Device Onboarding via Activation Codes

Activation Codes Overview

Activation codes make onboarding newly provisioned phones easy. An activation code is a single-use, 16-digit value that a user must enter on a phone while registering the phone. Activation codes provide a simple method for provisioning and onboarding phones without requiring an administrator to collect and input the MAC Address for each phone manually. This method is a simple alternative to autoregistration that you can use this method to provision a large number of phones, a single phone, or even to re-register existing phones.

Activation codes provide the following benefits:

  • Onboarding using activation codes ensures that all newly provisioned phones or untrusted phones have their Manufacturing Installed Certificate (MIC) assessed and verified by Unified Communications Manager.


    Note

    Cisco Manufacturing Root certificates must be present in the CallManager-trust store to perform onboarding activity.

  • No need to manually enter actual MAC addresses. Administrators can use dummy MAC addresses and the phone updates the configuration automatically with the real MAC address during registration.

  • No need to deploy an IVR, such as TAPS, to convert phone names from BAT to SEP.

Phone users can obtain their activation codes via the Self-Care Portal, provided the Show Phones Ready to Activate enterprise parameter is set to True. Otherwise, administrators must provide the codes to phone users.


Note

When you provision with dummy MAC addresses, activation codes are tied to the phone model. You must enter an activation code that matches the phone model in order to activate the phone.

For added security, you can provision the phone with the actual MAC address of the phone. This option involves more configuration because the administrator must gather and input each phone's MAC address during provisioning, but provides greater security because users must enter the activation code that matches the actual MAC address on their phone.

Onboarding Process Flow in

Following is the process flow for onboarding new phones via activation codes when dummy MAC addresses are used:

  1. Administrator sets the configuration to require the user to enter an activation code for onboarding.

  2. Administrator provisions and configures the phone. If dummy MAC addresses are being used, the administrator does not enter the actual MAC address.

  3. Phone gets an IP address for TFTP via a DHCP opt 150, or from an alternate TFTP as configured in Phone settings. The phone downloads the XMLDefault file, and detects that an activation code is in use.

  4. The user enters the activation code on the phone.

  5. The Phone authenticates to Cisco Unified Communications Manager via the activation code and manufacturer-installed certificate.

  6. The Phone requires the TVS service when the activation code is used for onboarding phones. The ITL file provides this TVS function which contains the certificate of the TVS service that runs on the Unified CM server TCP port 2445.

  7. Cisco Unified Communications Manager updates the device configuration with the actual MAC address. The TFTP server sense the device configuration to the phone, allowing the phone to register. Note that device registration can be up to five minutes.


    Note

    It's recommended to add an additional subscriber to the default communication manager group for on-premise activation code onboarding. Else, when the node in the default communication manager group goes down, you may face onboarding issues.

Activation Code Prerequisites

As of Release 12.5(1), the following Cisco IP Phone models support onboarding via activation codes: 7811, 7821, 7832, 7841, 7861, 8811, 8841, 8845, 8851, 8851NR, 8861, 8865, and 8865NR.

Self Care Portal

If you plan to have your users use the Self Care Portal to onboard their phones, you need to set the portal up beforehand so that your users will have access. For details, go to "Self Care Portal" chapter of the Feature Configuration Guide for Cisco Unified Communications Manager.

Device Onboarding with Activation Codes Task Flow

Complete these tasks to onboard new phones using activation codes.

Procedure

  Command or Action Purpose

Step 1

Activate the Device Activation Service

The Cisco Device Activation Service must be running in Cisco Unified Serviceability.

Step 2

Set Registration Method to use Activation Codes

Under Device Defaults, set the default registration method to use Activation Codes for supported phone models.

Step 3

Provision phones with activation code requirement. Following are two provisioning example options:

Cisco Unified Communications Manager has a variety of provisioning methods, including the options on the left. Whichever method you choose, make sure the Requires Activation Code for Onboarding check box is checked within that phone's Phone Configuration.

