VLAN issue with 3CXPhone

Discussion in '3CX Phone System - General' started by cbrinker, Sep 25, 2013.

Thread Status:
Not open for further replies.
  1. cbrinker

    Joined:
    Aug 6, 2013
    Messages:
    2
    Likes Received:
    0
    Hey all, looking for some help with a possible networking issue with my 3CX setup.

    Here's what I got:

    3CX Server has two NIC cards
    1 NIC on data network
    1 NIC on voice vlan network (no default gateway)
    All Phones are configured to use voice vlan NIC

    Cisco Catalyst 2960S
    all ports have "switchport voice vlan 100" and computers use vlan 1

    That works fine. My issue is with the 3CXPhone on the PC's. The configuration file for the phones and the 3CXphone is pointed to the voice VLAN. The PCs are unable to access this VLAN (by default).

    Since this is the attended design by 3CX ( to have the one config file) I am going to have to allow the PC's to talk to the VLAN 100. My issue is that I have a Cisco ASA 5505 Base license as the router. I have created vlan100 and gave it the same security as vlan1. It only works if I give the NIC on the 3CX server a default gateway of the interface vlan 100 on the ASA. When this gateway is in place, it fights the other gateway and I lose internet connectivity and have call issues.

    Should I bite the bullet and buy Security Plus for the ASA, but wouldn't I still need the default gateway?
     
  2. netswork

    netswork Active Member

    Joined:
    Mar 11, 2011
    Messages:
    577
    Likes Received:
    1
    Your still going to need the gateway or set a route in the windows box "Route add" command. It would be much simpler if you just put the 3cx box in the voice vlan, and not in the "data" vlan. There is no need to have it in both. Then set your vlan interface on your asa and set the default gateway of 3cx to be the ASA and use the ASA to route. Dual homing a server is never a good idea unless it is just a must for some reason.

    Your still accomplishing what your trying to accomplish by putting voice in a vlan. Easier to apply QOS and you keep PC broadcast traffic away from your voice network. I do the same thing for all my installs...but the 3cx server sits in the voice network...not in the data network and we route to it as needed.

    A layer 3 switch would simplify things too.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    1
    Reconsider using a "voice vlan". I thought about that long and hard back when I started implementing. Seeing that presence is mainly driven at the PC and voice at a handset, it was clear that both avenues needed to be reachable at the PBX. Thus, the traffic would have to be routed across vlans to reach the "other" vlan.. take your pick.

    So.. it then became a question of "what does the vlan actually do FOR me?" QoS seemed to be the best choice. Since RTP is pretty low throughput but rather intolerable of packet loss (jitter, poor fidelity..), seemed appropriate to just shape the traffic for ONE vlan for the workstations/pbx.

    Sure, you can get the appropriate hardware to route vlans.. but other than making you feel better, doubtful that it is necessary to prioritize voice (RTP) on a LAN.

    Then again, if you already have "the stuff" to route vlan traffic, carry on! In your case, though.. you don't.
     
  4. afinite

    Joined:
    Mar 11, 2012
    Messages:
    18
    Likes Received:
    0
    Hi cbrinker
    What did you do in the end?
    A default gateway is the most basic, catch all way of doing this. As someone else has already said, the issue is that you can't contact the 3CX Internal interface from your PC network as they are on separate subnets (which presumably happen to coincide with the separate VLANs you have setup).
    Your PCs will presumably have a default gateway set pointing to your router, but the router doesn't know where / how to contact the 3CX voice VLAN either.
    From what I can glean about your 2960S, its not a layer 3 switch, so it can't do any routing for you, so instead you'll have to use your router, unless you swap out your 2960S with something layer 3 capable.
    If your router will happily route traffic between the two subnets/VLANs then you could just add a static route into the 3CX server to tell it where to find the LAN range, leaving the other NIC with the default gateway.
     
Thread Status:
Not open for further replies.