Difference between revisions of "IP PBX Manual System Networking"

From IPitomy Wiki
Jump to navigation Jump to search
 
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''System Networking'''
+
__NOTITLE__
 +
{{IP_PBX_Manual|sortkey=System Networking}}
 +
== '''System Networking'''<br/> ==
  
The IPitomy System Menu is for configuring network attributes. For example the IP address of the system and router information. The System Networking Setup Page allows you to define the Internet Setup for the system’s hardware. The system must operate using a static IP address; DHCP should only be used on the IPitomy IP PBX if the router is configured to assign a specific static DHCP address to the system.
+
The IPitomy System Menu is for configuring network attributes. For example the IP address of the system and router information. The System Networking Setup Page allows you to define the Internet Setup for the system’s hardware. The system must operate using a static IP address; DHCP should only be used on the IPitomy IP PBX if the router is configured to assign a specific static DHCP address to the system. [[File:Tcpipsettings.png|center|Tcpipsettings.png]]<br/>The following table describes the fields and recommended settings for Networking Setup for the IP PBX system:
  
<br/>The following table describes the fields and recommended settings for Networking Setup for the IP PBX system:
 
  
  
 
+
{| class="wikitable"
{| style="border-spacing:0"
 
 
|-
 
|-
| style="background-color:#b8cce4; border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | <center>'''Field'''</center>
+
| <center>'''Field'''</center>
| style="background-color:#b8cce4; border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | <center>'''Recommended Settings'''</center>
+
| <center>'''Recommended Settings'''</center>
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''IP Address'''
+
| '''IP Address'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Use the default address (192.168.1.249)''' of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router.
+
| Use the default address (192.168.1.249) of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router.  The PBX will be accessed via <IPAddress>/ippbx, so at default you would go to 192.168.1.249/ippbx.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Subnet Mask'''
+
| '''Subnet Mask'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Leave the default setting for the Subnet Mask as (255.255.255.0)'''. The subnet mask defines what traffic the PBX will listen and communicate to. A value of 255 means the octet in question needs to match exactly, while a value of 0 means the octet is not restricted at all. When the PBX is set to the default IP address, a subnet mask of 255.255.255.0 tells the system to communicate with any devices in the 192.168.1.xxx range.
+
| Leave the default setting for the Subnet Mask as (255.255.255.0). The subnet mask defines what traffic the PBX will listen and communicate to. A value of 255 means the octet in question needs to match exactly, while a value of 0 means the octet is not restricted at all. When the PBX is set to the default IP address, a subnet mask of 255.255.255.0 tells the system to communicate with any devices in the 192.168.1.xxx range.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Default Gateway'''
+
| '''Default Gateway'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''The default gateway provided is 192.168.1.1'''. Though this default is a common router IP, every network is different. Enter the IP address of the router handling their Internet connection here.
+
| The default gateway provided is 192.168.1.1. Though this default is a common router IP, every network is different. Enter the IP address of the router handling their Internet connection here.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Static DNS'''
+
| '''Static DNS'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Enter the DNS IP address being used on the network'''. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
+
| Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Static DNS2'''
+
| '''Static DNS2'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Enter the DNS IP address being used on the network'''. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
+
| Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Static DNS3'''
+
| '''Static DNS3'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Enter the DNS IP address being used on the network'''. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
+
| Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
 
|}
 
|}
  
Line 40: Line 40:
  
 
#Navigate to '''System Networking'''. The '''TCP/IP Settings''' page appears displaying the default values for the following setting:
 
#Navigate to '''System Networking'''. The '''TCP/IP Settings''' page appears displaying the default values for the following setting:
 
+
##'''IP Address'''
*'''IP Address'''
+
##'''Subnet Mask'''
*'''Subnet Mask'''
+
##'''Default Gateway'''
*'''Default Gateway'''
+
##'''Static DNS<span id="cke_bm_85E" style="display: none" data-cke-bookmark="1">&nbsp;</span>'''
*'''Static DNS'''
 
 
 
 
#Click on the '''IP Address''' field. Enter the '''IP address''' for the Router. '''Use the default address (192.168.1.249)''' of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router Enter the desired IP Address. See Table above for recommended settings.
 
#Click on the '''IP Address''' field. Enter the '''IP address''' for the Router. '''Use the default address (192.168.1.249)''' of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router Enter the desired IP Address. See Table above for recommended settings.
 
