Plantronics + Polycom. Now together as Poly Logo

DHCP Option 160/161 URN/URL for Resource Manager

SOLVED
Highlighted
Polycom Employee & Community Manager

Re: DHCP Option 160/161 URN/URL for Resource Manager

Hello @Patrick-J,

this is just the Speed Dials

 

0706134814|curl |1|00|HEADER_OUT: GET /phoneservice/configfiles/000000000000-directory.xml HTTP/1.1

Add them via the Resource Files and it should be able to download.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 11 of 15
Highlighted
Advisor

Re: DHCP Option 160/161 URN/URL for Resource Manager

Sorry - I have lead you astray with the excerpt. 

It does not provision using Option 160 but does if I put in the details manually.

 

Is it a valid test if I paste the URL into a browser?

https://PlcmSpIp:xxxxxxx@rprm-hdvc.greenlnk.net/phoneservice/configfiles/000000000000.cfg

If I do this it asks me to authenticate - even though the username and password are provided inline.

Message 12 of 15
Highlighted
Polycom Employee & Community Manager

Re: DHCP Option 160/161 URN/URL for Resource Manager

Hello @Patrick-J,

this is getting into support territory now.

 

I believe using this method with a browser only works for FTP aka the whole URL with username / password.

 

I suggest you also lower COPY so you see more details.

 

After this it would be a support ticket of nobody else has any other ideas.

 

Check => here <= for the RPRM FAQ as it also includes a troubleshooting section.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 13 of 15
Highlighted
Advisor

Re: DHCP Option 160/161 URN/URL for Resource Manager

Steffen

Thank you for your input and yes, I will submit a more detailed log file to support in order to progress.

 

 

Message 14 of 15
Polycom Employee & Community Manager

Re: DHCP Option 160/161 URN/URL for Resource Manager

Hello @Patrick-J,

as I answered the Resellers question in this case I may also share this with the community.

 

As already explained the URL with the Username and Password embedded only works for FTP but not for HTTP via a browser aka as for example was changed in Chrome:

 

The same is applicable for other browsers like IE or Edge.

 

Using FTP with a username / password combination can be seen in a wireshark trace like this:

 

220-Steffen Baier
220-EMEA T3 Senior Product Support Specialist Team Leader Voice, EMEA Escalatio
220-FileZilla Server 0.9.59 beta
220-written by Tim Kosse (tim.kosse@filezilla-project.org)
220 Please visit https://filezilla-project.org/
USER 580d
331 Password required for 580d
PASS test
230 Logged on

Using HTTP instead:

 

GET /phoneservice/configfiles/0004f275d2a6.cfg HTTP/1.1
Host: 10.252.122.65
Accept: */*
User-Agent: FileTransport PolycomVVX-VVX_410-UA/5.8.0.12848 Type/Application

HTTP/1.1 401 Unauthorized
X-Powered-By: RealPresence Resource Platform
Cache-Control: no-store,max-age=0,must-revalidate
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Security-Policy: default-src 'self';
WWW-Authenticate: Basic
Transfer-Encoding: chunked
Date: Tue, 10 Jul 2018 09:45:31 GMT
Server: false

0

GET /phoneservice/configfiles/0004f275d2a6.cfg HTTP/1.1
Authorization: Basic UGxjbVNwSXA6UGxjbVNwSXA=
Host: 10.252.122.65
Accept: */*
User-Agent: FileTransport PolycomVVX-VVX_410-UA/5.8.0.12848 Type/Application

HTTP/1.1 200 OK
X-Powered-By: RealPresence Resource Platform
Cache-Control: no-store,max-age=0,must-revalidate
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Security-Policy: default-src 'self';
Content-Length: 1643
Date: Tue, 10 Jul 2018 09:45:31 GMT
Server: false

Once you look at the transaction at a byte level you can still see the username / password combination:

 

Hypertext Transfer Protocol
    GET /phoneservice/configfiles/0004f275d2a6.cfg HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /phoneservice/configfiles/0004f275d2a6.cfg HTTP/1.1\r\n]
            [GET /phoneservice/configfiles/0004f275d2a6.cfg HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /phoneservice/configfiles/0004f275d2a6.cfg
        Request Version: HTTP/1.1
    Authorization: Basic UGxjbVNwSXA6UGxjbVNwSXA=\r\n
        Credentials: PlcmSpIp:PlcmSpIp

If you want a truly "secure" environment you would need to setup a secure staging LAN with only a limited DHCP scope and provision phones individually to provide them a new Username / Password. You could also add 802.1x on top for a fully secure environment.

 

Or you could use Polycom ZTP which has a fully secure HTTPS connectivity to the Polycom Cloud and make these changes to the Username / Password and them let the Phone connect to your Setup and the DHCP Server only provides the URL.

 

As the phone talks already HTTPS to the server this is the most secure way.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 15 of 15