.164
james@192.168.1.164's password:
login: syslog

challenge: HYEDEGPVpassword:

Invalid Username/Password Entry.

Presumably this can be used to generate a suitable password for login.

You can copy files from the phone by overwriting /usr/cache/log1 and then downloading them via http://<Phone>/FS/cache/log1

Full root access


There is an utility to pack/unpack CNU (Cisco Native Unix) fimware files (7941/7961 and others CNU-based in 79xx series) which can help you to get root access on the phone.

Project page: http://virtualab.ru/en/projects/cnu-fpu

Root access explained: http://virtualab.ru/en/articles/cisco-79xx-firmware-research-part-2

Other researcher's notes: http://virtualab.ru/en/category/projects/cnu-fpu

In short, you should unpack firmware, modify /etc/passwd and repack it. Then flash modified firmware to the phone and upgrade.


Date display & NTP

The phone appears to support NTP for setting the date and time, though it apparently ignores the settings unless it is able to download locale configuration files from the TFTP server. The locale files are part of Cisco CallManager, so the phone reports an "Error Updating Locale" at startup if you aren't using a CallManager SIP proxy.

Fortunately the phone will set its clock based on the Date header returned as part of the SIP proxy's registration response (200 OK). Asterisk sends the Date header during registration, but some VOIP providers to not. Hopefully future firmware revisions will enable NTP when CallManager locale files are not available.

In the meantime, some localizations are available at Cisco Online (CCO-login required).

Call Quality Metrics

To determine what codec is in use or diagnose downstream connectivity issues you can view Call Quality Metrics (like real time MOS, jitter, packet loss) for your phone's calls during the call under Settings->Status->Call Statistics (or press the Information button twice). When not in a call, statistics for the most recent call can be viewed under Settings->Status->Call Statistics or via the phone's web interface.




Connecting to the outside world

Most consumer VOIP services, including providers that support Cisco 79x0 model phones, will not work with 79x1 phones without intervention on the provider side. Because the 79x1 phones send SIP messages from arbitrary high number UDP ports (e.g. 49000+) the symmetric NAT approach used by Asterisk (nat=yes) and most VOIP providers does not work with these phones. The 79x1 will transmit ICMP unreachable messages back to SIP proxies that attempt to respond to SIP registration using symmetric NAT (you will see inbound SIP messages from the proxy with a high number UDP port destination, assuming your router works with symmetric NAT).

The 79x1 behavior is RFC compliant, just incompatibly non-standard. Cisco support reports that this the use of random high number ports to send SIP messages is a "security enhancement" compared with Cisco's other/older products.

Happily, there are solutions these problems. Here are some observations on making a 7961 work with various VOIP solutions (ranked by ease of configuration, other than paying for and using their service I have no relationship with them. Keep this updated as capabilities change):

Internal Asterisk PBX

This is well described on the Asterisk phone cisco 79x1 xml configuration files for SIP page. Asterisk will work on a local network (with no NAT in use) as long you do not have a nat=yes statement in Asterisk's sip.conf for the phone's peer/friend sections.

Junction Networks

Has a setting in their web portal that allows the user to disable their proxy's attempts to use symmetric NAT for SIP communication. When set to No, the phone can register itself, place outbound calls, and receive inbound calls so long as it registers with sip.jnctn.net and not proxy.jnctn.net. Support confirms that proxy.jnctn.net disregards the user's NAT setting.

They have called to ask questions and appear very interested in supporting this device.

Junction Networks does have a SIP service record in DNS, but it points to proxy.jnctn.net, so you cannot enter jnctn.net as the value for the proxy setting with your 79x1 phone

Both sip.jnctn.net and proxy.jnctn.net report themselves to be an OpenSER servers and do not set the Date SIP header in any of its registration related messages. This prevents the phone from showing the correct date and time on the display. Inbound calls originate from an Asterisk server that does send a Date SIP header with its invitations. The phone ignores the Date header received in SIP invitations, so this is of no practical benefit.


les.net

Does not work with 79x1. Control of Symmetric NAT removed as of 2008-Feb.
Allows user control over symmetric NAT, works well with 79x1 UA as of 2007-May.

CallWithUs.com

As of 2007-08-18 has user-configurable option to disable symmetric NAT in web interface (user can set nat= Asterisk setting. Works fine with 79x1.

Voxalot

Provides free SIP proxy with Asterisk style dialplans for managing multiple SIP accounts, including origination and termination (uses E164.org and SipBroker). They have added configurable support for non-symmetric SIP and RTP in their web interface and it seems to work fine with 79x1. This service can be used as a RTP proxy, useful to use VOIP providers that do no support the 79x1 UA.

