How to use a Vodafone locked CISCO SPA525G2 with any SIP account

Keywords: Cisco, SPA525G2, Vodafone, locked, unlock, SIP

Thanks for visiting, and hope this guide is useful.

 

I was searching the net for answers about the Cisco SPA525G2 phones that are locked to the Vodafone customisation. After some trial and error I have had some results. Potentially, other customisations may fall in the same method I describe below.

 

With this method, I have programmed and I am using the handsets with 7.6.1 RC firmware on SIP accounts (Asterisk FreePBX). The devices power on and reboot normally without losing configuration or the provisioning link. I have access to the Admin menu too.

 

Important: the Vodafone customisation never leaves the phone, but is only overridden. This means that if you perform a factory reset, you will have to repeat this method. Also, if you perform a recovery reset*, the phones will first need to be hooked onto the internet for Cisco to provision the Vodafone credentials before they can be reprogrammed again with the same method. Potentially someone could use Wireshark [or similar program] to extract the original Cisco provisioning files in case they become redundant in the future.

 

*Note: the recovery reset is accessible via a ‘secret menu’ one has to keep tapping the speaker button until this menu appears, whilst the CISCO logo is displayed on device boot.

 

Prerequisites:

• Cisco SPA525G2 device locked to Vodafone RC
• PoE switch or device power adapter
• Internet connection if not provisioned (Web UI would show pending status under customisation)
• A HTTP web server running on your local network
  
• A DHCP server, most likely your internet router
• [Optional] Notepad++ to open XML or other XML editor (simple notepad works)
• A cup of coffee or other beverage, and some patience

(I use www.dhcpserver.de as a combined HTTP and DHCP server on a closed network)

Preparation

Identify the state of your device on the actual handset, by way of provisioning firmware and MAC address

Menu --> Status --> Product Information --> MAC Address

Menu --> Status --> Phone Status --> Provisioning

If you see something like https://webapps.cisco.com:443/* on the provisioning status, this means that you have to connect the device on the internet and let it download the Vodafone provisioning credentials. If you see something like http://ctprov.ctukprod.ims.vodafone.pt:80/vfuk/base/ciscoSpa525g2.xml then you can proceed to the next step.

 

HTTP Web Server

Start a web server on the local network, preferably on a static IP. As an example here I will use 192.168.1.100 which is pretty common range today. The web server will have a folder that it picks up files and puts them up on a local net as such http://192.168.1.100/{files}

We will put in this location the XML file that we will create, which will be used to override the admin password and point the provisioning link to our web server.

 

Create XML File

You can create a very long and exhaustive XML file with all the configurations required to get these phone up and running on a deployment. There are two lines that really get this going, in order to unlock the Admin Login and keep the provisioning line pointing to your HTTP web server. If you keep the exact below code, you will have a user: ‘admin’ and password: ‘cisco’ when you enter the Web UI and click the admin login.

----- ----- ----- -----

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<flat-profile>

<Profile_Rule group="Provisioning/Configuration_Profile">http://192.168.1.100:80/$MA.xml</Profile_Rule>

<Admin_Password group="System/System_Configuration">cisco</Admin_Password>

</flat-profile>

----- ----- ----- -----

You can paste the above on a notepad and save as XML, naming the file (small caps only) according to the MAC address underneath the phone or as found in the status menu: XXXXXXXXXXXX.xml

 

Provisioning Phone

Menu --> Device Administration --> Profile Rule

Enter the following using the keypad: http://192.168.1.100:80/$MA.xml

Replace where 192.168.1.100 your HTTP web server address.

 

The phone will provision, and you will have access to the Web UI admin login to setup and use your Cisco SPA 525 G2

 

Please feel free to send out any questions; let me know how it went.