VLAN tagging on CS410

[edwardforgacs]

Is it possible to configure VLAN tagging on the CS410 device? We would like to be able to use the QoS features of our switch without having to use a higher-end layer 3 switch which supports inter-vlan routing.

[Vodia PBX]

Is it possible to configure VLAN tagging on the CS410 device? We would like to be able to use the QoS features of our switch without having to use a higher-end layer 3 switch which supports inter-vlan routing.

 

Not completely impossible; but we don't provide the front end for the VLAN configuration from the web interface. You would have to use the standard Debian Linux setup. I am not even sure if vconfig is on the file system.

 

Many managed switches are able to retag the traffic on specifc Ethernet trunks. That might be a workaround.

[edwardforgacs]

Thanks for the reply. I did try the vconfig command on the CS410 and unfortunately it doesn't appear to be supported.

 

The issue with setting it on the switch is as follows. The switch can be set so that all traffic on that particular port defaults to the Voice VLAN if it is untagged, however this means that the web console becomes part of the voice VLAN and is inaccessible without a device capable of doing inter-VLAN routing.

 

The WAN port is not an issue in my setup as it is connected directly to the DMZ port of a NAT router which is SIP-aware and that port gives traffic a higher priority.

[Vodia PBX]

The issue with setting it on the switch is as follows. The switch can be set so that all traffic on that particular port defaults to the Voice VLAN if it is untagged, however this means that the web console becomes part of the voice VLAN and is inaccessible without a device capable of doing inter-VLAN routing.

 

Though it is the voice VLAN that does not mean there is no HTTP traffic. In other words: You still need to provision phones and you still want the phones to pull down information (e.g. address book) from the PBX via HTTP.

 

But I agree, routing between the VLAN is a new problem then.

[andrewgroup]

DLink L2 switch support automatic VLAN routing with Static IP Routes, with a much lower cost than L3 devices.

[edwardforgacs]

Unfortunately that is not a option for us as we have just purchased some expensive 3Com gear for this purpose, which doesn't support L3 routing like the DLink product but is specifically designed for voice.

 

It seems very odd that an IP-PBX product wouldn't support VLAN tagging when all other products do, including the IP phones we're using and the Exchange server being used for voicemail.

 

Are there any plans to fix this on the CS410?

[andrewgroup]

What if you used the LAN port on the VLAN tagged Port Based VLAN (set security of IP registrations to the IP addresses on the that SEGMENT, Then attached the WAN port on a new IP address and created a static Route on the LAN gateway to talk to this IP address, and using this for the WEB interface, and security wise all UDP/RTP traffic would be in on the VLAN segment, while the WEB console is affectively on another. With the upper limit of the CS410 being about 25 phones, we've yet to see any reason to deploy VLANs in smaller installations.

[edwardforgacs]

Unfortunately, we can't do what you described because our router does NAT with DMZ, so we have to have the WAN port plugged into the router. We could possibly configure the web console to be accessible via the router but it seems like it is reducing security.

 

>we've yet to see any reason to deploy VLANs in smaller installations.

 

I could not disagree more. We have had call drop outs on internal calls as a result of QoS problems.

 

Quite simply, it seems like a sloppy, half-baked solution to be not using VLANs on any IP-PBX solution. Almost every other commercian IP-PBX I know of supports this. If PBXnSIP is to be a professional solution then it has to work reliably, and having voice traffic on a separate VLAN is a fundamental requirement of having the network set up properly.

[andrewgroup]

While VLANs are useful for segmenting traffic types, the VLAN protocol has no provisions for traffic control. To properly manage traffic flow you use 802.1P and Q, and most managed switches support a few choices regarding queues and priorities. Given the choice, we strongly suggest mastering the P's and Q's regarding IP control.

 

While you might consider anything less than VLAN as half baked, please visit what might arguably be the #1 commercial seller of VoIP PBX's (Shoretel) and you'll find the vast majority of their deployments are done with dump switches.

 

Cheers

[Alex Kasperavicius]

Ah, I get it - you want to set up TWO VLAN ports on the LAN side of the CS410 and make one of them for the phones and one of them for http. Nice idea, but I have a feeling this thing would get crushed with the overhead if you could set it up.

 

If you want to use VLAN separation, you can dedicate the LAN port of the cs410 to your voice VLAN (create an untagged port on your switch and make it a member of the voice VLAN).

 

If you also want your users on workstations (in a different VLAN) to be able to access the web interface, well - you said the cs410's WAN port is sitting on your firewall's DMZ port - just make a firewall/dns ruleset to route internal web traffic for the cs410 through to the DMZ side (and tell the cs410 to only respond to web requests from internal addresses if you're worried about security). Yeah, a bit of a pain to do but it's not that bad

 

Adding VLAN tagging to the cs410 might be nice, but decoding tags is intensive, and you then open up a host of more configuration fun like what services are available on which VLAN, port, routing between them, and the itinerant trouble shooting, unforeseen problems, etc - and I don't think the current processor could handle the load - and I wouldn't want my VoIP processor stuck with that task, frankly. Heck, you hear a glitch in music on hold when doing a web refresh as it is.

 

...also, don't forget that many small/medium IT techs have little to no experience with VLANS and this is the target market for the cs410. You don't want to confuse the poor guys do you?

 

AK

[edwardforgacs]

Yes, I understand what you're saying here, but:

 

* I would really be surprised if it's that hard for the processor to add VLAN tagging to the SIP/RTP packets. Other devices (like cheap consumer telephone adapters) manage to do that, if the CS410/425 can't then it's really not up to scratch. Also as I mentioned our Snom phones also support it, I would imagine they have much less processing power.

 

* If "small" IT shops don't know what a VLAN is, they should steer clear of VOIP solutions because they will end up with a lot of very angry customers - it frankly doesn't work, the whole network needs to be properly designed to support it or it is a recipe for disaster. We are one of those shops and we are not willing to recommend a solution to customers that has no QoS because we have seen those setups fall over.

 

* If we're trying to avoid confusing these guys, it would make sense to support the many "voice-enabled" switches which are designed to work with VLAN tagging, so the web console still works without setting up inter-VLAN routing on another device. The layer 3 devices which support inter-VLAN routing are likely beyond the budget of a lot of the target market of the CS410/425 but lots of layer 2 "voice-enabled" ones aren't. At the moment it doesn't work with the cheaper ones as far as I'm concerned because to make it usable (to access the web console on the PBX), you need inter-VLAN routing.

 

At the end of the day, we are going to set up inter-VLAN routing in our own setup so I'm not too fussed, just amazed that this feature has been overlooked.

[andrewgroup]

Yes, I understand what you're saying here, but:

At the end of the day, we are going to set up inter-VLAN routing in our own setup so I'm not too fussed, just amazed that this feature has been overlooked.

 

Nice Post - We too have strived to make every IT project over the last 25 years be as perfect as it can be.

 

Unfortunately PBXnSIP doesn't control the Kernel on the CS410 Mindspeed and it's partners manage that, and in a previous post, a new kernel was mentioned.... so lets wait and see. The Sheeva looks very promising? Done that yet?

 

Cheers