#Click on the '''Subnet Mask '''field. '''Leave the default setting for the Subnet Mask as (255.255.255.0)'''. See Table above for recommended settings.
 
#Click on the '''Subnet Mask '''field. '''Leave the default setting for the Subnet Mask as (255.255.255.0)'''. See Table above for recommended settings.
Line 51: Line 49:
 
#Click on the '''Static DNS''' field. Change the default DNS value to the desired target network. See Table above for recommended settings.
 
#Click on the '''Static DNS''' field. Change the default DNS value to the desired target network. See Table above for recommended settings.
 
#Repeat '''step 5''' to set the remaining DNS values, if necessary.
 
#Repeat '''step 5''' to set the remaining DNS values, if necessary.
#Click on the button
+
#Click on the '''Save Changes''' button
 
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
  
== Access Control (PBX Access) ==
+
== VLAN ==
 +
{{:VLAN}}
 +
 
 +
== Access Control (PBX Access)<br/> ==
  
 
The Access Control page is comprised of 3 sub-pages; Host Access, Web Server, and Access Control List. Each is accessible from the buttons at the top of the page and pertains a different method of controlling access to the PBX.
 
The Access Control page is comprised of 3 sub-pages; Host Access, Web Server, and Access Control List. Each is accessible from the buttons at the top of the page and pertains a different method of controlling access to the PBX.
Line 62: Line 63:
 
This feature allows you to limit access to special services on the PBX. An “'''allow from'''” entry is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address. List elements should be separated by blanks and/or commas.
 
This feature allows you to limit access to special services on the PBX. An “'''allow from'''” entry is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address. List elements should be separated by blanks and/or commas.
  
<br/>'''Note:''' The parameter for the IP PBX Host Access is pre-configured per the manufacturer’s specifications. We recommend that you '''do not change''' this configuration value.
+
<br/>'''Note:''' The parameter for the IP PBX Host Access is pre-configured per the manufacturer’s specifications. We recommend that you '''do not change''' this configuration value. [[File:Hostaccess.png|center|Hostaccess.png]]<br/>The following table describes the features and functions available on the Host Access page:
 
 
<br/>The following table describes the features and functions available on the Host Access page:
 
  
  
  
{| style="border-spacing:0"
+
{| class="wikitable"
 
|-
 
|-
| style="background-color:#b8cce4; border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Fields/Buttons'''
+
| style="text-align: center" | Fields/Buttons
| style="background-color:#b8cce4; border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | <center>'''Description'''</center>
+
| <center>'''Description'''</center>
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Delete Selected Items'''
+
| '''Delete Selected Items'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This button allows you to delete multiple services at a time.
+
| This button allows you to delete multiple services at a time.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Load Factory Defaults'''
+
| '''Load Factory Defaults'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This button will set the PBX back to the default Host Access settings.
+
| This button will set the PBX back to the default Host Access settings.
  
  
Line 83: Line 82:
  
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Add a New Item'''
+
| '''Add a New Item'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This section is where you would add new rules for accessing special services on the PBX
+
| This section is where you would add new rules for accessing special services on the PBX
 
|}
 
|}
  
Line 93: Line 92:
 
{| style="border-spacing:0"
 
{| style="border-spacing:0"
 
|-
 
|-
| style="border-top:0.0069in solid #000000; border-bottom:0.0069in solid #000000; border-left:0.0069in solid #000000; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" |  
+
| style="border-top:0.0069in solid #000000; border-bottom:0.0069in solid #000000; border-left:0.0069in solid #000000; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" |  
| style="border-top:0.0069in solid #000000; border-bottom:0.0069in solid #000000; border-left:none; border-right:0.0069in solid #000000; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''IMPORTANT: Changes to the Host Access List are installed immediately. They are database independent so custom changes do not migrate from one box to another via a database backup file.'''
+
| style="border-top:0.0069in solid #000000; border-bottom:0.0069in solid #000000; border-left:none; border-right:0.0069in solid #000000; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''IMPORTANT: Changes to the Host Access List are installed immediately. They are database independent so custom changes do not migrate from one box to another via a database backup file.'''
'''Please contact IPitomy’s Technical Support Group if you think you need to modify these settings. Email via [mailto:support@ipitomy.com support@ipitomy.com] or phone at 941-306-2200 option 2. You can also visit our FAQ page at faq.ipitomy.com.'''
+
'''Please contact IPitomy’s Technical Support Group if you think you need to modify these settings.'''
  
