Difference between revisions of "IP PBX Manual System Networking"

From IPitomy Wiki
Jump to navigation Jump to search
m (Reverted edits by Drew Harrell (talk) to last revision by Paul Falanga)
 
(49 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''System Networking'''
+
__NOTITLE__
 +
{{IP_PBX_Manual|sortkey=System Networking}}
 +
== '''System Networking'''<br/> ==
  
The IPitomy System Menu is for configuring network attributes. For example the IP address of the system and router information. The System Networking Setup Page allows you to define the Internet Setup for the system’s hardware. The system must operate using a static IP address; DHCP should only be used on the IPitomy IP PBX if the router is configured to assign a specific static DHCP address to the system.
+
The IPitomy System Menu is for configuring network attributes. For example the IP address of the system and router information. The System Networking Setup Page allows you to define the Internet Setup for the system’s hardware. The system must operate using a static IP address; DHCP should only be used on the IPitomy IP PBX if the router is configured to assign a specific static DHCP address to the system. [[File:Tcpipsettings.png|center|Tcpipsettings.png]]<br/>The following table describes the fields and recommended settings for Networking Setup for the IP PBX system:
  
  
The following table describes the fields and recommended settings for Networking Setup for the IP PBX system:
 
 
 
{| style="border-spacing:0;"
 
| style="background-color:#b8cce4;border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Field'''</center>
 
| style="background-color:#b8cce4;border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Recommended Settings'''</center>
 
  
 +
{| class="wikitable"
 +
|-
 +
| <center>'''Field'''</center>
 +
| <center>'''Recommended Settings'''</center>
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''IP Address'''
+
| '''IP Address'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Use the default address (192.168.1.249)''' of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router.
+
| Use the default address (192.168.1.249) of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router. The PBX will be accessed via <IPAddress>/ippbx, so at default you would go to 192.168.1.249/ippbx.
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Subnet Mask'''
+
| '''Subnet Mask'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Leave the default setting for the Subnet Mask as (255.255.255.0)'''. The subnet mask defines what traffic the PBX will listen and communicate to. A value of 255 means the octet in question needs to match exactly, while a value of 0 means the octet is not restricted at all. When the PBX is set to the default IP address, a subnet mask of 255.255.255.0 tells the system to communicate with any devices in the 192.168.1.xxx range.
+
| Leave the default setting for the Subnet Mask as (255.255.255.0). The subnet mask defines what traffic the PBX will listen and communicate to. A value of 255 means the octet in question needs to match exactly, while a value of 0 means the octet is not restricted at all. When the PBX is set to the default IP address, a subnet mask of 255.255.255.0 tells the system to communicate with any devices in the 192.168.1.xxx range.
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Default Gateway'''
+
| '''Default Gateway'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''The default gateway provided is 192.168.1.1'''. Though this default is a common router IP, every network is different. Enter the IP address of the router handling their Internet connection here.
+
| The default gateway provided is 192.168.1.1. Though this default is a common router IP, every network is different. Enter the IP address of the router handling their Internet connection here.
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Static DNS'''
+
| '''Static DNS'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Enter the DNS IP address being used on the network'''. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
+
| Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Static DNS2'''
+
| '''Static DNS2'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Enter the DNS IP address being used on the network'''. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
+
| Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Static DNS3'''
+
| '''Static DNS3'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Enter the DNS IP address being used on the network'''. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
+
| Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
 +
|}
  
|}
 
 
''Table 6Network Setting Descriptions''
 
''Table 6Network Setting Descriptions''
  
Line 44: Line 39:
 
'''STEPS:'''
 
'''STEPS:'''
  
# Navigate to '''System Networking'''. The '''TCP/IP Settings''' page appears displaying the default values for the following setting:
+
#Navigate to '''System Networking'''. The '''TCP/IP Settings''' page appears displaying the default values for the following setting:
 +
##'''IP Address'''
 +
##'''Subnet Mask'''
 +
##'''Default Gateway'''
 +
##'''Static DNS<span id="cke_bm_85E" style="display: none" data-cke-bookmark="1">&nbsp;</span>'''
 +
#Click on the '''IP Address''' field. Enter the '''IP address''' for the Router. '''Use the default address (192.168.1.249)''' of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router Enter the desired IP Address. See Table above for recommended settings.
 +
#Click on the '''Subnet Mask '''field. '''Leave the default setting for the Subnet Mask as (255.255.255.0)'''. See Table above for recommended settings.
 +
#Click on the '''Default Gateway''' field. Change the default Gateway value to the desired target network. See Table above for recommended settings.
 +
#Click on the '''Static DNS''' field. Change the default DNS value to the desired target network. See Table above for recommended settings.
 +
#Repeat '''step 5''' to set the remaining DNS values, if necessary.
 +
#Click on the '''Save Changes''' button
 +
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
  
* '''IP Address'''
+
== VLAN ==
* '''Subnet Mask'''
+
{{:VLAN}}
* '''Default Gateway'''
 
* '''Static DNS'''
 
  
# Click on the '''IP Address''' field. Enter the '''IP address''' for the Router. '''Use the default address (192.168.1.249)''' of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router Enter the desired IP Address. See Table above for recommended settings.
+
== Access Control (PBX Access)<br/> ==
# Click on the '''Subnet Mask '''field. '''Leave the default setting for the Subnet Mask as (255.255.255.0)'''. See Table above for recommended settings.
 
