Versions Compared

Version Old Version 1 New Version Current
Changes made by

Nathaniel Halbrooks

Kelli Higdon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Networking

...

Networking includes tools to manage the following:

Table of Contents
minLevel2
maxLevel2
outlinefalse
stylenone
typelist
printabletrue

IP Configuration

This tool lets you set the IP configuration for Switchvox. These settings are similar to settings you would set on any other computer on your network. Enter the following information, then click Save IP Configuration.

Gateway Address

Enter the IP address of the machine to which Switchvox sends outbound traffic. It is typically the address of your router.

DNS Addresses

Enter up to three DNS addresses. Switchvox uses these addresses to translate any host/domain names into IP addresses.

Allow NAT Port Forwarding

Select YES to allow NAT Port Forwarding to Switchvox. This option is useful if you need to handle calls going to and coming from an external network, and Switchvox is behind a router that performs NAT. On your router, you must forward certain ports to your Switchvox server.

See Firewall/NAT Checklist for a discussion of which ports to forward and why.

Also, in Machine Admin > Access Control, you must have a rule that allows the appropriate traffic for an external network. See Access Control.

External IP Address

Enter the public IP Address of your router. If you are not sure what your public IP is, click Look Up External IP to automatically find it.

Info

NOTE: SIP phones that are outside of your network must use this external IP for registration.

You cannot use this feature if your ISP does not give you a static external IP address.

Check with your ISP to make sure that the public IP you enter here will not change. If you do not have a static public IP, you will only be able to use phones from within your local network.

Interface

Enter the IP and Netmask address. You set these addresses when you installed the Switchvox software, and you do not normally need to change this information after installation.

Advanced Options

If you need to change an Advanced Option, click Show Advanced Options and enter the following information:

  • Hostname. You can set a hostname for Switchvox (e.g., pbx.example.com) if you have a

  • DNS setting. This may alleviate problems with delivering emails through particularly strict SMTP servers.

Info

IMPORTANT: This option also sets the web server’s SSL key. This may help prevent warnings from your browser when logging into Switchvox. In most cases it is best to leave this option unchanged.

  • Jabber Hostname. You can set a hostname for the Jabber server in Switchvox (e.g., jabber. http://example.com ) if you have a DNS setting. This is important if you are peering Switchvoxes and want to use functions such as Presence or the Chat Panel.

  • IP ToS. This lets you set the ToS or DSCP field in VoIP packets sent by Switchvox. This field can be used by firewalls and switches to distinguish specific types of traffic to apply QoS rules, such as favoring all voice traffic for better quality. Setting the ToS field isn’t a requirement for prioritizing VOIP traffic on your router, it’s just one way to identify VOIP traffic. If you’re not explicitly prioritizing this field in your network equipment, changing this option will have no effect on your VOIP quality.

...

  • RFC 2474. Definition of the Differentiated Services Field (DS field) in the IPv4 and IPv6 Headers, Nichols, K., et al., December 1998.

  • IANA Assignments, DSCP registry, Differentiated Services Field Codepoints: http://www.iana.org/assignments/dscp-registry .

Additional Local Networks

Use this section to list any additional networks that are not separated from Switchvox by a NATing router. This option is only needed if:

...

Networks can be listed in either CIDR (e.g., 192.168.0.0/24) or netmask (e.g.,
192.168.0.0/255.255.255) notation.

Network Proxy Settings

These settings direct all outgoing HTTP and HTTPS traffic to a web proxy.

...

If you are unsure about HTTPS certificates, it is safe to leave this section blank.

Access Control

The Access Control tool lets you manage which networks have access to Switchvox.

  • Access Control Rules allow network access to Switchvox services based on IP address and netmask. The default action is to deny access, so if you don’t allow a service for a network, then the network is denied access to that service.

  • Blocked IPs are automatically blocked by Switchvox. This tool lets you see what has been blocked and lets you unblock it. It also lets you change the blocking options and search for blocked IPs.

  • Create Access Control Rule.

Access Control Rules

The Local Network rule by default allows all traffic for all services. The All Networks rule allows traffic for various services depending on your Switchvox configuration. You can modify the services allowed for the Local Network and All Networks rules, but you cannot change the name or the network.

Create an Access Control Rule

Click Create Access Control Rule and enter or set the following information for the rule:

...