CallCentric

Invested impressive amount of time diagnosing the situation—analyzed logs, user-provided packet dumps, etc. Ultimately they decided it would be too hard to support the device and recommended the use of a different phone/UA. Not sure what SIP platform they use.

Vitelity Communications

2007-07-30: For much of 2006 and 2006 Vitelity's VOIP service allowed users to disable symmetric NAT from the Web UI (it still has option to enable/disable NAT for each account) but as of 2007-07-30 the SIP proxy ignores the setting and uses symmetric NAT regardless. This has been the case for several months, and after some discussion with support they don't seem interested in restoring the functionality. Unfortunately it seems that Vitelity's VOIP service no longer works with the 79x1 phone/UA.

2008-06-18: You can create a DID sub account with Vitelity's control portal. Specify that sub account does not use NAT and you can run directly off your 7941 phone. You will use that sub accounts SIP credentials now to authenticate. The XML config is a bit tricky and you will have to enable NAT in the XML file and know your local IP (or use dynamic DNS).

Stanaphone

Uses symmetric NAT, no luck.

Broadvoice

Uses symmetric NAT for BYOD, no luck.

voip.ms

Allows symmetric NAT to be enabled/disabled per account (not per sub-account). This feature has not been tested.

Pageviews: 245928
This subject would not be worthy of its own page for most phones, but there are enough caveats and workarounds for these UAs that others may benefit from shared experience. Note that US part numbers are used throughout this write up.

Most of these caveats also apply to the 7945/7965 (the newer models with backlit color LCDs). See also: Standalone Cisco 7945/7965.

An additional set of configs etc have been posted here: Standalone Cisco 7941/7961 without a local PBX - Another

As Cisco has not yet documented the XML configuration file format for 79x1 phones, the best source of documentation is on the Asterisk phone cisco 79x1 xml configuration files for SIP page. This write up is a supplement, rather than a replacement. Some other good sources of information:

Motivation

  • Familiar office phone interface at home
  • Officially brighter future and higher resolution display than 79x0
  • Has a dynamic jitter buffer for SIP, something Asterisk (currently) has only for IAX
  • Potential integration with CallManager extranet (untested)
  • Compatible with widely available headsets
  • Support standard 803.af "Power Over Ethernet" (POE), whereas 79x0 only support a proprietary pre-standard POE variant

Planning

Model

The 7941G has two line buttons, the 7961G has six. Line buttons are configurable as outgoing SIP channels ("SIP lines") or as configurable speed dial buttons. Both models appear to support three simultaneous SIP streams/channels/calls

Finding the correct part


IANAL, but it is technically possible to use a "spare" part (e.g. CP-7961G=) rather than the part that includes the software license (e.g. CP-7961G-CH1). There is a difference of opinion on the Internet as to when the license is required, but Voiplink.com claims (Syburgh: I neither purchased from, nor have any affiliation with them):

The spare "CP-79xxG=" parts come with the phone, corded handset, English language stickers, cardboard box, and miscellaneous warranty/safety papers. They DO NOT include a power adapter, network cable, or SMARTnet contract.

Q. Do I need a Call Manager License to operate the phone with another IP PBX such as Asterisk?
A. No you only need a license to operate the phone with Call Manager or Call Manger Express. Licensing is the responsibility of the customer.

There appear to be many unscrupulous suppliers who "remark" spares as more expensive licensed phones and charge for the licensed model, beware: Exposing the Cisco Call Manager License Scam.

Power

The phone does not come with a power adapter, so unless you have a POE capable switch you will need either an external power brick that plugs into the phone's power jack (e.g. CP-PWR-CUBE-3=) or a "midspan" 803.af power injector (e.g. PowerDsine PD-3001) that delivers power through the Ethernet cable. POE offers a single cable solution, but may potentially result in lower audio quality (most corporate installations of these phones use POE). The 79x1 phones are also compatible with the proprietary/pre-standard POE implementation used by the 79x0 phones.

Firmware

From the factory Cisco 7900 series phones come with SCCP ("skinny") firmware installed, so you will need to procure and install the necessary SIP firmware. You should be able to talk Cisco support into providing access to the SIP firmware on a one-time basis by explaining that the phone is useless to you without it. Consider purchasing a service contract to secure access to future firmware upgrades

If your phone is still quite new, talk your distributor into opening a software warranty case. A Cisco technician will then provide him (not you) with a download link.

