Gwayne's VLAN on Elastix Hack

Gwayne

Joined
Jul 31, 2008
Messages
19
Likes
0
Points
0
#1
Implementation of Vlan on Elastix

This is a hack! until its really implemented in Elastix. For me the idea of phones on a regular network is not something I like.. They are accessible for the users and everything is insecure. Also it makes it easier to manage the network and last not least it makes dhcp not interfere with the normal dhcp of the pc's.

What did I want to accomplish ?


1)Create a vlan
2)dhcp only listens on the vlan
3)endpoint configuration works

The vlan gets ip 10.10.10.1/24 (This is arbitrary)
And we call it vlan10

Implementation


First we create the vlan.

So install the vlan tools.

yum install vconfig

create the vlan

Create file /etc/sysconfig/network-scripts/ifcfg-vlan10

This contains:

VLAN=yes
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
DEVICE=vlan10
PHYSDEV=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=10.10.10.1
NETMASK=255.255.255.0

Make sure dhcpd works as we wish.


Then edit the /etc/dhcpd.conf

This contains:

ignore client-updates;
INTERFACES="vlan10";


subnet 10.10.10.0 netmask 255.255.255.0 {
option routers 10.10.10.1;

option subnet-mask 255.255.255.0;
option nis-domain "asterisk.local";
option domain-name-servers 10.10.10.1;

option time-offset -18000; # Eastern Standard Time
option ntp-servers 10.10.10.1;
option tftp-server-name "tftp://10.10.10.1";


range dynamic-bootp 10.10.10.10 10.10.10.100;
default-lease-time 10000;
max-lease-time 50000;
}

Remark: You can remove and add what you need or don't need, like remove the domain-name-servers and nis-domain.

Enable the dhcpd

chkconfig
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#2
thank you gwayne :) +1 for your karma.

I am going to create a feature request, but if there are volunteers wanting to create this module it would better ;). Please refer to the developers documentation on our wiki.

best regards,

Rafael
 

Gwayne

Joined
Jul 31, 2008
Messages
19
Likes
0
Points
0
#3
I am also looking in to it :)

Also doing a nmap netscan is actually useless when you read out the dhcp logs.

If you use vlan with dhcp all phones will announce themselves because they need a ip.

And only phones are in the vlan still we have the mac address of several phonetypes so we can select the type by checking the mac.

And add these to the list for configuration, and keep them in a database.

;)
 

jcasaravilla

Joined
Aug 4, 2008
Messages
55
Likes
0
Points
0
#4
Re: Re:Gwayne's VLAN on Elastix Hack

what do you mean there :

VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD ?

vlan_10_type untagged or tagged_=LAN_PLUS_VID 10 ?_NO_PAD


thanks
 

sacitec

Joined
Jul 31, 2010
Messages
2
Likes
0
Points
0
#5

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,916
Messages
130,922
Members
17,598
Latest member
giornaso
Top