You can modify the services allowed for the Local Network and All Networks rules, but you cannot change the name or the network.

Digium Config Server.

The phone configuration server for Digium Phones. This must be On to allow access from a remote Digium Phone (meaning, Digium Phones on an external network).

Blocked IPs

Switchvox automatically blocks an IP if it is attempting to log in or register a phone with a bad username and password. This is based on the assumption that if someone is trying to reach Switchvox without valid login information, that person probably does not have a legitimate reason to reach Switchvox.

...

NOTE: If you have physical access to the Switchvox server, you can use the Basic Server Function Unblock Local IPs to remove the blocks for local IP addresses (See “Basic Server Functions.”).

Edit Blocking Options

The IP Blocking Options determine when Switchvox blocks an IP address from logging into or connecting to Switchvox.

  • Web Suite and API Logins

    • Login attempts before lock out. If an IP address attempts to log in as a Switchvox extension or administrator, but fails this number of times, then the IP address is locked out of Switchvox. That means the IP can reach the Switchvox Web Suite and API, but no login information can be entered.

    • Login attempts before IP block. If an IP address attempts to log in as a Switchvox extension or administrator, but fails this number of times, then the IP address is blocked from connecting to Switchvox. That means that Switchvox does not let that IP display any part of the Web Suite, or access the API.

    • Number of blocked IPs from the same network to trigger a netmask block. If this number of blocked IPs are from the same network, then the /24 network is blocked. In other words, if the first 3 sets of digits match on more than 25 blocked IPs, then the netmask block (e.g., 216.239.51.0/24) replaces all of the original IP blocks. That means that all of the 256 possible IP addresses in that netmask are denied access to Switchvox.

  • SIP Registration

    • Registration attempts before IP block. If a phone attempts to register, but fails this number of times, then its IP address is blocked from connecting to Switchvox.

    • Number of blocked IPs from the same network to trigger a netmask block. If this number of blocked IPs are from the same network, then the /24 network is blocked. In other words, if the first 3 sets of digits match on more than 25 blocked IPs, then the netmask block (e.g., 216.239.51.0/24) replaces all of the original IP blocks. That means that all of the 256 possible IP addresses in that netmask are denied access to Switchvox.

  • General

    • Share blocked IPs with Digium. If this is checked, it allows Switchvox to send the blocked IP addresses to Digium. This may help us identify common IP addresses that are being blocked.

Manage Physical Access to the Server

If you have an appliance with an LCD Panel, you can disable other access to the appliance. You can also clear the password on the LCD Panel, in case you have forgotten it.

  • Disable server configuration from a local keyboard. Check this box if you do not want anyone to be able to connect a keyboard and monitor to the Switchvox server and make changes to the server configuration. This means that the LCD Panel is the only way to access Switchvox's Basic Server Functions. You can set a password to protect the use of the LCD Panel.

  • Clear LCD Password. Click this button to clear the password for the LCD Panel. This means that anyone with access to the Switchvox server can use the LCD Panel to configure Switchvox’s Basic Server Functions, without entering a password.

Basic Server Functions

There are several functions that can or must be done at the Switchvox server; those functions are listed here. Use the LCD Panel on your Appliance if there is one, or connect a keyboard and monitor to the Appliance.

  • View System Info. This displays the URL of the Switchvox Admin Tool Suite.

  • Configure Network. This lets you change your network settings. These are the same options that you used when you first set up your Switchvox server (see Configuring Your Network Installing Switchvox). You can only do this from here at the server.

  • Reboot PBX. This reboots Switchvox. You can also do this from Server > Maintenance: System Reload (see "System Reload" in the Server-Maintenance article).

  • Shutdown PBX. This shuts down Switchvox and turns off the power on the appliance. You can also do this from Server > Maintenance: System Reload (see "System Reload" in the Server-Maintenance article).

  • Reset HTTPS certificate. This resets your SSL certificate. You can only do this from here at the server.

  • Tech Support Access. This lets Switchvox technical support representatives log into your Switchvox Appliance. You can also do this from Reporting > Diagnostics: Tech Support (see "Technical Support" in the Server-Diagnostics article).

