SIP Peers

Example Cisco SIP peer configuration in sip.conf. New settings added by the patch are listed below.

cisco_usecallmanager link

Enable support for Cisco SIP phone features, required for USECALLAMANGER phones. Do not enable on peers using phones from other vendors.

no Disabled yes Enabled

dndbusy link

Have Asterisk automatically generate a busy response when calling a phone that has a presence state of DND, otherwise the call will be sent to the phone.

no Disabled yes Enabled

subscribe link

Add a subscription for a BLF Speed Dial or BLF Directed Call Park line key, required for Cisco SIP phones as they do not send SUBSCRIBE requests. This option only applies to the phone's primary line. Multiple extensions can be specified separated by a comma.

exten Watch exten in subscribecontext if defined, otherwise context
exten@context Watch exten in specified context

register link

Bulk-register specified peer automatically when this peer registers, required for Cisco SIP phones as they only send a REGISTER request for their primary line. The order in which the register entries are defined must match the lineIndex attribute defined in SEPMAC.cnf.xml. Peers registered in this way do not support subscriptions, separate qualify values and should have the same dndbusy setting as the primary line. Multiple peers can be specified separated by a comma.

name Name of the peer.

huntgroup_default link

Default hunt group login state of a peer. This option only applies to the phone's primary line.

no Logged Out yes Logged In

cisco_pickupnotify_alert link

When another phone in your pickup group is ringing alert the user with one or more of the following methods. Multiple alert options can be combined using a comma, eg: from,to,beep. A notification will only be sent if the phone is idle and has not activated DND.

from Display the caller ID number of the calling phone in the status line.
to Display the extension of the phone being called in the status line.
beep Play a beep tone through the speaker.
none Do not send any notification.

cisco_pickupnotify_timer link

Display timeout in seconds for the pickup notify alert when either from or to are used.

cisco_multiadmin_conference link

When joining another participant to an ad-hoc conference who also has cisco_multiadmin_conference set to yes then make that participant a conference administrator as well. That participant can now use the Conference List feature and mute or kick participants as well as adding other participants to the conference.

no Disabled yes Enabled

cisco_keep_conference link

When there are no more administrators in an ad-hoc conference (see above for how to have more than one administrator), hang up the all remaining participants.

no Disabled yes Enabled

cisco_qrt_url link

Tell the phone to access this URL when QRT is enabled to gather further information from the user regarding the call.

url URL to access. The phone's device-name is automatically included in the name parameter.

Extension Template link

Settings common to all SIP peers that are local extensions.

[extension](!) type=friend context=extensions host=dynamic trustrpid=no parkinglot=default allowsubscribe=yes notifyhold=no callcounter=yes videosupport=no disallow=all allow=g722,ulaw,alaw,g729 ...

Cisco SIP Phone Template link

Default settings that apply to all Cisco SIP phones, inherits the settings from the extension template.

[cisco-usecallmanager](!,extension) transport=tcp nat=no directmedia=no sendrpid=rpid rpid_update=yes rpid_immediate=yes send_diversion=yes dndbusy=yes cisco_usecallmanager=yes cisco_pickupnotify_alert=from,to cisco_pickupnotify_timer=5 cisco_keep_conference=no cisco_multiadmin_conference=yes huntgroup_default=no ...

Direct Media link

To have RTP (media) flow directly between phones replace the directmedia setting in the above template with update.


Transport Layer Security link

Cisco SIP Phones support three different transport security modes set using a combination of <transportLayerProtocol> and <deviceSecurityMode> in SEPMAC.cnf.xml. The SSL certificate used by Asterisk must be included in ITLFile.tlv wih the CCM function or verifiable via TVS. See Device Security and Trust Verification for more information.

Non-Secure Mode Connect using TCP, RTP is unencrypted
Authenticated Mode Connect using TLS with the NULL cipher, RTP is unencrypted
Encrypted Mode Connect using TLS with AES cipher, RTP is encrypted

[general] ... ; Only the following ciphers are supported, phone may fail to connect if others are specified tlscipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA ; NULL cipher is only needed if you are using Authenticated mode, otherwise is should not be enabled ;tlscipher+=:NULL ... [non-secure-mode](!) transport=tcp [authenticated-mode](!) transport=tls [encrypted-mode](!) transport=tls ; The res_srtp module must be loaded. encryption=yes encryption_taglen=80
Note: To enable RTP encryption libsrtp must be installed. Additionally to use the newer AES-128-GCM and AES-256-GCM ciphers both Asterisk and libsrtp must have been compiled with support for them enabled. See Device Security for more information.

Device Model Template link

Example individual device templates for each Cisco SIP phone model to handle the different features, inherits the settings from the cisco-usecallmanager template.

[cisco-7941](!,cisco-usecallmanager) ; These should match <busyTrigger> and <maxNumCalls> in SEPMAC.cnf.xml busylevel=3 call-limit=4 ; Force huntgroup login so that the prompt does not show the logged out message huntgroup_default=yes [cisco-8841](!,cisco-usecallmanager) busylevel=4 call-limit=5 [cisco-8865](!,cisco-usecallmanager) busylevel=4 call-limit=5 ; <videoCapability> also needs to be enabled in SEPMAC.cnf.xml videosupport=yes ; Allow the video codec allow=h264 [cisco-9951](!,cisco-usecallmanager) busylevel=5 call-limit=6 ; <videoCapability> also needs to be enabled in SEPMAC.cnf.xml videosupport=yes ; Allow the video codec allow=h264

SIP Phone Peers link

Individual peer definitions for Cisco SIP phones, inherits the settings from the cisco-MODEL template.

[301](cisco-7941,non-secure-mode) secret=Gsgf90tYZ26FNQgA callerid="Alice" <301> description=Alice callgroup=1 pickupgroup=1 mailbox=301@default ; See extensions.conf for example on OPickup setvar=OTHERPICKUPGROUP=2 ; Encryption is enabled on this peer [302](cisco-8841,encrypted-mode) secret=eV4i5qrCxf0ohMyE callerid="Bob" <302> description=Bob callgroup=1 pickupgroup=1 mailbox=302@default ; Extensions that the phone is watching, they need to be configured in SEPMAC.cnf.xml as well subscribe=301 subscribe=303 subscribe=381 [303](cisco-8865,non-secure-mode) secret=NH3d6r1WW1Kcvo9I callerid="Cookie Monster" <303> description=Cookie Monster callgroup=1 pickupgroup=1 mailbox=303@default ; Abbreviated/speed dials for extensions setvar=SPEEDDIAL_1=301 setvar=SPEEDDIAL_2=302

Multiple Lines link

Cisco SIP phones that have more than one line must have each of those peers specified in their peer definition using register. Each additional bulk-registered peer will automatically have the same qualify, Do Not Disturb and Hunt Group state as the primary peer.

; First line (lineIndex=1 in SEPMAC.cnf.xml) [301](cisco-9951,non-secure-mode) secret=LJoO6dgRJYzrCE5Y callerid="Alice" <301> description=Alice, Line 1 callgroup=1 pickupgroup=1 mailbox=301@default ; Second line (lineIndex=2 in SEPMAC.cnf.xml) register=302 ; Third line (lineIndex=3 in SEPMAC.cnf.xml) register=303 [302](cisco-9951,non-secure-mode) ; Password is not used, but it prevents unauthenticated registration secret=4FnipFu1YN6NoJhz callerid="Alice" <302> description=Alice, Line 2 [303](cisco-9951,non-secure-mode) ; Password is not used, but it prevents unauthenticated registration secret=RzuR08uYYX0Pea5B callerid="Alice" <303> description=Alice, Line 3