does this network organization sound ok?
Submitted by JustinHoMi on Sat, 04/05/2008 - 11:39pm.
I'm setting up my first Trixbox CE box soon for a client, and I just want to run the general organization of the network by you guys first.
We're going to be running one Dell SC440 and 18-20 polycom or aastra phones. The phones and server will be connected to a Netgear FS728TP POE switch.
Also in the office are 20-25 workstations and 3 servers connected to a few cheap switches. The client will be running Hud (or an alternative) on the workstations. Also, some of the employees may occasionally take their phones home and connect remotely. I plan on setting up a new router (pfsense?) with QOS and VPN.
The debate is how to keep the two networks ("Phones" and "Computers") are separate as possible. I could use vlans and routing, but what about just putting two network cards in the server? That would keep it cheap and simple. With two nics in the server the "Computer" network would be able to connect to the server, but it wouldn't interfere with the phones. Hud should work fine, and clients should be able to use phones remotely.
Thoughts? :)
Thanks in advance,
Justin
I think I would put the
Sun, 04/06/2008 - 6:20am
I think I would put the phones and the phone server on your POE switch. Then I would buy a cheap router to interconnect the two private networks, the phones to the computers. Since that router is routing between 2 private networks, turn off the gateway (NAT) feature on that router and put it in router mode. I would use the Pfsense box at the border with the Internet. They make pretty good firewall routers.
You won't really need a VPN
Sun, 04/06/2008 - 7:41am
You won't really need a VPN for the users to work remotely.
What I do is open the ports 5060 and 10000 to 20000 (UDP only) and point the phones to the internet IP address. So now when they take their phone home they just plug it in their home network and they're all set.
For 20 phones I honestly find no reason to separate the networks since an internal network is 100 MBPS, if not more. I never ever separated the phones and the computers. What I just do is set up qos on the router so that external Voip calls should not be choppy if someone is watching a you tube video or whatever the case is.
Let us know how it works out. And I don't suggest poe if they're going to take the phones home. Because at home they definitely don't have Poe
Good luck
i have 50 phones + computers
Sun, 04/06/2008 - 9:12am
Polycom's POE is messed up.
Sun, 04/06/2008 - 11:38am
Polycom's POE is messed up. They want you to buy a special POE cable, around $25 each. Plus the costs of the POE switch ($300-$500)
Is that worth it?
http://www.voipsupply.com/pro
Sun, 04/06/2008 - 11:58am
what??
Sun, 04/06/2008 - 12:25pm
Polycoms DO NOT require a special cable at all. They use standard 802.3af for POE and any ethernet cable will do. I'm not sure what is included in those SKU's, but it's nothing special I can assure you.
The only phones I've EVER heard of having special POE requirements were early Cisco's when they had their own version (a swapped pair) of POE.
Whomever you got your information from about REQUIRING that $40 cable should be seriously questioned.
-Mike
Oh
My sales rep from voice
Sun, 04/06/2008 - 1:36pm
Oh
My sales rep from voice pulse either lied or misunderstood
I don't deal with Polycom yet so I have nothing to worry about in regards to my clients. And Justin- sorry for misleading you. I had no idea myself.
My opinion
Sun, 04/06/2008 - 7:01pm
Everyone know my opinion however let me throw in my .02
- Key point as stated previously in thread, Polycom's listed do support 802.1af special cable is required to use a Cisco pre-standard switch.
My theme - this is your voice network, do it right. The savings is implicit with open source solutions like Asterisk.
If you would like specific network comments please tell us more about your environment. Specifically your Internet connection and security environment.
Good luck.......Scott
--
Scott
aka "Skyking"
i have installed about 25x
Sun, 04/06/2008 - 7:43pm
i have installed about 25x 15-30 user systems, and 6-8 larger ones in the 40-60 user area, so far I have yet to need vlans except on a much larger network that had 200+ nodes +35 phones, data traffic runs great on all my networks, and not a skip or jitter in voice traffic. If you have more than 15 nodes, it would be dumb not to buy a managed POE switch that supports vlans. 64k(ulaw) x25phones =1.6mb - shouldnt even touch a small 10/100 network.
