Setting up static IP addresses

IBM IntelliStation
October 4, 2008 at 23:31:03
Specs: WIN XP SP3, P4 4gb

I am trying to set up two devices on my home office LAN with static IP addresses to the Internet so they can both be accessed from outside my LAN. One is a VoIP PBX that I want to connect to remotely to create a remote extension and the other is a server that I'd like to be able to access when I'm travelling.

I have a Belkin ADSL2 modem/router that is currently my single point of connection to the Internet, now configured with a static WAN IP address supplied by my ISP and a LAN address of 10.1.1.1. My ISP also provided me with two other static IP addresses that I want to use with the VoIP PBX and the server. The modem/router is also my DHCP server and provides NAT. I have a number of switches that are all connected to create a single LAN in the 10.1.1.1 to 10.255.255.255 address range. Both the VoIP PBX and the server are connected to my local LAN with fixed IP addresses (10.1.1.2 and 10.1.1.100 respectively).

The VoIP PBX has a WAN and a LAN side (it can also be used as an Internet router and DHCP server - I am not using these functions on this box) - at present it is connected to my LAN through its WAN port and the VoIP phones connect to it via that connection (they are connected as devices on my LAN and get their IP addresses from the DHCP server on the modem/router). The LAN port is not being used.

The server has a single ethernet connection that currently attaches it to my LAN with the fixed IP address 10.1.1.100. It is running XP SP3. It is primarily a data server that the other computers on my LAN ( and hopefully my laptop when I'm travelling) access. I am also not sure, once I get this setup so I can connect to the server remotely, how I can then access files on it (i.e. whether I need any other software running on it or whether I could just use Windows Explorer on the remote laptop to access its files).

So I need to be able to access both of these devices through my local LAN and from outside the local LAN via the Internet. I'm not sure if that means that both devices need to have a WAN side and a LAN side and if so, how I physically connect each to my network. The VoIP PBX has a WAN and LAN connection at the server only has a LAN connection (it has two network cards if that is necessary - one is currently not being used). I am also not sure how these devices would connect to the net with static IP addresses through my modem/router and whether I would need to configure the router in some way (by opening ports, perhaps) to expose those of those devices to the Internet so I can address them directly from outside my local LAN.

Can someone tell me how to set this up, or point me at some good documentation that explains all of this in easy to understand terms?

Mark Bagshaw


See More: Setting up static IP addresses

Report •


#1
October 5, 2008 at 08:28:25

Do all static IP addresses provided by your ISP come through the same entry point? If so, can the Belkin modem/router handle more than one WAN IP address? In other words, do you see all WAN addresses in the web interface?

Report •

#2
October 5, 2008 at 15:10:06

Did you review/research the PBX config/documentation? Kinda seems to be you jumped in with both feet without looking first :-)

Usually the VoIP server does not have a wan per say address. It has copper/T1 coming in to provide dial tone which is how you get to the outside world.

If you want to connect from an outside phone to your pbx you would create a site to site vpn and connect into the phone system from the outside that way.

Usually you have one ip segment/range for voip phones and another for your data hosts.
Usually you have a managed switch which is vlan capable. PBX and internet router connect to switch and you have one vlan for phones and one vlan for data hosts {pcs}.

I would not trust a Belkin anything to protect/function and your needs are way beyond a Belkin.

Remote access:
You want a vpn capable router with a windows client. I use Sonicwalls for this. There are other products. The way this works is you configure the sonicwall firewall/vpn device/router for vpn client access. You load the client on your laptop. You make an internet connection when in the field. You then run the vpn client to get authicated to the sonicwall. Then you run RDP to connect to the terminal session you setup on the server. Now you have server/network connection.

VoIP PBX:
Usually this is not accessable via the web. You have a copper line either as a voice T1 or multiple copper lines coming in [one for each phone number - T1 allows you to put multiple numbers on virtually] for your dial tone. This is how you interface with the world.
Managed vlan switch to provide a vlan for phones and one for data as I have stated above.

My background comes from working with NEC IP 2000 phone systems in a wan configuration with 9 sites. We had one site which was close to another [sites are 45-300miles apart] and we ran it with ip phones that connected to the closer sites pbx which did both regular pbx and voip. Rest of our system is not voip.

My response is based on you saying you had a pbx. Vonage for example does voip but what you get is not a pbx. It is a voip router. They are not the same. Vonage has their own VoIP PBX and uses the internet as their "copper".

The difference here is to get to other people you have to jump to copper [lan lines]. This is what a pbx does. Even vonage goes to copper. You have voip on one side and copper connection on the other. The pbx is smart enough to know which is which.

Question for you is what do you have? PBX or voip router? Who sold you this and what is the make and model?


Report •

#3
October 5, 2008 at 20:57:43

Thanks to both respondents to my question (yes, I probably did jump in both feet first without looking!).

