Activation Codes Overview
Activation codes make onboarding newly provisioned phones easy. An activation code is a single-use, 16-digit value that a user must enter on a phone while registering the phone. Activation codes provide a simple method for provisioning and onboarding phones without requiring an administrator to collect and input the MAC Address for each phone manually. This method is a simple alternative to autoregistration that you can use this method to provision a large number of phones, a single phone, or even to re-register existing phones.
You can also use Mobile and Remote Access-compliant devices to easily and securely register over Mobile and Remote Access using an activation code.
Activation Code Device Onboarding works in the following modes:
-
On premise
-
Mobile Remote Access (MRA)
Note |
TFTP Proxy setup doesn't support the endpoint registration using activation code Onboarding and MRA. |
Activation codes provide the following benefits:
-
Onboarding using activation codes ensures that all newly provisioned phones or untrusted phones have their Manufacturing Installed Certificate (MIC) assessed and verified by Unified Communications Manager.
Note
Cisco Manufacturing Root certificates must be present in the CallManager-trust store to perform onboarding activity.
-
No need to manually enter actual MAC addresses. Administrators can use dummy MAC addresses and the phone updates the configuration automatically with the real MAC address during registration.
-
No need to deploy an IVR, such as TAPS, to convert phone names from BAT to SEP.
Phone users can obtain their activation codes via the Self-Care Portal, provided the Show Phones Ready to Activate enterprise parameter is set to True. Otherwise, administrators must provide the codes to phone users.
Note |
When you provision with BAT MAC addresses, activation codes are tied to the phone model. BAT MAC is a reference to the device name that starts with 'BAT' and is followed by a random 12 hexidecimal digits that look like a MAC address. When saving a device configuration page with a blank MAC Address field, a random name with this format is created for you.You must enter an activation code that matches the phone model in order to activate the phone. For added security, you can provision the phone with the actual MAC address of the phone. This option involves more configuration because the administrator must gather and input each phone's MAC address during provisioning, but provides greater security because users must enter the activation code that matches the actual MAC address on their phone. Due to technical limitations device onboarding via Activation Codes is not supported in Proxy TFTP deployments |
Onboarding Process Flow in On-Premise Mode
Following is the process flow for onboarding new phones via activation codes :
-
Administrator sets the configuration to require the user to enter an activation code for onboarding.
-
Administrator provisions and configures the phone. If BAT MAC addresses are being used, the administrator does not enter the actual MAC address.
-
Phone gets an IP address for TFTP via a DHCP opt 150, or from an alternate TFTP as configured in Phone settings. The phone downloads the XMLDefault file, and detects that an activation code is in use.
-
The user enters the activation code on the phone.
-
The Phone authenticates to Cisco Unified Communications Manager via the activation code and manufacturer-installed certificate.
-
The Phone requires the TVS service when the activation code is used for onboarding phones. The ITL file provides this TVS function which contains the certificate of the TVS service that runs on the Unified CM server TCP port 2445.
-
Cisco Unified Communications Manager updates the device configuration with the actual MAC address. The TFTP server sense the device configuration to the phone, allowing the phone to register. Note that device registration can be up to five minutes.
Note
It's recommended to add an additional subscriber to the default communication manager group for on-premise activation code onboarding. Else, when the node in the default communication manager group goes down, you may face onboarding issues.
Onboarding Process Flow in Mobile and Remote Access Mode
Following is the process flow for onboarding new phones via activation codes when you use the Mobile and Remote Access mode:
-
Administrator configures Cloud/Hybrid communication to Enable Activation Code Onboarding with Cisco Cloud and specifies the Mobile and Remote Access Activation Domain.
-
Administrator configures additional Mobile and Remote Access Service Domains, if required.
-
Administrator creates a full-device configuration without specifying MAC address (BAT, AXL, GUI). The device name will be a random BAT MAC address.
-
Administrator requests activation code for this device. Device Activation Service requests the code from the cloud-based device activation service.
-
The user can get the code from the self-care portal or the administrator can send it to the user.
-
The user powers up the phone and enters the activation code.
-
Phone learns from the cloud the location of Expressway and authenticates to Mobile and Remote Access/Cisco Unified Communications Manager.
-
Device activation service updates device configuration in the database with the phone's MAC address.
The phone can now register and get its phone-specific configuration file from TFTP like normal Mobile and Remote Access, and register with Cisco Unified Communications Manager.
Note |
To provide secure solution for work from home remote users, Expressway's Mobile and Remote Access is the recommended solution and not TRP. |