A lesson on challenge, resilience, and character growth.
Introduction
Hello everyone!
Today’s post is everything in-depth as to my recent fascinations with Voice-Over-IP, or VoIP. This is in companionship with my CCNA studies, which I still aim to achieve before the end of this year despite some turbulence, I decided to take the plunge into purchasing an Enterprise Cisco 8851 IP Phone.
Lessons in Complexity
This phone was ideally going to be a small project designed for the purpose of a home intercom use-case. However, I was unaware of the hidden complexities I might discover later on in this post. This is the first lesson and major take away: not everything is as simple as it sounds, and such as the contrary. There are no safe assumptions in life, especially when it comes to Cisco Webex. We’ll see here in a moment what I’m getting at, but it was quite the adventure to say the least.
Admittedly, part of the reason for such an adventure was due to my own ignorance. I was new to this, and knowing so, I could have done a bit more due diligence when purchasing the phone, as one of the major issues I came across was that I would inevitably encounter compatibility and licensing problems with my enterprise phone, not knowing that Cisco wanted their money for a license upgrade. This sounds simple, but it required researching and googling, browsing through anecdotal stories on Reddit, and slowly adapting the pieces into a comprised map of the situation I had before me. I got incredibly excited and I think it got the best of me, but it was also a valuable learning experience in its own rite. I still consider this project a success not because of the configuration for a measly IP phone but rather all the soft skills developed through my approach, getting knocked down and having to adapt with new information I acquire.
Unearthing Surprising Logs
After factory resetting the phone and getting it booted for the first time, the most intriguing highlight of such a project was looking at the phone’s logs, which had leftover data due to the fact it had not been fully reset. I was incredibly surprised to find out that phone I had purchased was used in a New York Times call center, depicting by the subdomain that the phone was attempting to reach out to. For security and privacy reasons I will not be disclosing this domain, but I definitely found it so interesting and this alone made everything sort of worth it. It was also a little concerning to think that I could potentially use this information if I was a threat actor, and it makes me wonder how many people take advantage of these mishaps. It would be an interesting threat vector, but a compromise to some degree perhaps, nevertheless.
Enterprise vs. Multi-Platform
Alright, so we’d be going through the reset process, expecting this phone to work pretty much out-of-the-box, right? Well… it wasn’t so simple. I came into this with the mindset that all I would have to do is upgrade the phone to some multi-platform firmware. Of course the phone would not respond to this attempt as I later came to the sudden realization after countless attempts of trying to flash the phone with a TFTP server, that I had purchased an enterprise phone that would not have a free migration license. This would mean that I got to understand the process of converting the phone from enterprise, but I would not have the capability to actually fulfill it, which I think was the most disappointing part of all this. Needless to say, I adjusted my trajectory, and I began to document my experience with one of my best friends in the field of network engineering.
Enlisting a Friend
It wasn’t long before I got him excited about a Voice-Over-IP solution, granted he was looking for projects to display on his college applications for Ivy Leagues. Without much convincing he decided to campaign this project on his own effort, and I accepted some morale enhancement from the fact that I was able to push someone else to attempt this, as I already knew that VoIP went deeper than one would realize. And selfishly, I understood that my friend was going to have a field day with knowledge and growth. He has blogged about his experiences which you can find in the credits below or here. We have both been incredibly humbled and excited about the beautiful impact that VoIP has in our day to day lives, and being able to realize how deep it can truly get, understanding why there is a whole career field dedicated around it now. I’m sure we haven’t even scratched the surface.
Embracing Webex
Enough aside, I wanted to get my phone working to some degree due to the sunk-cost fallacy I had of already sinking in around $20-30 for the original phone, otherwise it would sit as a brick. So, I committed to the possibility of converting the enterprise phone to multi-platform (Webex only), which is free and only costs the price of Webex, ($15/month in my case). My new plan was going to be, well: “I try Webex for a month, I get to play around, have a working phone, and blog about it!” Win-win? Well, until we get to the intricacies of propagating our phone with Webex, which isn’t as user-friendly as one would think. However, most of this was smooth sailing other than the CSV file you’d have to provide Cisco with the relevant phone information, not considering the fact that the way they have it configured is definitely meant for an enterprise and not for a single user with a home-lab. The system is set up so you can easily submit devices en-masse, but for a single user it was also a learning experience there. Now, that wasn’t too terrible, I’m just giving Webex some lighthearted banter. After configuring an organization, setting up some basic Webex arrangements to talk to my phone, I would sure enough have a working phone so I could make national calls. The first person I called was my network engineer friend, and we had a pleasant conversation, again, making it all worth it. I tried a few more calls, and I was amazed by the process of getting everything working.
A Temporary Solution
After the subscription ran out, I was back to square one, sort of tabling the project for a few months. I did not see this project developing much further, though I still had the intention to blog about it, but I had found my friend was considering his upgrade to multi-platform (third party) due to his issue being similar to mine, and he wanted to set up his own PBX system. Meanwhile, I was able to deploy my own FreePBX instance on my Proxmox server, but not quite do anything with it yet, as I was still in the limbo of making that decision to convert the phone.
My friend decided to convert his phone, and that motivated me. This is a common theme, so, with that motivation, but simultaneous stubbornness against buying the license, I decided the next-best cheaper alternative would be to see if I could play around with VoIP through a different means, with a soft-phone application. I did a quick search on the F-Droid App Store and I encountered Linphone. This would be an amazing project, combined with Telnyx which is a VoIP provider, and with not much effort, I was able to configure a rented phone number and SIP trunk to my Linphone instance, only costing about $5/month to facilitate outbound/inbound calls. This was something around what I wanted to do with the Cisco phone, and maybeee I will eventually consider doing this with the real deal, but it’s nice to know that I was capable of configuring not only Webex, but the soft-phone, which means the only thing left would be putting the pieces together with FreePBX and my Cisco phone when everything comes down to it.
Lessons Learned
Now, most of this project boils down to exposure with enterprise equipment and the user experience. I thought most of this was straight forward, but the inner-workings of Cisco’s licensing, the overwhelming nature of the Webex interface, the misunderstanding of whether I had an enterprise phone or not, on top of all the other fun experiences, made everything worth it because it was more than just a small phone VoIP intercom project. Had it been so simple, I don’t think I would have enjoyed it. I honestly very much loved the problem-solving aspect to all of this and I was able to research and uncover hidden elements that brought me to a level of understanding VoIP that I had not had before.
Conclusion: Embracing Complexity
Wrapping this post up, the experience gained here is immeasurable, being able to express my lovely frustrations and successes to those in the CompTIA study group Discord server, while also additionally being able to grow from those in the industry and understand their environments and how everything works in a large corporation, it provides a varying perspective that I will only seek to embrace for the years to come. Let this be a testament that projects may have a more long-winded path and may prove to be more complex than they might appear, but that path might be one of which is scenic, rigorous, and will allow you to come out stronger by the end of it.
Resources: (will update as I find things)
Credits and Mentions
0xdeadbeef’s VoIP Project Blog Post
Cisco Resources
Cisco 7800 & 8800 Series IP Phone Documentation
Some YouTube Videos that helped me:
VoIP for Small Business by Louis Rossmann
Cisco Phone Migration to Broadworsk / 3PCC via CUCM
Convert Cisco Phones to MPP/3PCC
Some Reddit threads that helped me:
Feel like this has been useful? Donate toward my latest projects:
https://www.poof.io/tip/@davidinfosec — Thank you so much for being a reader of this blog.