SIP Endpoints in Cisco CUCM – X-Lite As an Example

Author
William Bell
Vice President, Solutions and Products

Why am I writing this?

First, I just wanted to add some 3rd party SIP phones to CUCM to start testing feature behaviors.  X-Lite seemed like a reasonable choice as it was free and apparently pretty popular.  Second,  the resources I have found on-line, including CouterPath’s own write up (which is a bit dated) and an article on Cisco’s “community” collaboration site, were just too light on details.  The examples would have things like this:

Account Setup

Display Name: 1234
User Name: 1234
Authorized User Name: 1234

I ask you, what am I supposed to do with that if I try to deploy this application in the real world?  Now, I am not saying that I am going to cover all bases adequately in this example.  Every one of us has a slightly different environment that we operate in.  But, I hope to provide some examples to give you a better feel for how to add 3rd Party SIP endpoints to the CUCM.  I like X-Lite, so I am using it as the example.

Versions and other information.

For my testing I used CUCM 7.1.3.31900-1 (that is 7.1(3b)SU1 for the uninitiated).  The X-Lite version is 3.0.  From looking at some of the examples on line (dating back to CUCM 5.0), the basic configuration we are going to discuss is pretty applicable to all CUCM appliance models.  I suspect that procedures for 6.0 to 7.1 would be near identical.

It all starts with a download.

First, you will need to download the X-Lite application here.  The install is pretty straight forward and relatively quick.

Configure CUCM

I like to get the station configured in CUCM before I start playing around with the client.  In CUCM you will need to create a SIP device and a user object.  You will need to make some associations between the two and perform some other ancillary activities in preparation.

Add a SIP Security Profile

I suppose you could consider this an optional step if you don’t mind SIP endpoints just registering to your CUCM cluster without a password.  I don’t, so we are going to create a SIP security profile that forces the use of Digest Authentication.  If you go with the standard SIP security profile, digest authentication is not used.  This means that a client can connect by simply providing the extension number and a user ID.

NOTE: In the X-Lite configuration examples I have seen, it is suggested that you specify the password
you assigned to the user in CUCM when you configure the Account Settings in X-Lite. This is incorrect.

Connect to your CUCM server (http://mycucm/ccmadmin) and go to System->Security Profile->Phone Security Profile.  Search for profiles that contain the string “third-party” and copy the profile named “Third-party SIP Device (Basic) – Standard SIP Non-Secure Profile”.  Configure the new profile as follows:

Save your settings.

Add the User

Go to User Management->End User.  You can add a new user or use an existing user.  You can also use a user that was replicated from LDAP using the DirSync service.  The information you need to configure (values shown are used in our example):

  • User ID: bbellsip
  • Password: (this is not used by X-Lite, but you should always have one)
  • PIN: (this is not used by X-Lite, but … you get the idea)
  • Last Name: Bell
  • First Name: Bill
  • Digest Credentials: *******  (this is used by X-Lite!)

Click on Save.  We will come back to the user object in a moment.

Add the SIP Phone

Go to Device->Phone.  Click on Add and select “Third-Party SIP Device (Basic)”.  At a minimum, you should configure the following settings (values shown are used in our example):

  • MAC Address:  DEADBEEF0000 (set it to something unique, it doesn’t matter to X-Lite)
  • Description:  Bill Bell X-Lite (set it to something meaningful to you, it doesn’t matter to X-Lite)
  • Device Pool:  HQ_User-SoftPhone_CSS (You should use a device pool that makes sense in your environment. I like to stick my softphones in a separate bucket.  You will want to make sure that if you are using regions, to keep everything G.711.  The free X-Lite doesn’t support G.729 or other CODEC.  Also, a Cisco tidbit – the default inter-region CODEC is G.729)
  • Calling Search Space: HQ_User-Std_CSS (this should be a CSS that fits into your dial plan, just like a standard Cisco SCCP station)
  • Device Security Profile: Third-party SIP Device (Basic) – Digest Required
  • Owner User ID: bbellsip
  • Digest User ID: bbellsip

Other phone parameters can use the default settings.  I didn’t test Device Mobility yet.  I played with Presence subscriptions with marginal success (later blog maybe).  I also tested Trusted Relay Point (TRP) and it worked as it should (TRP will be a topic in a later blog).