Having seperate vlans or even seperate physical networks is a great way to guarantee a clean voice network, but just look at it from a management standpoint - you are adding x amount of complexity/work to your job, and x amount of time to disaster recovery if you have to rebuild. If you are an IT guy that likes to tweak your network a lot, and have lots of free time on your hands, then its probably a good idea. But most on-staff IT guys that I have seen are pretty busy. I recently was called in to a site where the inhouse IT guy had built a pretty "trick'd" out network, and did a lot of tweaking on his trixbox, unfortunately the server crashed completely, and I was called in to assist him, it took 5-6 hours to rebuild during business hours because he wanted to maintain all his "mods", had this been maintained by me the recovery wouldnt have taken more than an hour - drop in the install cd, and load the backup tar. My thought is to keep things as simple as possible, unless your business has extremely stringent security requirements like the government - then nothing will be simple.
-just some numbers and ideas ;)
Jay -
I can never tell if
Sun, 04/06/2008 - 8:24pm
Jay -
I can never tell if you agree with me or not
I can't speak to specific sites, I speak in terms of principals that when applied to practice generate results.
Since we do not "sell" trix it is part of an end to end managed serviceI have far more control over my customers than you do.
I always value your opinion as you are running a real business selling to real customers, not a hobby shop.
With regard to the new network described in this thread, let's see what his current environment is. I do not support complex configs, simple voice-vlan auto discovery.
It is not just about bandwidth (forwarding rates) when enabling QoS on a LAN, delay and jitter are dramatically improved.
I should also mention that not all managed switches support priority queues. 802.1q by itself does not allocate bandwidth it simply segregates traffic at layer 2.
For a discussion of why vlans are needed on non-saturated networks, I have referenced a link to a bit of Cisco propaganda.
--
Scott
aka "Skyking"
Scott- Not argueing against
Sun, 04/06/2008 - 10:51pm
Scott- Not argueing against you, I understand what your saying, just when I started doing this stuff, I would do all these add-ons and customizations and little tweaks that I thought would give the system some edge, now when I go back to support those installs I kick myself because I made myself so much extra work by doing that, when the system was fine "as-is" from the base install. I still do little customizations and what-not, but try to keep it minimal, most of my clients want to keep my bill as low as possible, and I have no lack of work, so it works out in the end.
Of course vlans and queing are great, you should always think about covering that area when purchasing new network equipment, its too easy to have it and not need it than to need it and....
i dribble on... -John
Scott has the idea
Mon, 04/07/2008 - 6:51am
I'll have to agree with Scott here 100%. With ~20 phones and ~20 users, you dont HAVE to differentiate the networks or do any VLAN'ing, but why wouldn't you, given it's a relatively easy config? To set up routing between 2 networks or VLAN'ing does not take that much extra time or effort to implement, or troubleshoot for that matter. You can bill a little more, and rest a little easier knowing the solution is more properly implemented.
I've been in the consulting biz for years, and one of the most important things I've learned is to set things up properly, right from square one. It's never worth it to go about the mentality of 'well, I don't HAVE to...'. VLAN'ing and what we're talking about here is not exactly very complex, so I don't see the issue in setting it up in the first place. Plus, MORE BILLABLE HOURS! I can definately sympathize where people like Jay are coming from, but in this case I can't see this adding virtually any complexity to the network.
Go top shelf right off the bat. Period.
Quote:
Scott- Not argueing
Mon, 04/07/2008 - 8:37am
Quote:
Scott- Not argueing against you,
John - (Sorry I called you Jay). Not arguing, as I said I appreciate all the data points.
I wonder if all of these opinions helped the original poster figure out what they wanted to do.
I often wondered if a poster, making a preinstallation inquiry is overwhelmed when 20 people offer 20 different ways to do things.
Scott
--
Scott
aka "Skyking"
Quote:
Go top shelf right
Mon, 04/07/2008 - 8:46am
Quote:
Go top shelf right off the bat. Period.
Well I don't know about that, however I think our intent is different.
Our charge to install switches includes a standard VLAN configuration. All our switches roll out the door with a Base LAN, Voice, Video (security NVR's) and Wireless VLANS predefined and trunked.