Step 4

Activate Phones

Distribute activation codes to users. Users must enter the code on the phone in order to use the phone.

Activate the Device Activation Service

To use activation codes, the Cisco Device Activation Service must be running in Cisco Unified Serviceability. Use this procedure to confirm the service is running.

Procedure

Step 1

From Cisco Unified Serviceability, choose Tools > Service Activation.

Step 2

From the Server drop-down, choose the Unified Communications Manager publisher node and click Go.

Step 3

Under CM Services, confirm that the Status of the Cisco Device Activation Service says Activated.

Step 4

If the service is not running, check the adjacent check box and click Save.

What to do next

Set Registration Method to use Activation Codes

Set Registration Method to use Activation Codes

Use this procedure to configure the system defaults so that phones of a specific model type will use activation codes to register with Unified Communications Manager.

Procedure

Step 1

From Cisco Unified CM Administration, choose Device > Device Settings > Device Defaults.

Step 2

In the Device Defaults Configuration window, select the device type that will use activation codes for registration in the Dual Bank Information section, and change Onboarding Method from Auto Registration to Activation Code.

Step 3

Click Save.

Note

 

When device default is set to Activation Code, and if Auto Registration is earlier used for phone types, subsequent addition of new phones should follow Activation Code Onboarding or Manual Configuration of Phone (Using MAC address) and Registration.

For more information, see Add Phone with Activation Code Requirement and Add Phones with Activation Codes via Bulk Administration section to provision new phones.

Add Phone with Activation Code Requirement

Use this procedure if you want to provision a new phone with an activation code requirement.

Before you begin

Configure Universal Device and Line Templates with the settings that you want to apply as it makes the provisioning process faster.

Note
If you choose not to use templates, you can add a new phone and configure settings manually, or add settings via a BAT Template. In each case, the Requires Activation Code for Onboarding check box must be checked in the Phone Configuration window.

Procedure

Step 1

From Cisco Unified CM Administration, choose Device > Phone.

Step 2

Click Add New From Template to add settings from a universal line or device template.

Step 3

From the Phone Type drop-down menu, select the phone model.

Step 4

In the MAC Address field, enter a MAC address. With activation codes, you can use a dummy MAC address or the phone's actual MAC address.

Step 5

From the Device Template drop-down, select a template such as an existing Universal Device Template with the settings ou want to apply.

Step 6

From the Directory Number field, select an existing directory number, or click New and do the following:

  1. In the Add New Extension popup, enter a new directory number and a Line Template that contains the settings you want to apply.

  2. Click Save and then click Close.

    The new extension appears in the Directory Number field.

Step 7

Optional. From the User field, select the User ID that you want to apply to this phone.

Step 8

Click Add.

Step 9

Check the Requires Activation Code for Onboarding check box.

Step 10

Configure any other settings that you want to apply. Refer to the online help for help with the fields and their settings.

Step 11

Click Save, and then click OK.

The Phone Configuration generates the new activation code. Click View Activation Code if you want to view the code.

What to do next

Activate Phones

Add Phones with Activation Codes via Bulk Administration

This optional task flow contains a provisioning example using Bulk Administration Tool's Insert Phones feature to provision a large number of phones in a single operation. These phones will use activation codes for registration.

Procedure

  Command or Action Purpose

Step 1

Configure BAT Provisioning Template

Configure a BAT Template that contains the settings that you want to apply to provisioned phones.

Step 2

Create CSV File with New Phones

Create a CSV file that contains the new phones that you want to add.

Step 3

Insert Phones

Use Bulk Administrations's Insert Phones function to add the new phones to the database.

Configure BAT Provisioning Template

Use this procedure to create a phone template with common settings that you can apply via Bulk Administration to newly provisioned phones of a specific phone model.
Before you begin
This procedure assumes that your users are already deployed on the system and that you have already set up device pools, SIP profiles, and phone security profiles that meet your needs.
Procedure

Step 1

From Cisco Unified CM Administration, choose Bulk Administration > Phones > Phone Template.

