SPA112
-
I seem to be having a problem with a Cisco SPA112 at this point. It had been working just fine up until I discovered yesterday that I had no dial tone.
What lead into this problem was thinking I should upgrade to 280, and things went crazy with the error messages and the like.
So I had to re-install pfSesne 272 using a DVD after some problem that caused both of my units to stop working (in this case an older box (A) running pfSense running an older CPU, and a newer box (B) running a faster CPU, more RAM and SSDs. I have documented that in another thread. Since getting things fixed, I have found that our SPA112 is not registering with our VOIP vendor. This SPA112 is on a FIXED IP address (static). And I have contacted them (VOIP vendor) about this, they pointed me to the pfSense doc on this and it is difficult for me to match the online doc to what I am seeing in the GUI. What could I have mangled in the basic install to cause this? I don't know enough to write rules for firewalls, and I don't do wild stuff with DHCP. I do set the system to NOT route IPV6 w/in my LAN. So I am puzzled as to what I broke in manually restoring these two boxes -- BTW, NOT running HA. If the one goes down, I manually swap in the other.The rest of my Lan seems to be fully functional. Our laptops can reach the printer and file server box, all our ROKU boxes are back to being fully functional.
-
So you have ONE LAN with device like printers, file servers, ROKU stuff, PC etc
Your LAN IP settings ?
Like (example, the default) 192.168.1.1/24
Your LAN firewall rules, like the default :
Your SPA112 IPv4 settings ?
The SPA112 can use TCP or UDP over IPv4, using any destination address (the entire Internet), using port (1->655535), but by default cover these all, and everything is allowed.
Be aware, I'm neither using a SPA112, nor 2.8.0 (pfSense Plus 25.03 me), just trying to understand why just one device can't go outside and connect to something.
The rest of my Lan seems to be fully functional. Our laptops can reach the printer and file server box, all our ROKU boxes are back to being fully functional.
You mean devices on your LAN can reach each other just fine ?
You are aware that you could even shut down and remove pfSense and these devices could still reach each other ? (especially if they are all using static IPv4 settings) -
You might need to set static outbound NAT for the SPA112 IP address if the remote side is unable to handle a random source port. Almost everything can these days though.
If you had that configured before and restore the config it should be there now though.
-
Thank you for replying:
My Lan runs 192.168.1.1/24 using pfSense 272.
All devices are functional as they were prior to the problem of last week, with the exception of the SPA112.
Everything is getting DHCP v4 addresses (lease) except for these devices which are static:File Server has a static address
HP Printer has a static address
SPA112 has a static address
My Linux desktop has a static address (actually a server).I did add this recently:
Create an ARP Table Static Entry for this MAC & IP Address pair for each static address.This is what I have in firewall rules:
0/0 B
* RFC 1918 networks * * * * * Block private networks [not new]
0/2 KiB
* Reserved
Not assigned by IANA * * * * * Block bogon networks [Not new]
0/0 B
IPv4 TCP/UDP * * WAN address 5060 (SIP) * none NAT call centricThat last one I added yesterday trying to match what the VOIP vendor suggested for pfSense.
I see your rules but I'm not sure how to effect those in my level of pfSense 2.7.2.
-
So you're port forwarding all SIP traffic on WAN to the SPA112 device? You shouldn't need to do that. It should establish the SIP connection outbound.
What are you outbound NAT rules?
Setting static ARP is almost always a bad idea. It only causes potential issues if the hardware ever changes and makes troubleshooting more difficult. I doesn't really get you anything IMO.
-
Thank you for replying:
Yeah, this is what is puzzling to me. I've not had to do any rules for that device before. So I'm trying to figure out what I've managed to mangle.
-
We just passed each other. That ARP option looked like a good idea. But, it would be astonishing if after I drop those if that fixes the problem. I'll get to this a bit later I have real work I have to handle for now.
-
I agree it's unlikely but it throws doubt on everything. Instead of some useful error like 'host not responding' you just get timeouts which could be anything.
But an outbound NAT rule would still be my first suspect here.
-
Well, after making that change and letting it sit for a while, I noticed while getting my lan to run off the UPS (just had a major wind storm >70MPH) with power lines down.... that the SPA112 had registered (after it rebooted). So undoing that change seems to have fixed it (along with being power cycled) .I now have dial tone. So I will be sure not to do the static Arp rule again.
-
Interesting. I suspect that might have been a coincidence. But, as I say, adding static ARP can make troubleshooting more difficult. If a MAC is typo'd things just fail silently.