I has put a PDF with a diagram of my current configurations on my Sharepoint site: http://sharepoint.innov8group.com.a...

I have shown all the relevant pieces of equipment and how they are currently connected. As the diagram shows, I am currently connected to my ISP (iiNet) through the Belkin VoIP modem/router that is now connected to iiNet with the static IP address they have assigned me (this device is also the only DHCP and NAT server in my local network - on its LAN side it is configured to give out IP addresses in the 10.1.1.3 to 10.1.1.255 range).

Most of the devices on my local LAN use dynamic IP addressing (including the VoIP phones that are connected to various switches throughout the home office), but the router has a fixed address of 10.1.1.1, the Epygi Quadro 2X VoIP PBX is connected to the local network on its WAN side with a fixed IP address of 10.1.1.2 (the LAN port on the Quadro is not connected to anything but this device is capable of acting as a router and NAT server) and my data server is connected with a fixed IP address of 10.1.1.100.

All of this is currently working, including the phones - apart from the capability to create a remote extension on the VoIP PBX and the ability to access files remotely on the server.

From what I've read about the Quadro, the best way to establish a remote extension (I will use a softphone on my laptop which has a wireless broadband card) is for it to have a static IP address on the Internet (my ISP has provided me with two extra static IP addresses). I gather that what I now need to do is to reconfigure the Quadro so its WAN IP address is one of the static IP addresses instead of the fixed IP address it currently has on my local LAN. I suspect that if I then configured its LAN side as a DHCP server and connected the VoIP phones to it on that side (they currently connect to it through my local network but on its WAN side) it would come close to working.

What I'm not sure about are the following:

1) Where would I physically connect the Quadro box (it is currently connected to one of the 4 LAN ports on the router)?

2) Do I need to make any configuration changes to the router to let the Quadro box (and the server) connect directly to the Internet with its new static IP address (I see in the router configuration settings a number of things that look like they might need to be set up - under its WAN settings it has options for "ATM PVC" which at present appear to be only defining one connection but it has options for seven others and under the "ROUTE" settings it seems I could add a Static Route)?

3) Would I still be able to have the phones connect to the Quadro box through its WAN connection (which would not now be in my local LAN address range) or would they have to be connected on its LAN side?

I'm trying to avoid this as I only have one Cat5 cable running from my office where several of the phones are to my equipment room where the Quadro box and the router are. I gather if I set up a separate network on the land side of the Quadro box just for the phones I would need to physically connect the phones to it. But perhaps I can connect the LAN port on the Quadro box to one of my switches and the phones could then access the second network I would establish on the Quadro box - or would the fact that I would have DHCP running on the Quadro box as well as on the router confuse things?

I could run another cable if absolutely necessary but I also use a softphone on my desktop computer to give me an extension on the Quadro box - that is very useful to be able to automatically dial from my Outlook contact list - and, like the phones, the desktop machine is on my local LAN.

4) How would I physically connect the server to be accessible both from my local LAN and directly from the Internet via the second static IP address provided by my ISP? Would I need two network cards in the server (as it happens, it does have two)? And if that's the case, do I need something running on the server to somehow link the two network connections that I would then have so that the files on the server could be accessed either by any device on my local LAN or remotely via my laptop?

Does anyone know of a really good "dummies" guide to all of this? 20 years ago I was a country large systems specialist for IBM so I am technically-capable but I'm just not up to speed with modern networking (or VoIP).

Mark Bagshaw


Report •

Related Solutions

#4
October 7, 2008 at 15:28:47

A. your diagram shows the switches in serial. This is not optimal. You should have a single switch which every other switch and router plug into. This is referred to as a backbone switch. All other switches are only one level down.

You don't mention if they are managed switches or not. Would be helpful if they were.

B. your voice and data are on the same subnet. No mention of vlans. No mention of QoS. This config will result in poor telephone performance especially when doing large file transfers/server apps access.

C. VoIP server is using the wan interface. Should have been configured to use the lan interface since the phones are on the lan side of the fence.

D. The belkin description says:

http://catalog.belkin.com/IWCatProd...

"if you subscribe to a VoIP service, you can use this modem and have one telephone line manage three phone accounts with three separate numbers - your standard phone line plus two voice over internet accounts with a VoIP provider.

To use the enhanced features of this modem for voice calls over the internet subscribe to a reputable voice over internet provider."

You can't use this feature in your present config unless you subscribe to voip service [like vonage].

E. You should replace the belkin with a vpn capable firewall router. I use sonicwalls.

You would then from a remote internet connected station run the sonicwall vpn client and authenicate to the firewall. After that you connect using RDP and authenicate to a terminal server session on your server. This would give you network access remotely.