SMARTnet Service Contract

A SMARTnet contract is the easiest way to gain legal access to all versions of Cisco firmware. A much more complete discussion of SMARTnet contracts is on Cisco page. Outside the US it may be possible to buy an inexpensive SMARTnet contract for less than $10/year. Within the US the least expensive choice appears to be Bottom Line Telecom, for $12.95/yr + $2.00 handling = $14.95 out the door. They also sell a less comprehensive license for about $8, but orders under $10 may be subject to a "shipping" charge of ~$10.

See also: CON-SW-PKG1-VS, described as "Cisco SMARTnet Software Only - Category 1" for $56/year.

Syburgh: I found this contract listed among the comments on the Cisco page and purchased this from UK-based http://www.ithsc.com. They were quite helpful (following up on weekends and late at night) and even assisted in identifying that the phone I had received from an online vendor was a remarked spare.

Headset

There are many Cisco Phone Headsets: anything from Plantronics with a Quick Disconnect (QD) connector should work, meaning any "H Series" headset (e.g H81 Tristar). A $20 amplifier cable is also required (Plantronics Part: 26716-01), this is the same cable that connects a Plantronics headset to the M10/M12 amplifier and is sometimes listed as a "replacement amplifier cable". The Cisco 7900 series phones do not require any external amplifier so you will not need an M10/M12, just the adapter cable.


Configuration File

This is outside the scope of this write up and is described well enough to get you started on the Asterisk phone cisco 79x1 xml configuration files for SIP page. The file should be named appropriately (i.e. SEP[MAC address].cnf.xml) and ASCII encoded. This is where your SIP proxy information goes.

General configuration

The following settings are particularly important and referenced elsewhere in this write up:

timeZone
Sets local time zone (values described elsewhere). The SIP RFC requires that all dates be transmitted in UTC, so this setting enables the phone to convert to local time for the on-screen display

processNodeName
Must be either an IP address or a DNS name that resolves. In a CallManager PBX scenario, this would be the name of the CallManager server. www.yahoo.com works fine

outboundProxy, outboundProxyPort
Configure a local outbound SIP proxy (e.g. siproxd, OpenSER). If you have one VOIP provider and they require you to register using a different SIP domain than their SIP proxy's FQDN, then you may be able to add the SIP proxy's FQDN here and the SIP domain in the proxy setting for the SIP line. Otherwise leave this setting empty

registerWithProxy
true is a good choice as it instructs the phone to register with configured SIP lines

enableVad
true enables voice activity detection (VAD), which reduces bandwidth requirements but causes errors with Asterisk SIP proxies and may cause the beginning and end of the user's words to sound clipped

preferredCodec
Choices are g711ulaw, g711alaw, or g729a, though the phone will use a non-preferred codec when required

natReceivedProcessing
If true the phone will use the "Received" header from the SIP proxy (usually 401 Authentication Required) to masquerade its contact information. It works for some people but not others, and might be a way to avoid hard-coding your router's external address into the configuration if you can make it work

natEnabled
If true the phone will use the value of the natAddress option instead of its own IP address for SIP, SDP, and RTP messages. If natReceivedProcessing is true it will (reportedly) override the value of the natAddress setting. The documentation for the 79x0 equivalent nat_enable parameter describes how the various NAT settings are used

natAddress
Public IP address or DNS name of your router. You could use a dynamic DNS registration to ensure that this always matches your router's public IP address (e.g. myhome.dyndns.org), though configuring dynamic DNS is outside the scope of this write up. The value UNPROVISIONED is equivalent to an empty value

phoneLabel
As many as 11 characters to show in the upper right of the phone's display, if not set it defaults to the value of the name setting for the lowest number line button (i.e. button closest to top of phone)

startMediaPort
First UDP port to use for RTP audio streams (defaults to 16384). This should match your router's NAT mapping

stopMediaPort
Last UDP port to use for RTP audio streams (defaults to 32768), should be greater than startMediaPort. This should match your router's NAT mapping

voipControlPort
UDP port to listen for incoming SIP messages (defaults to 5060). Note that this is not the port the phone uses to send SIP messages. This odd behavior is RFC compliant but highly non-standard and breaks symmetric NAT traversal workarounds commonly deployed by VOIP providers

dialTemplate
Value should match name of dial plan file on TFTP server where the configuration file is found. The 79x1 can use 79x0 dial plan configuration files.

