Cisco SPA2102-AU Provisioning Guide - Page 58

Profile Formats, Profile Compression

Get Cisco SPA2102-AU PDF manuals and user guides View all Cisco SPA2102-AU manuals
Add to My Manuals
Save this manual to your list of manuals

Page 58 highlights

Profile Formats Chapter 3 Provisioning Tutorial Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 print "OU=$ENV{'SSL_CLIENT_I_DN_OU'},\n"; print "L=$ENV{'SSL_CLIENT_I_DN_L'},\n"; print "S=$ENV{'SSL_CLIENT_I_DN_S'}\n"; print ""; Save this file with the file name reflect.pl, with executable permission (chmod 755 on Linux), in the CGI scripts directory of the HTTPS server. Verify accessibility of CGI scripts on the server (as in /cgi-bin/...). Modify the Profile_Rule on the test SPA to resync to the reflector script, as in the following example: https://prov.server.com/cgi-bin/reflect.pl? Click Submit All Changes. Observe the SPA syslog trace to ensure a successful resync. Open the SPA admin/advanced page, Provisioning tab. Verify that the GPP_D parameter contains the information captured by the script. This information contains the SPA product name, MAC address, and serial number if the test SPA carries a unique certificate from the manufacturer, or else generic strings if it is a unit manufactured before firmware release 2.0. A similar script could be used to determine information about the resyncing SPA and then provide it with appropriate configuration parameter values. Profile Formats This section demonstrates the generation of configuration profiles. To explain the functionality in this section, TFTP from a local PC is used as the resync method, although HTTP or HTTPS can be used for testing as well, if it is convenient. This section includes the following topics: • Profile Compression, page 3-10 • Profile Encryption, page 3-11 • Partitioned Profiles, page 3-12 • Parameter Name Aliases, page 3-12 • Proprietary Profile Format, page 3-13 Profile Compression A configuration profile in XML format can become quite large if all parameters are individually specified by the profile. To reduce the load on the provisioning server, the SPA supports compression of the XML file, using the deflate compression format used by the gzip utility (RFC 1951). Exercise Step 1 Install gzip on the local PC. 3-10 Linksys SPA Provisioning Guide Version 3.0

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
3-10
Linksys SPA Provisioning Guide
Version 3.0
Chapter 3
Provisioning Tutorial
Profile Formats
print “OU=$ENV{‘SSL_CLIENT_I_DN_OU’},\n”;
print “L=$ENV{‘SSL_CLIENT_I_DN_L’},\n”;
print “S=$ENV{‘SSL_CLIENT_I_DN_S’}\n”;
print “</GPP_D></flat-profile>”;
Step 3
Save this file with the file name reflect.pl, with executable permission (chmod 755 on Linux), in the CGI
scripts directory of the HTTPS server.
Step 4
Verify accessibility of CGI scripts on the server (as in /cgi-bin/…).
Step 5
Modify the Profile_Rule on the test SPA to resync to the reflector script, as in the following example:
Step 6
Click
Submit All Changes
.
Step 7
Observe the SPA syslog trace to ensure a successful resync.
Step 8
Open the SPA admin/advanced page, Provisioning tab.
Step 9
Verify that the GPP_D parameter contains the information captured by the script.
This information contains the SPA product name, MAC address, and serial number if the test SPA carries
a unique certificate from the manufacturer, or else generic strings if it is a unit manufactured before
firmware release 2.0.
A similar script could be used to determine information about the resyncing SPA and then provide it with
appropriate configuration parameter values.
Profile Formats
This section demonstrates the generation of configuration profiles. To explain the functionality in this
section, TFTP from a local PC is used as the resync method, although HTTP or HTTPS can be used for
testing as well, if it is convenient. This section includes the following topics:
Profile Compression, page 3-10
Profile Encryption, page 3-11
Partitioned Profiles, page 3-12
Parameter Name Aliases, page 3-12
Proprietary Profile Format, page 3-13
Profile Compression
A configuration profile in XML format can become quite large if all parameters are individually
specified by the profile. To reduce the load on the provisioning server, the SPA supports compression of
the XML file, using the deflate compression format used by the gzip utility (RFC 1951).
Exercise
Step 1
Install gzip on the local PC.