# Click on the '''Default Gateway''' field. Change the default Gateway value to the desired target network. See Table above for recommended settings.
 
# Click on the '''Static DNS''' field. Change the default DNS value to the desired target network. See Table above for recommended settings.
 
# Repeat '''step 5''' to set the remaining DNS values, if necessary.
 
# Click on the button
 
# Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 
  
== Access Control (PBX Access) ==
 
 
The Access Control page is comprised of 3 sub-pages; Host Access, Web Server, and Access Control List. Each is accessible from the buttons at the top of the page and pertains a different method of controlling access to the PBX.
 
The Access Control page is comprised of 3 sub-pages; Host Access, Web Server, and Access Control List. Each is accessible from the buttons at the top of the page and pertains a different method of controlling access to the PBX.
  
 
=== Host Access ===
 
=== Host Access ===
 +
 
This feature allows you to limit access to special services on the PBX. An “'''allow from'''” entry is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address. List elements should be separated by blanks and/or commas.
 
This feature allows you to limit access to special services on the PBX. An “'''allow from'''” entry is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address. List elements should be separated by blanks and/or commas.
  
 +
<br/>'''Note:''' The parameter for the IP PBX Host Access is pre-configured per the manufacturer’s specifications. We recommend that you '''do not change''' this configuration value. [[File:Hostaccess.png|center|Hostaccess.png]]<br/>The following table describes the features and functions available on the Host Access page:
  
'''Note:''' The parameter for the IP PBX Host Access is pre-configured per the manufacturer’s specifications. We recommend that you '''do not change''' this configuration value.
 
  
  
The following table describes the features and functions available on the Host Access page:
+
{| class="wikitable"
 
+
|-
 
+
| style="text-align: center" | Fields/Buttons
{| style="border-spacing:0;"
+
| <center>'''Description'''</center>
| style="background-color:#b8cce4;border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Fields/Buttons'''
 
| style="background-color:#b8cce4;border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Description'''</center>
 
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Delete Selected Items'''
+
| '''Delete Selected Items'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This button allows you to delete multiple services at a time.
+
| This button allows you to delete multiple services at a time.
 
 
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Load Factory Defaults'''
+
| '''Load Factory Defaults'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This button will set the PBX back to the default Host Access settings.
+
| This button will set the PBX back to the default Host Access settings.
  
  
Line 88: Line 82:
  
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Add a New Item'''
+
| '''Add a New Item'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This section is where you would add new rules for accessing special services on the PBX
+
| This section is where you would add new rules for accessing special services on the PBX
 +
|}
  
|}
 
 
''Table 7Network Features and Descriptions''
 
''Table 7Network Features and Descriptions''
  
  
{| style="border-spacing:0;"
 
| style="border-top:0.0069in solid #000000;border-bottom:0.0069in solid #000000;border-left:0.0069in solid #000000;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"|
 
| style="border-top:0.0069in solid #000000;border-bottom:0.0069in solid #000000;border-left:none;border-right:0.0069in solid #000000;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''IMPORTANT: Changes to the Host Access List are installed immediately. They are database independent so custom changes do not migrate from one box to another via a database backup file.'''
 
  
'''Please contact IPitomy’s Technical Support Group if you think you need to modify these settings. Email via [mailto:support@ipitomy.com support@ipitomy.com] or phone at 941-306-2200 option 2. You can also visit our FAQ page at faq.ipitomy.com.'''
+
{| style="border-spacing:0"
 +
|-
 +
| style="border-top:0.0069in solid #000000;  border-bottom:0.0069in solid #000000;  border-left:0.0069in solid #000000;  border-right:none;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" |
 +
| style="border-top:0.0069in solid #000000;  border-bottom:0.0069in solid #000000;  border-left:none;  border-right:0.0069in solid #000000;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | '''IMPORTANT: Changes to the Host Access List are installed immediately. They are database independent so custom changes do not migrate from one box to another via a database backup file.'''
 +
'''Please contact IPitomy’s Technical Support Group if you think you need to modify these settings.'''
  
 
|}
 
|}
== Web Server Configuration ==
 
This feature allows you to define which IPs and/or domains can access the web server, as well as restart the Web Server. In order for changes to this list to take effect, you must Restart the Web Server.
 
