Cisco Unified Communications Manager Features and Services Guide, Release 9.1(1)
Proxy TFTP server
Downloads: This chapterpdf (PDF - 1.31MB) The complete bookPDF (PDF - 22.05MB) | Feedback

Proxy TFTP server

Proxy TFTP server

The Cisco Proxy TFTP Server allows all the endpoints in a large-scale deployment to download the configuration file and get registered to the Cisco Unified Communications Manager.

Cisco proxy TFTP server deployment models

Cisco Proxy TFTP Server supports two deployment models.

Cisco proxy TFTP server deployment model 1

For the deployment model illustrated in the following figure, the Primary TFTP Server should have Unified CM version 8.6 (2) or later.

Figure 1. Cisco proxy TFTP server deployment model 1



The two remote clusters - Cluster A and Cluster B have been configured to the Primary TFTP Server. However, you can configure any number of remote clusters to the Primary TFTP Server. Whenever an endpoint sends a request for configuration file, the Primary TFTP Server looks into the local cache and the configured remote clusters. Thus, an endpoint configured to the Primary TFTP Server Cluster, Cluster A and Cluster B can get the configuration file and get registered to the Cisco Unified Communications Manager.


Note


Cisco recommends that you use deployment model 1 for better system performance. However, if you do not wish to change your existing Centralized TFTP (8.6 (1) or earlier), you can use deployment model 2.


Cisco proxy TFTP server deployment model 2

In the deployment model illustrated in the following figure, the centralized Unified CM TFTP server acts as a Primary TFTP server.

Figure 2. Cisco proxy TFTP server deployment model 2



The two remote clusters - Cluster A and Cluster B have been configured to the Primary TFTP Server. However, you can configure any number of remote clusters to the Primary TFTP Server. Two more remote clusters have been added to the Cluster A. Whenever an endpoint sends a request for configuration file, the Primary TFTP Server looks into the local cache and the configured remote clusters (Cluster A and Cluster B). Cluster A further looks into its configured remote clusters (Cluster C and Cluster D). Thus, all the endpoints configured to the Primary TFTP Server Cluster, Cluster A, Cluster B, Cluster C and Cluster D can get the configuration file and get registered to the Cisco Unified Communications Manager.

TFTP setup

Cisco Proxy TFTP Server can be configured manually as well as dynamically. This section provides configuration procedures for TFTP.

Set up TFTP manually

The following procedure provides steps for configuring Cisco Proxy TFTP Server manually in your network. Use the following procedure in conjunction with the

Procedure
    Step 1   Create a new cluster.
    1. In Cisco Unified Communications Manager Administration, choose Advanced Features > Cluster View.
    2. Enter the Cluster Id and Fully Qualified Domain Name.
    Step 2   Check the Enable check box for TFTP service.
    Step 3   Click TFTP hyperlink.

    Remote Cluster Manually Override Configuration window appears.

    Step 4   Choose Manually Configure Remote Service addresses.
    Step 5   Enter IP addresses for the TFTP servers of the remote clusters.
    Step 6   Click Save.

    Set up TFTP dynamically

    Perform the following steps to dynamically configure Cisco Proxy TFTP Server in your network.

    • Configure EMCC.
    • In Cisco Unified Communications Manager Administration, choose Advanced Features > Cluster View > Update Remote Cluster Now.

    Proxy TFTP server and centralized TFTP server

    For large scale deployments, the Centralized TFTP server has the following limitations:

    • Sometimes, endpoints are unable to download the configuration file because the primary TFTP server takes more time to get the configuration file from the alternate TFTP servers. By the time the primary TFTP server gets the file, the endpoints get timed out. As a result, endpoints never get registered to their Unified CM.
    • Only 10 alternate TFTP servers can be added.

    These limitations are not applicable to Cisco Proxy TFTP Server.


    Note


    When a phone requests a common file from a central or proxy TFTP server and that file has a common name such as ringlist.xml.sgn or is a locale file, the TFTP server sends its own local copy of the file instead of the file from the home cluster of the phone. The phone rejects the file due to a signature verification failure because the file has the signature of the TFTP server's local cluster, which does not match the Initial Trust List (ITL) of the phone. To resolve this issue, you can either disable Security By Default (SBD) for the phone or perform the bulk certificate export procedure to make the Trust Verification System (TVS) return a success when the phone verifies a signature from a different cluster. See the procedure in the "Default Security Setup" section of the Cisco Unified Communications Manager Security Guide for performing a bulk certificate export when migrating IP phones between clusters to perform the bulk certificate export. To disable Security by Default, see the procedure to update the ITL file for IP Phones in the Cisco Unified Communications Manager Security Guide.


