Using OPT for VOIP but still part of LAN
sorry if this is an elementary question but I am not sure how to proceed.
I have a box witth WAN, LAN and OPT ports. I run my Grandstream VOIP box with fixed IP
into the LAN switch. Can I plug it into the OPT port and keep it as part of the LAN ?
Would I need a Bridge or LAGG..not sure how to go about this.
any asisstance would be greatly appreciated.
Why would you want to keep it on the LAN? Or for that matter why would you want to plug it into OPT?
I'd only want to plug something into OPT for the sole purpose of getting it off the LAN.
Whats your goal?
The internet access is via PPOE access which is handled by the pfsense box via a VLAN tag.
The lan port is connected to a number of switches. I wanted to isolate the VOIP from the LAN via the OPT
port but it needs to either get a DHCP address or run with a fixed IP address. Could or should this IP address be on the same LAN segment ? It can change, but I'm not sure if the OPT port can run as a LAN port.
any clearer ?
It shouldn't break anything by putting it on the same subnet as the lan, but in that case, I'd leave it on the same switch as the LAN.
If you wish to isolate it from the LAN or treat it very differently than the rest of the LAN, then it makes sense to put it on OPT.
I always kept mine on the LAN. I personally had no reason not to.
Some people like to create firewall barriers.
Sure, you can move it over to a different interface. But it will not be part of the LAN address range. It will be something completely different. Your pfSense box will routing the traffic and control access to what IPs have access to the VOIP box.
1. You'll need to provision a new private IP address range for the OPT1 interface, and then either set an IP address in that range on your VOIP box or enable the DHCP server for the OPT1 interface and let that handle the configuration for you. Furthermore, you could statically map the DHCP address, so your VOIP box always gets the same IP address from the pfSense DHCP server.
2. You'll need to set up rules. You'll need a rule to allow traffic out the OPT1 interface to your VOIP provider IP. You may also want a rule that allows traffic from an IP or two on your LAN interface access to whatever port(s) are appropriate for the VOIP box's configuration interface.
Some VOIP providers and devices need static NAT rules to work properly. Some don't. This is highly dependent on the provider and your grandstream box.
Ok…so I saw another thread you have out there about moving an old router to the OPT1 interface on the pfSense box and setting it up to be just an AP. Get that done first, then come back to this thread/task.