  
The parameter for the IP PBX Web Server is pre-configured per the manufacturer’s specifications. We recommend that you '''do not change''' this configuration.
+
== Web Server Configuration - (Obsolete - Removed in 4.8.0)<br/> ==
  
 +
Link to Old Info [[IPPBX IMM Web Server Configuration|Web Server Configuration]]
  
''Figure 18Web Server Configuration Page''
+
== Access Control List<br/> ==
  
 +
The Access Control List defines what networks different PBX features are permitted to communicate with. This is a security feature that we recommend using.  If the site communicates to a SIP provider or Remote Phones, you will need to add their IP address to the list.  The SIP Provider should give you either a single static IP or a subnet range (eg. 8.3.42.0/30) to add to allow them inbound.  Remote phones with a static IP can have that single address added (eg. 72.64.129.45/32).  If the remote phone is at a site with a dynamic IP, go to whois.domaintools.com and lookup that IP, this will give you the subnet of the carrier in that area, add that range as a rule to the SIP ACL (eg. 68.23.0.0/12).  The only times I would not be using the SIP ACL is if a user has a softphone on their cell, or if a user travels with their phone to different locationsas you won't have any way to know what IP it would be registering from.
  
 +
[[File:Accesscontrollist.png|center|Accesscontrollist.png]]<br/>The following table outlines the parameters and descriptions for the Access Control List.
  
{| style="border-spacing:0;"
 
| style="background-color:#b8cce4;border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Feature'''
 
| style="background-color:#b8cce4;border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Description'''</center>
 
  
 +
 +
{| class="wikitable"
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Restart Web Server'''
+
| '''Feature'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This feature allows you to restart the web server so that changes made that impact server components can be applied.
+
| <center>'''Description'''</center>
 +
|-
 +
|  
 +
'''Default<br/>Services'''
  
'''Note:''' '''Restarting the server will not interrupt phone service. A reboot of the PBX system will also apply changes made to other attributes.'''
+
| Displays the name of configured services. Typical services on the PBX are:
 +
SIP: Used for Calls
  
|-
+
Call Manager: Used for Desktop Call Manager
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Allow Access From'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| Defines the networks and/or domains that are allowed to access the PBX. The “Allow” format may be:
 
  
* '''Domain name'''
+
TFTP: &nbsp;Used by phones to pull down config and firmware files
* '''Full IP address'''
 
* '''Partial IP address'''
 
* '''Network / netmask pair'''
 
* '''Network / CIDR specification'''
 
  
 +
|-
 +
| '''Ports'''
 +
| Displays the ports that were defined for a particular service.
 +
SIP: 5060
  
 +
Call Manager: 5048
  
|-
+
TFTP: 69
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Delete Selected Items'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This button allows you to delete multiple services at a time.
 
  
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Load Factory Defaults'''
+
| '''Rules'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This button will set the PBX back to the default Web Server settings.
+
| Displays the rules that were configured for a particular service.
 +
Deny List: Accepts all traffic, unless specifically defined
  
 +
Allow List: Denies all traffic, unless specifically defined
  
 +
|}
  
 +
''Table 9Access Control List Definitions''
  
|-
 
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Add a New Item'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This section is where you would add new rules for accessing the Web Server
 
  
|}
 
  
{| style="border-spacing:0;"
+
=== Load Recommended Default ===
| style="border-top:0.0069in solid #000000;border-bottom:0.0069in solid #000000;border-left:0.0069in solid #000000;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"|
 
| style="border-top:0.0069in solid #000000;border-bottom:0.0069in solid #000000;border-left:none;border-right:0.0069in solid #000000;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''IMPORTANT:''' '''Changes to the Web Server Access List are preconfigured. They are database independent so custom changes do not migrate from one box to another via a database backup file.'''
 
  
'''Please contact IPitomy’s Technical Support Group if you think you need to modify these settings. Email via [mailto:support@ipitomy.com support@ipitomy.com] or phone at 941-306-2200 option 2. You can also visit our FAQ page at faq.ipitomy.com.'''
+
This is the recommended method to set the Access Control List to the typically used settings.
  
|}
 
=== Add New Permission ===
 
 
'''STEPS:'''
 
'''STEPS:'''
  
# Navigate to '''System Access Control'''
+
#Navigate to PBX Setup->SIP
# Click on the '''Web Server''' button located at the top of the page. The '''Web Server Configuration''' page appears.
+
#Set the LocalNet to match the network the PBX is installed on, Save, and Apply Changes
# In the '''Add a New Item''' section, enter the network or domain you want to allow to access the PBX web server
+
#Navigate to the '''Access Control List''' page, click '''Load Recommended Default''' button. This will create default rules allowing the PBX to communicate to devices on the LocalNet in regards to SIP, Call Manager, and TFTP
# Click the '''ADD''' button.
+
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
# The new permission rule will be displayed under Allow Access From window above
+
[[File:Load defaults.png|none|frame]]
# Click on the '''Restart Web Server''' button.
 
# Click OK when prompted to confirm you wish to restart the Web Server
 
  
# A “Please Standby” message appears. Once the reboot process is completed you will be returned to the '''Web Server Configuration''' page.
+
=== Add New Service ===
  
=== Load Factory Default ===
+
[[File:Addnewservice.png|center|Addnewservice.png]] The following table outlines the parameters and descriptions required for adding a new service.
This feature allows you to restore the manufacturer’s factory default settings. It will restore the settings to the factory recommended defaults.
 
