SERVER-NETWORKING (6.0)

« Go Back

Information

 
Answer

Networking

Networking includes tools to manage the following:

IP Configuration

This tool lets you set the IP configuration for Switchvox. These settings are similar to settings you would set on any other computer on your network.

IP Configuration

Enter the following information, then click Save IP Configuration.

Gateway Address.

Enter the IP address of the machine to which Switchvox sends outbound traffic. It is typically the address of your router.

DNS Addresses.

Enter up to three DNS addresses. Switchvox uses these addresses to translate any host/domain names into IP addresses.

Allow NAT Port Forwarding.

Select Yes to allow NAT Port Forwarding to Switchvox. This option is useful if you need to handle calls going to and coming from an external network, and Switchvox is behind a router that performs NAT. On your router, you must forward the following ports to your Switchvox server. Also, in Machine Admin > Access Control, you must have a rule that allows the appropriate traffic for an external network. See “Access Control.”
 

Ports to forward to your Switchvox Server
ProtocolTCP/UDPPortsDescription
IAXUDP4569Signaling port needed for phones outside of your network
SIPUDP5060Signaling port needed for phones outside of your network
SIPUDP10000-10500RTP audio ports needed for phones outside of your network
 TCP80HTTP porlt for remote web voicemail access
 TCP443HTTPS porlt for remote web admin access
 TCP5222 & 843Ports for using the Switchboard remotely
 TCP5269Ports for remote XMPP (Jabber/chat) access

External IP Address.

Enter the public IP Address of your router. If you are not sure what your public IP is, click Look Up External IP to automatically find it.

NOTE: SIP phones that are outside of your network must use this external IP for registration.

You cannot use this feature if your ISP does not give you a static external IP address. Check with your ISP to make sure that the public IP you enter here will not change. If you do not have a static public IP, you will only be able to use phones from within your local network.

eth0 Interface.

Enter the IP and Netmask address. You set these addresses when you installed the Switchvox software, and you do not normally need to change this information after installation.

Advanced Options.

If you need to change an Advanced Option, click Show Advanced Options and enter the following information:

  • Hostname. You can set a hostname for Switchvox (e.g., pbx.example.com) if you have a
  • DNS setting. This may alleviate problems with delivering emails through particularly strict SMTP servers.

IMPORTANT: This option also sets the web server’s SSL key. This may help prevent warnings from your browser when logging into Switchvox. In most cases it is best to leave this option unchanged.

  • Jabber Hostname. You can set a hostname for the Jabber server in Switchvox (e.g., jabber. example.com) if you have a DNS setting. This is important if you are peering Switchvoxes and want to use functions such as Presence or the Chat Panel.
  • IP ToS. This lets you set the ToS or DSCP field in VoIP packets sent by Switchvox. This field can be used by firewalls and switches to distinguish specific types of traffic to apply QoS rules, such as favoring all voice traffic for better quality. Setting the ToS field isn’t a requirement for prioritizing VOIP traffic on your router, it’s just one way to identify VOIP traffic. If you’re not explicitly prioritizing this field in your network equipment, changing this option will have no effect on your VOIP quality.
For more information see the following resources:
  • RFC 2474. Definition of the Differentiated Services Field (DS field) in the IPv4 and IPv6 Headers, Nichols, K., et al., December 1998.
  • IANA Assignments, DSCP registry, Differentiated Services Field Codepoints: http://www.iana.org/assignments/dscp-registry.

Additional Local Networks.

Use this section to list any additional networks that are not separated from Switchvox by a NATing router. This option is only needed if:

  • Switchvox is behind a router that performs NAT.
  • You wish to use soft phones from outside your network.
  • There is more than one network (such as a remote office VPN) connected to the local net.
Networks can be listed in either CIDR (e.g., 192.168.0.0/24) or netmask (e.g.,
192.168.0.0/255.255.255) notation.

HTTP and Proxy

These settings direct all outgoing HTTP and HTTPS traffic to a web proxy.

