Re: [asterisk-users] OT: NAT in SPA922
Ok.. here is how I solved. PC+IPPhone--Cisco2950Router. Each PC in one private subnet NATed on the router. All phones in same network (different from PCs). Sebastian On Fri, May 7, 2010 at 9:08 AM, James Lamanna jlama...@gmail.com wrote: On May 7, 2010, at 8:03, James Lamanna jlama...@gmail.com wrote: On Thu, May 6, 2010 at 8:14 PM, Vineet Bhojnagarwala vbho...@gmail.com wrote: Alternatively, if using normal vlans, this can also be achieved by enabling access list on the switch and restrict traffic flows. Generally this is done on a layer 3 switch, don't think it will support on your switch model. That is correct. In order to do this on a 2950, you will need a router behind this to be the gateway for each vlan. (On Cisco equipment you'd need to create a subinterface for each vlan (i.e. FastEthernet 0.xxx) where xxx is your vlan number. Then you can set each port up to be a trunk port on the 2950, but specify the native vlan on the port as the PC vlan # and allow the Vlan # for the phone vlan. So something like: switchport mode trunk switchport trunk native vlan [pc vlan #] switchport trunk allowed vlan [pc vlan #],[phone vlan #] Then you will have to create access-lists on the router to block intra-VLAN traffic. This can also be all done on a Layer 3 switch (like the Cisco 3550), by defining each VLAN as an interface: interface VLAN 100 description Phone VLAN ip address 192.168.100.1 255.255.255.0 ! interface VLAN 101 description Customer 1 VLAN ip address 192.168.101.1 255.255.255.0 ! etc.. then your ports will look like: interface FastEthernet 0/2 description customer 1 port switchport mode trunk switchport trunk encapsulation dot1q switchport trunk native vlan 101 switchport trunk allowed vlan 100,101 ! Then you'll need access lists to prevent the intra-vlan traffic.. I lied. You don't need access-lists in this case with the allowed vlan statement. -- James Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 7, 2010, at 8:39 AM, Vineet Bhojnagarwala vbho...@gmail.com wrote: I think this is a motel kind of situation and a PVLAN serves the situation right. Put all the ipphones in the voice vlan as suggested, make a seperate isolated vlan for the PCs, this will restrict traffic between the clients. Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 6, 2010, at 11:30 PM, David White david.wh...@watchguard.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com on behalf of Noah Miller Sent: Thu 5/6/2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: NAT in SPA922 It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?) place the phones in a voice vlan, and the phone problem is solved. as for the PC isolation, you might get better feedback on a cisco or other networking forum. -david -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list
Re: [asterisk-users] OT: NAT in SPA922
On Thu, May 6, 2010 at 8:14 PM, Vineet Bhojnagarwala vbho...@gmail.com wrote: Alternatively, if using normal vlans, this can also be achieved by enabling access list on the switch and restrict traffic flows. Generally this is done on a layer 3 switch, don't think it will support on your switch model. That is correct. In order to do this on a 2950, you will need a router behind this to be the gateway for each vlan. (On Cisco equipment you'd need to create a subinterface for each vlan (i.e. FastEthernet 0.xxx) where xxx is your vlan number. Then you can set each port up to be a trunk port on the 2950, but specify the native vlan on the port as the PC vlan # and allow the Vlan # for the phone vlan. So something like: switchport mode trunk switchport trunk native vlan [pc vlan #] switchport trunk allowed vlan [pc vlan #],[phone vlan #] Then you will have to create access-lists on the router to block intra-VLAN traffic. This can also be all done on a Layer 3 switch (like the Cisco 3550), by defining each VLAN as an interface: interface VLAN 100 description Phone VLAN ip address 192.168.100.1 255.255.255.0 ! interface VLAN 101 description Customer 1 VLAN ip address 192.168.101.1 255.255.255.0 ! etc.. then your ports will look like: interface FastEthernet 0/2 description customer 1 port switchport mode trunk switchport trunk encapsulation dot1q switchport trunk native vlan 101 switchport trunk allowed vlan 100,101 ! Then you'll need access lists to prevent the intra-vlan traffic.. -- James Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 7, 2010, at 8:39 AM, Vineet Bhojnagarwala vbho...@gmail.com wrote: I think this is a motel kind of situation and a PVLAN serves the situation right. Put all the ipphones in the voice vlan as suggested, make a seperate isolated vlan for the PCs, this will restrict traffic between the clients. Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 6, 2010, at 11:30 PM, David White david.wh...@watchguard.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com on behalf of Noah Miller Sent: Thu 5/6/2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: NAT in SPA922 It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?) place the phones in a voice vlan, and the phone problem is solved. as for the PC isolation, you might get better feedback on a cisco or other networking forum. -david -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