loadInformation
Name of firmware to load, which should match the name of a file on the TFTP server where the configuration file is found without the .loads extension. (e.g. SIP41.8-0-2SR1S.loads corresponds to a value of SIP41.8-0-2SR1S for loadInformation in the configuration)

Configuring SIP lines for your VOIP provider

Each line button on the phone can be configured as a SIP line by setting the appropriate featureID value

line
button attribute value identifies the button to configure, 1 is the top button and either 2 (7941G) or 6 (7961G) is the bottom button

featureID
Should be 9 for a SIP line

featureLabel
Text to display next to the line button, if not set the value of the name setting will be displayed. This is reported as shortName in the SSH debug console, which is the equivalent setting for the 79x0

proxy
FQDN or realm to use in SIP registration request (the latter if outboundProxy is set)

port
UDP port on proxy to send SIP messages, normally 5060

name
Username value for SIP registration request

authName
Username value used in response to an authentication challenge

authPassword
Password value used in response to an authentication challenge

messagesNumber
Number to dial when Messages button is pressed

contact
Username value for SIP contact in registration request. If your SIP username is scott and you have an incoming DID of 15555551212 then your settings may be name=scott, and contact=15555551212 or the phone will ignore incoming SIP invitations (incoming calls)

Putting it all together

Procure necessary hardware & services

  1. Cisco 7941G or 7961G phone
  2. Power source: POE, midspan POE injector, or power brick
  3. Cisco SMARTnet service contract (optional)
  4. Headset (optional)
  5. Headset adapter cable (optional)

Set up a TFTP server

The phone downloads its firmware and configuration file using TFTP to flash memory when it powers on. The TFTP server is identified from the DHCP option 82 ("next-server") option, or failing that, by keying in the IP address of the TFTP server using the phone's keypad.

If the TFTP server is not available the phone will use the last loaded firmware and config file from flash, so the TFTP server is only required when the configuration is changed.

Tftp32 is a free TFTP and DHCP server for Windows that works well, its root directory will be referred to as TFTPBOOT hereafter

Unpack firmware

The 79x1 firmware is packaged in a file with an extension .cop (e.g. cmterm-7941_7961-sip.8-0-2SR1.cop), which is really a gzipped tar file. Unpack it in TFTPBOOT.

Once the firmware is unpacked, TFTPBOOT will contain a number of files, several with a .loads extension. Take note of one that begins with SIP (e.g. SIP41.8-0-2SR1S.loads) as you will need to include this value (without the .loads extension) in the loadInformation setting of your phone's configuration.

Configure port mapping on gateway router

See also: "Connecting to the outside world," below. Unlike most SIP devices, these phones send SIP requests from a high-numbered source port, but expect the response back on port 5060. There are two different ways to approach the problem:

Modify router settings and provider behavior

In the likely event that your phone has a private IP address and is behind a router performing Network Address Translation (NAT), you will need to map external/WAN ports to your phone. All SIP and RTP communication uses UDP ports. You will need to map two ranges to enable your phone to communicate using NAT:
Router Port Mappings
Description First Port Last Port Matches Setting
SIP UDP/5060 voipControlPort
RTP UDP/16384 UDP/32768 startMediaPort, stopMediaPort


The phone's default startMediaPort is UDP/16384 and stopMediaPort is UDP/32768, though the phone supports only three simultaneous RTP streams. A much lower stopMediaPort value would deliver equivalent function (one port is used per simultaneous stream/channel/call). Note that if more than one phone is behind your router, each phone will need to have its own dedicated SIP and RTP ports configured on the router and in its own configuration (mapping WAN UDP/6060 to phone UDP/5060 will not work, because the port numbers may be included in the packet payload produced by the phone).

This requires that the SIP proxy send all responses on port 5060 (i.e. disable symmetric NAT).

Use a NAT router based on Linux Netfilter

Netfilter includes two modules, nf_conntrack_sip and nf_nat_sip, which inspect SIP traffic in order to open the appropriate ports. Patches to accommodate the special Cisco IP phone behavior have been submitted to the kernel mailing list and to OpenWRT. The objective is for seamless Cisco 79xx support to eventually become a standard "plug and play" feature on all Linux NAT routers.

In this case:

The provider should have symmetric NAT enabled, i.e. when it sees a SIP request from port 49xxx it should send the response back to 49xxx.

The Linux NAT router will recognize (by looking at the SIP headers in the phone's request datagram) that it wants the response to be sent to port 5060.

Additionally, the Linux NAT router parses the SDP payload in order to figure out which ports to open for the media streams. It should not be necessary to set up inbound port forwarding.