HTTP Proxy

  • Proxy Hostname or IP Address
  • Proxy Port
  • Proxy Username
  • Proxy Password
  • Custom SSL Certificates

Use these fields to add a Custom SSL Certificate. This option can be used to prevent your browser from popping up a security warning when you access the Admin Suite. After you have purchased an HTTPS certificate from an online certificate authority, it can be uploaded into these sections to allow Switchvox to use it for encrypting web traffic.

Another option for this section is if your organization creates its own web certificates for encrypting various intranet traffic.

If you are unsure about HTTPS certificates, it is safe to leave this section blank.

Access Control

The Access Control tool lets you manage which networks have access to Switchvox.

  • Access Control Rules allow network access to Switchvox services based on IP address and netmask. The default action is to deny access, so if you don’t allow a service for a network, then the network is denied access to that service.
  • Blocked IP Addresses are automatically blocked by Switchvox. This tool lets you see what has been blocked and lets you unblock it. It also lets you change the blocking options and search for blocked IPs.
Access Control

Access Control Rules tab

The Local Network rule by default allows all traffic for all services. The All Networks rule allows traffic for various services depending on your Switchvox configuration. You can modify the services allowed for the Local Network and All Networks rules, but you cannot change the name or the network.

Create an Access Control Rule

Click Create Access Control Rule.

Create Access Control Rule

 Enter or set the following information for the rule:
  • Rule Name. Enter a unique Rule Name.
  • Network. Enter the network IP address and netmask that the rule applies to.
  • Never Block IPs. Switchvox will not automatically block a network. For example,
    you can select YES for Local Network to Never block IPs. For details about how
    Switchvox automatically blocks IP addresses and how to change it, see “Blocked
    IP Addresses Tab.” 
Allowed Services. Set access to YES for each service that you want to allow the network to access.
  • Web Admin Portal. The Switchvox Admin Tool Suite.
  • Web User Portal. The Switchvox User Tool Suite (for extension owners).
  • Admin API. API calls to Admin tools.
  • User API. API calls to User tools.
  • Printing. Printing to Switchvox, including printing files to be faxed.
  • IMAP. The Switchvox IMAP server for voicemail and faxes.
  • XMPP Server (Jabber). XMPP chat server traffic.
  • XMPP Client (Jabber). XMPP chat client traffic.
  • SIP. SIP traffic.
  • IAX. IAX traffic.
  • NTP. NTP traffic (Network Time Protocol).
  • SNMP. SNMP traffic. If you want to monitor Switchvox using SNMP, make sure this service is checked. For information about the OIDs that Switchvox publishes, see “SNMP.” 
  • Digium Config Server. The phone configuration server for Digium Phones. This must be On to allow access from a remote Digium Phone (meaning, Digium Phones on an external network).

Blocked IP Addresses tab

Switchvox automatically blocks an IP if it is attempting to log in or register a phone with a bad username and password. This is based on the assumption that if someone is trying to reach Switchvox without valid login information, that person probably does not have a legitimate reason to reach Switchvox.

blocked IP addresses

  • To change the options for automatic blocking, click IP Blocking Options.
  • To unblock an IP address or netmask, click Unblock on that item.
  • To find an IP address that has been blocked, use the Search field. You can enter an IP address, an extension number, or an administrator's login.

NOTE: If you have physical access to the Switchvox server, you can use the Basic Server Function Unblock Local IPs to remove the blocks for local IP addresses (See “Basic Server Functions.”).

IP Blocking Options

The IP Blocking Options determine when Switchvox blocks an IP address from logging into or connecting to Switchvox.