  
  
'''STEPS:'''
 
  
# From the '''Web Server''' page, click '''Load Factory Default''' button. This will return or restores the Allow Access From list back to the manufacturer’s default setting.
+
{| class="wikitable"
# Once the changes applied, you will need to restart the web server. Please refer to the Restart Web Server topic of this user guide for steps on how to restart the server.
+
|-
# Click on the '''Restart Web Server''' button.
+
| '''Feature'''
# Click OK when prompted to confirm you wish to restart the Web Server
+
| <center>'''Description'''</center>
 +
|-
 +
| '''Service Name'''
 +
| This is the name of the new service and will populate the Service drop-down list in the Add New Rule section.
 +
|-
 +
| '''Service Transport'''
 +
| This is the service type that will be used to transport the message. The options are Both, TCP or UDP.
 +
SIP and RTP traffic both occur on UDP, TFTP traffic is UDP, and Call Manager traffic is TCP. Any other rules created would need to be configured for the protocol used by this service.
  
# A “Please Standby” message appears. Once the reboot process is completed you will be returned to the '''Web Server Configuration''' page.
+
|-
 +
| '''Service Ports'''
 +
| This is the port information that is associated with the host. You can enter a single or range of ports that will be used for this service. SIP uses 5060, Call Manager uses 5048, and TFTP uses 69. Other services must be configured to use the appropriate ports.
 +
|-
 +
| '''Service Policy'''
 +
| This is the umbrella rule for the service, which will be further defined under Add New Rules. The options are:
 +
Deny List:&nbsp;'''ACCEPT ALL EXCEPT''' rule will apply. This will allow all traffic on the defined port, allowing you to configure a list of Denied IP addresses.
  
== Access Control List ==
+
Allow List: '''DROP ALL EXCEPT '''rule will apply. This will block all traffic on the defined port, allowing you to configure a list of Allowed IP addresses.
The Access Control List defines what networks different PBX features are permitted to communicate with.
 
  
 +
|}
  
The following table outlines the parameters and descriptions for the Access Control List.
+
The following outlines the steps to add a new service in the PBX system.
  
 +
'''STEPS:'''
  
{| style="border-spacing:0;"
+
#Navigate to '''System->Access Control'''
| style="background-color:#b8cce4;border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Feature'''
+
#Click on theAccess Control List button, The Access Control List page appears.
| style="background-color:#b8cce4;border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Description'''</center>
+
#From the '''Add New Service''' section, enter a Name, and select the appropriate Transport Protocol, Ports, and Policy; then click the '''Create Service''' button.
 +
#The new service and its associated values will be displayed in the Service listing.
 +
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
  
|-
+
The following table outlines the parameters and descriptions required for adding a new rule.
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Service'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| Displays the name of configured services. Typical services on the PBX are:
 
  
SIP - Used for Calls
 
  
Call Manager - Used for Desktop Call Manager
 
 
TFTPUsed by phones to pull down config and firmware files
 
  
 +
{| class="wikitable"
 +
|-
 +
| '''Feature'''
 +
| <center>'''Description'''</center>
 +
|-
 +
| '''Service'''
 +
| This drop-down list is populated when a new services is added. This is done in the Add New Service section.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Ports'''
+
| '''Host(s)'''
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| Displays the ports that were defined for a particular service.
+
| This is the IP Address, Domain Name or URL of the host.
 +
|}
  
SIP5060
+
''Table 11Add New Rule Settings and Descriptions''
  
Call Manager5048
+
=== Add New Rule ===
  
TFTP - 69
+
The following outlines the steps to add a new rule for Services in the PBX system.
  
|-
+
'''STEPS:'''
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Rules'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| Displays the rules that were configured for a particular service.
 
  
Deny ListAccepts all traffic, unless specifically definedAllow ListDenies all traffic, unless specifically defined
+
#Navigate to '''System'''->'''Access Control, '''click on theAccess Control List button, the Access Control List appears.
 +
#From the '''Add New Rule''' section, select the Service type from the drop-down list.
 +
#Enter the '''Host/s '''to be allowed/denied by the service
 +
#Click the '''Create Rule''' button.
 +
#The new rule is added and will be displayed in the rules list.
 +
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database. .
  
|}
+
=== Delete Rules or Services ===
''Table 9Access Control List Definitions''
 
  
 
+
The following outlines the steps to delete existing rules or services.
=== Load Recommended Default ===
 
This is the recommended method to set the Access Control List to the typically used settings.
 
  
 
'''STEPS:'''
 
'''STEPS:'''
  
# Navigate to PBX SetupSIP
+
#From the '''Service''' section of the '''PBX Access->Access Control List''' page, find the service or rule that you want to delete.
# Set the LocalNet to match the network the PBX is installed on, Save, and Apply Changes
+
#Click on the '''X''' icon to the left of either the service or rule. The selected item is removed from the list.
# Navigate to the '''Access Control List''' page, click '''Load Recommended Default''' button. This will create default rules allowing the PBX to communicate to devices on the LocalNet in regards to SIP, Call Manager, and TFTP
+
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
# Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 
 
 
=== Add New Service ===
 
The following table outlines the parameters and descriptions required for adding a new service.
 
