Test-CsPhoneBootstrap said that we were doing the right thing. Jeff Schertz’s guide to configuring Lync for Lync Phone Edition devices said that we were doing the right thing. Elan Shudnow’s post about Cisco switches and PIN authentication said we were doing the right thing.
But our Lync Phone Edition devices just were NOT authenticating.
One of my network guys mirrored one of the wall ports for me, and I alternated between the happily-authenticating AudioCodes 420HD and the stubborn Polycom CX3000, capturing WireShark traces I could barely read (I’ve since gotten to know the handshake process those LPE devices need way better than I ever wanted to). But what a pain.
msxfaq.de, long-time Exchange and now Lync MVP Frank Carius’ mostly-German variety shop of Lync and Exchange experience to the rescue – most specifically, his page on port mirroring. He recommends the NetGear ProSafe Plus series, the least expensive of which is the 5-port, non-PoE (Power over Ethernet) version, the GS105E. If you can read German, he explains several other options, along with exploring how you might connect to it without using Adobe AIR (and Windows) and some possible security implications of it having a default, hardcoded password to a web interface (theoretically, someone could break in and set up mirroring). If you can’t read German, it’s still good for screenshots of how to set up the port mirroring on the ProSafe Plus switches.
I, on the other hand, found the GS108PE, with 4 PoE ports and 4 regular ones to be the right balance between cost and convenience. This means up to four phones plugged in at once, and without power adapters. The non-PoE (and less expensive) versions will require you to use the phones’ power adapters. Later, if you want VLANs, VLANs you can have.
Because of this possible security issue with the hard-coded usernames and passwords, I recommend the GS108PE or GS105PE instead of the GS105E.
Make sure that you don’t get one of the non-“Plus” versions – they’re somewhat less expensive, but don’t have the mirroring available. I made this mistake, initially getting the GS108P.
So, if the model number ends in P, it does not have the smarts required to configure mirroring; if it ends in just E, it doesn’t have PoE (and might contain some risky firmware), and if it ends in PE, it does it all and will make your phone evaluation and troubleshooting easier.
As for WireShark, DHCP, certificates, certificate chains, comparing multiple phones at once and how we finally got Lync Phone Edition to work right with our ancient Cisco ACE load balancers, that’s another post. Or three.
Thanks fore the update and the PM about the new Firmware for my GS105E. It looks like the 22.214.171.124 does no longer use “plain test” Passwords in the Firmware. Hopefullly they are now better encrypted. Thanks for Setting a link to my msxfaq. BTW about 10% of my Readers are using Google/bing Translation to read that stuff.
Any Cisco 2940 (the super-tiny 4port FE + 1x FE optics port) or a cheap used 2950 Catalyst can be bought on Ebay for some euros, and those are (I think) still lightyears more professional (with an upgrade to the last supported IOS version, downloadable from Cisco.com for Layer2 switches for free after a free registration) then any today brand new noname SOHO junk.
Oh, I agree that those Cisco switches certainly are more professional (as in, you have to know something about Cisco) and more suitable for long-term continuous use, but they are not terribly convenient, which is what I and probably most Lync admins are looking for in a little device to help us do phone testing and troubleshooting – configuring port mirroring is not trivial like it is on the NetGear ProSafe Pluses, and neither the 2940 nor the 2950 appear to have PoE, which I think is essential for a cheap little switch to troubleshoot Lync phones.
Took a quick look at eBay – those old 2950’s ARE really cheap! If you’ve got a nice mirroring configuration worked out for the 2940 or 2950 that anyone who reads IOS and thinks “but what does an expensive smartphone have to do with port mirroring?” could just copy and paste, post it somewhere and please link here!
Yes, agree that these cheap C2940 / 2950s have no PoE. In that case a used (and also sort of cheap) C3550 may be used. Yes, the PoE-version of the 3550 supports a cisco-prorietary pre-standard PoE, but it has a workaround, can be easily found via google and after applied it works. I tested it with Polycom CX500.
I think any IT people (who will ever touch switches or routers during his career) should know some (very) basic Cisco IOS, as managed network equipments became very widespread in the last 5 years (not that exotic, as initially were 10 years ago).
Regarding the config, thats all you need: