VLAN and snom 300 VoIP phone (no access to webserver)

hoba

Are you using multiwan or policybased routing? We need more information about your setup (networktopology, vlans, firewallrules, etc).

Clown

Just Single WAN: VLAN (TAG 10) on LAN Interface. Firewall rule to prevent VLAN accessing LAN.

VoIP (is my VLAN interface setup 192.168.20.1 with DHCP Server)
Proto Source  Port Destination Port Gateway Schedule Description
*      VoIP net  *    ! LAN net  *      *          Default VoIP -> any BUT LAN

LAN
Proto Source  Port Destination Port Gateway Schedule Description
*    LAN net  *    *              *    *          Default LAN -> any

Phone gets IP address from DHCP server.

Phone uses VLAN TAG "10 7"  (10 = VLAN TAG; 7 QOS) maybee this is the problem, but this wasn't a problem on pfSense 1.01 and isn't by m0n0wall 1.3b10.

hoba

Are you using a vlanswitch for this? Is LAN a vlan as well?

Clown

LAN is "vr0" on my ALIX board and the VLAN is setup in pfSense on "vr0".

If you like I can post mit config file from pfSense.

Perry

The way it's normaly done:

Internet –--pfSense----(Trunk/Tagget)---Switch ----(untagget with vid 10)-----voip
                                                                    ----(untagget with vid 11)-----Lan

Clown

I have a very small network, that's why I have unmanagged switches.

And the IP phone has a internal switch and it can untag the VLAN.

Perry

Does it work if you change !lan net to * on the voip net.

Clown

No, I tried this first.

For me it is strange that it worked on pfSense 1.01 and m0n0wall 1.3b10 with the same configuration.

And very strange, that I see the certificate of the phone when I do a https access.

hoba

Maybe this is a driver related problem. You are talking about using an alix and these systems are quite new so you probably have been running on different hardware when it worked? Can you retest on that old hardware? Maybe the old hardware didn't fully support vlans and that's why you now have an mtu issue as the vr chipset supports it? Btw, vlansupport for vr has been added  not too long ago for that chipset (in m0n0 in version 1.3b5 and we added it around that time too) so this would never have worked with a 1.01 on that same hardware.

Clown

No, I can't I don't have the old wrap board anymore. And yes, I'm running the "new" ALIX board.