  
 +
== Service Control<br/> ==
  
{| style="border-spacing:0;"
+
The Service Contol feature allows you to define what networks may communicate to the PBX for Admin Access, Mobile Access, Phone Config Access, SMDR Access, and Web Manager Access.
| style="background-color:#b8cce4;border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Feature'''
 
| style="background-color:#b8cce4;border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Description'''</center>
 
  
|-
+
'''NOTE: Take care when enabling/modifying the Admin Access ACL as entering the wrong IP or localnet can make it so you are no longer able to access the PBX from the network it is installed upon.'''
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Service Name'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This is the name of the new service and will populate the Service drop-down list in the Add New Rule section.
 
  
|-
 
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Service Transport'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This is the service type that will be used to transport the message. The options are Both, TCP or UDP'''. '''
 
  
SIP and RTP traffic both occur on UDP, TFTP traffic is UDP, and Call Manager traffic is TCP. Any other rules created would need to be configured for the protocol used by this service.
 
  
|-
+
[[File:System-ServiceControl.jpg|File:System-ServiceControl.jpg]]
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Service Ports'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This is the port information that is associated with the host. You can enter a single or range of ports that will be used for this service. SIP uses 5060, Call Manager uses 5048, and TFTP uses 69. Other services must be configured to use the appropriate ports.
 
  
|-
 
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Service Policy'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This is the umbrella rule for the service, which will be further defined under Add New Rules. The options are:
 
  
'''Deny List;''' '''ACCEPT ALL EXCEPT''' rule will apply. This will allow all traffic on the defined port, allowing you to configure a list of Denied IP addresses.
 
  
'''Allow List:''' '''DROP ALL EXCEPT''' rule will apply. This will block all traffic on the defined port, allowing you to configure a list of Allowed IP addresses.  
+
Clicking each of these buttons will bring up a display that allows you to Enable or Disable the ACL, choose if you want it to be an Allow List (block all addresses unless they are in the list) or a Deny List (allow all addresses unless they are on the list), and define the IPs and Subnet Masks to be allowed or denied by the feature.
  
|}
 
The following outlines the steps to add a new service in the PBX system.
 
  
'''STEPS:'''
 
  
# Navigate to '''System''''''Access Control'''
+
[[File:System-ServiceControl-EditACL.jpg|File:System-ServiceControl-EditACL.jpg]]
# Click on the''' '''Access Control List button, The Access Control List page appears.
 
# From the '''Add New Service''' section, enter a Name, and select the appropriate Transport Protocol, Ports, and Policy; then click the '''Create Service''' button.
 
# The new service and its associated values will be displayed in the Service listing.
 
# Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 
  
The following table outlines the parameters and descriptions required for adding a new rule.
 
  
  
{| style="border-spacing:0;"
+
To add an IP to the list, enter &lt;ipaddress&gt;/&lt;subnetmask&gt; in the text field and click add.&nbsp; Highlight an entry and click Delete to remove it from the list.&nbsp; As always, you must Save first, then Apply Changes for these features to become active on the live system.&nbsp;
| style="background-color:#b8cce4;border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Feature'''
 
| style="background-color:#b8cce4;border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| <center>'''Description'''</center>
 
  
|-
+
== UI Users & Admin Groups ==
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Service'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This drop-down list is populated when a new services is added. This is done in the Add New Service section.
 
  
|-
+
With Users and Groups, you the admin can give a user access to the programming side of the PBX and customize what they are able to modify, create, or delete.
| style="border-top:0.0069in solid #0000ff;border-bottom:0.0069in solid #0000ff;border-left:0.0069in solid #0000ff;border-right:none;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| '''Host(s)'''
 
| style="border:0.0069in solid #0000ff;padding-top:0in;padding-bottom:0in;padding-left:0.075in;padding-right:0.075in;"| This is the IP Address, Domain Name or URL of the host.
 
  
|}
+
=== Groups ===
''Table 11Add New Rule Settings and Descriptions''
 
  
 +
Start by adding a Group that will define what features the user is able to edit. You need to set a Group ID (number) and Group Name.
  
=== Add New Rule ===
+
[[File:AdminGroups.jpg|File:AdminGroups.jpg]]
The following outlines the steps to add a new rule for Services in the PBX system.
 
  
'''STEPS:'''
+
Once created you will need to Edit and choose what features on the PBX the user is able to control. For each feature, you can choose Create, Modify, Delete, as well as filter. Separate multiple filters of the same feature with commas.  Filters can be used on Extensions, Groups, Menus, and Conferences.
  