Step 2

Click Add New.

Step 3

From the Phone Type drop-down, select the phone model for which you want to create a template.

Step 4

Enter a Template Name.

Step 5

Check the Require Activation Code for Onboarding check box.

Step 6

Configure values for the following mandatory fields:

  • Device Pool
  • Phone Button Template
  • Owner User ID
  • Device Security Profile
  • SIP Profile

Step 7

Complete any remaining fields in the Phone Template Configuration window. For help with the fields and their settings, refer to the online help.

Step 8

Click Save.

What to do next
Create CSV File with New Phones

Create CSV File with New Phones

Use this procedure to create a new csv file with your new phones.

Note
You can also create your csv file manually.
Procedure

Step 1

From Cisco Unified CM Administration, choose Bulk Administration > Upload/Download Files.

Step 2

Click Find.

Step 3

Select and download the bat.xlt spreadsheet.

Step 4

Open the spreadsheet and go to the Phones tab.

Step 5

Add your new phone details to the spreadsheet. If you are using dummy MAC addresses, leave the MAC Address field empty.

Step 6

When you are done, click Export to BAT Format.

Step 7

From Cisco Unified CM Administration, choose Bulk Administration > Upload/Download Files.

Step 8

Upload the csv file.

  1. Click Add New.

  2. Click Choose File and select the csv file for uploading.

  3. Select Phones as the target.

  4. Select Insert Phones - Specific Details for the transaction type.

  5. Click Save.

What to do next
Insert Phones

Insert Phones

Use this procedure to insert new phones from a csv file.
Procedure

Step 1

Select Bulk Administration > Phones > Insert Phones.

Step 2

From the File Name drop-down, select your csv file.

Step 3

From the Phone Template Name drop-down, select the provisioning template that you created.

Step 4

Check the Create Dummy MAC Address check box.

Note

 
For added security, you can add actual MAC addresses to the csv file such that the activation code works only for the phone with the matching MAC address. In this instance, leave this check box unchecked.

Step 5

Check the Run Immediately check box to run the job right away. If you choose to run the job later, you must schedule the job in the Bulk Administration Tool’s Job Scheduler.

Step 6

Click Submit.
What to do next
Activate Phones

Activate Phones

After provisioning, distribute activation codes to your phone users so that they can activate their phones. Following are two options for gathering and distributing activation codes:

  • Self-Care Portal—Phone users can log in to the Self-Care Portal in order obtain the activation code that applies to their phone. They can either input the code on the phone manually, or use their phone's video camera to scan the barcode that displays in Self-Care. Either method will work. To use Self-Care to activate the phone, the Show Phones Ready to Activate enterprise parameter must be set to True in Cisco Unified Communications Manager (this is the default setting).


    Note
    For additional requirements on how to configure user access for the Self-Care portal, see the "Self-Care Portal" chapter of the Feature Configuration Guide for Cisco Unified Communications Manager.

  • CSV File—You can also export the list of outstanding users and activation codes to a csv file, which you can then distribute to your users. For a procedure, see Export Activation Codes.

Registration Process

Phone users must enter the activation code on their phone in order to use their phones. After a phone user enters the correct activation code on the phone, the following occurs:

  • Their phone authenticates with Cisco Unified Communications Manager.

  • The phone configuration in Cisco Unified Communications Manager updates with the actual MAC address of the phone.

  • The phone downloads the configuration file and any other relevant files from the TFTP server and registers with Cisco Unified Communications Manager.

What to do Next

The phone is now ready to use.

Export Activation Codes

Use this procedure to export a csv file of activation codes along with their corresponding phones and users. You can use this file to distribute activation codes to your users.
Procedure

Step 1

From Cisco Unified CM Administration, choose Device > Phone.

Step 2

From Related Links, select Export Activation Codes and click Go.