This gives us future flexibility. If we are installing into an existing environment we match the customer configurations.
We try to do as little custom work as possibly.
Now if you want to start another thread in the open Forum we can talk about my style for scope management. Managing scope is the single most important task for any technology vendor. It is the key to customer satisfaction. Say what you are going to do then do what you say. Do you have a customer test plan and require the customer to sign off on it?
Scott
--
Scott
aka "Skyking"
Thanks for the responses.
Mon, 04/07/2008 - 12:53pm
Thanks for the responses. They are all very helpful.
I've been debating on whether or not to use vlans. I may not have a full understanding of their implications in a VOIP network, but it seems to me like it is not necessary in this case. I could be wrong. Currently the network has two subnets configured on a netopia 4562 router. The switches are all unmanaged.
192.168.1.x -> workstations (doing autocad mostly) and fileserver
192.168.2.x -> "internet" servers (mail, ftp)
If I put two NICs in the VOIP server, then the voip network would have it's own dedicated switch. The only thing connecting the two networks would be the voip server. What would be the point of using a vlan?
I am the IT guy for this network. Most of my clients are "cheap", so we rarely spring for managed switches. I like to do things right, but I've just never knowingly had the need to use a vlan, so my experience in that area is lacking.
In regards to VPN, a few clients currently login with VPN (configured on the netopia). I'll move the VPN config over to the pfsense router when I get that setup.
I should also mention that they have a 1.1/1.1 SDSL line which tends to get saturated during business hours. I'm going to set up some aggressive QOS rules on the new router, and maybe a transparent proxy server.
More details
Mon, 04/07/2008 - 4:24pm
Keep in mind that the switches in the phone all work with VLANS. So unless you want to burn two switch ports for each phone + workstation you have to configure VLANS.
I would place NIC #1 of the Trixbox in the 192.168.2.0/24 network. I assume the Netopia routes between the networks?
Then I would build a third network off of NIC #2 for the Voice Vlan. It can be 192.168.3.0/24
Then place a route in the Netopia of 102.168.3.0 255.255.255.0 to trixbox-IP so that you can get to the phones management interface.
Now you have traffic segmentation. When you plug a phone in you can plug the workstation into the second port.
Don't let anybody tell you the switches on the phones are more trouble than they are worth. Cat 5 drops are expensive.
Thanks for the details on your network, it makes it easier to make specific recommendations.
You can set it up in about the time it took to type this message.
--
Scott
aka "Skyking"
Oh, I should have mentioned
Mon, 04/07/2008 - 4:53pm
Oh, I should have mentioned the wiring. Their existing phone system uses cat3, I think. It's a flat 4-wire cable with an RJ45 connector. As I understand it PoE will work over cat3. I may have made an improper assumption that the phones will too. Will I have any trouble using cat3 for the phones?
Justin
You need to make sure that
Mon, 04/07/2008 - 5:09pm
You need to make sure that the 4 wires are in the correct order and connected properly.
From the left, the first 3 and the 6th connector is what you are supposed to use. We all have different "lefts" so you need to look at a diagram for this.
I dont know if POE will work since I never set up POE with cat3 but in my house there are certain places I had to use cat3, no POE and it worked (computers and phones) but normally we have an electrician come in to wire real cat5 cables so that I can also allow my company to support the wiring if anything goes wrong and we need to troubleshoot.
Sorry to go off topic, but
Mon, 04/07/2008 - 6:20pm
Sorry to go off topic, but KodaK, I'm just curious- what's wrong with cat3 (when there's no other choice) if, from what I understand, 4 of the 8 wires do not do anything?