# Navigate to '''System''''''Access Control, '''click on the''' '''Access Control List button, the Access Control List appears.
+
[[File:AdminGroupsEdit.jpg|File:AdminGroupsEdit.jpg]]
# From the '''Add New Rule''' section, select the Service type from the drop-down list.
 
# Enter the '''Host/s '''to be allowed/denied by the service
 
# Click the '''Create Rule''' button.
 
# The new rule is added and will be displayed in the rules list.
 
# Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database. .
 
  
=== Delete Rules or Services ===
+
=== Users ===
The following outlines the steps to delete existing rules or services.
 
  
'''STEPS:'''
+
Once a Group is created, you can add Users. To do so, you'll need to give them a Username and Password, enter the Name to know which person this User was created for, and set them to a Group. Once created, if you need to modify a field for a User, simply populate the Username field and whichever fields you wish to change, then click Save.  The username must be a minimum of 4 characters, or it will create the entry, and then give a bad username or password error when you attempt to log in.
  
# From the '''Service''' section of the '''PBX AccessAccess Control List''' page, find the service or rule that you want to delete.
+
[[File:AdminUsers.jpg|File:AdminUsers.jpg]]
# Click on icon to the left of either the service or rule. The selected item is removed from the list.
 
# Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 

Latest revision as of 13:08, 22 April 2022



Logo on white background (small).gif
support@ipitomy.com | 941.306.2200 (Opt 2 for Support)
You are viewing the IPitomy IP PBX Manual, Table of Contents.


System Networking

The IPitomy System Menu is for configuring network attributes. For example the IP address of the system and router information. The System Networking Setup Page allows you to define the Internet Setup for the system’s hardware. The system must operate using a static IP address; DHCP should only be used on the IPitomy IP PBX if the router is configured to assign a specific static DHCP address to the system.

Tcpipsettings.png


The following table describes the fields and recommended settings for Networking Setup for the IP PBX system:


Field
Recommended Settings
IP Address Use the default address (192.168.1.249) of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router. The PBX will be accessed via <IPAddress>/ippbx, so at default you would go to 192.168.1.249/ippbx.
Subnet Mask Leave the default setting for the Subnet Mask as (255.255.255.0). The subnet mask defines what traffic the PBX will listen and communicate to. A value of 255 means the octet in question needs to match exactly, while a value of 0 means the octet is not restricted at all. When the PBX is set to the default IP address, a subnet mask of 255.255.255.0 tells the system to communicate with any devices in the 192.168.1.xxx range.
Default Gateway The default gateway provided is 192.168.1.1. Though this default is a common router IP, every network is different. Enter the IP address of the router handling their Internet connection here.
Static DNS Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
Static DNS2 Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
Static DNS3 Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.

Table 6Network Setting Descriptions

TCP/IP Settings Section

Edit TCP/IP Default Settings

STEPS:

  1. Navigate to System Networking. The TCP/IP Settings page appears displaying the default values for the following setting:
    1. IP Address
    2. Subnet Mask
    3. Default Gateway
    4. Static DNS
  2. Click on the IP Address field. Enter the IP address for the Router. Use the default address (192.168.1.249) of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router Enter the desired IP Address. See Table above for recommended settings.
  3. Click on the Subnet Mask field. Leave the default setting for the Subnet Mask as (255.255.255.0). See Table above for recommended settings.
  4. Click on the Default Gateway field. Change the default Gateway value to the desired target network. See Table above for recommended settings.
  5. Click on the Static DNS field. Change the default DNS value to the desired target network. See Table above for recommended settings.
  6. Repeat step 5 to set the remaining DNS values, if necessary.
  7. Click on the Save Changes button
  8. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.

VLAN

Setting up VLAN from the PBX

This guide requires a managed switch and knowledge of how to set up VLANs on it, which is outside of the scope of this guide. This is only to show how to set up VLAN on the pbx, and enable it for all phones. This requires your PBX to be on software version 5.1.5-5 or higher. All network switch ports that will have a phone on it should have its port tagged for the appropriate vlan.

WARNING: DO NOT SET VLAN IP ADDRESS ON THE SAME NETWORK AS STANDARD NETWORK INTERFACE! This will lock up the pbx and cause it to become PERMANENTLY inaccessible. Example, if your standard network is 192.168.1.x, your vlan network CANNOT be the same.

File:Vlan config.JPG

  1. Define the VLAN under System=>VLAN.  It must be enabled.
  2. Set VLAN IP Address to the IP address that you would like to give the PBX on that vlan, which will also hand out DHCP on the vlan to the phones (This MUST be a different IP address from the main IP address set under system=>networking)
  3. Set the VLAN Subnet mask to define the network just as you would on standard network settings.  255.255.255.0 is generally going to suffice.
  4. Set the VID to the actual VLAN ID tag.  This must match the VLAN in the switch that you are assigning the ports to.
  5. Set DHCP Start and End addresses as desired
  6. Save

NOTE: If your phones are on a vlan, autodiscovery will not find them with the default settings. To scan the vlan network instead of normal network, go to destinations->auto discovery like normal, choose scan or don't scan as desired, and go under View Settings -> Advanced Scan Settings, and change the Scan Network box to the network (CIDR notation) that you wish to scan for the phones.


