Aaron is right (of course): You create an OnNet-only CSS that is used for auto-registration and is assigned to the device. If the device is then enrolled via TAPS this will be replaced by the Line/Device CSS assigned to the dummy MAC device for that DN.

Generically speaking auto-registration is a significant security risk and I recommend against using it. Even if you have set your CSS to restrict calls it still exposes CUCM to denial of service attacks. All it takes is a good script to generate fake SCCP device registration requests and CUCM will attempt to create a device, generate a TFTP config file, and allow it to register. This is a good way to find yourself in a Code Yellow state which is the definition of a bad day on a production system.

Please remember to rate helpful responses and identify helpful or correct answers.

Always good to have a second opinion (+5)

Jonathan and Aaron (+5 for both), Auto-reg is obviously very un-secure, however I find myself in a situation where I dont have many options or think i dont.....

I have inherited a project which currently involves migrating two clusters on cucm 4.1 to a cucm 8.6 cluster. There quite a few sites (over 500 sites ) dispersed across the country.

The process of transformation is as follwos

1. Use Auto-reg specific DNs for each site

2. When tftp ip on phones are changed, reset all phones

3. once phones register to the new cluster, use BAT to move them to the right CSS, device pool etc

My question is this, In this scenario are there options to using auto-reg other than TAPS. No uccx servers available here.

I am worried about random phones just registering because fo the rist auto-reg poses, is there another way, other than manually using BAT to add the phones as that would be a night-mare.

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Based on the scenario you just laid out I would expect to do BAT exports from the old clusters, massage/sanitize the data, and then BAT the phones into the 8.6 cluster. After that is complete then change the DHCP Option 150 and point the phones to the new cluster. Yes this is time consuming but auto-registration is not going to get you a functional system since it won't carry over the existing DN (among other things). New DNs would be a massive shock to the user population and you are still doing BAT jobs afterward to straighten things out.

Also, at this scale you will want to spend time planning out dial-plan continuity. You're certainly not going to cut 500+ sites all at once and users will expect to dial between sites which may be on separate clusters. I have a project right now that is merging multiple legacy clusters into one and just finished the inter-cluster dial plan two days ago. It takes time and planning but it is doable. BAT is the way to get the phones over. There is no magic here, just good engineering and a project financial model with sufficient time in it to get it done.

Please remember to rate helpful responses and identify helpful or correct answers.

Jonathan,

The new cluster is EM based and users maintain their old DNs. The old dial plan scale with a combination of site prefix and user dn etc..You are correct its a phased migration, so route patterns are configured to route calls on old clusters to new cluster and vice versa for users yet to be migrated..

So looks like BAT is it then. No magic. Thanks.

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Great stuff guys, I myself use Auto registration on all of my projects as we have a proprietary XML based TAPS (quite more powerful from Cisco CRS TAPS as it supports shared lines, etc) and it makes the deployment of phones quite smooth.  I always build dedicated CSS for auto registered phones, however the thing to keep in mind is device mobility, if you are using device mobility it will overwrite the phone's CSS and allow users to dial from auto registered phones. I don't have a good workaround except for changing physical location on auto registration DP :-( Either way I just wanted to shared my approach, in any case I disable auto registration after project completion.

HTH,

Chris

Hi all,

Thank you for all your answers.

So if I summarize it then : There is no solution for this case.

So if I want all users use EM or EMCC and with the BYOD concept, then the CUCM Administrator have to use the Bulk Administration (BAT) or configure mannually all phones, all devices, all lines, and all device profiles. Instead of adding and configure only device profiles.

Regards,

Antra

Hi

Well - no 'built in' way.

The system is very extensible, and if this is an important requirement there is nothing to stop you providing users with a self-service web page or other add-on service that would automatically deploy and configure phones with a proper configuration. You would need to develop it yourself internally or engage some partner services...

Aaron

Hi,

So it's possible to develop something like that with CUCM8.6 ?

Can you share me a link on how to do it?

Regards,

Antra

Hi all,

Thank you Aaron,

regards,

Antra