Click on Save.  After saving the phone, you can add an extension.  Add the extension as you normally would.  The bare minimum settings I used for testing:

  • Directory Number: 2025550208  (I use 10d extensions)
  • Partition: CL_DN-1_PT (place the DN in your “phones” partition)
  • CSS: Apply line level CSS per your design
  • Voicemail Profile: Use the VM profile that you normally would
  • Call Forwarding: Configure Call Forwarding as you would normally, for example CFNA and CFB to voicemail
  • Display and Alerting:  Configure these as you would like

Click on Save.

Edit User Object

Now go back to the user you are assigning this soft phone to (e.g. bbellsip).  Edit the user object.  Go to Device Associations and associate the device you just created.

Click on Save.

Configure X-Lite

Launch the X-Lite application.  You may get prompted for software updates, etc.  After the application loads, you will have a screen similar to the following:

Right click on the “LCD Screen” and choose Account Settings.  Click on Add to create a new SIP account.  Go to the “Account” tab and configure as follows:

The figure above gives you some guidance on what should be configured in each field and what needs to match CUCM configuration fields.  It should be noted that you can use DNS names in the Domain field.  I did some testing with SRV records.  I found that if you have an SRV record for SIP (e.g. _sip._udp.netcraftsmen.net) that is configured with the correct UDP port (5060), the X-Lite client will query your DNS domain for the SRV record and register. 

Click on OK.  If you setup everything correctly, you should see a screen similar to the following:

 

Dial Plan

You’ll notice in the Account settings screen that there was a dial plan field.  If you want the user experience on the X-Lite phone to mimic what your CUCM dial plan does for standard SCCP phones, then you will need to configure the dial plan on the X-Lite client.  Otherwise, your users will need to dial the phone number they wish to reach and click on the dial button (green phone going offhook) a second time to place the call.  This is because the X-Lite phone doesn’t support the Key Press Markup Language (KPML).  Also, SIP Dial Rules in CUCM don’t apply to third-party SIP devices, so you are left with little option.

The X-Lite dial plan syntax is provided in Appendix-B of the X-Lite User guide.  It would take some typing to cover all of the details.  But we’ll give one example:

0|911|9911|[2-8]xxxx|9xxxxxxxxxx;match=1;replace=50207;match=2;pre=9

The above string will translate “0” to “50207” and immediately route the number.  The 911 and 9911 are also immediately routed, with the 911 (match=2) having a 9 prefixed.  There is also a 5-digit pattern for abbreviated extension dialing and an offnet pattern example.  There are lots of variations and definitely a few things missing form the above string to match all dial plan behaviors.  The goal is to mimic the digit patterns and lengths that your users are used to dialing. Have fun!

Voice Mail

I tested the X-Lite application with voicemail (Cisco Unity Connection).  This was relatively straight forward.  You configure the Unity Connection mailbox as you normally would and you configure the line forwarding settings in CUCM to redirect callers to voicemail during busy and no-answer events.  In X-Lite, you configure the SIP account Voicemail tab and enter the voicemail pilot number.  Use the pilot number you assigned to the voicemail profile in CUCM. The MWI notification functions as shown in the following figure.

 

When you see the MWI envelope, you can click on it with your mouse and if you configured the voicemail pilot number correctly in X-Lite, you should be sent to your voicemail system and prompted to logon.

Conclusion

Well, I am still playing around with the application and I have not concluded whether I would deploy this in a production environment or not.  A few features don’t behave the way I would like them but that could be I am not configuring them correctly.  If something substantial is discovered I will plan on posting the findings here.