    Phone behavior with proxy TFTP server

    For phones configured to remote clusters, first-time phone registration may take a few minutes. The time delay is due to Proxy TFTP Server searching for the configuration file in the remote clusters. The delay will vary based on the number of end points and the number of remote clusters configured. However, subsequent registrations will not have any delay.

    Cisco proxy TFTP server system requirements

    The following system requirements exist for Cisco Proxy TFTP Server:

    • Cisco Unified Communications Manager, Release 8.6 (2) or higher
    • Cisco TFTP service - should be activated and in running state

    Cisco proxy TFTP server interactions and restrictions

    This section provides the details of interactions and restrictions for Cisco Proxy TFTP Server.

    Cisco proxy TFTP server interactions

    Cisco TFTP service of the Proxy TFTP server interacts with the TFTP services of the remote clusters. In the Cluster View window ( Advanced Features > Cluster View), for a particular remote cluster, TFTP service can have a maximum of three IP addresses, and Proxy TFTP server will interact with all three IP addresses if they are configured.

    Note


    You must ensure that the Cisco TFTP service is active and in running state on the configured IP addresses.


    When a phone requests a common file from a central or proxy TFTP server and that file has a common name such as ringlist.xml.sgn or is a locale file, the TFTP server sends its own local copy of the file instead of the file from the home cluster of the phone. The phone rejects the file due to a signature verification failure because the file has the signature of the TFTP server's local cluster, which does not match the Initial Trust List (ITL) of the phone. To resolve this issue, you can either disable Security By Default (SBD) for the phone or perform the bulk certificate export procedure to make the Trust Verification System (TVS) return a success when the phone verifies a signature from a different cluster. See the procedure in the "Default Security Setup" section of the Cisco Unified Communications Manager Security Guide for performing a bulk certificate export when migrating IP phones between clusters to perform the bulk certificate export. To disable Security by Default, see the procedure to update the ITL file for IP Phones in the Cisco Unified Communications Manager Security Guide.

    Cisco Proxy TFTP server restrictions

    This section describes the restrictions and limitations of the Cisco Proxy TFTP Server with other Cisco Unified Communications Manager Administration components.

    Registration problems for phones with Security By Default (SBD) loads for previous versions of Cisco Unified Communications Manager 8.0

    For remote cluster TFTP servers that are running on Cisco Unified Communications Manager 8.0 and later, the phones with Security By Default (SBD) load can register to these remote cluster Unified Communications Managers through a Proxy TFTP server. However, for the remote cluster TFTP servers that running on a version that is earlier than Cisco Unified Communications Manager 8.0, the phones with SBD load are unable to register to the remote cluster Unified Communications Managers through a Proxy TFTP server, because the Identity Trust List (ITL) file is unavailable in versions that are earlier than Unified Communications Manager 8.0.

    Use the following procedure to resolve this problem.

    1. Connect the endpoint directly to the remote cluster Unified Communications Manager:
      1. Disable the DHCP option.
      2. Enter the TFTP IP address on the phone manually.
      The phone gets the required SBD load and registers to the Unified Communications Manager.
    2. Enable the DHCP option and reset the phone manually.

    The phone gets registered to the remote cluster through Proxy TFTP.


    Note


    This procedure is applicable only if you have new phones with SBD load or if you plan to move the phones from a Unified Communications Manager with SBD support to a Unified Communications Manager without SBD support. This procedure is not applicable if the number of phones in a cluster is large.


    Registration problems while moving a phone from one remote cluster to another

    When you move a phone from one remote cluster to another, you must delete the old ITL files from the phone, so that it registers successfully to the new Unified Communications Manager.

    Phones take time to register while upgrading the remote cluster

    When a remote cluster is upgraded, phones request the new load file, which must be downloaded to the Proxy TFTP local cache. If you plug in an Ethernet cable to a phone and then set up the phone on the Unified Communications Manager, the phone takes about 30 minutes to register. However, if you set up the phone on the Unified Communications Manager and then plug in the Ethernet cable, the phone is registered immediately.

    Cisco proxy TFTP server installation and activation

    After you install Cisco Unified Communications Manager, your network can support the Cisco Proxy TFTP Server feature if you perform the necessary configuration tasks. For information on configuration tasks that you must perform, see the TFTP setup

    Remote Cluster settings

    In Cisco Unified Communications Manager Administration, use the Advanced Features > Cluster View menu path to configure remote clusters.

