Cisco SIP Phones Admin Password removal CME [TCLSH Operation]

On this one I wanted to share a really nice way to remove the Admin password from Cisco SIP phones.

It really is annoying to type the Admin password every time you need to modify or at least take a look at the configuration on your phone.

As you may know when you configure a SIP phone on CME you need to give it a username and password, also SIP is kind enough to publish the SEPXXXXX.cnf.xml file to Flash

So here are the steps:

1- Locate your SEPXXXXXXX.cnf.xml file on flash:

CORE#sh flash: | inc SEP

2- Now that you have located your SEP file, its time to expose the contents of the file

CORE#more flash:SEPXXXXXXXX.cnf.xml

3- This will display an output like this

<device>
<deviceProtocol>SIP</deviceProtocol>
<devicePool>
<dateTimeSetting>
<dateTemplate>M/D/YA</dateTemplate>
<timeZone>US Eastern Standard Time</timeZone>
<ntps>
<ntp priority=”0″>
<name>0.0.0.0</name>
<ntpMode>unicast</ntpMode>
</ntp>
</ntps>
</dateTimeSetting>
<callManagerGroup>
<members>
<member priority=”0″>
<callManager>
<ports>
<sipPort>5060</sipPort>
</ports>
<processNodeName>10.1.200.1</processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
</devicePool>
<sipProfile>
<sipProxies>
<registerWithProxy>true</registerWithProxy>
</sipProxies>
…………… Omitted output for

</device>

4- Copy the result to a Notepad file

5- Search for phonePassword

6- once you find the line on the XML file remove it

7- Time to modify the file using  TCLSH

Enter TCLSH mode by typing:

CORE#tclsh
CORE(tcl)#

Now you need to run the following command but don’t press enter yet, make sure your last character is a curly bracket
CORE(tcl)#puts [open “flash:SEPXXXXXXXXX.cnf.xml” w+] {

now at this point its OK to copy your modified XML output the one you pasted and modified in Notepad

CORE(tcl)#puts [open “flash:SEPXXXXXXXXX.cnf.xml” w+] {
———–Omited Output————-
<dscpForCm2Dvce>96</dscpForCm2Dvce>
<transportLayerProtocol>2</transportLayerProtocol>
</device>}

And at the end don’t forget to close with curly brackets again.

8- Last but not least make sure you expose your SEP file using the tftp-server command:

CORE#(config) tftp-server flash:SEPXXXXXX.cnf.xml

It will take a bit of practice to do it few times and you will be able to master this one.

Thank you and I hope this helps!!

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

4 thoughts on “Cisco SIP Phones Admin Password removal CME [TCLSH Operation]”

  1. Pingback: Cisco 9971 Factory Reset Admin Password Removal – [Timing is the answer] | UC AND COLLABORATION ENGINEERING

    1. I will not be able to tell you the specifics on the exam, but I can tell you that if you want to keep the phone with the configuartion file you modified then you will have to remove tftp-flash path: from the voice register global configuraton.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top