Cisco Webex Calling (Cisco’s cloud PBX offering) enables organizations to quickly deploy an enterprise-grade telephony solution featuring all sorts of device types: hardware phones, soft-phones and video devices.

The obvious choice for video devices falls on Webex‒enabled Desk or Room devices. Enrolling these devices on the cloud is as simple as entering a 16 digits code. Once they are provisioned (and fully managed from the cloud), adding PSTN service to them is a matter of one or two clicks at most.

But if in the past you purchased Cisco (TANDBERG) devices of the EX Series, you know how beautifully designed they are, and you probably wonder if there is a way to extend the life of these rock‒solid devices on Cisco’s cloud PBX service.

The good news is that it’s absolutely possible to do that, and it’s not very complicated either. Let’s get started!

Requirements and Caveats

Since we already know that the EX Series doesn’t support native Webex Cloud registration (i.e.: they can’t process the 16 digits activation codes), we need a different registration method: Cisco provides access to Generic 3rd party SIP Devices and, despite the obvious ironic paradox of considering a Cisco device as “3rd party”, this is what we will use.

Once registered, the EX will be able to:

  1. place and receive audio PSTN calls using numeric dialing (national, international, E.164 formats);
  2. place and receive internal audio/video calls to other subscribers of the same Webex Calling Organization by numeric dialing of internal extensions or corresponding DID PSTN phone numbers;
  3. place audio/video calls to any Cisco Webex user (including free tier users) by means of URI-dialing (typically these are the URI formats to use: user@domain.calls.webex.com or user@domain.call.ciscospark.com);
  4. join by URI dialing all types of Webex meeting rooms, or someone’s Personal Meeting Room URI address.

What the endpoint will not be able to do (unfortunately) is:

  • browse the Organization Directory;
  • dial by URI an external domain, as it is commonly done in B2B SIP calling.

Perform Initial Setup

Security

The first thing you need to do after a factory reset is to configure a default password for your admin user (or create a new admin user altogether). You can do that by visiting the EX administration portal at http://DEVICE-IP/web/users.

The other important thing to do before proceeding with the registration is importing Webex Calling’s Edge SBC Root CA certificate into the endpoint’s CAs storage. The PEM certificate can be obtained from IdenTrust official website at https://www.identrust.com/identrust-commercial-root-ca-1.

From the GUI interface load the .pem file and you will see the identrust certificate appearing in the list, as shown in the screenshot.

Identrust CA loaded on EX Series

Disable Provisioning

Unless there is a management solution, the endpoint is not automatically provisioned, so we can disable this function by going to http://DEVICE-IP/web/config/Provisioning and set Mode = Off.

Give the Unit a Name

If you don’t assign a name to the endpoint, it’s possible you will see a warning stuck in the Troubleshooing menu reminding you to do this.

So go to http://DEVICE-IP/web/config/SystemUnit/Name and configure a system unit name to make this warning disappear.

Obtain the SIP Settings from Control Hub

Control Hub is the name of Webex Calling management portal. When you configure the Workspace or the User device, you are presented with a list of SIP settings that we will use on the endpoint. This below is an example of the configuration settings.

Example Control Hub

The parameters that we need are:

  • Line ID
  • Outbound Proxy
  • SIP Username
  • SIP Password
  • [Optional] Voicemail pilot number (this is not shown in the screenshot, but can be found on the Location settings).

Configure SIP Parameters

Set default call protocol to SIP by going to:
http://DEVICE-IP/web/config/Conference[1]/DefaultCall.

Then move to http://DEVICE-IP/web/config/SIP and assign the following values to the respective parameters (leave everything else to default):

  • ListenPort = On
  • Profile 1:
    • DefaultTransport = tls
    • Mailbox = [VM Pilot]
    • TlsVerify = On
    • URI = [Line ID]
  • Authentication
    • LoginName = [SIP Username]
    • Password = [SIP Password]
  • Proxy 1
    • Address = [Outbound Proxy]
    • Discovery = Auto

When this is done, the endpoint should successfully establish a Tls encrypted connection with the Cisco Webex Calling edge Session Border Controllers, and be ready to place and receive calls.

If you found this useful or if you have comments, send me a message!