    Tips About Finding Remote Clusters

    The Find operation locates only those remote clusters that you added previously. The Find operation does not locate the clusters that belong to the enterprise automatically.

    Using the GUI

    For instructions on how to use the Cisco Unified Communications Manager Administration Graphical User Interface (GUI) to find, delete, configure, or copy records, see the “Navigating the Cisco Unified Communications Manager Administration Application” section in the Cisco Unified Communications Manager Administration Guide and its subsections, which explain how to use the GUI and detail the functions of the buttons and icons.

    Configuration Settings Table

    The following table provides detailed descriptions of the remote cluster settings that you configure in the Cluster View window (Advanced Features > Cluster View).

    Table 1 Remote Cluster Settings

    Field

    Description

    Remote Cluster Information

    Cluster Id

    Enter the cluster ID of the remote cluster.

    Valid values include alphanumeric characters, period (.), and hyphen (-).

    Description

    Enter a description for the remote cluster.

    This field accepts up to 128 characters. You may use any character except quotes (“), close angle bracket (>), open angle bracket (<), backslash (\), dash (-), ampersand (&), and percent sign (%).

    Fully Qualified Name

    Enter the fully qualified name of the remote cluster/IP address.

    This field accepts up to 50 characters and allows the following characters: alphanumeric (a through z, A through Z, and 0 through 9), period (.), dash (-), asterisk (*), and space ( ).

    Remote Cluster Service Information

    EMCC

    For the EMCC service, the following column headings detail the configuration for this service:

    • Enabled—If the EMCC service is enabled, this box gets checked.
    • Service—This entry specifies the EMCC service.
    • Remote Activated—Valid values specify true or false.
    • Address 1—This column lists the first address for this service.
    • Address 2—This column lists the second address for this service.
    • Address 3—This column lists the third address for this service.

    PSTN Access

    For the PSTN access, the following column headings detail the configuration for this service:

    • Enabled—If the PSTN access is enabled, this box gets checked.
    • Service—This entry specifies the PSTN access
    • Remote Activated—Valid values specify true or false.
    • Address 1—This column lists the first address for this service.
    • Address 2—This column lists the second address for this service.
    • Address 3—This column lists the third address for this service.

    RSVP Agent

    For the RSVP agent, the following column headings detail the configuration for this service:

    • Enabled—If the RSVP agent is enabled, this box gets checked.
    • Service—This entry specifies the RSVP agent
    • Remote Activated—Valid values specify true or false.
    • Address 1—This column lists the first address for this service.
    • Address 2—This column lists the second address for this service.
    • Address 3—This column lists the third address for this service.

    TFTP

    For the TFTP service, the following column headings detail the configuration for this service:

    • Enabled—If the TFTP service is enabled, this box gets checked.
    • Service—This entry specifies the EMCC service.
    • Remote Activated—Valid values specify true or false.
      Note   

      The value of the Remote Activated column is set to true whenever remote IP addresses are configured either manually or dynamically.

    • Address 1—This column lists the first address for this service.
      Note   

      When you upgrade from Cisco Unified Communications Manager 8.6 (1) to Cisco Unified Communications Manager 8.6 (2) or later, Address 1 is automatically updated by the system. However, if this field is blank after the upgrade due to some reason such as DNS lookup failure, you must manually update it with the appropriate IP address of the TFTP service.

    • Address 2—This column lists the second address for this service.
    • Address 3—This column lists the third address for this service.

    Enabled All Services

    Click this button to enable all services (EMCC, PSTN Access, and RSVP Agent).

    Disabled All Services

    Click this button to disable all services (EMCC, PSTN Access, and RSVP Agent).

    Update Remote Cluster Now

    Click this button to update the remote cluster immediately.

    Remote cluster manually override settings

    The following table provides detailed descriptions of the remote cluster settings that you configure in the Remote Cluster Manually Override Configuration window (Advanced Features > Cluster View > TFTP).

    Field

    Description

    Use automatically determined remote server addresses

    Choose this option to use automatically-determined remote server addresses.

    Manually configure remote server addresses

    Choose this option to manually configure remote server addresses.

    Address 1

    Enter the first address of the TFTP service.

    Address 2

    Enter the second address of the TFTP service.

    Address 3

    Enter the third address of the TFTP service.