Gwayne's VLAN on Elastix Hack

Discussion in 'General' started by Gwayne, Nov 9, 2008.

  1. Gwayne

    Joined:
    Jul 31, 2008
    Messages:
    19
    Likes Received:
    0
    Implementation of Vlan on Elastix

    This is a hack! until its really implemented in Elastix. For me the idea of phones on a regular network is not something I like.. They are accessible for the users and everything is insecure. Also it makes it easier to manage the network and last not least it makes dhcp not interfere with the normal dhcp of the pc's.

    What did I want to accomplish ?


    1)Create a vlan
    2)dhcp only listens on the vlan
    3)endpoint configuration works

    The vlan gets ip 10.10.10.1/24 (This is arbitrary)
    And we call it vlan10

    Implementation


    First we create the vlan.

    So install the vlan tools.

    yum install vconfig

    create the vlan

    Create file /etc/sysconfig/network-scripts/ifcfg-vlan10

    This contains:

    VLAN=yes
    VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
    DEVICE=vlan10
    PHYSDEV=eth0
    BOOTPROTO=static
    ONBOOT=yes
    TYPE=Ethernet
    IPADDR=10.10.10.1
    NETMASK=255.255.255.0

    Make sure dhcpd works as we wish.


    Then edit the /etc/dhcpd.conf

    This contains:

    ignore client-updates;
    INTERFACES="vlan10";


    subnet 10.10.10.0 netmask 255.255.255.0 {
    option routers 10.10.10.1;

    option subnet-mask 255.255.255.0;
    option nis-domain "asterisk.local";
    option domain-name-servers 10.10.10.1;

    option time-offset -18000; # Eastern Standard Time
    option ntp-servers 10.10.10.1;
    option tftp-server-name "tftp://10.10.10.1";


    range dynamic-bootp 10.10.10.10 10.10.10.100;
    default-lease-time 10000;
    max-lease-time 50000;
    }

    Remark: You can remove and add what you need or don't need, like remove the domain-name-servers and nis-domain.

    Enable the dhcpd

    chkconfig
     
  2. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    thank you gwayne :) +1 for your karma.

    I am going to create a feature request, but if there are volunteers wanting to create this module it would better ;). Please refer to the developers documentation on our wiki.

    best regards,

    Rafael
     
  3. Gwayne

    Joined:
    Jul 31, 2008
    Messages:
    19
    Likes Received:
    0
    I am also looking in to it :)

    Also doing a nmap netscan is actually useless when you read out the dhcp logs.

    If you use vlan with dhcp all phones will announce themselves because they need a ip.

    And only phones are in the vlan still we have the mac address of several phonetypes so we can select the type by checking the mac.

    And add these to the list for configuration, and keep them in a database.

    ;)
     
  4. jcasaravilla

    Joined:
    Aug 4, 2008
    Messages:
    55
    Likes Received:
    0
    Re: Re:Gwayne's VLAN on Elastix Hack

    what do you mean there :

    VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD ?

    vlan_10_type untagged or tagged_=LAN_PLUS_VID 10 ?_NO_PAD


    thanks
     
  5. sacitec

    Joined:
    Jul 31, 2010
    Messages:
    2
    Likes Received:
    0

Share This Page