Note that any time NAT is in use, timerRegisterExpires should be set to a reasonably low value (e.g. 180) to prevent the NAT connection from timing out. If the connection times out, the router will throw away the unsolicited INVITE messages that indicate incoming calls so your callers will be diverted to voice mail.

Connect phone

It will power up and load its configuration and firmware automatically based on the DHCP lease it receives.

Debug

Packet captures are highly useful if things don't work as expected (a simple network hub and Ethereal are helpful to analyze protocol issues). Note that the phone will not copy SIP and RTP traffic to its PC port, so you cannot capture traffic using a computer connected to the PC port of the phone.

Enjoy

Hopefully your upstream bandwidth will be sufficient to provide good call quality.

Observations & Practical Advice

DHCP

The phone will configure itself using settings from a DHCP server, if available. DHCP leases are stored, so the phone will remember the details of its DHCP lease after resetting. The DNS name or IP address of the TFTP server can be set using DHCP option 82 (often called "next-server"). Tftp32 can set option 82 if you use its DHCP service.

DNS

The 79x1 attempts to lookup SIP resource records using DNS during registration. If the appropriate RR is configured for example.com, then the phone will register successfully when example.com is entered as the value for the proxy setting for a SIP line. Presumably the phone could also lookup the SIP RR for outgoing calls when not using a proxy.

SSH

The phone replaces telnet (found in 79x0) with SSHv2. The username and password are set using the sshUserId and sshPassword configuration settings. Once logged in via SSH possible views include
Default Logins On The 79x1
Login Password Result
log log See debug messages
debug debugEnter a management console similar to that of the 79x0
default user Non-Superuser Unix Shell

You cannot reboot the phone remotely via any of these logins or the web interface.

The above comment on rebooting the phone is not entirely true, yes you cannot reboot the phone through an explicit command from the CLI however you can still reboot the phone from the CLI through a round about method. I accomplish the task through the debug console via the test key command. Simply open test session "test open" then "test key set" then "test key **#**" and you will have just given the phone the reset command as if you had punched it in on the keypad.

From the debug console show help will display a list of possible commands. To register a line use the register line command:


  register line [option] [line]
    options = 0: unregister
              1: register
    line    = 1 through 6
              backup (line 1 to backup proxy)


Here are the contents of the /etc/passwd file..

$ cat /etc/passwd
root:8:0:0:Superuser:/:/bin/nologin
syslog:8:1:0:System Logging:/usr:/bin/nologin
netwk:8:2:0:Network Admin:/etc/inetd:/bin/nologin
security:8:3:1:Security Processes:/usr:/bin/nologin
debug:BQTMQYWL:4:256:Debug Shell:/usr/local:/bin/debugsh
log:OYPTEZXR:5:256:trace shell:/var:/sbin/strace
default:MZPUHGQY:256:256:Default User:/home/default:/bin/sh

When you try to login as root, syslog or security, you are issued a challenge like so..

james@schwer:~$ ssh phone@192.168.1.164
james@192.168.1.164's password:
login: syslog

challenge: HYEDEGPVpassword:

Invalid Username/Password Entry.

Presumably this can be used to generate a suitable password for login.

You can copy files from the phone by overwriting /usr/cache/log1 and then downloading them via http://<Phone>/FS/cache/log1

Full root access


There is an utility to pack/unpack CNU (Cisco Native Unix) fimware files (7941/7961 and others CNU-based in 79xx series) which can help you to get root access on the phone.

Project page: http://virtualab.ru/en/projects/cnu-fpu

Root access explained: http://virtualab.ru/en/articles/cisco-79xx-firmware-research-part-2

Other researcher's notes: http://virtualab.ru/en/category/projects/cnu-fpu

In short, you should unpack firmware, modify /etc/passwd and repack it. Then flash modified firmware to the phone and upgrade.


Date display & NTP

The phone appears to support NTP for setting the date and time, though it apparently ignores the settings unless it is able to download locale configuration files from the TFTP server. The locale files are part of Cisco CallManager, so the phone reports an "Error Updating Locale" at startup if you aren't using a CallManager SIP proxy.

Fortunately the phone will set its clock based on the Date header returned as part of the SIP proxy's registration response (200 OK). Asterisk sends the Date header during registration, but some VOIP providers to not. Hopefully future firmware revisions will enable NTP when CallManager locale files are not available.

In the meantime, some localizations are available at Cisco Online (CCO-login required).

