Yealink T27P on Session Manager 6.3

[fedor36]

I am trying to set up a Yealink T27P SIP phone on the new Session Manager. I connected my CM to the System Manager. Synchronization passed, CM settings were loaded on SMGR. Session Manager passes all tests. Configured according to this instruction. Although it is for T22 and Session Manager 6.1, I think it is configured in the same way. The user, when saving the settings in Home / Users / User Management / Manage Users, is created on the CM. In the phone settings, I specify ip Security Module in the "SIP server address", but a registration error occurs. On the Session Manager, the SIP registration log is empty. A phone appears in Home / Elements / Session Manager / System Status / User Registrations but not registered. If the phone is configured via tls, then TraceSM gives this:


TLS handshake:

Code:

10.31.200.11                                                            SM100                                                                                                         
12:54:19.640 │──CHello──►│           │           │ (T1) Client Hello 
12:54:19.642 │◄──SHello──│           │           │ (T1) Server Hello 
12:54:19.642 │◄──Cert, S─│           │           │ (T1) Certificate, Server Key Exchange, Server Hello Done 
12:54:20.299 │──CKeyEx,─►│           │           │ (T1) Client Key Exchange, Encrypted Handshake Message 
12:54:20.301 │◄──EncHand─│           │           │ (T1) Encrypted Handshake Message 
12:54:20.306 │───Alert──►│           │           │ (T1) Encrypted Alert 
12:54:27.659 │──CHello──►│           │           │ (T2) Client Hello 
12:54:27.661 │◄──SHello──│           │           │ (T2) Server Hello 
12:54:27.661 │◄──Cert, S─│           │           │ (T2) Certificate, Server Key Exchange, Server Hello Done 
12:54:28.259 │──CKeyEx,─►│           │           │ (T2) Client Key Exchange, Encrypted Handshake Message 
12:54:28.261 │◄──EncHand─│           │           │ (T2) Encrypted Handshake Message 
12:54:28.266 │───Alert──►│           │           │ (T2) Encrypted Alert 
12:55:02.889 │──CHello──►│           │           │ (T3) Client Hello 
12:55:02.891 │◄──SHello──│           │           │ (T3) Server Hello 
12:55:02.891 │◄──Cert, S─│           │           │ (T3) Certificate, Server Key Exchange, Server Hello Done 
12:55:03.567 │──CKeyEx,─►│           │           │ (T3) Client Key Exchange, Encrypted Handshake Message 
12:55:03.568 │◄──EncHand─│           │           │ (T3) Encrypted Handshake Message                                                  
12:55:03.573 │───Alert──►│           │           │ (T3) Encrypted Alert

if via tcp then TraceSM gives this:

SIP

Code:

12:37:10.090 │◄──OPTIONS─│           │           │ (107) sip:10.31.200.50:15061 
12:37:10.091 │◄──200 OK──│           │           │ (107) 200 OK (OPTIONS) 
12:37:20.089 │◄──OPTIONS─│           │           │ (108) sip:10.31.200.50:15061 
12:37:20.090 │◄──200 OK──│           │           │ (108) 200 OK (OPTIONS) 
12:37:30.090 │◄──OPTIONS─│           │           │ (109) sip:10.31.200.50:15061 
12:37:30.091 │◄──200 OK──│           │           │ (109) 200 OK (OPTIONS) 
12:37:40.089 │◄──OPTIONS─│           │           │ (110) sip:10.31.200.50:15061 
12:37:40.090 │◄──200 OK──│           │           │ (110) 200 OK (OPTIONS) 
12:37:50.090 │──OPTIONS─►│           │           │ (111) sip:10.31.200.50:15061 
12:37:50.090 │◄──OPTIONS─│           │           │ (111) sip:10.31.200.50:15061 
12:37:50.091 │──200 OK──►│           │           │ (111) 200 OK (OPTIONS) 
  12:37:50.091 │◄──200 OK──│           │           │ (111) 200 OK (OPTIONS)

[fedor36]

In Entity Links, in the instructions I used to configure, tcp is selected as the protocol.
But at the same time, they wrote that in the settings of the phone itself, you need to select UDP. With this setting, Session Manager does not respond at all to phone registration attempts. If you select tcp in the phone settings, then traceSM says: 403 Forbidden (Unauthorized).

Code:

17: 59: 57.390 │──REGISTE─►│ │ │ (9) "T27P-1011" <sip: 1011@10.31.200.52: 5060> Exp: 60
17: 59: 57.392 │◄──Unautho─│ │ │ (9) 401 Unauthorized
17: 59: 57.398 │──REGISTE─►│ │ │ (9) "T27P-1011" <sip: 1011@10.31.200.52: 5060> Exp: 60
 17: 59: 57.400 │◄──Forbidd─│ │ │ (9) 403 Forbidden (Unauthorized)

Here they write that you need to check the traceSM registration package to make sure that the domain is specified correctly, but I have <sip: 1011@10.31.200.52: 5060> in the registration package. There is no domain here. This is the Security Module address that I specified in the phone settings. It then says to check the station settings to make sure it is programmed correctly to route messages to Communication Manager. I have checked the settings several times already, Communication Manager is connected to System Manager. Please tell me how to find out what exactly needs to be checked?

[mlombardi1]

Firstly, verify the port and protocol you're using for SIP registration is open on the SM100. Look toward the bottom of the SIP entity screen.

If secured, TLS 5061 needs to be open on the SM100 and the Yealink device needs the SMGR root certificate loaded into its truststore. The TLS handshake you share indicates failure establishing the TLS connection.

SM supports UDP but CM doesn't. You can use UDP for SIP registration but the trunk between CM and SM must either be TCP or TLS.

Using the SM100 IP address in the registration URI is ok as long there's a default domain selected on the SM100 listening ports. Looks like that should be asm.avaya in your case. If you can administer a domain on the Yealink, that's your best bet.

[fedor36]

SM100 is built into Session Manager and listens to eth2 interface on Session Manager. Tell me how to open ports on SM100? And how to check if the ports are open? is that enough?


Tried to configure via TLS, downloaded the certificate from SMGR. Home/Services/Security/Certificates/Authority/CA Functions/Download pem file. Uploaded it as a trusted certificate to Yealink.
If I configure the phone to accept only trusted certificates, then the error is the same "Encrypted alert". If I turn off the "accept only trusted certificates" setting it starts to write the following:

TLS:




TCP:


Entity Link on SM and Signaling Grpup Transport Mestod on CM tried TCP and TLS nothing changes.



It seems there is no way to enter the sip domain name on the yealink phone. How to configure default domain on SM100 ports? This is not written in the manuals.