Top
Browse > Home / Asterisk Tidbits, Howtos / m0n0wall and cisco vlan howto for asterisk voip

m0n0wall and cisco vlan howto for asterisk voip

April 15, 2007

Setting up Vlans on your Cisco Switch with Monowall

Requirements:

  • Cisco 2950
  • Soekris or similar w/ m0n0wall

Network Diagram:
Network Layout

Network Hardware Picture:

Hardware Shot Hardware Shot 2

 


The Howto
First, we telnet to the switch and perform the following:

cisco1>enable
Password:
cisco1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco1(config)#int vlan10

Now we can configure our first vlan, in this case vlan10. Now, since we're doing the phones vlan, we'll give it a description

cisco1(config-if)#description Phones
cisco1(config-if)#exit
cisco1(config)#

Now we do the same thing for the Computers Network

cisco1(config)#int vlan20
cisco1(config-if)#Description Computers
cisco1(config-if)#exit
cisco1(config)#

Now we do the same thing for the WIFI Network

cisco1(config)#int vlan30
cisco1(config-if)#Description WIFI
cisco1(config-if)#exit
cisco1(config)#

Now we setup the vlans on the soekris

1. Login to Monowall
2. Go to Interfaces(assign)
3. Click on the Vlans Tab
4. Click the little + sign to create a new vlan

Now we have some settings

Parent Interface: sis1 (or whatever your LAN / plugged into cisco switch is)
VLAN Tag: 10 (remember, the tag for the phones was 10)
Description: Phones

Then Do it all again but adding for computers

Parent Interface: sis1 (or whatever your LAN / plugged into cisco switch is)
VLAN Tag: 20 (remember, the tag for the computers was 20)
Description: Computers

Then Do it all again but adding for WIFI

Parent Interface: sis1 (or whatever your LAN / plugged into cisco switch is)
VLAN Tag: 30 (remember, the tag for the WIFI was 30)
Description: WIFI

Now we hop back on the switch and type in 

Password:
cisco1>enable
Password:
cisco1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco1(config)#

Enter the switch port you are using for the uplink, in my case 0/1

cisco1(config)#int fastethernet0/1

Give it a description of what this is

cisco1(config-if)#description Uplink to Soekris (Router)

Set the gateway to vlans using this command

cisco1(config-if)#switchport mode trunk

Now return to monowall, and reboot it. Everything should work, we're just enabling the vlans.

Now login to the monowall/soekris again, go to interfaces(assign), go to interfaces tab, then click the + sign.

You should have:

LAN: sis1
WAN: sis0
OPT1: VLAN 10 on SIS1 (Phones)
LAN: sis1
WAN: sis0
OPT2: VLAN 20 on SIS1 (Computers)
LAN: sis1
WAN: sis0
OPT3: VLAN 30 on SIS1 (WIFI)

Click save. Reboot the soekris again.

Now login to the soekris again, and change the interface name from OPT1 to VLAN-Phones, and then assign it the ip range 10.0.2.1/24 and click save. Do the same for Computers (10.0.3.x) and WIFI (10.0.4.x)

Now go to the DHCP Server section on the soekris, and you'll see a new VLAN-Phones, VLAN-Computers and VLAN-WIFI tabs at the top, which you can configure.

If you know the MAC addresses of your devices, put them in for static address mapping, and Name them.

Make sure it is enabled, then click "Apply Changes"

Now go back to your cisco switch and enable the ports your phone and servers are on, in my case ports 17 and 24

Password:
cisco1>enable
Password:
cisco1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco1(config)#int faste0/17
cisco1(config-if)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
cisco1(config)#end
cisco1(config)#conf t
cisco1(config)#int faste0/24
cisco1(config-if)#switchport access vlan 10
cisco1(config-if)#end

Now we'll set some descriptions

cisco1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco1(config)#int faste0/24
cisco1(config-if)#switchport access vlan 10
cisco1(config-if)#end
cisco1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco1(config)#int faste0/17
cisco1(config-if)#description Cisco 7970 at Matts Desk
cisco1(config-if)#end
cisco1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco1(config)#int faste0/24
cisco1(config-if)#description Asterisk IP PBX Server
cisco1(config-if)#end
cisco1#

Now, repeat the above two steps for your Computers and WIFI networks.

After this is complete, you'll want to do the following on the switch to verify it's all correct.

cisco1#wr
cisco1#show config

cisco1#show vlan brief

This will write your configuration to memory, and then show you what your setup is, and what your vlan configuration is. Scroll down below my cisco commands to see the output of mine to verify against.