 


William Bell is the Collaboration Practice Lead for Chesapeake NetCraftsmen. Bill has over 10 years of experience in the IT industry with a focus on communication and collaboration technologies. In addition to blogging on the NetCraftsmen site, Bill also maintains the UC Guerrilla blog: http://ucguerrilla.com. You can follow Bill on Twitter: @ucguerrilla

46 responses to “SIP Endpoints in Cisco CUCM – X-Lite As an Example

  1. Thanks for the tutorial and I think this one has just the right amount of detail. I had a problem registering my SIP phone initially but I finally got it when I added the Digest User to the Phone Configuration page in CUCM. Thanks again Bill.

  2. Hey Nick!

    Good to hear. I am glad the tutorial helped. I am doing some feature and interop testing when I have some free moments. If I find anything interesting, I will post a follow up.

    Regards,
    Bill

  3. We would love to do this on our UC520 system, mostly to support SIP softphones on the MacOS. Any assistance most appreciated!

  4. Seth,

    Instead of writing this up in a comment your inquiry inspired me to test this out and post a second blog in the series. You can check it out here:

    [url]http://www.netcraftsmen.net/resources/blogs/sip-endpoints-in-cisco-communications-manager-call-manager-express-x-lite.html[/url]

    Note that I don’t have a UC520 system to test with but I believe the procedure will be the same as on a CUCME device. Hopefully you will find the above helpful. Thanks for the idea.

    Regards,
    Bill

  5. I’ve been trying to get a SIP phone working for ages with a little success. This blog got me 99% of the way.

    The stumbling block was the SIP Phone config also has a Digest User field which needed to be completed. So in the example that would also contain bbellsip.

    Of course this was a CM 6.1.3.3000-1 so theres one difference between 7 & 6

    Great entry .. thank you.

  6. Great tutorial, quick question, i’d like to associate the Sip Phone to an existing directory Number, so a User could use Xlite on thier Laptop while out of the office, and thier deskphone in the office, if BOTH ring, that is not a problem.

  7. David,

    Absolutely. You can associate the X-Lite phone to an existing directory number. It will behave like a shared line appearance. Note that standard "shared line" features like hold/resume from foreign station and barge won’t operate as they would if the shared lines were on Cisco phones (SIP or SCCP).

    Regards,
    Bill

  8. This seems to fail with AD integration. I get a ‘404 – not found’ error message, and in my UCM syslogs, it gives a TSP error. It worked fine on another cluster, without AD Integration. Has anyone run into this ?

  9. Why would I choose XLite over Cisco’s own IP Communicator? Does this tool use up less DLU’s or more like third party hardware phones do?

  10. Why not? I came across using this application because I had a customer with MAC that didn’t like the idea of running virtual machine to just get a softphone client. So, X-Lite and other products from CounterPath seemed like a viable option. I also have people who just have conformance anxiety and just want to be different. So, I say: "why not?".

    Personally, if I had the option and could run both applications on my machine of choice, I would go with CIPC.

    Oh, X-Lite is a basic 3rd party SIP device so it requires 3 DLUs I believe? I think CIPC is the same. License Unit Report will give you the clues you need there.

    Thanks for reading!

    HTH.

    Regards,
    Bill

  11. Alan,
    Sorry for the delay in responding to your post. I had to wait for my lab to free up from another test scenario and I am in the process of switching laptops. Anyway, enough excuses. I just configured one of my test systems (CUCM 7.1.3bSU2) to use DirSync for sync and auth. Everything works the same on my X-Lite client.

    The authentication from X-Lite is actually using the digest not the user object password. So, I don’t believe the CUCM system is authenticating user connections against LDAP. I would need to capture a trace to see if there is any backend communication. Even if it does, the client wouldn’t directly communicate with AD/LDAP.

    You may want to check the user ID that is coming from LDAP.

    HTH.

