Test-CsPhoneBootstrap said that we were doing the right thing. Jeff Schertz’s guide to configuring Lync for Lync Phone Edition devices said that we were doing the right thing. Elan Shudnow’s post about Cisco switches and PIN authentication said we were doing the right thing.
But our Lync Phone Edition devices just were NOT authenticating.
One of my network guys mirrored one of the wall ports for me, and I alternated between the happily-authenticating AudioCodes 420HD and the stubborn Polycom CX3000, capturing WireShark traces I could barely read (I’ve since gotten to know the handshake process those LPE devices need way better than I ever wanted to). But what a pain.
msxfaq.de, long-time Exchange and now Lync MVP Frank Carius’ mostly-German variety shop of Lync and Exchange experience to the rescue – most specifically, his page on port mirroring. He recommends the NetGear ProSafe Plus series, the least expensive of which is the 5-port, non-PoE (Power over Ethernet) version, the GS105E. If you can read German, he explains several other options, along with exploring how you might connect to it without using Adobe AIR (and Windows) and some possible security implications of it having a default, hardcoded password to a web interface (theoretically, someone could break in and set up mirroring). If you can’t read German, it’s still good for screenshots of how to set up the port mirroring on the ProSafe Plus switches.
I, on the other hand, found the GS108PE, with 4 PoE ports and 4 regular ones to be the right balance between cost and convenience. This means up to four phones plugged in at once, and without power adapters. The non-PoE (and less expensive) versions will require you to use the phones’ power adapters. Later, if you want VLANs, VLANs you can have.
Because of this possible security issue with the hard-coded usernames and passwords, I recommend the GS108PE or GS105PE instead of the GS105E.
Make sure that you don’t get one of the non-“Plus” versions – they’re somewhat less expensive, but don’t have the mirroring available. I made this mistake, initially getting the GS108P.
So, if the model number ends in P, it does not have the smarts required to configure mirroring; if it ends in just E, it doesn’t have PoE (and might contain some risky firmware), and if it ends in PE, it does it all and will make your phone evaluation and troubleshooting easier.
As for WireShark, DHCP, certificates, certificate chains, comparing multiple phones at once and how we finally got Lync Phone Edition to work right with our ancient Cisco ACE load balancers, that’s another post. Or three.