Don't take my question the wrong way- I am just curious. I don't work with wiring too much but if you are saying it is bad, I will go right this second to turn those 2 cat3 wires to cat5 (in my house)
Thanks
Cat 3 will not sustain
Mon, 04/07/2008 - 7:21pm
Cat 3 will not sustain connectivity over longer distances. Not sure what the actual specs are but I would strongly be opposed to that idea. Joseph, I don't know how big your house is but I bet your cat3 drops are not that long. Cat5 (go with enhenced "5e") data travels over stranded wire, if you use cat3 in a production environment you are asking for trouble. Just my .02
Chris
The difference between cat-3
Mon, 04/07/2008 - 7:56pm
The difference between cat-3 and cat-5 is, to simplify, the number of twists per inch of wire, the more twists, the less attenuation there is in the signal. Cat3 just isn't capable of pulling off much more than 10Mb. I'm not aware of 10/100 switches being capable of automatically dropping the speed to 10Mb, although I suppose I could be wrong on that point.
If you hard-lock the switches and devices to 10Mb then I suppose you could get away with it, but "getting away with it" is hardly worth it. If it works in your house, then by all means keep at it (don't be surprised when it fails suddenly) but if you try in a production environment you're going to have some very upset clients or bosses.
If you have absolutely no choice, then you're going to have to make sure you can lock your devices and switches into 10Mb mode. There's no difference in how you wire up cat-3 and cat-5 (well, assuming you follow one of the TIA/EIA standards) so it's quite possible that your switch and NIC will auto-negotiate 100Mb on a short cat-3 run, but I'd bet that if you fired up a sniffer you'd see a bunch of transmission errors. Just guessing, though.
Just because it works does not mean it's right
Mon, 04/07/2008 - 8:23pm
Some facts first -
- 100Base-TX (standard for Fast Ethernet) is a complex electrical specification. Kodak pointed out the number of twists in the wire increase the bandwidth on the cable. The less twists the more leakage you have and other signals interfere with the data transmission. This can cause dropped packets leading to all sorts of strange behavior. Don't believe me Google "Common Mode Rejection Ratio" for a detailed explanation of why.
- Unmanaged switches and fixed configuration managed switches behave very badly with 10Base-T devices attached. It gets even more ugly if the device negotiates at half-duplex. Older HP print servers are famous for this. In Half Duplex mode the MAI (transceiver) has to squelch when transmitting. A 10Mbps device behaving badly can and has brought down entire segments of networks. If the device is 10Mps it is old and supports very few of the behind the scenes standards incorporated in newer MAI's found on modern NIC's. Even high end Enterprise Cisco switches must be manually configured for 10Mbps or half-duplex. If you have Cisco switches in your closet and any of the ports are orange you may have big problems on your network.
- The switches on phones are not designed to support voice at 10Mbps, they are designed to support an older workstation attached to the phone. Even this is problematic. Standards such as 802.1p (packet queuing) and 802.1q (vlan tagging) do not work on 10Base-T.
Just don't do it, the whole argument of it worked for at my house is completely specious. If you had unprotected sex and did not contract an STD would you repeat the behavior? Joe I can't believe your customers pay you for advice like this.
There is a fundamental principal here, if you have are in business, I don't care if it's 3 or 300 phones, you can't afford for them not to work. Key systems are monolithic devices that perform one function transparently. If you are going to trust your voice to a data network you can't cut corners and expect it to work repeatably. Every deviation from standard is an open door for problems. These phones have full blown OS's in them (some like the SNOM Linux based). If you have to reboot your computer because the network locks up that is not as big a deal as having to reset a phone. When you see posts on odd behavior it can be traced back to something wrong on the network.
--
Scott
aka "Skyking"
Well I'm glad the cat3 issue
Mon, 04/07/2008 - 8:39pm
Well I'm glad the cat3 issue came up! I'll either replace the cat3 with cat5 or get phones with switches. In the latter case I'll certainly need to use vlans.
Thanks a lot for the detailed information. These forums are really helpful!
I wonder what other major mistakes I've made in my rollout plan....
Back in the days of parallel
Mon, 04/07/2008 - 8:44pm
Back in the days of parallel printers I'd have this conversation all the time:
Customer: Our printer just suddenly stopped working! Fix it!
Me: Well, it appears that you're using a 25' parallel cable to connect your laser printer to your computer. This is out of spec, the maximum length is 6'. Move the printer closer.
Customer: I refuse to believe that! It's worked for years!
Me: It's not working now, is it? Let's just try this.
I move the printer and get an in-spec printer cable. It works.
