Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN and snom 300 VoIP phone (no access to webserver)

    Scheduled Pinned Locked Moved NAT
    11 Posts 3 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Clown
      last edited by

      I can't access the webserver from my snom 300 phone on a VLAN. The VLAN and the rules are the "same" as in m0n0wall. With m0n0wall I can access the webserver from the snom phone, with pfsense release 1.2 it doesn't work. I can ping the phone no problem. If I try to access with https (the phone has http or https) I'll get the warning about an unsecure certificate (that from the phone) but nothing more …

      In older version from pfsense this worked.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Are you using multiwan or policybased routing? We need more information about your setup (networktopology, vlans, firewallrules, etc).

        1 Reply Last reply Reply Quote 0
        • C
          Clown
          last edited by

          Just Single WAN: VLAN (TAG 10) on LAN Interface. Firewall rule to prevent VLAN accessing LAN.

          VoIP (is my VLAN interface setup 192.168.20.1 with DHCP Server)
          Proto Source  Port Destination Port Gateway Schedule Description
          *      VoIP net  *    ! LAN net  *      *          Default VoIP -> any BUT LAN

          LAN
          Proto Source  Port Destination Port Gateway Schedule Description
          *    LAN net  *    *              *    *          Default LAN -> any

          Phone gets IP address from DHCP server.

          Phone uses VLAN TAG "10 7"  (10 = VLAN TAG; 7 QOS) maybee this is the problem, but this wasn't a problem on pfSense 1.01 and isn't by m0n0wall 1.3b10.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            Are you using a vlanswitch for this? Is LAN a vlan as well?

            1 Reply Last reply Reply Quote 0
            • C
              Clown
              last edited by

              LAN is "vr0" on my ALIX board and the VLAN is setup in pfSense on "vr0".

              If you like I can post mit config file from pfSense.

              1 Reply Last reply Reply Quote 0
              • P
                Perry
                last edited by

                The way it's normaly done:

                Internet –--pfSense----(Trunk/Tagget)---Switch ----(untagget with vid 10)-----voip
                                                                                    ----(untagget with vid 11)-----Lan

                /Perry
                doc.pfsense.org

                1 Reply Last reply Reply Quote 0
                • C
                  Clown
                  last edited by

                  I have a very small network, that's why I have unmanagged switches.

                  And the IP phone has a internal switch and it can untag the VLAN.

                  1 Reply Last reply Reply Quote 0
                  • P
                    Perry
                    last edited by

                    Does it work if you change !lan net to * on the voip net.

                    /Perry
                    doc.pfsense.org

                    1 Reply Last reply Reply Quote 0
                    • C
                      Clown
                      last edited by

                      No, I tried this first.

                      For me it is strange that it worked on pfSense 1.01 and m0n0wall 1.3b10 with the same configuration.

                      And very strange, that I see the certificate of the phone when I do a https access.

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        Maybe this is a driver related problem. You are talking about using an alix and these systems are quite new so you probably have been running on different hardware when it worked? Can you retest on that old hardware? Maybe the old hardware didn't fully support vlans and that's why you now have an mtu issue as the vr chipset supports it? Btw, vlansupport for vr has been added  not too long ago for that chipset (in m0n0 in version 1.3b5 and we added it around that time too) so this would never have worked with a 1.01 on that same hardware.

                        1 Reply Last reply Reply Quote 0
                        • C
                          Clown
                          last edited by

                          No, I can't I don't have the old wrap board anymore. And yes, I'm running the "new" ALIX board.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.