Without knowing the VoIP server I can only guess at its config. Wan port would not be used. A remote phone would have to have a lan ip not a internet ip to access the pbx. It would get this from the sonicwall. I know sonicwalls have a voip tab but having never used it I can't advise.

Recommendations:
Get managed switches and create two vlans, one for telephone and one for data so the two don't interfer with each others bandwidth.

PBX: use the lan card not the wan card. Configure to do dhcp only if using vlans. Phone would be connected to only phone vlan.
Server dhcp would give ips to all data devices. Both would use the same subnet and gateway ip. So phones would be x.x.20-50 and data would be x.x.100-150 for example of two dhcp servers [one on each vlan]. Port connecting router would have both vlans.

Switches have to support vlan trunking. This means each trunk between the backbone switch and downstream switches support both vlans on the trunk.


Report •

#5
October 8, 2008 at 00:38:15

This sure isn't straight-forward .. or inexpensive! Thanks very much for your help with this.

It looks to me like the following switch (I may need two of these, given the number of devices I have) might do the job, would it?:

"D-Link DGS 1216T - Switch - 16 ports - EN, Fast EN, Gigabit EN - 10Base-T, 100Base-TX, 1000Base-T + 2 x SFP (empty) - rack-mountable
The DGS-1216T Smart Switch presents a cost-effective solution for the small and medium business to economically implement high-speed Gigabit packet switching with easy fine tuning of network performance and security. This switch comes with 16 copper Gigabit ports and 2 combo SFP (Mini GBIC) for fiber connection. Port trunks are provided for server deployment and network backbone attachment, while functions important for bandwidth-intensive applications such as Priority Queues and VLANs are supported to enable you to implement Quality of Service (QoS) and security without having to go through complex network management usually found in other managed switches."

Also, it looks like the following router might also do the job, would it?:

"Linksys 4-Port Gigabit Security Router with VPN RVS4000 - Router + 4-port switch - EN, Fast EN, Gigabit EN - Linux"

All other devices be better (I'm trying to keep the costs down)?

In this configuration, what would provide the ADSL2 modem? At the moment, the Belkin is an ADSL2 modem and a router - would I continue to use that device just as a modem?

Regarding the VPN setup - I haven't quite got my head around this but I get the general concept. Do I need to order VPN from my ISP (iiNet)? If so, that's very expensive and wouldn't be justified just to get a remote PBX connection and remote access to my data server.

Regarding the connection of the VoIP PBX - the installation guide (http://sharepoint.innov8group.com.au/Public%20documents/Epygi%20Quadro%20manuals/Quadro%20Installation%20Guide%20(Manual%20I).pdf) on pages 14 and 15 describe several connection options - at present I'm using the first of these (while this device is a modem/router itself, the modem does not support ADSL2 and the ethernet speeds are only 10 MBPS on the WAN side and 100 MBPS on the LAN side, so I don't want to use it as my primary modem/router).

From all I've read on the Epygi forums, it would seem that this is the most suitable connection in my circumstances (I currently have the phones physically connected to my local LAN, obtaining their IP addresses from the Belkin modem/router, but the Epygi forums have made it clear that I'm best to set up another network on the LAN side of the PBX that I will only connect the phones to).

If I use the setup you are describing, would I still use this configuration? Assuming I purchase a new router and new switches, where would I then connect the PBX, physically and logically? And where would I then use the static WAN IP address the I have been planning to use for the PBX? Would I need it at all? And where would I physically and logically connect the phones? Would I still set up a separate LAN just for the phones and physically connect them to switch on the LAN side of the PBX?

Cheers,
Mark

Mark Bagshaw


Report •

#6
October 8, 2008 at 11:32:58

If you want to do this cheaply only get one backbone managed vlan switch.

(edit) you could use a Linksys WRVS4400N router which has vlan and vpn capabilities but only has 4 lan ports which should suffice - you may have to cascade the switches for data and voice]

You would put your existing switches off of it with vlans. This would require you to physically connect all phones into one switch and data into another switch. You could not share functions of phone and data on the same switch. Make sense?

"but the Epygi forums have made it clear that I'm best to set up another network on the LAN side of the PBX that I will only connect the phones to)."

Exactly right which is what you would do with vlans. Virtual lans make the network separate.

Anything in the manual about using the wan interface for an outside phone via the internet?

"Do I need to order VPN from my ISP (iiNet)? "
No. The router and client software do that for you.

You would only need one ip address and that is for the router. You should be able to set the Belkin to bridge mode which should give your new vpn router the internet ip address you need.

Unless there is a way to get your outside of the office phone to work with the wan interface of the PBX, you only need one ip address for the main router.

if you can connect an outside phone via the wan PBX interface you would need to put a switch between the modem and, now, two wan interfaces [pbx wan and router wan].

All this making sense?


Report •


Ask Question