    Regards,
    Bill

  12. Hi William, this helps me a lot. easy and quick also works with UC520 but i am able to call ext to ext. but if i want to call out (outbound call with a sip trunk) is not working, i have UC520, 2 X SPA525G (SCCP), 1 X CIPC and 1 X Bria Soft Phone, i am able to call out all of them except the Bria, also internal calls are possible to do including the Bria.

    Can you please guide me?

  13. Daniel,

    Without seeing a config it is difficult to provide guidance. It is possible you need to mod your config to allow "sip-to-sip" connections:

    Router>enable
    Router# conf t
    Router(config-t)#voice service voip
    Router(config-voi-serv)#allow-connections sip to sip

    You may also want to post your query on NetPro if you find that the above doesn’t work for you.

    HTH.

    Regards,
    Bill

  14. First of all, thanks Bill for your configuration guide. I used a similar configuration and it worked well with Acrobit, sipdroid, xlite, and C3X all on wireless client handsets. The problems with calling across trunks can be corrected by ensuring that all DTMF tones are rfc2833 and MTP is required on the trunks. I created a transcoder on the router and registered it via sccp to the ucm. I have been told that the software mtp in media resources on the UCM will work as well but I needed codec tranlation so I never tried it. I know this thread is a little old but i hope to help others that may be looking for this info..Regards
    James

  15. Great post Bill. This will be a great help to me. I was wondering if you may have tested with this with a phone config that had rollover lines. We don’t use call waiting, but have two lines on each phone, with the busy option set to ring the second line. I assume for this setup, I would just need to use the Third-Party SIP Device Advance profile, instead of the basic profile, and setup the lines on the SIP phone like my SCCP devices. Thanks for the assitance.

  16. Dan,

    No, I did not test that specific scenario. Yes, you would need the advanced profile on the CUCM side. I would be interested to hear about the client-side experience.

    Regards,
    Bill

  17. Hi Bill,

    I setup one of the X-Lite softphones this morning. Thanks to your instructions, it took just a couple of minutes to get it all going. Unfortunately, the X-Lite is limited to a single line. I did eventually find that somewhere on their website, too. If a call rolls to the rollover number, X-Lite does not recognize the call. Guess we will have to move to their Bria product for that feature.

    Thanks,
    Dan

  18. Dan,

    I half suspected that would be the case. Thanks for taking the time to let me know what happened.

    Regards,
    Bill

  19. Do you think it is possible to call a 9000 series video ready phone with x-lite and get video and phone … I have Cisco 9000 series phone working video now on my network.

    THanks

  20. Colin,

    No, establishing a direct path video call between X-Lite and a 9900 series Cisco phone is not possible. The latest version of X-Lite (4.0) only supports H.263 for video. The 9900 series phones only support H.264. You would require a device capable of transcoding the video stream such as a MCU.

    The CounterPath Bria eyeBeam products do support H.264. I am planning on testing this scenario with Bria (since I have a Mac).

    HTH.

    Regards,
    Bill

  21. I work for radio company.We have a TBU-ip audio tx box that I have been trying to register with CUCM7.1 it cannot register with call manager.I have already put up all necessary commands for a sip extention.Do you have any advice I can follow?

  22. Kamikaze,

    I have never worked with TBU-ip. In general I would say that you take a look at any integration guides the manufacture provides. You will then want to make sure that the SIP Profile and SIP Security Profile line up with the configuration on the SIP end point. You will also want to understand what the TBU-ip device uses to authenticate to CUCM (if that is an enabled option). In some cases, the SIP device does not support the concept of an "authorization user". Which means your end user’s user ID (in CUCM) needs to match the telephone number field EXACTLY.

    Of course, if the path isn’t made clearer by looking at the integration/admin guides for TBU-ip then you need to start looking at log files and traces on the CUCM to determine what is going on. This can get somewhat involved.

    You may want to take a look at this Cisco doc as well:

    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_5_1/ccmcfg/b09sip3p.html

    HTH.

