Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

PBX in a Flash and VLANs

How to implement VLANs with the PBX in a Flash distribution of Asterisk PBX BEST VIEWED FULL SCREEN - Select MORE - FULL SCREEN
by

Eugene Blanchard

on 24 November 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of PBX in a Flash and VLANs

PIAF + VLANS
by Eugene Blanchard
What is a VLAN?
it is short for Virtual LAN
You take an Ethernet switch
and pretend to divide into two or more switches
It appears like two separate switches
Why do that?
Each virtual switch can be assigned
to its own
network
(virtual switches)
traffic is independant
You can have a network for DATA
and a network for voice
Priorities
can be assigned to the networks
The voice network can have
priority
over the data network
This is called
QoS
Quality of Service
for each network
use ports configured in
Access Mode
Only
VLAN is allowed per
ONE
Access Port
End Devices
Ethernet Trunks
are used between
Switches
and allow
VLANs per
Trunk Port
multiple
Access Port
Trunk Port
one
many
VLAN
VLANs
Important Concept
PBX in a Flash
End Devices
Between Switches
IEEE802.1q
Standard for
Trunks
to identify
in the Ethernet frame
VLAN
information
Also called Dot1Q and tagging
Only appears on
TRUNKS
How many VLANs
do you need?
One or more for Data
One for Voice
One for Management
One for Native VLAN
What are those other
two used for?
A separate Management VLAN
provides
security!
The Native VLAN
is used for
Trunks
Management VLAN
Only those computers allowed
on the Management VLAN can
configure the network
Native VLAN
This VLAN is specifically for trunks
which carry multiple VLAN traffic
AND
Both Voice and Data can share
same
network infrastructure
the
This is called
Convergence
VLANs
are numbered and named
a subnet is assigned to the VLAN
VLAN 10 - Data - 192.168.
10
.0
VLAN 20 - Voice - 192.168.
.0
VLAN 99 - Managment - 192.168.
.0
20
99
- subnet number is the same as VLAN number
Often the Management VLAN is the same as the Native VLAN
Rule of Thumb
at the switch
At the switch's console
command line
Swtch 1 Configuration
To enable a port for an end device and
assign it to a VLAN, type:
interface fa0/1
switchport mode access
switchport access vlan 10
To configure a trunk to another switch:
interface fa0/5
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 99
this is based on using a Cisco switch
other brands are similar
Problem????
How to get from network 192.168.10.0 to 192.168.20.0
In the above network, there are 3 VLANs: 10, 20 and 99
VLAN 10 = 192.168.10.0
VLAN 20 = 192.168.20.0
VLAN 99 = 192.168.99.0
Solution!
Add a router with
2 Ethernet ports
One port will be the default
gateway for 192.168.10.0
and the other port will be
the default gateway
for 192.168.20.0
BUT
this uses up router ports quickly
!
You will need one physical port for each VLAN at the
router and at the switch.
Why is this a problem?
In the original example, we needed 4 VLANs
That means that we need 4 Ethernet ports on the router
and we'll use 4 corresponding ports on the switch.
To create a VLAN, type
vlan 10
name Data
Switch2 ports to the router are configured
as Access ports
We're going to run out of ports quickly!
Dashed lines indicate
a crossover cable
Inter VLAN Routing
A Better Solution
Router on a Stick
Yes, that's what it is called..
Use one Ethernet port and make it a native trunk from the switch
This way we can run multiple VLANs on it.
But
there's some magic to do at the router..
BEST VIEWED FULL SCREEN
Select MORE - Fullscreen
Then click on dim Arrow at bottom of screen

Router Magic
On Router1's fa0/0 interface
Interface fa0/5
means
ast Ethernet module
port
fa
0
5
create sub-interfaces that correspond to the VLANs
interface fa0/0
interface fa0/0.
encapsulation dot1q
ip address 192.168.10.1 255.255.255.0
10
10
Creates subinterface
assigns it to VLAN 10
assign an IP address to it
This interface becomes the default gateway for VLAN 10
Must do it for each VLAN used!
?
What about the Voice stuff?
A VoIP phone is actually a 3 port switch
one external port is connected to the network
one internal port is connected to the phone
one external port is for a PC
int fa0/5
switchport mode access
switchport access vlan 10
switchport voice vlan 20
3 port switch
Trunk
The phone's network port has two VLANs: VLAN 10 and Vlan 20 so it can be treated as a
trunk!
Example, Cisco switch VoIP port configuration:
While it has both the
VLAN 20 and the
VLAN 10
Voice
Data
Sets tagging 802.1q and
identify's Voice VLAN
for QoS
Sets Data VLAN
Right??
Not quite!
Making the network port a trunk causes
IP Phones only allow two VLANs
One is for voice and the other for data, setting the voice VLAN is easy but
if we set the network port for trunking, the data VLAN must be set to
the native VLAN 99.
The result is the PC connected to the IP phone
is on the subnet
problems
wrong
Solution: Multi-VLAN Access
Remember when I said
For Cisco IP phones, you configure the Access port for multi-VLAN access
"Access ports - one VLAN only"
Well, I lied...
Switch
VLAN
Router
IP phone
What about the
PiaF Server?
So far, we have configured the
Preferred Method
It can be treated one of two ways.....
network cards on the PiaF server
for PiaF Server
One for the voice VLAN
and the other for the Data VLAN
Set the Switch ports as access and assign
respective VLAN to each.
Make sure that each NIC
has the proper subnet
IP address
Use
two
That's simple but there's some gotcha's:
The second NIC card could use up
server resources:
IRQs and base addresses
with voice cards
such as FXO/FXS and T1 cards
conflicts
which can lead to
and result in audio quality
problems
Method #2
Configure
the PiaF server with a trunk
We can treat it smilar to a "Router on a Stick"
Tell Asterisk which
Ethernet port to send voice on:
bindaddr=
"IP address of Voice Ethernet port"
In both
/etc/asterisk/sip_general_custom.conf