 
|}
 
|}
Line 101: Line 100:
 
== Web Server Configuration - (Obsolete - Removed in 4.8.0)<br/> ==
 
== Web Server Configuration - (Obsolete - Removed in 4.8.0)<br/> ==
  
[IPPBX_IMM_Web_Server_Configuration|Web Server Configuration]
+
Link to Old Info [[IPPBX IMM Web Server Configuration|Web Server Configuration]]
  
== Access Control List ==
+
== Access Control List<br/> ==
  
The Access Control List defines what networks different PBX features are permitted to communicate with.
+
The Access Control List defines what networks different PBX features are permitted to communicate with. This is a security feature that we recommend using.  If the site communicates to a SIP provider or Remote Phones, you will need to add their IP address to the list.  The SIP Provider should give you either a single static IP or a subnet range (eg. 8.3.42.0/30) to add to allow them inbound.  Remote phones with a static IP can have that single address added (eg. 72.64.129.45/32).  If the remote phone is at a site with a dynamic IP, go to whois.domaintools.com and lookup that IP, this will give you the subnet of the carrier in that area, add that range as a rule to the SIP ACL (eg. 68.23.0.0/12).  The only times I would not be using the SIP ACL is if a user has a softphone on their cell, or if a user travels with their phone to different locationsas you won't have any way to know what IP it would be registering from.
  
<br/>The following table outlines the parameters and descriptions for the Access Control List.
+
[[File:Accesscontrollist.png|center|Accesscontrollist.png]]<br/>The following table outlines the parameters and descriptions for the Access Control List.
  
  
  
{| style="border-spacing:0"
+
{| class="wikitable"
 
|-
 
|-
| style="background-color:#b8cce4; border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Feature'''
+
| '''Feature'''
| style="background-color:#b8cce4; border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | <center>'''Description'''</center>
+
| <center>'''Description'''</center>
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Service'''
+
|  
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | Displays the name of configured services. Typical services on the PBX are:
+
'''Default<br/>Services'''
SIP - Used for Calls
 
  
Call Manager - Used for Desktop Call Manager
+
| Displays the name of configured services. Typical services on the PBX are:
 +
SIP: Used for Calls
  
TFTPUsed by phones to pull down config and firmware files
+
Call Manager: Used for Desktop Call Manager
 +
 
 +
TFTP: &nbsp;Used by phones to pull down config and firmware files
  
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Ports'''
+
| '''Ports'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | Displays the ports that were defined for a particular service.
+
| Displays the ports that were defined for a particular service.
SIP5060
+
SIP: 5060
  
Call Manager5048
+
Call Manager: 5048
  
TFTP - 69
+
TFTP: 69
  
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Rules'''
+
| '''Rules'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | Displays the rules that were configured for a particular service.
+
| Displays the rules that were configured for a particular service.
Deny ListAccepts all traffic, unless specifically definedAllow ListDenies all traffic, unless specifically defined
+
Deny List: Accepts all traffic, unless specifically defined
 +
 
 +
Allow List: Denies all traffic, unless specifically defined
  
 
|}
 
|}
Line 150: Line 153:
 
'''STEPS:'''
 
'''STEPS:'''
  
#Navigate to PBX SetupSIP
+
#Navigate to PBX Setup->SIP
 
#Set the LocalNet to match the network the PBX is installed on, Save, and Apply Changes
 
#Set the LocalNet to match the network the PBX is installed on, Save, and Apply Changes
 
#Navigate to the '''Access Control List''' page, click '''Load Recommended Default''' button. This will create default rules allowing the PBX to communicate to devices on the LocalNet in regards to SIP, Call Manager, and TFTP
 
#Navigate to the '''Access Control List''' page, click '''Load Recommended Default''' button. This will create default rules allowing the PBX to communicate to devices on the LocalNet in regards to SIP, Call Manager, and TFTP
 
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 +
[[File:Load defaults.png|none|frame]]
  
 
=== Add New Service ===
 
=== Add New Service ===
  
The following table outlines the parameters and descriptions required for adding a new service.
+
[[File:Addnewservice.png|center|Addnewservice.png]] The following table outlines the parameters and descriptions required for adding a new service.
  
