Provisioning Polycom Phones with DHCP Option 160 in pfSense, Meraki, and Mac OS X Server 10.11 El Capitan

I started installing a new phone system for work.  It’s replacing the Comcast phones with a FreePBX server and new Polycom phones.  The great thing about this setup is that you can provision a large number quickly as long as you have the system setup correctly beforehand.  The only real difficulty was that I was testing the phones at my house that uses pfSense but my work uses a Meraki firewall for DHCP in one location and a Mac OS X Server in another and all three of these have different ways of setting DHCP options.  This is how to configure all three systems to send DHCP Option 160 to your phones with the ftp (or tftp/http) address and credentials.  This does not explain setting up your FreePBX system or Endpoint Manager.  For that I suggest checking out Crosstalk Solutions YouTube series FreePBX 13 Made Easy!

Sources

Explanation of formatting FTP addresses for Polycom provisioning

YouTube: FreePBX 14 Setup / Configuration & Walk Through For My Office with Chris from Crosstalk Solutions

DHCP Option Code Utility

How to use the Option Code Utility

First Steps

Before getting the phones provisioned you will need to have your FreePBX server working, have already setup your extensions, and mapped the extensions and created phone templates in Endpoint Manager.  If you host your FreePBX server with freepbxhosting.com they include Endpoint Manager for free, otherwise I highly recommend spending the $149 to get it if you have more than a few phones to set up!

 

pfSense

pfSense has a few quirks but isn’t too difficult.

Log in and hover over “Services” and click “DHCP Server”

 

Scroll down to “Other Options” and click “Display Advanced” next to “Additional BOOTP/DHCP Options”

 

Click “Add” if there isn’t an empty field

 

Enter Number 160, Type String and enter the protocol, username, password, and server address all in double-quotes. pfSense will tell you to do it if you forget the quotes.  Then click save!

Meraki Firewall

Meraki is slightly easier to set up.

Log into your Meraki dashboard, hover over “Security appliance”, and click “DHCP”

 

Scroll down to DHCP options and click “Add a DHCP option”

 

Change it to “Custom”, type in “160”, and enter the protocol, username, password, and server address

 

Click “Save” at the bottom of the screen

 

Mac OS X Server 10.11 El Capitan

Apple makes adding DHCP options as hard as possible.  Especially since they announced they are discontinuing their DHCP server and scaling back what the OS X Server can do, I suggest not using it if possible.  If however, you are forced to like I was, here are the steps that worked!

First, go to John Lockwood’s blog and download his DHCP Option Code Utility.  Unlike the previous two examples, Apple requires you to encode the string value as Base64 in the /etc/bootpd.plist configuration file and John has made a utility to do most of the work for us.

Open the Utility and enter the same information as the two previous examples and click “Create”, then highlight and copy the “Encoded Result”

 

Open a terminal window and type “sudo nano /etc/bootpd.plist”

 

Paste the key and data into the Subnets array and close the file with Control-X, Y, and Enter/Return

 

Open the Server app and click on “DHCP” on the bottom left

 

Turn the service off, wait a few seconds, and turn it back on to load the changes

 

 

Checking the Phones

Your phones should now get the provisioning address and be able to download the correct configuration the next time they boot up and get an address from the DHCP server.  To check if they are getting the correct information from the server on a Polycom VVX 400 (other VVX and IP models are very similar):

Press the Home key and select “Settings”

 

Select “Status”

 

Select “Platform”

 

Select “Configuration”

 

You should see the address at the top of the screen #5

 

I hope this will save you some time if you are setting up phones on one of these systems or similar!

Posted in pfSense, Random Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

*

five − 1 =