/etc/asterisk/iax_general_custom.conf
and
add =>
PiaF on a Stick!
This requires just one Ethernet interface
Voice will have priority over Data
PiaF on a Stick
Requires only
Ethernet interface
one
Will use
VLANs
VLAN 10 -
VLAN 20 -
VLAN 99 -
three
Data
Voice
Management
All Voice devices
register to the Voice Ethernet interface
AND are on the Voice VLAN
All Data devices
are on the Data VLAN
tftp, ssh, FreePBX and Webmin use the
Data VLAN
interface
On eth0, configure 3 interfaces:
- Management eth0 interface
- Data eth0.10 subinterface
- Voice eth0.20 subinterface
The Management interface
will use
native VLAN 99
eth0 Interface
Typical /etc/sysconfig/network-scripts/ifcfg-eth0
Treat this interface like normal
and it will automatically
On the Switch
interface fa0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 99
Make the port connected
to the PiaF server's eth0
a trunk
At Piaf
connect to the native VLAN 99
BOOTPROTO=none
NAME="VLAN 99 Management Interface"
BOOTPROTO=none
HWADDR=00:0f:20:d1:11:eb
DEVICE=eth0
MTU=""
NETMASK=255.255.255.0
BROADCAST=192.168.99.255
IPADDR=192.168.99.254
NETWORK=192.168.99.0
GATEWAY=192.168.99.1
ONBOOT=yes
eth0.10
Sub-interface
This sub-interface binds to
the Data VLAN
Create /etc/sysconfig/network-scripts/ifcfg-eth0.10
BOOTPROTO=none
NAME="VLAN 10 Data Interface"
BOOTPROTO=none
HWADDR=00:0f:20:d1:11:eb
DEVICE=eth0.10
MTU=""
NETMASK=255.255.255.0
BROADCAST=192.168.10.255
IPADDR=192.168.10.254
NETWORK=192.168.10.0
GATEWAY=192.168.10.1
ONBOOT=yes
VLAN=yes
This tells it to
bind to the VLAN
10
Sub-interface
eth0.20
This sub-interface binds to
the Voice VLAN
20
Create /etc/sysconfig/network-scripts/ifcfg-eth0.20
BOOTPROTO=none
NAME="VLAN 20 Voice Interface"
BOOTPROTO=none
HWADDR=00:0f:20:d1:11:ec
DEVICE=eth0.20
MTU=""
NETMASK=255.255.255.0
BROADCAST=192.168.20.255
IPADDR=192.168.20.254
NETWORK=192.168.20.0
GATEWAY=192.168.20.1
ONBOOT=yes
VLAN=yes
This is always automatic
for every IP phone
NOT
Some IP phones may require further manual
configuration for the VLAN and priority
Check the IP phone's manual!
All Voice devices
register to the Voice Ethernet interface
AND are on the Voice VLAN
All Data devices
are on the Data VLAN
and use the
ssh, FreePBX and Webmin use the secure
Data VLAN
interface
Management VLAN
interface
Licensing Agreement
You are allowed to use it, view it, modify it without permission of the author Eugene Blanchard, provided that you agree to the following:
That you will try to be a better person today than yesterday.
That you will exercise your body as well as your mind.
That you will tell the persons dear to you that you love them.
That you will defend the rights of those who are unable to defend themselves.
That you will not hurt your family members emotionally or physically.
That you will respect your elders and care for them in time of need.
That you will respect the rights of others in their religious beliefs.
That you will respect the rights of others in their sexual orientation.
That every man, woman and child has the right to be here and is equal regardless of race, creed or color.
That you will act honorably in all aspects of your personal and business life.
That your family is first and foremost the most important thing in your life.
That when you make a mistake, that you admit it and make amends.
This information is available online in the hope it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
This might be through the phone's Web GUI
or through the phone's LCD display
if you are not careful
But voice and data will share the same trunk efficency
- REDUCES
The BEST method
is to use a Layer 3 switch
Route between VLANs
at the switch
It will be routing at line rate:
100 Mbps!
Full transcript