I have a couple of clients with 20+ IP Phones and a PIAF PBX. Due to the amount of network traffic they are experiencing dropped calls etc. Although I followed the forums here regarding VLANs, I worked over a week to get this working on my test network. I'm going to roll this out to my customer's systems in a few days.
My test system consists of Astaro ASG120 firewall, a Netgear FS750T2 Switch, a Dell Dimension 2100 with a D-Link DGE-530T gigabit nic card, and an Aastra 6757i IP Phone.
1. The firewall: I configured the Astaro with 2 VLANs on one port. VLAN1 is tagged 1 and VLAN2 is tagged 2. I set up all the usual firewall items like DHCP, MASQ, NAT, DNS, VOIP Proxy, DNAT, etc. This firewall is by default locked down tight. If you need a port opened you must create a rule. VLAN2 is for VoIP traffic and VLAN1 (default) is for everything else.
2. The switch: I set up the switch as per the manufacture's instructions. Change the VLAN from port based to 802.1Q. Leave the default VLAN1 and create VLAN2 tagged as 2. Make sure the default PVID is 1 on all ports. The PVID setting takes all untagged traffic and gives it the tag 1. So all traffic that is not VoIP is tagged as one and sent to VLAN1. It is important to note that the port on the switch that connects to the firewall must not remove the tags on packets.It should be set to "T". This switch has 50 ports. I used #50 to connect to the firewall. All other ports must be set to "U" or untagged. The firewall uses the packets to determine DHCP, etc. Change the QoS to 802.1Q also and change the priority on Priorities 3 & 5 to High.
3. The phone: this is fairly easy. Just log into the phone
and enable VLAN, set the LAN port to tag 2 and the PC port to tag1. Leave the default settings for everything else. Of course there is alot more to configuring the phone. This is only regarding the VLAN configuration.
4. The PIAF box:. There are a lot a variables here. For one the nic card must be VLAN capable. I started out with an old Acer Revo and banged my head on a wall for several days with it. I don't know if that was the problem, but I moved to some old equipment I had, a Dell Dimension 2100 and put a D-Link DGE-530T nic in it. Eugene Blanchard has some docs that show how to set up VLAN on PIAF. I learned much from his posts and others. But the nic configuration files given by others just did not work for me. They may be specific to the hardware. At this point I do not know. I'll find out when I try to roll this out. So, I created 2 files and placed them in the /etc/sysconfig/network-scripts folder. The first is named ifcfg-eth0.
It contains the following text:
BOOTPROTO=none
NAME="VLAN 1 Default Interface"
BOOTPROTO=none
DEVICE=eth0
MTU=""
NETMASK=255.255.255.0
BROADCAST=192.168.1.255
IPADDR=192.168.1.66
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
This is similar to the example given by Eugene Blanchard on the PIAF forum with a couple of exceptions. There is no ONBOOT=yes and no HWADDR setting. I don't remember why I took those out but it works for me.
The second is called ifcfg-eth0.2 it contains
DEVICE=eth0.2
BOOTPROTO=static
BROADCAST=192.168.2.255
IPADDR=192.168.2.66
NETMASK=255.255.255.0
NETWORK=192.168.2.0
TYPE=Ethernet
GATEWAY=192.168.2.1
ONBOOT=yes
VLAN=yes
After saving these files restart your nework using "service network restart".
Eugene Blanchard's example actually has a third VLAN. I chose not to do that. It was all I could do to get 2 working. The default network is 192.168.1.0 and the VoIP network is 192.168.2.0
There can be many difficulties setting up VLANs. You are working with many different pieces of hardware. There can be Centos modules missing, incorrect drivers or configuration files. I think my biggest problem was the 2 files I listed above. This worked for me but maybe not for others. It would be nice if Astaro provided additional information on how to configure VLANs on various hardware and OSs.
This thread was automatically locked due to age.
