Jump to content

Feature Request - PnP Changes for ITSP Hosting


Tim
 Share

Recommended Posts

In our hosted environment, so far the PnP functionality is working very well for us in most cases. However, we have run into a couple of issues. The main problem relates to the fact that the VLAN IDs are provisioned globally. We can not set the VLAN tag on the server, because we do not have a common VLAN ID which will be set across all the clients on the server, and if we do not set a value, it erases the VLAN tag set on the phone manually. It would be nice if this can be overridden per extension or even per domain, but we would settle for just having a switch so the server does not attempt to provision the VLAN tag.

 

We also ran into an issue where a carrier was blocking port 5061 on the TCP side, luckily they had a secondary carrier that they could route their VoIP traffic over which wasn't blocking the SIP TLS port. It would have been nice if we could change the transport method (udp, tcp, tls) per domain instead of globally on the server.

 

There is also a small security problem in the form of an information disclosure, since the 'snom_3xx_phone.xml/admin_pin' and 'snom_m3.cfg/VOIP_SETTINGS_PIN_CODE' settings are global, they are the same for all the domains. This is not a big deal for us right now, but at some point it would be nice to set the admin pins per domain.

 

Tim

Link to comment
Share on other sites

In our hosted environment, so far the PnP functionality is working very well for us in most cases. However, we have run into a couple of issues. The main problem relates to the fact that the VLAN IDs are provisioned globally. We can not set the VLAN tag on the server, because we do not have a common VLAN ID which will be set across all the clients on the server, and if we do not set a value, it erases the VLAN tag set on the phone manually. It would be nice if this can be overridden per extension or even per domain, but we would settle for just having a switch so the server does not attempt to provision the VLAN tag.

 

Yes, that makes sense. Maybe we should move this setting into the extension. The whole VLAN topic is kind of moving target to me right now, with 802.1X and carrier Ethernet. I am really not sure what the best way it, maybe we have to try a couple of things.

 

We also ran into an issue where a carrier was blocking port 5061 on the TCP side, luckily they had a secondary carrier that they could route their VoIP traffic over which wasn't blocking the SIP TLS port. It would have been nice if we could change the transport method (udp, tcp, tls) per domain instead of globally on the server.

 

Well, you can have two or more TCP/TLS ports open on the same server. The PBX can deal with that.

 

There is also a small security problem in the form of an information disclosure, since the 'snom_3xx_phone.xml/admin_pin' and 'snom_m3.cfg/VOIP_SETTINGS_PIN_CODE' settings are global, they are the same for all the domains. This is not a big deal for us right now, but at some point it would be nice to set the admin pins per domain.

 

We already made it possible to use domain admin PIN and passwords, but that is not in the provisioning files for the phones. We keep that also on the radar.

Link to comment
Share on other sites

Yes, that makes sense. Maybe we should move this setting into the extension. The whole VLAN topic is kind of moving target to me right now, with 802.1X and carrier Ethernet. I am really not sure what the best way it, maybe we have to try a couple of things.

 

Thanks, that would be very helpful. You do bring up an excellent point though, one of these days, I really need to setup a lab with 802.1x and see how our various voip phones deal with it....

 

Well, you can have two or more TCP/TLS ports open on the same server. The PBX can deal with that.

 

Yes, but we can only take advantage of those other ports if we manually register the phones. If we have to program the phones manually, we lose the PnP buttons and the other PnP functions which, even in our limited use to this point, have been a huge benefit for us. It is the same problem we have with the VLAN tag settings, this can only be specified globally, there is no way to make an exception for a single phone or domain.

 

We already made it possible to use domain admin PIN and passwords, but that is not in the provisioning files for the phones. We keep that also on the radar.

 

As I said, this issue is not all that important for us right now. I just wanted to bring it to your attention, so you can deal with this at your convenience.

 

Tim

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...