Web Suite and API Logins
  • Login attempts before lock out. If an IP address attempts to log in as a Switchvox extension or administrator, but fails this number of times, then the IP address is locked out of Switchvox. That means the IP can reach the Switchvox Web Suite and API, but no login information can be entered.
  • Login attempts before IP block. If an IP address attempts to log in as a Switchvox extension or administrator, but fails this number of times, then the IP address is blocked from connecting to Switchvox. That means that Switchvox does not let that IP display any part of the Web Suite, or access the API.
  • Number of blocked IPs from the same network to trigger a netmask block. If this number of blocked IPs are from the same network, then the /24 network is blocked. In other words, if the first 3 sets of digits match on more than 25 blocked IPs, then the netmask block (e.g., 216.239.51.0/24) replaces all of the original IP blocks. That means that all of the 256 possible IP addresses in that netmask are denied access to Switchvox.
SIP Phone Configuration and Registration
  • Registration attempts before IP block. If a phone attempts to register, but fails this number of times, then its IP address is blocked from connecting to Switchvox.
  • Number of blocked IPs from the same network to trigger a netmask block. If this number of blocked IPs are from the same network, then the /24 network is blocked. In other words, if the first 3 sets of digits match on more than 25 blocked IPs, then the netmask block (e.g., 216.239.51.0/24) replaces all of the original IP blocks. That means that all of the 256 possible IP addresses in that netmask are denied access to Switchvox.
General
  • Share blocked IPs with Digium. If this is checked, it allows Switchvox to send the blocked IP addresses to Digium. This may help us identify common IP addresses that are being blocked.

Manage Physical Access to the Server

If you have an appliance with an LCD Panel, you can disable other access to the appliance. You can also clear the password on the LCD Panel, in case you have forgotten it.

  • Disable server configuration from a local keyboard. Check this box if you do not want anyone to be able to connect a keyboard and monitor to the Switchvox server and make changes to the server configuration. This means that the LCD Panel is the only way to access Switchvox's Basic Server Functions. You can set a password to protect the use of the LCD Panel.
  • Clear LCD Password. Click this button to clear the password for the LCD Panel. This means that anyone with access to the Switchvox server can use the LCD Panel to configure Switchvox’s Basic Server Functions, without entering a password.

Basic Server Functions

There are several functions that can or must be done at the Switchvox server; those functions are listed here. Use the LCD Panel on your Appliance if there is one, or connect a keyboard and monitor to the Appliance.

  • View System Info. This displays the URL of the Switchvox Admin Tool Suite.
  • Configure Network. This lets you change your network settings. These are the same options that you used when you first set up your Switchvox server (see Configuring Your Network Installing Switchvox). You can only do this from here at the server.
  • Reboot PBX. This reboots Switchvox. You can also do this from Server > Maintenance: System Reload (see "System Reload" in the Server-Maintenance article).
  • Shutdown PBX. This shuts down Switchvox and turns off the power on the appliance. You can also do this from Server > Maintenance: System Reload (see "System Reload" in the Server-Maintenance article).
  • Reset HTTPS certificate. This resets your SSL certificate. You can only do this from here at the server.
  • Tech Support Access. This lets Switchvox technical support representatives log into your Switchvox Appliance. You can also do this from Reporting > Diagnostics: Tech Support (see "Technical Support" in the Server-Diagnostics article).
  • Restore Web Access. This restores local network access to the Web-based Switchvox Admin Tool Suite. If you turned off this access in the Local Network rule in Access Control, you can turn it back on using this option. You can only do this from here at the server.
  • Reset Admin Passwd. This resets the main Admin password (user name ‘admin’) to admin, which is the default password. You can only do this from here at the server.
  • Unblock Local IPs. This removes the block(s) for the local network. That means any Blocked IPs where the first 3 sets of digits match the first 3 sets in Switchvox's IP (e.g., a /24 CIDR). You can only do this from here at the server (See "Blocked IPs").
  • Change LCD Passwd. This lets you set or change the password for the LCD Panel. If you cannot remember your LCD password, you can clear it using the Admin Suite (see Managing Physical Access to the Server). You can only do this from here at the server, and it is only available if you have an Appliance with an LCD Panel.
  • Lock LCD. This immediately puts the LCD Panel in password-request mode. You can only do this from here at the server, and it is only available if you have an Appliance with an LCD Panel.