  
  
{| style="border-spacing:0"
+
{| class="wikitable"
 
|-
 
|-
| style="background-color:#b8cce4; border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Feature'''
+
| '''Feature'''
| style="background-color:#b8cce4; border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | <center>'''Description'''</center>
+
| <center>'''Description'''</center>
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Service Name'''
+
| '''Service Name'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This is the name of the new service and will populate the Service drop-down list in the Add New Rule section.
+
| This is the name of the new service and will populate the Service drop-down list in the Add New Rule section.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Service Transport'''
+
| '''Service Transport'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This is the service type that will be used to transport the message. The options are Both, TCP or UDP'''. '''
+
| This is the service type that will be used to transport the message. The options are Both, TCP or UDP.
 
SIP and RTP traffic both occur on UDP, TFTP traffic is UDP, and Call Manager traffic is TCP. Any other rules created would need to be configured for the protocol used by this service.
 
SIP and RTP traffic both occur on UDP, TFTP traffic is UDP, and Call Manager traffic is TCP. Any other rules created would need to be configured for the protocol used by this service.
  
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Service Ports'''
+
| '''Service Ports'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This is the port information that is associated with the host. You can enter a single or range of ports that will be used for this service. SIP uses 5060, Call Manager uses 5048, and TFTP uses 69. Other services must be configured to use the appropriate ports.
+
| This is the port information that is associated with the host. You can enter a single or range of ports that will be used for this service. SIP uses 5060, Call Manager uses 5048, and TFTP uses 69. Other services must be configured to use the appropriate ports.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Service Policy'''
+
| '''Service Policy'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This is the umbrella rule for the service, which will be further defined under Add New Rules. The options are:
+
| This is the umbrella rule for the service, which will be further defined under Add New Rules. The options are:
'''Deny List;''' '''ACCEPT ALL EXCEPT''' rule will apply. This will allow all traffic on the defined port, allowing you to configure a list of Denied IP addresses.
+
Deny List:&nbsp;'''ACCEPT ALL EXCEPT''' rule will apply. This will allow all traffic on the defined port, allowing you to configure a list of Denied IP addresses.
  
'''Allow List:''' '''DROP ALL EXCEPT''' rule will apply. This will block all traffic on the defined port, allowing you to configure a list of Allowed IP addresses.
+
Allow List: '''DROP ALL EXCEPT '''rule will apply. This will block all traffic on the defined port, allowing you to configure a list of Allowed IP addresses.
  
 
|}
 
|}
Line 189: Line 193:
 
'''STEPS:'''
 
'''STEPS:'''
  
#Navigate to '''System''''''Access Control'''
+
#Navigate to '''System->Access Control'''
 
#Click on theAccess Control List button, The Access Control List page appears.
 
#Click on theAccess Control List button, The Access Control List page appears.
 
#From the '''Add New Service''' section, enter a Name, and select the appropriate Transport Protocol, Ports, and Policy; then click the '''Create Service''' button.
 
#From the '''Add New Service''' section, enter a Name, and select the appropriate Transport Protocol, Ports, and Policy; then click the '''Create Service''' button.
Line 199: Line 203:
  
  
{| style="border-spacing:0"
+
{| class="wikitable"
 
|-
 
|-
| style="background-color:#b8cce4; border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Feature'''
+
| '''Feature'''
| style="background-color:#b8cce4; border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | <center>'''Description'''</center>
+
| <center>'''Description'''</center>
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Service'''
+
| '''Service'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This drop-down list is populated when a new services is added. This is done in the Add New Service section.
+
| This drop-down list is populated when a new services is added. This is done in the Add New Service section.
 
|-
 
|-
| style="border-top:0.0069in solid #0000ff; border-bottom:0.0069in solid #0000ff; border-left:0.0069in solid #0000ff; border-right:none; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | '''Host(s)'''
+
| '''Host(s)'''
| style="border:0.0069in solid #0000ff; padding-top:0in; padding-bottom:0in; padding-left:0.075in; padding-right:0.075in" | This is the IP Address, Domain Name or URL of the host.
+
| This is the IP Address, Domain Name or URL of the host.
 
|}
 
|}
  
 
''Table 11Add New Rule Settings and Descriptions''
 
''Table 11Add New Rule Settings and Descriptions''
 
 
  
 
=== Add New Rule ===
 
=== Add New Rule ===
Line 221: Line 223:
 
'''STEPS:'''
 
'''STEPS:'''
  
#Navigate to '''System''''''Access Control, '''click on theAccess Control List button, the Access Control List appears.
+
#Navigate to '''System'''->'''Access Control, '''click on theAccess Control List button, the Access Control List appears.
 