On May 7, 2010, at 8:03, James Lamanna jlama...@gmail.com wrote: On Thu, May 6, 2010 at 8:14 PM, Vineet Bhojnagarwala vbho...@gmail.com wrote: Alternatively, if using normal vlans, this can also be achieved by enabling access list on the switch and restrict traffic flows. Generally this is done on a layer 3 switch, don't think it will support on your switch model. That is correct. In order to do this on a 2950, you will need a router behind this to be the gateway for each vlan. (On Cisco equipment you'd need to create a subinterface for each vlan (i.e. FastEthernet 0.xxx) where xxx is your vlan number. Then you can set each port up to be a trunk port on the 2950, but specify the native vlan on the port as the PC vlan # and allow the Vlan # for the phone vlan. So something like: switchport mode trunk switchport trunk native vlan [pc vlan #] switchport trunk allowed vlan [pc vlan #],[phone vlan #] Then you will have to create access-lists on the router to block intra-VLAN traffic. This can also be all done on a Layer 3 switch (like the Cisco 3550), by defining each VLAN as an interface: interface VLAN 100 description Phone VLAN ip address 192.168.100.1 255.255.255.0 ! interface VLAN 101 description Customer 1 VLAN ip address 192.168.101.1 255.255.255.0 ! etc.. then your ports will look like: interface FastEthernet 0/2 description customer 1 port switchport mode trunk switchport trunk encapsulation dot1q switchport trunk native vlan 101 switchport trunk allowed vlan 100,101 ! Then you'll need access lists to prevent the intra-vlan traffic.. I lied. You don't need access-lists in this case with the allowed vlan statement. -- James Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 7, 2010, at 8:39 AM, Vineet Bhojnagarwala vbho...@gmail.com wrote: I think this is a motel kind of situation and a PVLAN serves the situation right. Put all the ipphones in the voice vlan as suggested, make a seperate isolated vlan for the PCs, this will restrict traffic between the clients. Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 6, 2010, at 11:30 PM, David White david.wh...@watchguard.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com on behalf of Noah Miller Sent: Thu 5/6/2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: NAT in SPA922 It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?) place the phones in a voice vlan, and the phone problem is solved. as for the PC isolation, you might get better feedback on a cisco or other networking forum. -david -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
Ok..So what ip phone model do NAT? Sebastian On Wed, May 5, 2010 at 12:26 PM, Luki lugos...@gmail.com wrote: However, when I connect a PC to that port, SPA922 works as bridge. Exactly. The SPA9x2 has a 2-port switch; no NAT, no routing (unlike the SPA2102, etc). I think the 5.1 series is the latest firmware for the 922; the the 942, there is 6.1.5a. Luki -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
On 6 May 2010, at 14:16, Sebastian Milioto wrote: Ok..So what ip phone model do NAT? I think you'd struggle to find one. If it's a requirement you're probably doing something wrong... S -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
Ok..So what ip phone model do NAT? I think you'd struggle to find one. If it's a requirement you're probably doing something wrong... Definitely get a router. Plug the IP phone into the router, and then you can plug the computer into the phone or the router. - Noah -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Sebastian On Thu, May 6, 2010 at 12:36 PM, Noah Miller noahisaacmil...@gmail.comwrote: Ok..So what ip phone model do NAT? I think you'd struggle to find one. If it's a requirement you're probably doing something wrong... Definitely get a router. Plug the IP phone into the router, and then you can plug the computer into the phone or the router. - Noah -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
On Thu, 6 May 2010, Sebastian Milioto wrote: It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Sebastian Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. - Noah -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
I see the following in SPA922 System tab (new firmware) VLAN Settings Enable VLAN:yesnoEnable CDP:yesno VLAN ID:PC Port VLAN Highest Priority:01234567No Limit Enable PC Port VLAN Tagging:yesnoPC Port VLAN ID: VLAN ID:1 for all Phones, and VLAN 2, 3, 4, 5..,24 for each PC. This should work, right? Sebastian On Thu, May 6, 2010 at 2:25 PM, Jeff LaCoursiere j...@jeff.net wrote: On Thu, 6 May 2010, Sebastian Milioto wrote: It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Sebastian Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
