Axeos PBX 4.0 supports zero-touch autoprovisioning for Yealink and Snom SIP phones, greatly reducing installation time.
PBX Address
Please check the PBX Address setting in menu Communication/Phones/Global Settings and if neccessary choose an address (dns must resolve).
Phones
If you want a phone to be zero-touch provisioned you need to set vendor auto-provisioning to ‘on’ in the phone (Communication/Phones), choose the phone type and enter the phone device MAC address.
Settings (zero-touch provisioning)
You can enable/disable zero-touch provisioning in Communication/Provisioning through Setttings.
You can enable or disable auto-provisioning by setting this option on/off Provisioning host (the pbx IP or pbx hostname).
Secure provisioning host CA list: currently snom and yealink are supported.
Snom phone firmware caveats
- Please be aware that the TLS implementation is broken in Snom firmware 8.7.5.25. In order to use provisioning we recommend upgrading your Snom devices to at least 8.7.5.35.
- If you wish to use V10 Snom firmware, you will need to upgrade to Axeos PBX release 4.1.9 (available soon).
- As of firmware version 10, Snom has decided to force server identity verification. This verification cannot be disabled because that would create a security weakness for the Snom Phones. The phone will reject all secure connections from peers offering an unknown certificate that could not be verified by one of the built-in CAs of the Snom phone, or one that is uploaded as a custom certificate and set as an exception.
- Let’s Encrypt or e.g. Comodo DST root certificates are built-in in the v10 firmware, so you use Let’s Encrypt or Comodo certificates in the vpbx all is expected to work well. Most commonly used CAs are okay.
- Self-signed pbx certificates are uploaded to the Snom device in our provisioning process as a custom certificate and set as an exception.
- Snom V10 firmware uses a different equipment certificate which we included in 4.1.9 to properly zero-touch provision Snom devices that run v10 firmware.
- As of firmware version 10, Snom has decided to force server identity verification. This verification cannot be disabled because that would create a security weakness for the Snom Phones. The phone will reject all secure connections from peers offering an unknown certificate that could not be verified by one of the built-in CAs of the Snom phone, or one that is uploaded as a custom certificate and set as an exception.