#From the '''Add New Rule''' section, select the Service type from the drop-down list.
 
#From the '''Add New Rule''' section, select the Service type from the drop-down list.
 
#Enter the '''Host/s '''to be allowed/denied by the service
 
#Enter the '''Host/s '''to be allowed/denied by the service
Line 234: Line 236:
 
'''STEPS:'''
 
'''STEPS:'''
  
#From the '''Service''' section of the '''PBX AccessAccess Control List''' page, find the service or rule that you want to delete.
+
#From the '''Service''' section of the '''PBX Access->Access Control List''' page, find the service or rule that you want to delete.
#Click on icon to the left of either the service or rule. The selected item is removed from the list.
+
#Click on the '''X''' icon to the left of either the service or rule. The selected item is removed from the list.
 
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 
#Click the '''Apply Changes''' link located on the right hand corner of the page, to commit the changes to the database.
 +
 +
== Service Control<br/> ==
 +
 +
The Service Contol feature allows you to define what networks may communicate to the PBX for Admin Access, Mobile Access, Phone Config Access, SMDR Access, and Web Manager Access.
 +
 +
'''NOTE: Take care when enabling/modifying the Admin Access ACL as entering the wrong IP or localnet can make it so you are no longer able to access the PBX from the network it is installed upon.'''
 +
 +
 +
 +
[[File:System-ServiceControl.jpg|File:System-ServiceControl.jpg]]
 +
 +
 +
 +
Clicking each of these buttons will bring up a display that allows you to Enable or Disable the ACL, choose if you want it to be an Allow List (block all addresses unless they are in the list) or a Deny List (allow all addresses unless they are on the list), and define the IPs and Subnet Masks to be allowed or denied by the feature.
 +
 +
 +
 +
[[File:System-ServiceControl-EditACL.jpg|File:System-ServiceControl-EditACL.jpg]]
 +
 +
 +
 +
To add an IP to the list, enter &lt;ipaddress&gt;/&lt;subnetmask&gt; in the text field and click add.&nbsp; Highlight an entry and click Delete to remove it from the list.&nbsp; As always, you must Save first, then Apply Changes for these features to become active on the live system.&nbsp;
 +
 +
== UI Users & Admin Groups ==
 +
 +
With Users and Groups, you the admin can give a user access to the programming side of the PBX and customize what they are able to modify, create, or delete.
 +
 +
=== Groups ===
 +
 +
Start by adding a Group that will define what features the user is able to edit. You need to set a Group ID (number) and Group Name.
 +
 +
[[File:AdminGroups.jpg|File:AdminGroups.jpg]]
 +
 +
Once created you will need to Edit and choose what features on the PBX the user is able to control. For each feature, you can choose Create, Modify, Delete, as well as filter. Separate multiple filters of the same feature with commas.  Filters can be used on Extensions, Groups, Menus, and Conferences.
 +
 +
[[File:AdminGroupsEdit.jpg|File:AdminGroupsEdit.jpg]]
 +
 +
=== Users ===
 +
 +
Once a Group is created, you can add Users. To do so, you'll need to give them a Username and Password, enter the Name to know which person this User was created for, and set them to a Group. Once created, if you need to modify a field for a User, simply populate the Username field and whichever fields you wish to change, then click Save.  The username must be a minimum of 4 characters, or it will create the entry, and then give a bad username or password error when you attempt to log in.
 +
 +
[[File:AdminUsers.jpg|File:AdminUsers.jpg]]

Latest revision as of 13:08, 22 April 2022



Logo on white background (small).gif
support@ipitomy.com | 941.306.2200 (Opt 2 for Support)
You are viewing the IPitomy IP PBX Manual, Table of Contents.


System Networking

The IPitomy System Menu is for configuring network attributes. For example the IP address of the system and router information. The System Networking Setup Page allows you to define the Internet Setup for the system’s hardware. The system must operate using a static IP address; DHCP should only be used on the IPitomy IP PBX if the router is configured to assign a specific static DHCP address to the system.