File:Phone global vlan.JPG

  1. Navigate to PBX Setup=Phone Global
  2. Set Apply VLAN Config to Phones to Enabled
  3. Set Phone VLAN Enable to Enabled
  4. Set Phone VID to match VID from step 4 above
  5. If needed, set PC VLAN settings according to network.
  6. Save
  7. Apply changes
  8. Reboot phones.  They should pick up vlan config and be on the vlan network correctly.

This process replaces the need to set vlan in the phone global template.  Using the phone global template to assign vlan is no longer necessary as of 5.1.5-5

LLDP

Warning: Do not follow this guide unless you know for certain you need LLDP. Incorrectly implementing this protocol MAY lead to undesired network functionality.

This guide applies to Cisco switches, and the screenshots are specifically from a SG300 28 port switch. Some options may be named differently, or not exist at all on other brands of network equipment.


In the switch:

LLDP Status: Enabled

TLV Advertise Interval: 60

File:Lldp-properties.PNG



LLDP MED Network Policy

Create 2 policies as follows

Application Voice, VLAN ID 2, VLAN Tagged

Application Voice Signaling, VLAN ID 2, VLAN Tagged

File:Lldp-med-policies.PNG


 

LLDP MED Port Settings

Add Voice and Voice signaling applications to desired ports

File:Lldp-med-port-settings.PNG 


VLAN Management=>Voice VLAN=>Properties

Dynamic Voice VLAN: Disabled

File:Voice-vlan-properties.PNG

Create VLAN: VlanID 2, name Voice

File:Vlan-create.PNG

 

Port to VLAN

Set desired ports for voice traffic (any port that will have a phone plugged in, plus the port that will handle voice dhcp, if needed), to VLAN 2: Tagged

File:Vlan-port-to-vlan.PNG


In the PBX

Ensure all phones have LLDP enabled.  You can set this on each phone individually in the menu under Settings=>Advanced=>Network=>LLDP, but we would recommend following the instructions listed at http://wiki.ipitomy.com/wiki/HD_Phone_FAQ#How_do_I_Enabled_LLDP_Globally_for_the_Phones to set LLDP globally if you need it for all phones.


Helpful Links

Virtual Local Area Networks (VLANs)

http://www.practicalnetworking.net/stand-alone/vlans/

All Credit and Thanks go to networking guru Ed Harmoush at Practical Networking

Routing Between VLANs

http://www.practicalnetworking.net/stand-alone/routing-between-vlans/

All Credit and Thanks go to networking guru Ed Harmoush at Practical Networking

Access Control (PBX Access)

The Access Control page is comprised of 3 sub-pages; Host Access, Web Server, and Access Control List. Each is accessible from the buttons at the top of the page and pertains a different method of controlling access to the PBX.

Host Access

This feature allows you to limit access to special services on the PBX. An “allow from” entry is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address. List elements should be separated by blanks and/or commas.


Note: The parameter for the IP PBX Host Access is pre-configured per the manufacturer’s specifications. We recommend that you do not change this configuration value.

Hostaccess.png


The following table describes the features and functions available on the Host Access page:


Fields/Buttons
Description
Delete Selected Items This button allows you to delete multiple services at a time.
Load Factory Defaults This button will set the PBX back to the default Host Access settings.



Add a New Item This section is where you would add new rules for accessing special services on the PBX

Table 7Network Features and Descriptions


IMPORTANT: Changes to the Host Access List are installed immediately. They are database independent so custom changes do not migrate from one box to another via a database backup file.

Please contact IPitomy’s Technical Support Group if you think you need to modify these settings.

Web Server Configuration - (Obsolete - Removed in 4.8.0)

Link to Old Info Web Server Configuration

Access Control List

The Access Control List defines what networks different PBX features are permitted to communicate with. This is a security feature that we recommend using. If the site communicates to a SIP provider or Remote Phones, you will need to add their IP address to the list. The SIP Provider should give you either a single static IP or a subnet range (eg. 8.3.42.0/30) to add to allow them inbound. Remote phones with a static IP can have that single address added (eg. 72.64.129.45/32). If the remote phone is at a site with a dynamic IP, go to whois.domaintools.com and lookup that IP, this will give you the subnet of the carrier in that area, add that range as a rule to the SIP ACL (eg. 68.23.0.0/12). The only times I would not be using the SIP ACL is if a user has a softphone on their cell, or if a user travels with their phone to different locationsas you won't have any way to know what IP it would be registering from.

Accesscontrollist.png


The following table outlines the parameters and descriptions for the Access Control List.


Feature
Description

Default
Services

Displays the name of configured services. Typical services on the PBX are:

SIP: Used for Calls

Call Manager: Used for Desktop Call Manager

TFTP:  Used by phones to pull down config and firmware files

Ports Displays the ports that were defined for a particular service.