  • Restore Web Access. This restores local network access to the Web-based Switchvox Admin Tool Suite. If you turned off this access in the Local Network rule in Access Control, you can turn it back on using this option. You can only do this from here at the server.

  • Reset Admin Passwd. This resets the main Admin password (user name ‘admin’) to admin, which is the default password. You can only do this from here at the server.

  • Unblock Local IPs. This removes the block(s) for the local network. That means any Blocked IPs where the first 3 sets of digits match the first 3 sets in Switchvox's IP (e.g., a /24 CIDR). You can only do this from here at the server (See "Blocked IPs").

  • Change LCD Passwd. This lets you set or change the password for the LCD Panel. If you cannot remember your LCD password, you can clear it using the Admin Suite (see Managing Physical Access to the Server). You can only do this from here at the server, and it is only available if you have an Appliance with an LCD Panel.

  • Lock LCD. This immediately puts the LCD Panel in password-request mode. You can only do this from here at the server, and it is only available if you have an Appliance with an LCD Panel.

Phone Networks

Phone Networks determine how a Digium Phone should behave, depending on the IP address and netmask of the Phone as it sits on the network. If the Phone cannot get on the network because it is trying in vain to use the wrong Phone Networks information, use the Phone's Select Network option to select the Phone Network that matches the network you want the phone to use.

Info

IMPORTANT: for a remote phone (a phone that is not on the same network as Switchvox), make sure that you have an Access Control Rules in place (see“Create an Access Control Rule”), and that your router is forwarding the appropriate ports to Switchvox.

The Phone Network screen lists all phone networks with their respective information. Three actions are available for each entry: display Details, Modify, and Delete. When creating a Phone Network, enter the following information, and click the Save Phone Network button when finished. This lists the network on the Phone Network screen. Modify options are the same as the Create options.

General Settings

  • Name. A unique name for this network.

  • Network. The IP address and Netmask of the network where Digium Phones could be located. This should be the IP address that the phone obtains and uses to identify itself on this network. For example, this might be a subnet in your office, or the IP address of a phone at an employee's home. (This is not a remote employee's external IP address, which you would use in an Access Control Rule.)

  • Direct Port Access. Set to YES if the phone, while on this network, has access to

  • these ports on Switchvox:

    • Port 80, for getting phone firmware. (If a remote phone cannot reach your Switchvox to get phone firmware, the phone will get the firmware from Digium's servers).

    • Port 443, for getting additional files and accessing Switchvox's API.

    • Port 5062, for getting configuration information.

...

  • NTP Server. By default, Digium Phones use NTP to retrieve time settings. Unless you have a particular reason, do not change these settings.

Primary Host (PBX)

  • Host Address. Switchvox’s IP address to be used by a Digium Phone located on this network. The default Phone Networks entries (Internal and All Networks) are automatically updated so that Host Address is the same as Switchvox's internal and external IP addresses in IP Configuration. However, if you make a change to Host Address in either one of the default entries, then changes you make in IP Configuration will not ever affect that entry.

Alternate Host

  • Host Address. In the event that the Phone can no longer reach Switchvox at the PBX Address above, the Phone will register to this IP address. If this happens, the Phone will be in Failover Mode, and many of its Phone Applications will not be available. However, the phone should be able to make and receive calls over this alternate host.

  • Port. Enter the port number. 5060 is the default port number.

  • Transport. Select the transport protocol, UDP or TCP. UDP is the default.

Advanced Settings

To enter advanced settings, click the Advanced Settings button. This displays the following options:

Primary Host (PBX)

  • Seconds until Re-registration. Enter the number of seconds until the phone re-registers to the host.

  • Seconds until Retry on Failure. If the phone fails to register to the host, enter the number of seconds it should wait before it tries again.

Alternate Host

  • Seconds until Re-registration. Enter the number of seconds until the phone re-registers to the alternate host.

  • Seconds until Retry on Failure. If the phone fails to register to the alternate host, enter the number of seconds it should wait before it tries again.

Virtual LAN Settings

Discovery Mode. Select one of these modes:

...

  • Voice and SIP 802.1p Priority. You can set priority values here, but if LLDP returns specific values to the phone, the values entered here are ignored.

Quality of Service Settings

  • Voice DSCP and SIP DSCP. You can set priority values here, but if LLDP returns specific values to the phone, the values entered here are ignored.