Phone Networks

Phone Networks determine how a Digium Phone should behave, depending on the IP address and netmask of the Phone as it sits on the network. If the Phone cannot get on the network because it is trying in vain to use the wrong Phone Networks information, use the Phone's Select Network option to select the Phone Network that matches the network you want the phone to use.

IMPORTANT: for a remote phone (a phone that is not on the same network as Switchvox), make sure that you have an Access Control Rules in place (see“Create an Access Control Rule”), and that your router is forwarding the appropriate ports to Switchvox.

The Phone Network screen lists all phone networks with their respective information. Three actions are available for each entry: display Details, Modify, and Delete. When creating a Phone Network, enter the following information, and click the Save Phone Network button when finished. This lists the network on the Phone Network screen. Modify options are the same as the Create options.

Phone Networks


Create Phone Network

Create Phone Network

General Settings

  • Name. A unique name for this network.
  • Network. The IP address and Netmask of the network where Digium Phones could be located. This should be the IP address that the phone obtains and uses to identify itself on this network. For example, this might be a subnet in your office, or the IP address of a phone at an employee's home. (This is not a remote employee's external IP address, which you would use in an Access Control Rule.)
  • Direct Port Access. Set to YES if the phone, while on this network, has access to these ports on Switchvox:
    • Port 80, for getting phone firmware. (If a remote phone cannot reach your Switchvox to get phone firmware, the phone will get the firmware from Digium's servers).
    • Port 443, for getting additional files and accessing Switchvox's API.
    • Port 5062, for getting configuration information.
Normally a phone just uses port 5060 for all of these activities and for handling calls.
However, if set to YES, the phone uses those ports as indicated. This is useful because
those protocols are better suited for those activities. That's why the default phone network
Internal is set to YES.
  • NTP Server. By default, Digium Phones use NTP to retrieve time settings. Unless you have a particular reason, do not change these settings.

Primary Host (PBX)

  • Host Address. Switchvox’s IP address to be used by a Digium Phone located on this network. The default Phone Networks entries (Internal and All Networks) are automatically updated so that Host Address is the same as Switchvox's internal and external IP addresses in IP Configuration. However, if you make a change to Host Address in either one of the default entries, then changes you make in IP Configuration will not ever affect that entry.

Alternate Host

  • Host Address. In the event that the Phone can no longer reach Switchvox at the PBX Address above, the Phone will register to this IP address. If this happens, the Phone will be in Failover Mode, and many of its Phone Applications will not be available. However, the phone should be able to make and receive calls over this alternate host.
  • Port. Enter the port number. 5060 is the default port number.
  • Transport. Select the transport protocol, UDP or TCP. UDP is the default.

Advanced Settings

To enter advanced settings, click the Advanced Settings button. This displays the following options:

Primary Host (PBX)

  • Seconds until Re-registration. Enter the number of seconds until the phone re-registers to the host.
  • Seconds until Retry on Failure. If the phone fails to register to the host, enter the number of seconds it should wait before it tries again.

Alternate Host

  • Seconds until Re-registration. Enter the number of seconds until the phone re-registers to the alternate host.
  • Seconds until Retry on Failure. If the phone fails to register to the alternate host, enter the number of seconds it should wait before it tries again.

Virtual LAN Settings

Discovery Mode. Select one of these modes:

  • LLDP is the default. In this case, a Digium Phone uses LLDP to discover Virtual Local Area Network information. If the phone does not get a response from LLDP, it will assume that there is no VLAN. (VLAN information cannot be obtained via DHCP.)
  • Manual. Use to set a specific VLAN ID: lldp-med.policy.vlan.vid
  • None. Use if you do not want the phone to attempt to use LLDP, and you do not want the phone to use a specific VLAN ID.

ID. Four-digit identifier for the VLAN if the VLAN discovery mode is Manual.

  • Voice and SIP 802.1p Priority. You can set priority values here, but if LLDP returns specific values to the phone, the values entered here are ignored.

Quality of Service Settings

  • Voice DSCP and SIP DSCP. You can set priority values here, but if LLDP returns specific values to the phone, the values entered here are ignored.
rel6.0