Tcpipsettings.png


The following table describes the fields and recommended settings for Networking Setup for the IP PBX system:


Field
Recommended Settings
IP Address Use the default address (192.168.1.249) of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router. The PBX will be accessed via <IPAddress>/ippbx, so at default you would go to 192.168.1.249/ippbx.
Subnet Mask Leave the default setting for the Subnet Mask as (255.255.255.0). The subnet mask defines what traffic the PBX will listen and communicate to. A value of 255 means the octet in question needs to match exactly, while a value of 0 means the octet is not restricted at all. When the PBX is set to the default IP address, a subnet mask of 255.255.255.0 tells the system to communicate with any devices in the 192.168.1.xxx range.
Default Gateway The default gateway provided is 192.168.1.1. Though this default is a common router IP, every network is different. Enter the IP address of the router handling their Internet connection here.
Static DNS Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
Static DNS2 Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.
Static DNS3 Enter the DNS IP address being used on the network. If a default DNS IP address is not provided by the router it can be obtained from the network’s Internet Service Provider.

Table 6Network Setting Descriptions

TCP/IP Settings Section

Edit TCP/IP Default Settings

STEPS:

  1. Navigate to System Networking. The TCP/IP Settings page appears displaying the default values for the following setting:
    1. IP Address
    2. Subnet Mask
    3. Default Gateway
    4. Static DNS
  2. Click on the IP Address field. Enter the IP address for the Router. Use the default address (192.168.1.249) of the IPitomy IP PBX or an address outside the range of existing IP addresses assigned by DHCP in the router Enter the desired IP Address. See Table above for recommended settings.
  3. Click on the Subnet Mask field. Leave the default setting for the Subnet Mask as (255.255.255.0). See Table above for recommended settings.
  4. Click on the Default Gateway field. Change the default Gateway value to the desired target network. See Table above for recommended settings.
  5. Click on the Static DNS field. Change the default DNS value to the desired target network. See Table above for recommended settings.
  6. Repeat step 5 to set the remaining DNS values, if necessary.
  7. Click on the Save Changes button
  8. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.

VLAN

Setting up VLAN from the PBX

This guide requires a managed switch and knowledge of how to set up VLANs on it, which is outside of the scope of this guide. This is only to show how to set up VLAN on the pbx, and enable it for all phones. This requires your PBX to be on software version 5.1.5-5 or higher. All network switch ports that will have a phone on it should have its port tagged for the appropriate vlan.

WARNING: DO NOT SET VLAN IP ADDRESS ON THE SAME NETWORK AS STANDARD NETWORK INTERFACE! This will lock up the pbx and cause it to become PERMANENTLY inaccessible. Example, if your standard network is 192.168.1.x, your vlan network CANNOT be the same.

File:Vlan config.JPG

  1. Define the VLAN under System=>VLAN.  It must be enabled.
  2. Set VLAN IP Address to the IP address that you would like to give the PBX on that vlan, which will also hand out DHCP on the vlan to the phones (This MUST be a different IP address from the main IP address set under system=>networking)
  3. Set the VLAN Subnet mask to define the network just as you would on standard network settings.  255.255.255.0 is generally going to suffice.
  4. Set the VID to the actual VLAN ID tag.  This must match the VLAN in the switch that you are assigning the ports to.
  5. Set DHCP Start and End addresses as desired
  6. Save

NOTE: If your phones are on a vlan, autodiscovery will not find them with the default settings. To scan the vlan network instead of normal network, go to destinations->auto discovery like normal, choose scan or don't scan as desired, and go under View Settings -> Advanced Scan Settings, and change the Scan Network box to the network (CIDR notation) that you wish to scan for the phones.


File:Phone global vlan.JPG

  1. Navigate to PBX Setup=Phone Global
  2. Set Apply VLAN Config to Phones to Enabled
  3. Set Phone VLAN Enable to Enabled
  4. Set Phone VID to match VID from step 4 above
  5. If needed, set PC VLAN settings according to network.
  6. Save
  7. Apply changes
  8. Reboot phones.  They should pick up vlan config and be on the vlan network correctly.

This process replaces the need to set vlan in the phone global template.  Using the phone global template to assign vlan is no longer necessary as of 5.1.5-5

LLDP

Warning: Do not follow this guide unless you know for certain you need LLDP. Incorrectly implementing this protocol MAY lead to undesired network functionality.

This guide applies to Cisco switches, and the screenshots are specifically from a SG300 28 port switch. Some options may be named differently, or not exist at all on other brands of network equipment.