    Regards,
    Bill

  23. NICE POST.
    Will you please explain how it’s possible to make video call using X-Lite in both sides with running cisco call manager 7

  24. Ehsan,

    I’ll take a look at that specific scenario. I have tested video calls between two Bria clients (which is the paid-version of X-Lite). That was on CUCM 8.5 but should basically be the same setup for CUCM 7. The things you need to keep in mind:

    1. Use 3rd Party Advanced SIP device
    2. Make sure your regions provide adequate video bandwidth intra- and inter-region

    Here is a link to a blog on Bria:

    http://www.netcraftsmen.net/resources/blogs/integrating-counterpath-bria-with-cisco-cucm.html

    Regards,
    Bill

  25. I am trying to figure out how to set this up on Cisco Unified Express 7.0. Is this possible? Having a hard time trying to find a software that is similar to softphone for Mac users

  26. Hello Dear,

    I have my Cisco Call Manager 7 set up for lab on Vmware. I can access this via GUI as well as via CLI. Have the CIPC installed along with X lite and they both can make calls. Now problem is i have set up call manager default gateway address set to range of my PC address and VMware adapter was set to bridged network. If i am disconnected from internet, my call manager goes off line.

    I guess i can make this work if i have microsoft loopback adapter (which i have) and assign it an ip address.

    Can some please help me out to see if i am in the right direction. I tried changing the current setting but it does not work.

  27. Hi Bill,

    Great post – really helpful!
    Really dumb question but I have a small office and want to get a few telesales agents in to call from the same line, as we don’t have anymore spare, I was recommended X-lite but (and here comes the really dumb question)how do my new telesales agents actually talk to people? I get they can call their number by using this download but to actually speak to them I would assume they need some sort of headset or telephone handset? If this is the case (and I really do appreciate I am being incredibly stupid here)which would you recommend?

  28. Hi all,

    I managed to register X-lite into CM with no issues. But when I try to register Bria (using the same Basic Third Party device configured in CM and using the same configuration in Bria as in X-lite), it returns: Request Timeout (408) .
    I did a capture on the CM and I have no packets comming from Bria, but a have pings that I sent from the same phone.
    Any ideas ?

    Thank you,
    Daniel

  29. Dear i need to favor i have to configure 3rd party IP PHone but i am confused at what configuration i should follow.. please guide me

  30. HI,

    i need help to add SPA 504g to CUCM.
    what i have done
    1- added a SIP phone
    2- created a user , used ext number for user ID
    3- associated this users with sip phone
    4- converted SPA504g to use SIP for call control
    5- using phone GUI i added CUCM ip address in SIP Server Name field.

    still i can get the phone to register with CUCM

    any idea !

    THANX:)

  31. Hi there… when I set up CIPC on my PC, all I need is the device name (something like sep000021092) and the TFTP servers addresses. Plug those in, and CIPC work fine. But it seems with x-lite (and other SIP softphones) on my MAC, there is no such configuration. They seem to be using something "newer" and I don’t see how I can set up x-lite.

  32. HI,

    i need help to add SPA 504g to CUCM.
    what i have done
    1- added a SIP phone
    2- created a user , used ext number for user ID
    3- associated this users with sip phone
    4- converted SPA504g to use SIP for call control
    5- using phone GUI i added CUCM ip address in SIP Server Name field.

    still i can not get the phone to register with CUCM

    any idea !

    THANX

    *

  33. think I got this figured out. It’s the difference between SIP and SCCP. We use SCCP on CIPC and the IP Phones. Hence, x-lite client is not supported for what I need. And, there is no CIPC for Mac. And, as far as I can tell, there is no [b]Mac client[/b] that would support [b]SCCP[/b]. So, unless I run a Mac virtual machine, there is no hope, but that’s complicated for my end users. Looks like we continue in the old ways… "Call me on my mobile when I am not in the office! [for mac users]"

  34. Paul,

    Cisco does not have a softphone that runs on the Mac and leverages SCCP as a protocol. There is a Jabber for Mac client that will provide audio and video softphone capabilities. This client requires either a CUPS server (on-prem model) or WebEx Connect (cloud model) for provisioning purposes. It leverages SIP for call processing with CUCM.