-Original Message- From: asterisk-users-boun...@lists.digium.com on behalf of Noah Miller Sent: Thu 5/6/2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: NAT in SPA922 It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?) place the phones in a voice vlan, and the phone problem is solved. as for the PC isolation, you might get better feedback on a cisco or other networking forum. -david -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
On Thu, 6 May 2010, Sebastian Milioto wrote: I see the following in SPA922 System tab (new firmware) VLAN Settings Enable VLAN:yesnoEnable CDP:yesno VLAN ID:PC Port VLAN Highest Priority:01234567No Limit Enable PC Port VLAN Tagging:yesnoPC Port VLAN ID: VLAN ID:1 for all Phones, and VLAN 2, 3, 4, 5..,24 for each PC. This should work, right? Sebastian Then you will have to do some work on the gateway and layout all your IP ranges. One for the phones and presumably your asterisk server, then one range for each PC. Your gateway will end up with 25 networks. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
Hi! Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Note: VLANs are an organisational tool, and do not really add security. If you want to go with VLANs in thise case then rather consider port based VLAN (configured in the switch only) instead of the typical tagged VLAN (802.1Q). There are various midly cheap smart switches around that support this type of poor-man's VLAN. Note: You will then have to have PC and IP phone on the same static VLAN. Philipp -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
I think this is a motel kind of situation and a PVLAN serves the situation right. Put all the ipphones in the voice vlan as suggested, make a seperate isolated vlan for the PCs, this will restrict traffic between the clients. Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 6, 2010, at 11:30 PM, David White david.wh...@watchguard.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com on behalf of Noah Miller Sent: Thu 5/6/2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: NAT in SPA922 It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?) place the phones in a voice vlan, and the phone problem is solved. as for the PC isolation, you might get better feedback on a cisco or other networking forum. -david -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
Alternatively, if using normal vlans, this can also be achieved by enabling access list on the switch and restrict traffic flows. Generally this is done on a layer 3 switch, don't think it will support on your switch model. Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 7, 2010, at 8:39 AM, Vineet Bhojnagarwala vbho...@gmail.com wrote: I think this is a motel kind of situation and a PVLAN serves the situation right. Put all the ipphones in the voice vlan as suggested, make a seperate isolated vlan for the PCs, this will restrict traffic between the clients. Rgds, Vineet Bhojnagarwala RCDD, NTS, OSP Spear Networks Pvt Ltd Integration Consultancy +91-9831436607 On May 6, 2010, at 11:30 PM, David White david.wh...@watchguard.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com on behalf of Noah Miller Sent: Thu 5/6/2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: NAT in SPA922 It is a building, with 24 separated rooms, each room will have a PC and a IP Phone. Every room connected to a switch Cisco 2950. I want keeping all PCs isolated behind a NAT (no access to neighbour's PC), and still keep communication in same LAN between all IP Phones. Should I take another approach on that? Put each PC in its own VLAN. Keep all the phones in one VLAN. Although having a $30 router in each room hanging off the phone would accomplish what you want also. Take j's suggestion to use VLANs. This is not a good situation for NAT. Cisco 2950's can do VLANs. to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?) place the phones in a voice vlan, and the phone problem is solved. as for the PC isolation, you might get better feedback on a cisco or other networking forum. -david -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
On 5 May 2010, at 14:39, Sebastian Milioto wrote: However, when I connect a PC to that port, SPA922 works as bridge. Anybody can confirm SPA922 can NAT a PC connected to its LAN port? Does exist such LAN tab for setting up parameters as port forwarding? (by the way, version is 5.1.15(a). I'll appreciate links for downloading new firmware) It's a phone not a router. It doesn't do nat. You can get new firmware from www.cisco.com (believe free CCO login will get you the SMB stuff). The 'My Cisco Community' forums are also good. Has real Cisco people who appear to know their stuff. S -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: NAT in SPA922
However, when I connect a PC to that port, SPA922 works as bridge. Exactly. The SPA9x2 has a 2-port switch; no NAT, no routing (unlike the SPA2102, etc). I think the 5.1 series is the latest firmware for the 922; the the 942, there is 6.1.5a. Luki -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users