In the switch:

LLDP Status: Enabled

TLV Advertise Interval: 60

File:Lldp-properties.PNG



LLDP MED Network Policy

Create 2 policies as follows

Application Voice, VLAN ID 2, VLAN Tagged

Application Voice Signaling, VLAN ID 2, VLAN Tagged

File:Lldp-med-policies.PNG


 

LLDP MED Port Settings

Add Voice and Voice signaling applications to desired ports

File:Lldp-med-port-settings.PNG 


VLAN Management=>Voice VLAN=>Properties

Dynamic Voice VLAN: Disabled

File:Voice-vlan-properties.PNG

Create VLAN: VlanID 2, name Voice

File:Vlan-create.PNG

 

Port to VLAN

Set desired ports for voice traffic (any port that will have a phone plugged in, plus the port that will handle voice dhcp, if needed), to VLAN 2: Tagged

File:Vlan-port-to-vlan.PNG


In the PBX

Ensure all phones have LLDP enabled.  You can set this on each phone individually in the menu under Settings=>Advanced=>Network=>LLDP, but we would recommend following the instructions listed at http://wiki.ipitomy.com/wiki/HD_Phone_FAQ#How_do_I_Enabled_LLDP_Globally_for_the_Phones to set LLDP globally if you need it for all phones.


Helpful Links

Virtual Local Area Networks (VLANs)

http://www.practicalnetworking.net/stand-alone/vlans/

All Credit and Thanks go to networking guru Ed Harmoush at Practical Networking

Routing Between VLANs

http://www.practicalnetworking.net/stand-alone/routing-between-vlans/

All Credit and Thanks go to networking guru Ed Harmoush at Practical Networking

Access Control (PBX Access)

The Access Control page is comprised of 3 sub-pages; Host Access, Web Server, and Access Control List. Each is accessible from the buttons at the top of the page and pertains a different method of controlling access to the PBX.

Host Access

This feature allows you to limit access to special services on the PBX. An “allow from” entry is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address. List elements should be separated by blanks and/or commas.


Note: The parameter for the IP PBX Host Access is pre-configured per the manufacturer’s specifications. We recommend that you do not change this configuration value.

Hostaccess.png


The following table describes the features and functions available on the Host Access page:


Fields/Buttons
Description
Delete Selected Items This button allows you to delete multiple services at a time.
Load Factory Defaults This button will set the PBX back to the default Host Access settings.



Add a New Item This section is where you would add new rules for accessing special services on the PBX

Table 7Network Features and Descriptions


IMPORTANT: Changes to the Host Access List are installed immediately. They are database independent so custom changes do not migrate from one box to another via a database backup file.

Please contact IPitomy’s Technical Support Group if you think you need to modify these settings.

Web Server Configuration - (Obsolete - Removed in 4.8.0)

Link to Old Info Web Server Configuration

Access Control List

The Access Control List defines what networks different PBX features are permitted to communicate with. This is a security feature that we recommend using. If the site communicates to a SIP provider or Remote Phones, you will need to add their IP address to the list. The SIP Provider should give you either a single static IP or a subnet range (eg. 8.3.42.0/30) to add to allow them inbound. Remote phones with a static IP can have that single address added (eg. 72.64.129.45/32). If the remote phone is at a site with a dynamic IP, go to whois.domaintools.com and lookup that IP, this will give you the subnet of the carrier in that area, add that range as a rule to the SIP ACL (eg. 68.23.0.0/12). The only times I would not be using the SIP ACL is if a user has a softphone on their cell, or if a user travels with their phone to different locationsas you won't have any way to know what IP it would be registering from.

Accesscontrollist.png


The following table outlines the parameters and descriptions for the Access Control List.


Feature
Description

Default
Services

Displays the name of configured services. Typical services on the PBX are:

SIP: Used for Calls

Call Manager: Used for Desktop Call Manager

TFTP:  Used by phones to pull down config and firmware files

Ports Displays the ports that were defined for a particular service.

SIP: 5060

Call Manager: 5048

TFTP: 69

Rules Displays the rules that were configured for a particular service.

Deny List: Accepts all traffic, unless specifically defined

Allow List: Denies all traffic, unless specifically defined

Table 9Access Control List Definitions


Load Recommended Default

This is the recommended method to set the Access Control List to the typically used settings.

STEPS:

  1. Navigate to PBX Setup->SIP
  2. Set the LocalNet to match the network the PBX is installed on, Save, and Apply Changes
  3. Navigate to the Access Control List page, click Load Recommended Default button. This will create default rules allowing the PBX to communicate to devices on the LocalNet in regards to SIP, Call Manager, and TFTP
  4. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.
Load defaults.png

Add New Service

Addnewservice.png

The following table outlines the parameters and descriptions required for adding a new service.