Additional Tasks for Activation Code

The following table lists additional tasks that you may need for activation codes.

Task

Procedure

Generate activation codes for registered phones

If you want to generate an activation code for an already-registered phone:

  1. From Cisco Unified CM Administration, choose Device > Phone.

  2. Search for and open the Phone Configuation for the phone for which you want to generate an activation code.

  3. Check the Requires Activation Code for Onboarding check box and click Save.

Regenerate activation codes for unregistered phones

To generate a new activation code for an unregistered phone, such as may be required if the activation process for a new phone fails, do the following:

  1. From Cisco Unified CM Administration, choose Device > Phone.

  2. Search for and open the Phone Configuation for the phone for which you want to generate an activation code.

  3. Click Release Activation Code

  4. Click Generate New Activation Code and click Save.

Set Optional Activation Code Parameters

If you want to configure optional service parameters for activation codes.

  1. From Cisco Unified CM Administration, choose System > Service Parameters.

  2. From the Server drop-down, select the publisher node.

  3. From the Service drop-down, select Cisco Device Activation Service.

  4. Configure a value for the following optional service parameters. For help with the settings, refer to the context-sensitive help

    • Activation Time to Live (Hours)—The number of hours that an activation code remains active. The default is 168

    • Enable Mobile and Remote Access Activation—Set this to True (the default setting) to enable Mobile and Remote Access activation.

    • Mobile and Remote Access Activation Domain—The domain where Mobile and Remote Access device activation takes place.

  5. Click Save.

Activation Code Use Cases

The following table highlights sample use cases with device onboarding via activation codes.

Use Case

Description

Replace an existing phone

Activation codes make it easy to replace existing phones. For example, let’s say that a remote worker needs a new phone as their phone is damaged.

  • The administrator opens the Phone Configuration settings for the damaged phone in Unified Communications Manager.

  • The administrator blanks out the MAC Address, checks the Requires Activation Code for Onboarding check box, and clicks Save.

  • The user acquires a new phone of the same phone model, and plugs their phone into the network.

  • The user logs in to Self-Care to get their activation code, and inputs the code on the phone. The phone onboards successfully.

Note

 
In this scenario, the user can onboard any new phone so long as it is the same phone model as the damaged phone. In a more secure environment, the administrator may need to provision a replacement phone to replace the old phone (see below).

Secure shipping of new phone with activation codes

In a more secure environment where you can ensure that phone shipping process is secure by ting the activation code to a specific MAC address as follows:

  • The administrator provisions a new phone in Unified Communications Manager.

  • In the Phone Configuration settings for the new phone, the administrator enters the phone’s actual MAC Address and checks the Requires Activation Code for Onboarding check box.

  • The administrator packages the phone and ships the phone to the user.

  • The user plugs the new phone into the network.

  • The user logs in to Self-Care to get the activation code, enters the code on the phone. The phone onboards successfully.

Note

 
In this scenario, the user can onboard only that specific phone.

Secure shipping of new phone (autoregistration)

As an alternative to activation codes, you can also use autoregistration and TAPS to securely ship phones to a remote worker:

  • In the Device Defaults Configuration, the administrator makes sure that the Onboarding Method for the phone model is Autoregistration.

  • The administrator provisions a new phone in Unified Communications Manager. In the Phone Configuration for the new phone, the administrator blanks out the phone’s actual MAC Address.

  • The administrator packages the phone and ships the phone to the user.

  • The user plugs the new phone into the network, and lets it autoregister.

  • The user uses TAPS to map the autoregistered record back to the old record.

Note

 

This scenario requires you to configure both autoregistration and TAPS.

Re-onboarding phones via autoregistration

You can switch onboarding methods for specific phone models between Activation Codes and Autoregistration via the Onboarding Method field in the Device Defaults Configuration window.

Note

 
If you want to re-onboard an existing phone via autoregistration, you must delete the existing record from the database for autoregistration to work.