Call Quality Metrics

To determine what codec is in use or diagnose downstream connectivity issues you can view Call Quality Metrics (like real time MOS, jitter, packet loss) for your phone's calls during the call under Settings->Status->Call Statistics (or press the Information button twice). When not in a call, statistics for the most recent call can be viewed under Settings->Status->Call Statistics or via the phone's web interface.




Connecting to the outside world

Most consumer VOIP services, including providers that support Cisco 79x0 model phones, will not work with 79x1 phones without intervention on the provider side. Because the 79x1 phones send SIP messages from arbitrary high number UDP ports (e.g. 49000+) the symmetric NAT approach used by Asterisk (nat=yes) and most VOIP providers does not work with these phones. The 79x1 will transmit ICMP unreachable messages back to SIP proxies that attempt to respond to SIP registration using symmetric NAT (you will see inbound SIP messages from the proxy with a high number UDP port destination, assuming your router works with symmetric NAT).

The 79x1 behavior is RFC compliant, just incompatibly non-standard. Cisco support reports that this the use of random high number ports to send SIP messages is a "security enhancement" compared with Cisco's other/older products.

Happily, there are solutions these problems. Here are some observations on making a 7961 work with various VOIP solutions (ranked by ease of configuration, other than paying for and using their service I have no relationship with them. Keep this updated as capabilities change):

Internal Asterisk PBX

This is well described on the Asterisk phone cisco 79x1 xml configuration files for SIP page. Asterisk will work on a local network (with no NAT in use) as long you do not have a nat=yes statement in Asterisk's sip.conf for the phone's peer/friend sections.

Junction Networks

Has a setting in their web portal that allows the user to disable their proxy's attempts to use symmetric NAT for SIP communication. When set to No, the phone can register itself, place outbound calls, and receive inbound calls so long as it registers with sip.jnctn.net and not proxy.jnctn.net. Support confirms that proxy.jnctn.net disregards the user's NAT setting.

They have called to ask questions and appear very interested in supporting this device.

Junction Networks does have a SIP service record in DNS, but it points to proxy.jnctn.net, so you cannot enter jnctn.net as the value for the proxy setting with your 79x1 phone

Both sip.jnctn.net and proxy.jnctn.net report themselves to be an OpenSER servers and do not set the Date SIP header in any of its registration related messages. This prevents the phone from showing the correct date and time on the display. Inbound calls originate from an Asterisk server that does send a Date SIP header with its invitations. The phone ignores the Date header received in SIP invitations, so this is of no practical benefit.


les.net

Does not work with 79x1. Control of Symmetric NAT removed as of 2008-Feb.
Allows user control over symmetric NAT, works well with 79x1 UA as of 2007-May.

CallWithUs.com

As of 2007-08-18 has user-configurable option to disable symmetric NAT in web interface (user can set nat= Asterisk setting. Works fine with 79x1.

Voxalot

Provides free SIP proxy with Asterisk style dialplans for managing multiple SIP accounts, including origination and termination (uses E164.org and SipBroker). They have added configurable support for non-symmetric SIP and RTP in their web interface and it seems to work fine with 79x1. This service can be used as a RTP proxy, useful to use VOIP providers that do no support the 79x1 UA.

CallCentric

Invested impressive amount of time diagnosing the situation—analyzed logs, user-provided packet dumps, etc. Ultimately they decided it would be too hard to support the device and recommended the use of a different phone/UA. Not sure what SIP platform they use.

Vitelity Communications

2007-07-30: For much of 2006 and 2006 Vitelity's VOIP service allowed users to disable symmetric NAT from the Web UI (it still has option to enable/disable NAT for each account) but as of 2007-07-30 the SIP proxy ignores the setting and uses symmetric NAT regardless. This has been the case for several months, and after some discussion with support they don't seem interested in restoring the functionality. Unfortunately it seems that Vitelity's VOIP service no longer works with the 79x1 phone/UA.

2008-06-18: You can create a DID sub account with Vitelity's control portal. Specify that sub account does not use NAT and you can run directly off your 7941 phone. You will use that sub accounts SIP credentials now to authenticate. The XML config is a bit tricky and you will have to enable NAT in the XML file and know your local IP (or use dynamic DNS).

Stanaphone

Uses symmetric NAT, no luck.

Broadvoice

Uses symmetric NAT for BYOD, no luck.

voip.ms

Allows symmetric NAT to be enabled/disabled per account (not per sub-account). This feature has not been tested.

Pageviews: 245928
Created by: syburgh, Last modification: Sat 13 of Jun, 2015 (19:02 UTC) by leedawg
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+