Feature
Description
Service Name This is the name of the new service and will populate the Service drop-down list in the Add New Rule section.
Service Transport This is the service type that will be used to transport the message. The options are Both, TCP or UDP.

SIP and RTP traffic both occur on UDP, TFTP traffic is UDP, and Call Manager traffic is TCP. Any other rules created would need to be configured for the protocol used by this service.

Service Ports This is the port information that is associated with the host. You can enter a single or range of ports that will be used for this service. SIP uses 5060, Call Manager uses 5048, and TFTP uses 69. Other services must be configured to use the appropriate ports.
Service Policy This is the umbrella rule for the service, which will be further defined under Add New Rules. The options are:

Deny List: ACCEPT ALL EXCEPT rule will apply. This will allow all traffic on the defined port, allowing you to configure a list of Denied IP addresses.

Allow List: DROP ALL EXCEPT rule will apply. This will block all traffic on the defined port, allowing you to configure a list of Allowed IP addresses.

The following outlines the steps to add a new service in the PBX system.

STEPS:

  1. Navigate to System->Access Control
  2. Click on theAccess Control List button, The Access Control List page appears.
  3. From the Add New Service section, enter a Name, and select the appropriate Transport Protocol, Ports, and Policy; then click the Create Service button.
  4. The new service and its associated values will be displayed in the Service listing.
  5. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.

The following table outlines the parameters and descriptions required for adding a new rule.


Feature
Description
Service This drop-down list is populated when a new services is added. This is done in the Add New Service section.
Host(s) This is the IP Address, Domain Name or URL of the host.

Table 11Add New Rule Settings and Descriptions

Add New Rule

The following outlines the steps to add a new rule for Services in the PBX system.

STEPS:

  1. Navigate to System->Access Control, click on theAccess Control List button, the Access Control List appears.
  2. From the Add New Rule section, select the Service type from the drop-down list.
  3. Enter the Host/s to be allowed/denied by the service
  4. Click the Create Rule button.
  5. The new rule is added and will be displayed in the rules list.
  6. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database. .

Delete Rules or Services

The following outlines the steps to delete existing rules or services.

STEPS:

  1. From the Service section of the PBX Access->Access Control List page, find the service or rule that you want to delete.
  2. Click on the X icon to the left of either the service or rule. The selected item is removed from the list.
  3. Click the Apply Changes link located on the right hand corner of the page, to commit the changes to the database.

Service Control

The Service Contol feature allows you to define what networks may communicate to the PBX for Admin Access, Mobile Access, Phone Config Access, SMDR Access, and Web Manager Access.

NOTE: Take care when enabling/modifying the Admin Access ACL as entering the wrong IP or localnet can make it so you are no longer able to access the PBX from the network it is installed upon.


File:System-ServiceControl.jpg


Clicking each of these buttons will bring up a display that allows you to Enable or Disable the ACL, choose if you want it to be an Allow List (block all addresses unless they are in the list) or a Deny List (allow all addresses unless they are on the list), and define the IPs and Subnet Masks to be allowed or denied by the feature.


File:System-ServiceControl-EditACL.jpg


To add an IP to the list, enter <ipaddress>/<subnetmask> in the text field and click add.  Highlight an entry and click Delete to remove it from the list.  As always, you must Save first, then Apply Changes for these features to become active on the live system. 

UI Users & Admin Groups

With Users and Groups, you the admin can give a user access to the programming side of the PBX and customize what they are able to modify, create, or delete.

Groups

Start by adding a Group that will define what features the user is able to edit. You need to set a Group ID (number) and Group Name.

File:AdminGroups.jpg

Once created you will need to Edit and choose what features on the PBX the user is able to control. For each feature, you can choose Create, Modify, Delete, as well as filter. Separate multiple filters of the same feature with commas. Filters can be used on Extensions, Groups, Menus, and Conferences.

File:AdminGroupsEdit.jpg

Users

Once a Group is created, you can add Users. To do so, you'll need to give them a Username and Password, enter the Name to know which person this User was created for, and set them to a Group. Once created, if you need to modify a field for a User, simply populate the Username field and whichever fields you wish to change, then click Save. The username must be a minimum of 4 characters, or it will create the entry, and then give a bad username or password error when you attempt to log in.

File:AdminUsers.jpg