Customer: Well, that's just weird!
Me: No it isn't. It's out of spec.
Moral of the story: specifications exist for a reason.
It just occurred to me that
Mon, 04/07/2008 - 9:08pm
It just occurred to me that if you guys don't know that the cable type makes a huge difference, it's quite possible that you don't know that the order of the wires in a connector make a difference.
It does. A lot.
Yes, only two pairs get used, but the wiring makes a difference such that the positive and negative currents "cancel" each other out in the wire.
If your connector has a color coded scheme, follow it. It will probably have two schemes, 568a and 568b. Most people (in my experience) use TIA/EIA-568-B. Whatever you choose, stick to it.
For wiring patch cables this is the 568b scheme:
Pin Color 1 orange-white 2 orange 3 green-white 4 blue 5 blue-white 6 green 7 brown-white 8 brown
The reason the colors matter is that only pins 1, 2, 3 and 6 get used, corresponding to the green and orange pairs. 1 and 2 are tx + and -, respectively, and 3 and 6 are RX + and -, respectively. (Also, many other people say white-orange or white-blue as opposed to blue-white, orange-white. I don't know if one is more correct than the other. Telephone guys probably care -- in 25 pair cables the colors get pretty insane. For a color blind guy like myself it's just too much. Even though I've done it (with a lot of help.))
So tx+ and tx- wrap around each other, and rx+ and rx- wrap around each other, canceling interference and, for lack of a better phrase, making things go fast.
Haha yeah, the days when you
Mon, 04/07/2008 - 9:08pm
Haha yeah, the days when you could still buy the old parallel cables and the new IEEE-1284 ones confused a lot of folks. Most people just looked at the price difference and got the old ones.
Ironically, I was doing the same thing buy trying to use cat3. I guess it's payback for all the people I laughed at 10 years ago.
Quote:
where we did all our
Mon, 04/07/2008 - 9:23pm
Quote:
where we did all our own drops...
Laughing, there are also specifications on how close the twists need to be to the punch or crimp. I have seen so many people dismiss these facts.
A cable should not be put in service unless it has been certified. It's just too risky.
Kodak,
If you read the spec real close you can run two 100Base-Tx connections in a standard CAT 5 jacket.
--
Scott
aka "Skyking"
obviously, its obvious the
Mon, 04/07/2008 - 11:02pm
obviously, its obvious the case here - cat3 wont autonegotiate to 10mb (Scott has some nice notes on that). If your budget is low, you are better off just running 1 wire for everything - most decent phones will have a built in phones (in fact, I would call it indecent if it didnt) and most decent phones support vlan tagging - although I doubt you will have true need for it (dont let this start a playground argument;).
Aastra 480i 55i or Polycom 501 and 330/430 are some good workhorse phones that all have 2 ethernet. Next just get yourself a decent managed switch that supports vlans to connect it all. Regardless of which phone or switch you use, you are not forced to use vlans in either case, its just a good practice to successfully scale to a larger network with voice and data on the same wire. On the other side of that coin - just because the switch supports vlans, doesnt mean you are using it (the vlans and traffic queues obviously must be configured).
FYI, I went with Polycom
Sat, 05/03/2008 - 11:46am
FYI, I went with Polycom 430's and 650's and a Netgear FS728TP switch. I also used the original wiring, which is a mix of various types of cable, non of which appear to be twisted pair.
They wouldn't autonegotiate, so I manually set the phones and switch to 10baset/full-duplex, and the switch reports 0 errors on all lines! So far it seems good... I'll update if we run into any problems.
Interesting post....
I run
Sat, 05/03/2008 - 12:02pm
Interesting post....
I run into situations where I install a phone system in a new building and the electrician doesn't follow these standards. What equipment do people use to certify cables, we have simple cable testers but thats not enough, we'd like to be able to offer cat5 certification to clients to eliminate problems like that.
Any ideas?
Quote:
Sat, 05/03/2008 - 7:17pm
Quote:
electrician doesn't follow these standards.
If they where union electricians they should not have been running data cable. The classification is teledata for that type of work.
