Unified Communications

 View Only
  • 1.  Best Practices for SIP Passwords (Especially for Remote Workers)

    Posted 03-17-2022 11:09 AM

    So I am trying to get my head wrapped around some concepts that are still a bit new to me... (So apologize now for some rudimentary questions)

    We are pathing our way to using J-Series SIP Phones and Avaya Workplaces... I understand that the interface between Avaya Workplaces and our infrastructure will pass through both the SBC/AADS (For authentication) and we have this working in a very basic fashion... I may be advising our enterprise to also look at adding the 2 Factor Authentication system we currently use as well. So I have a pretty basic understanding of this setup (No expert here), but was wondering how other enterprises have their AADS setup, and any pitfalls we need to be watching for.

    But a question that keeps coming up is, how do we handle the physical J Series phones, and their SIP Passwords required to authenticate?  We know that it has to be highly complex (Because we don't want them hacked from the outside world), but we don't want the end user to have to memorize a long complex password just to get their J Series phone working (and I am talking both for Internal Users, as well as any Remote Users we may issue a J Series phone too).

    In our testing of J Series phones, we have manually configured a SIP Password to assign to the phone, but to do this for a large enterprise is not sustainable, so is there any suggestions on how we should be approaching this? I know that the SMGR can generate a random password, but I missing the step on how that can be passed to the J Series phone.

    Again - sorry for some very vague/basic questions here, I am learning this whole process on the fly, so it's been a little bit all over.


    James Davis
    Voice and Data Senior Engineer
    University of Nebraska Medical Center
    Omaha NE

  • 2.  RE: Best Practices for SIP Passwords (Especially for Remote Workers)

    Posted 03-18-2022 11:00 AM

    One option for physical Avaya phones (J-series and 96x1SIP) is to require the MAC address.   The SBC 8.x and above can be configured to allow registration by model for only specific MACs and the 46xxsettings.txt can be setup with a "GET $MACADDR.txt" statement.  You'd then have separate files (or a script on the server to fetch the info from a DB) that provides the phones with its login credentials via the SET FORCE_SIP_USERNAME and SET FORCE_SIP_PASSWORD statements.   This doesn't work so well for randomly generated passwords but perhaps somebody more familiar with AADS knows how to get AADS to provide that in same way it does for the Workplace client.



    Sam Osheroff

    UC Operations Engineer

    IT Infrastructure Telecom Operations

    University of Washington


    Internal: x16362 Direct: 206.221.6362