SIP: 5060

Call Manager: 5048

TFTP: 69

Rules Displays the rules that were configured for a particular service.

Deny List: Accepts all traffic, unless specifically defined

Allow List: Denies all traffic, unless specifically defined

Table 9Access Control List Definitions


Load Recommended Default

This is the recommended method to set the Access Control List to the typically used settings.

STEPS:

  1. Navigate to PBX Setup->SIP
  2. Set the LocalNet to match the network the PBX is installed on, Save, and Apply Changes
  3. Navigate to the Access Control List page, click Load Recommended Default button. This will create default rules allowing the PBX to communicate to devices on the LocalNet in regards to SIP, Call Manager, and TFTP
  4. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.
Load defaults.png

Add New Service

Addnewservice.png

The following table outlines the parameters and descriptions required for adding a new service.


Feature
Description
Service Name This is the name of the new service and will populate the Service drop-down list in the Add New Rule section.
Service Transport This is the service type that will be used to transport the message. The options are Both, TCP or UDP.

SIP and RTP traffic both occur on UDP, TFTP traffic is UDP, and Call Manager traffic is TCP. Any other rules created would need to be configured for the protocol used by this service.

Service Ports This is the port information that is associated with the host. You can enter a single or range of ports that will be used for this service. SIP uses 5060, Call Manager uses 5048, and TFTP uses 69. Other services must be configured to use the appropriate ports.
Service Policy This is the umbrella rule for the service, which will be further defined under Add New Rules. The options are:

Deny List: ACCEPT ALL EXCEPT rule will apply. This will allow all traffic on the defined port, allowing you to configure a list of Denied IP addresses.

Allow List: DROP ALL EXCEPT rule will apply. This will block all traffic on the defined port, allowing you to configure a list of Allowed IP addresses.

The following outlines the steps to add a new service in the PBX system.

STEPS:

  1. Navigate to System->Access Control
  2. Click on theAccess Control List button, The Access Control List page appears.
  3. From the Add New Service section, enter a Name, and select the appropriate Transport Protocol, Ports, and Policy; then click the Create Service button.
  4. The new service and its associated values will be displayed in the Service listing.
  5. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.

The following table outlines the parameters and descriptions required for adding a new rule.


Feature
Description
Service This drop-down list is populated when a new services is added. This is done in the Add New Service section.
Host(s) This is the IP Address, Domain Name or URL of the host.

Table 11Add New Rule Settings and Descriptions

Add New Rule

The following outlines the steps to add a new rule for Services in the PBX system.

STEPS:

  1. Navigate to System->Access Control, click on theAccess Control List button, the Access Control List appears.
  2. From the Add New Rule section, select the Service type from the drop-down list.
  3. Enter the Host/s to be allowed/denied by the service
  4. Click the Create Rule button.
  5. The new rule is added and will be displayed in the rules list.
  6. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database. .

Delete Rules or Services

The following outlines the steps to delete existing rules or services.

STEPS:

  1. From the Service section of the PBX Access->Access Control List page, find the service or rule that you want to delete.
  2. Click on the X icon to the left of either the service or rule. The selected item is removed from the list.
  3. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.

Service Control

The Service Contol feature allows you to define what networks may communicate to the PBX for Admin Access, Mobile Access, Phone Config Access, SMDR Access, and Web Manager Access.

NOTE: Take care when enabling/modifying the Admin Access ACL as entering the wrong IP or localnet can make it so you are no longer able to access the PBX from the network it is installed upon.


File:System-ServiceControl.jpg


Clicking each of these buttons will bring up a display that allows you to Enable or Disable the ACL, choose if you want it to be an Allow List (block all addresses unless they are in the list) or a Deny List (allow all addresses unless they are on the list), and define the IPs and Subnet Masks to be allowed or denied by the feature.


File:System-ServiceControl-EditACL.jpg


To add an IP to the list, enter <ipaddress>/<subnetmask> in the text field and click add.  Highlight an entry and click Delete to remove it from the list.  As always, you must Save first, then Apply Changes for these features to become active on the live system. 

UI Users & Admin Groups

With Users and Groups, you the admin can give a user access to the programming side of the PBX and customize what they are able to modify, create, or delete.

Groups

Start by adding a Group that will define what features the user is able to edit. You need to set a Group ID (number) and Group Name.

File:AdminGroups.jpg

Once created you will need to Edit and choose what features on the PBX the user is able to control. For each feature, you can choose Create, Modify, Delete, as well as filter. Separate multiple filters of the same feature with commas. Filters can be used on Extensions, Groups, Menus, and Conferences.

File:AdminGroupsEdit.jpg

Users

Once a Group is created, you can add Users. To do so, you'll need to give them a Username and Password, enter the Name to know which person this User was created for, and set them to a Group. Once created, if you need to modify a field for a User, simply populate the Username field and whichever fields you wish to change, then click Save. The username must be a minimum of 4 characters, or it will create the entry, and then give a bad username or password error when you attempt to log in.

File:AdminUsers.jpg