Quote:
What equipment do people use to certify cables,
Fluke LAN meters are fantastic, the Penta Scanners are the workhorses of the industry. Figure around $1500.00 for one the can do CAT 5e and 6.
Quote:
we'd like to be able to offer cat5 certification
There is far more than just testing the cable to meet certification requirements. BICSI www.bicsi.org is a great place to start. Here is a magazine with more than you could ever want to know Cable Magazine
Any organization savvy enough to request certification will usually quote standards, either BICSI or EIA/TIA.
Everything matters, the number of twists as the cable enters the connector, proper connector installation tools, wire management, distance from EMI (fluorescent fixtures - Motors etc.), use of proper wall plates. If you are in a building with suspended ceilings and the wire is not hung with hangars, it's not to standard!!!!
If you can't trace wire through a bundle (they should not twist or turn or be snarled), it is not too spec. A picture is work a thousand words:
A normal (could be neater) patch wire job:
A perfect job:
Very nice small install (Do your installations look like this?
Before cable management:
Same install after:
An extreme fiber cable management install (included just for fun):
It does not cost a significant amount more to do the job wrong. If you have a Graybar or Anixter counter in your town pay a visit and look at all of the structured wiring stuff! If you are buying stuff from Lowes or Home Depot you are paying wayyyyy too much.
--
Scott
aka "Skyking"
I try to make my customer
Sun, 05/04/2008 - 7:25am
I try to make my customer cabinets look like that as much as possible. I hate a messy rack. What i'd like to do is hook up the cables and certify them for 100meg speeds. I guess my problem is the electrician will punch it down put it on a basic meter to see that all the ends meet up, but when we go to use the wire it works like crap. I want to be able to certify that the cable is 1/2 decent for speed or crap.
Quote:
I want to be able to
Sun, 05/04/2008 - 10:19am
Quote:
I want to be able to certify that the cable is 1/2 decent for speed or crap.
That's what the Penta Scanner or Fluke LAN meter is for. The problem is when the test fail it will be as a result of the things I mentioned, proper installation of the connectors and incorrect proximity to EMI sources. You have to be prepared to repair the problems. If the standards are being met then the tests will pass 99% of the time.
In my experience 75% of the wiring installed in the field is out of specification. We just had to walk out on a customer because their wiring guy had placed the cable in a plenum ceiling across the fluorescent light fixtures. We where getting all sorts of errors from the switch ports. The cable installer told us we where crazy, wanted us to swap the switch. We install two cable runs across the floor and they worked perfect.
We gave the customer two options - force the installer to rerun the cables and certify them or pay our contractor to do it. They choose option 3, take your phones back.
Scott
Scott
--
Scott
aka "Skyking"
The Netgear FS728TP has a
Sun, 05/04/2008 - 10:29am
The Netgear FS728TP has a way of testing cables, however I've never used it.
Quote:
The Cable Test screen contains fields for performing tests on copper cables. Cable testing provides information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error that occurred. The tests use Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested. Cables are tested when the ports are in the down state, with the exception of the Approximated Cable Length test.
Quote:
The Netgear FS728TP
Sun, 05/04/2008 - 10:47am
Quote:
The Netgear FS728TP has a way of testing cables
That is testing the cable not certifying it. It is a useful feature however it does not certify the cable to Category 5 standards.
Attenuation, Impedance and Near End Crosstalk (NEXT) are key tests.
I don't make this stuff up.
Scott
--
Scott
aka "Skyking"
Connect trixbox 2.6.X with external pbx
Fri, 07/25/2008 - 12:16am
I have trixobox 2.6.x with beronet BN2S0 (isdn card with 2 ports) and 1 external pbx (auerswald 4410). I config card on trixobox 1st port on nt1 (isdn box for co lines) and 2nd port on external pbx. I have also one spa-941. When I dial 34 (connected on extrenal pbx)from spa941 the phone (34) ring. From 34 I call 51 (spa941) , spa941 is ringing. On IVR on trixbox you listen message ( Type 4 for account manager ) which is 34 on external pbx. You type 4 and nothing. How can I install custom extrenal (on trixobox) for 34 (on external pbx) ? I need pap2 for that ?
Member Since:
2008-03-05