Jump to content

Provisioning bug (mainly M9 with the XML file)


SFX Group
 Share

Recommended Posts

I have noticed something, with my M9 base unit i use the provisioning URL

http://192.168.1.63:8080/prov/snom-m9-000413304B3D.xml

This uses the MAC address of the base unit, however the below file is returning (you notice it has different MAC addresses in them, and these MAC addresses are for a workstation on the network. (its doing this with the SNOM 360 settings URL as well...!!!)

 

<setting-files>
<file url="http://192.168.1.63:8080/prov/snom-m9-firmware-0019D11CD87A.xml"/>
<file url="http://192.168.1.63:8080/prov/snom-m9-settings-0019D11CD87A.xml"/>
</setting-files>

 

I currently have the M9 plugged in to the PC port of a SNOM 360, so how did a computer MAC address end up in the returning file form SNOM one? This would explain why the M9 isn't getting provisioned, also there are no extension folder being created in the below tree actually on the SNOM ONE server (as its windows i can check it) , so what's up with the server? Its version 2011-4.3.0.5021 (Win64)

 

install/generated/domain/extension

Link to comment
Share on other sites

I have noticed something, with my M9 base unit i use the provisioning URL

http://192.168.1.63:8080/prov/snom-m9-000413304B3D.xml

This uses the MAC address of the base unit, however the below file is returning (you notice it has different MAC addresses in them, and these MAC addresses are for a workstation on the network. (its doing this with the SNOM 360 settings URL as well...!!!)

 

0019D1 is a MAC from Intel. Is that the PC of the PC running the PBX? All snoms have 000413. If yes, there is probably some routing issue from one interface to another. MAC addresses only change on router level, not on switch level.

 

I currently have the M9 plugged in to the PC port of a SNOM 360, so how did a computer MAC address end up in the returning file form SNOM one? This would explain why the M9 isn't getting provisioned, also there are no extension folder being created in the below tree actually on the SNOM ONE server (as its windows i can check it) , so what's up with the server? Its version 2011-4.3.0.5021 (Win64)

 

The m9 should also get provisioned even if it crosses a router. Did you assign the m9 MAC address into an extension on the PBX? Then it should actually verify the certificate from the m9 and ignore what is coming from the interface.

Link to comment
Share on other sites

0019D1 is a MAC from Intel. Is that the PC of the PC running the PBX? All snoms have 000413. If yes, there is probably some routing issue from one interface to another. MAC addresses only change on router level, not on switch level.

 

 

 

The m9 should also get provisioned even if it crosses a router. Did you assign the m9 MAC address into an extension on the PBX? Then it should actually verify the certificate from the m9 and ignore what is coming from the interface.

 

I am a network specialist, IP / MAC routing is something i do, however i dont know the inside of Snom One so can only comment on what i see, however to answer...

 

000413304B3D is the MAC address of the M9 base unit (and is correct)

0019D11CD87A is the MAC address of an Intel desktop board, and is not running SNOM, it is used to access the web interface of Snom One, however i cant see any reason why Snom would have got hold of this MAC address.

 

I would like to add here, no extenstion folder has been created in the SNOM directory structure for this extenstion either, however now using TFTP it seems to be sending all the correct provision details to the M9 when looking at the log file in the M9 base unit web interface,.

 

My question is, why would the correct http XML file have a MAC address of a completely different machine as this remains a very odd and major issue.

 

There is a 3COM switch onsite (not managed) and a Watchgaurd Firewall (x550e not a cheap unit) which handles DHCP, however the Intel MAC address is not DHCP so cant be a mix up in the Watchgaurd firewall.

Link to comment
Share on other sites

000413304B3D is the MAC address of the M9 base unit (and is correct)

0019D11CD87A is the MAC address of an Intel desktop board, and is not running SNOM, it is used to access the web interface of Snom One, however i cant see any reason why Snom would have got hold of this MAC address.

 

Okay, probably you accessed the PBX with the URL from the m9 from the web browser of the PC. Then you would see that MAC.

 

I would like to add here, no extenstion folder has been created in the SNOM directory structure for this extenstion either, however now using TFTP it seems to be sending all the correct provision details to the M9 when looking at the log file in the M9 base unit web interface,.

 

My question is, why would the correct http XML file have a MAC address of a completely different machine as this remains a very odd and major issue.

 

When you "trust the MAC" in the PnP, the PBX reads out the MAC from the IP table of the host to find out where the request came from. The MAc acts like a token, with a low trust level (that's why there is a flag to control this). Once you start using username and passwords or certificates that contain the token, the MAC layer trust is not needed.

 

There is a 3COM switch onsite (not managed) and a Watchgaurd Firewall (x550e not a cheap unit) which handles DHCP, however the Intel MAC address is not DHCP so cant be a mix up in the Watchgaurd firewall.

 

I now also dont think that the packet crossed a router; it was probably because the PC did access the PBX directly and the PBX saw the MAC of the PC. The phone switch is a switch, not a router so that also can't be the problem.

 

One more thing that you could check (with Wireshark on the PBX), if the PC has some spyware running trying to steal all traffic from the PC. The RARP attack is one way to relay all traffic through the PC.

Link to comment
Share on other sites

Okay, probably you accessed the PBX with the URL from the m9 from the web browser of the PC. Then you would see that MAC.

 

This sounds like its resolved then, i tried that same URL from a different PC and the returned contents MAC address matched that PC as well (so changed).

 

This means when the phone requests it it should get the phones MAC address, which is good, i do have trust MAC address enabled inside Snom ONE.

 

So one last thing here is the folder that is named after the extenstion number inside the "generated" folder in Snom ONE isnt getting generated, how do i track this down?

Link to comment
Share on other sites

So one last thing here is the folder that is named after the extenstion number inside the "generated" folder in Snom ONE isnt getting generated, how do i track this down?

 

There is a option if those files shoul be generated to the file system or just being logged ("Write PnP generated files" in the PnP section). Maybe it is set to false.

Link to comment
Share on other sites

There is a option if those files shoul be generated to the file system or just being logged ("Write PnP generated files" in the PnP section). Maybe it is set to false.

 

Hi, Thats fixed it, i set the PnP to write to file, this has created the files..... Going to play with the URL in the Provisioning now to see if it gets the details it should, i have also turned of the trust MAC address feature so its locked to what it has.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...