    Getting back to your original question, the device name assignment in CUCM for a 3rd Party SIP device isn’t that important as long as it is unique within the cluster. Most 3rd party SIP clients I have tested will care about the directory number on the primary line. That is how the client registers to CUCM. With more robust clients, you can also specify a unique name/digest for an authorized user account (matches up to enduser UID in CUCM).

    It is pretty straightforward to get a 3rd party client registered to UCM. I use Bria (the paid version of X-Lite) with good success. Where feasible, I do recommend customers consider Jabber as Cisco is working on getting Jabber clients on each platform to the same feature level. Why is that good? Well, if you have a mixed environment (Windows, Mac, iPad, etc.) then having the same client on each platform will make it easier on you (the admin) and easier on the end users.

    Cisco is "almost there" in terms of feature parity between clients. There is a Jabber for Windows client (pretty full featured), iPad, and Mac. There is a Jabber client for Android phones and one on the roadmap for Android tablets. I haven’t looked at these closely. I have tested out the Windows, iPad, and Mac options.

    So, if you have CUPS or want CUPS then I’d recommend looking at that solution. Cisco has promos around Jabber, so getting there may not equate to a large cost. Depends on what you have today. If you have webex connect then you may still be able to leverage Jabber as a softphone. Again, depends on what you have deployed today.

    If you don’t want to bother with Jabber then I recommend Bria on Mac OS X (you can read more on that here: http://www.netcraftsmen.net/component/content/article/70-unified-communications/1248.html)

    I also blog about Jabber on my personal site: http://ucguerrilla.com

    HTH.

    -Bill (@ucguerrilla)

  35. Excellent post! I must have done this a few hundred times over the years but after not having done it for awhile its nice to have a refresher. Appreciate the step by step definitely made up for my brain’s slow start 🙂

  36. I’ve been following the instructions here with the latest version of X-Lite and CUCM 9.1.2. I can only get it to work if the user I use for digest auth has a username that matches the DN of the first line of the SIP device. This method shows up in a number of Cisco docs related to 3rd party SIP devices, but it looks like it wasn’t necessary when you built this blog post. Any ideas on this, or which Cisco check box I might need to adjust to change this behaviour? I’ve tried a few different SIP clients in addition to X-Lite and it’s been the same with each one.

  37. RM,

    I will have test with my UCM 9.1.2 lab system and post back. I don’t see why the client auth would behave differently than it does on 8.5/8.6. Anyway, I will test and let you know. It may be a day or two.

    -Bill

  38. i have added a 3rd prty sip device[advanced] which is a voip card integrated into a talkback system which supports upto 8channels – it all works fine but as soon as i add a second line it shows as ‘partial-service’ instead of registered – the primary line still works but calls to the second line fail
    for the primary line the talkback system is set up as below
    Domain Server: cucm ip
    Username: 4001
    Display name: talk.back
    Authentication Username: talk.back
    Authentication Password: password01

    for the second line it is as
    Domain Server: cucm ip
    Username: 4002
    Display name: talk.back
    Authentication Username: talk.back
    Authentication Password: password01

    so it is using the same authentication credentials as 4001 and the only difference
    is the username being changed to 4002

    if i go under the secondary line and associate with the end user it comes back as ‘unregistered’ so need to unassociate it from the second line
    i tried forcing calls to the second line by forwarding busy no answer on the primary line but still doesnt work
    any idead how i can get calls to the second line working

  39. its ok – i got this working now – each time i added a new line the VOIP card on the talk-back system needed to be reset and as soon as it was it came back as ‘registered’ and no longer ‘partial-service’
    in cucm – sorted!

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.