cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
763
Views
15
Helpful
17
Replies
Engager

Re: SPA112 can not restore konfiguration on firmware 1.4.1 SR3

Sorry, spacfg.xml is name for SPA3xx/SPA5xx devices. For SPA1xx/SPA2xx the config.xml needs to be used instead.

See SPA ATA: Saving Configuration for Analysis Using admin/config.xml for details.

I prefer XML form of configuration because

1. configuration saved by Save function is in proprietary binary format. You can do nothing with it but load - and even this may not work.

2. XML can be generated by a custom tool or edited in plain text editor

I will not claim it "good practice" - I just consider it better.

 

why do you advise not using SPC to convert an existing .cfg file to xml

 

Note that cfg produced by "Save" is not the same as text cfg suitable to be used by SPC. Those are completely different beasts. The first one is proprietary binary blob, the second is text file (but different format than XML). It's why you can't compile saved CFG by SPC.

I'm unsure the SPC can convert CFG (text CFG created for SPC, not the [Save]d one) to XML. I'm not using SPC at all, so I don't know what features has been added into it in the mean time.

But even if it can convert, I have no reason to do it. Plain text CFG for SPC and XML are bot text files. Both are readable by naked eye, both can be edited by text editor or generated by simple custom tool. But text CFG for SPC needs to be compiled while plain text XML can be used as is. The first one require external binary program, while the second method require nothing.

May be better question is - why I should use SPC for anything ...

 

Beginner

Re: SPA112 can not restore konfiguration on firmware 1.4.1 SR3

Ahh, <IPaddress/admin/config.xml> works fine, though how to access it without using the http://userid:password@... syntax (which leaves the admin credentials lying around in browser history and doesn't work anyway) isn't immediately obvious.

An attempt to use SPC to compile an existing, working XML configuration, just out of curiosity, resulted in 28 “unrecognised parameter names”.

I'll probably maintain the XML configuration now as you suggest.  It isn't as user-friendly as the interactive utility, but it does allow the differences between two files to be spotted easily using a text-compare utility.  Maybe an associated style would help?

Thanks for your assistance.

 

Engager

Re: SPA112 can not restore konfiguration on firmware 1.4.1 SR3


attempt to use SPC to compile ... resulted in 28 “unrecognised parameter names”.

Did you downloaded the latest SPC compiler (just blind shot, I'm not using SPC) ?


how to access it without using the http://userid:password@... syntax (which leaves the admin credentials lying around in browser history and doesn't work anyway) isn't immediately obvious.

It works for me, but it may be matter of browser used. Also, my browser doesn't save passwords in history. Moreover, it's one-time step. Once configuration gets saved, you need no to access the URL again. But it's not main security issue you have.

 

SPAxxx devices are NOT designed to be exposed in unfriendly environment. They lacks countermeasures against DoS, brutal-force style of password guessing and there in the past severe security bugs has been discovered including those allowing unauthorized access to the device. So you are in risk of tool fraud and it may be costly experience.

 

You should keep phone network separated from regular network, so regular users have no access to SPAxxx devices at all. Of course, overall security design of your network depends on local conditions, risks you wish to avoid and - of course - budget and skills you have ...

 

We have phone network in separate LAN with no connection outside, so no one can arrange DoS against them nor misuse a firmware vulnerability. Devices can speak with local PBX only (just free Asterisk) and PBX can access outside. Configuration are loaded from server via HTTPS protocol, SPAxxx authorizes self to server by in-device embedded certificate - so even if someone connects computer to phone network, he have no chance to fetch configuration of a phone (e.g. passwords stored in configuration can't be compromised) - it in turn mean he can't connect to PBX, so he can't make unauthorized calls (and possible tool fraud).