Tim Posted September 30, 2008 Report Share Posted September 30, 2008 In our hosted environment, so far the PnP functionality is working very well for us in most cases. However, we have run into a couple of issues. The main problem relates to the fact that the VLAN IDs are provisioned globally. We can not set the VLAN tag on the server, because we do not have a common VLAN ID which will be set across all the clients on the server, and if we do not set a value, it erases the VLAN tag set on the phone manually. It would be nice if this can be overridden per extension or even per domain, but we would settle for just having a switch so the server does not attempt to provision the VLAN tag. We also ran into an issue where a carrier was blocking port 5061 on the TCP side, luckily they had a secondary carrier that they could route their VoIP traffic over which wasn't blocking the SIP TLS port. It would have been nice if we could change the transport method (udp, tcp, tls) per domain instead of globally on the server. There is also a small security problem in the form of an information disclosure, since the 'snom_3xx_phone.xml/admin_pin' and 'snom_m3.cfg/VOIP_SETTINGS_PIN_CODE' settings are global, they are the same for all the domains. This is not a big deal for us right now, but at some point it would be nice to set the admin pins per domain. Tim Quote Link to comment Share on other sites More sharing options...
hosted Posted October 1, 2008 Report Share Posted October 1, 2008 how many hosted extensions do you have? we are rolling out our own in "beta" this week. Do you only use snom phones? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted October 1, 2008 Report Share Posted October 1, 2008 In our hosted environment, so far the PnP functionality is working very well for us in most cases. However, we have run into a couple of issues. The main problem relates to the fact that the VLAN IDs are provisioned globally. We can not set the VLAN tag on the server, because we do not have a common VLAN ID which will be set across all the clients on the server, and if we do not set a value, it erases the VLAN tag set on the phone manually. It would be nice if this can be overridden per extension or even per domain, but we would settle for just having a switch so the server does not attempt to provision the VLAN tag. Yes, that makes sense. Maybe we should move this setting into the extension. The whole VLAN topic is kind of moving target to me right now, with 802.1X and carrier Ethernet. I am really not sure what the best way it, maybe we have to try a couple of things. We also ran into an issue where a carrier was blocking port 5061 on the TCP side, luckily they had a secondary carrier that they could route their VoIP traffic over which wasn't blocking the SIP TLS port. It would have been nice if we could change the transport method (udp, tcp, tls) per domain instead of globally on the server. Well, you can have two or more TCP/TLS ports open on the same server. The PBX can deal with that. There is also a small security problem in the form of an information disclosure, since the 'snom_3xx_phone.xml/admin_pin' and 'snom_m3.cfg/VOIP_SETTINGS_PIN_CODE' settings are global, they are the same for all the domains. This is not a big deal for us right now, but at some point it would be nice to set the admin pins per domain. We already made it possible to use domain admin PIN and passwords, but that is not in the provisioning files for the phones. We keep that also on the radar. Quote Link to comment Share on other sites More sharing options...
Tim Posted October 1, 2008 Author Report Share Posted October 1, 2008 Yes, that makes sense. Maybe we should move this setting into the extension. The whole VLAN topic is kind of moving target to me right now, with 802.1X and carrier Ethernet. I am really not sure what the best way it, maybe we have to try a couple of things. Thanks, that would be very helpful. You do bring up an excellent point though, one of these days, I really need to setup a lab with 802.1x and see how our various voip phones deal with it.... Well, you can have two or more TCP/TLS ports open on the same server. The PBX can deal with that. Yes, but we can only take advantage of those other ports if we manually register the phones. If we have to program the phones manually, we lose the PnP buttons and the other PnP functions which, even in our limited use to this point, have been a huge benefit for us. It is the same problem we have with the VLAN tag settings, this can only be specified globally, there is no way to make an exception for a single phone or domain. We already made it possible to use domain admin PIN and passwords, but that is not in the provisioning files for the phones. We keep that also on the radar. As I said, this issue is not all that important for us right now. I just wanted to bring it to your attention, so you can deal with this at your convenience. Tim Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.