After you have done that you will want to configure your firewall rules on the Soekris/Monowall setup. What I did was enable * for VLAN-Phones, VLAN-Computers, VLAN-WIFI, and on the LAN. On the WAN side of things I have everything disabled, and only allow a few services in (ssh, and voip stuff in my case). I'm not going to paste screenshots because If you have this type of hardware I expect you know how to configure a basic firewall :)

That's it for now. Next step is the queing and all the l33t stuff.

FULL COMMAND LISTING ON THE CISCO SWITCH:

Initial Setup:

enable
conf t
int vlan10
description Phones
int vlan20
description Computers
int vlan30
description Wifi
int fa0/1
spanning-tree portfast
description Uplink to Soekris (Router)
switchport mode trunk
switchport trunk allowed vlan 10
switchport trunk allowed vlan 20
switchport trunk allowed vlan 30

SETUP VLAN10:

int fa0/17
switchport access vlan 10
description VOIP1-Matt-7970
int fa0/18
switchport access vlan 10
description VOIP2
int fa0/19
switchport access vlan 10
description VOIP3
int fa0/20
switchport access vlan 10
description VOIP4
int fa0/21
switchport access vlan 10
description VOIP5
int fa0/21
switchport access vlan 10
description VOIP6
int fa0/22
switchport access vlan 10
description VOIP7
int fa0/23
switchport access vlan 10
description VOIP8
int fa0/24
switchport access vlan 10
description VOIP-PBX
end

SETUP VLAN20:

int fa0/3
switchport access vlan 20
description PrintServer
int fa0/4
switchport access vlan 20
description Server1
int fa0/5
switchport access vlan 20
description Server2
int fa0/6
switchport access vlan 20
description Server3
int fa0/7
switchport access vlan 20
description Server4
int fa0/8
switchport access vlan 20
description Server5
int fa0/9
switchport access vlan 20
description Desktop1
int fa0/10
switchport access vlan 20
description Desktop2
int fa0/11
switchport access vlan 20
description Desktop3
int fa0/12
switchport access vlan 20
description Desktop4
int fa0/13
switchport access vlan 20
description Desktop5
int fa0/14
switchport access vlan 20
description Desktop6
int fa0/15
switchport access vlan 20
description Desktop7-Xbox360
int fa0/16
switchport access vlan 20
description Desktop8-Craig
end

SETUP VLAN30:

int fa0/2
switchport access vlan 30
description WIFI


OUTPUT OF "show config" on cisco 2950 switch

cisco1#show config
Using 3391 out of 32768 bytes
!
! Last configuration change at 23:37:22 EDT Sat Apr 14 2007
! NVRAM config last updated at 23:37:23 EDT Sat Apr 14 2007
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname cisco1
!
enable secret 5 $1$.aJp$eniLVaBSekYNQW/dmmGcH0
enable password 
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description Uplink to Soekris (Router)
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/2
 description WIFI
 switchport access vlan 30
!
interface FastEthernet0/3
 description PrintServer
 switchport access vlan 20
!
interface FastEthernet0/4
 description Empty
 switchport access vlan 20
!
interface FastEthernet0/5
 description Empty
 switchport access vlan 20
!
interface FastEthernet0/6
 description Empty
 switchport access vlan 20
!
interface FastEthernet0/7
 description Empty
 switchport access vlan 20
!
interface FastEthernet0/8
 description Empty
 switchport access vlan 20
!
interface FastEthernet0/9
 description Desktop1
 switchport access vlan 20
!
interface FastEthernet0/10
 description desktop-mattport2
 switchport access vlan 20
!
interface FastEthernet0/11
 description Desktop3
 switchport access vlan 20
!
interface FastEthernet0/12
 description Desktop4
 switchport access vlan 20
!
interface FastEthernet0/13
 description desktop-matt-desktop1
 switchport access vlan 20
!
interface FastEthernet0/14
 description Empty
 switchport access vlan 20
!
interface FastEthernet0/15
 description computer-xbox360
 switchport access vlan 20
!
interface FastEthernet0/16
 description computer-craig-upstairs
 switchport access vlan 20
!
interface FastEthernet0/17
 description VOIP1-Matt-7970
 switchport access vlan 10
!
interface FastEthernet0/18
 description VOIP2
 switchport access vlan 10
!
interface FastEthernet0/19
 description VOIP3
 switchport access vlan 10
!
interface FastEthernet0/20
 description VOIP4
 switchport access vlan 10
!
interface FastEthernet0/21
 description VOIP6
 switchport access vlan 10
!
interface FastEthernet0/22
 description VOIP7
 switchport access vlan 10
!
interface FastEthernet0/23
 description VOIP8
 switchport access vlan 10
!
interface FastEthernet0/24
 description VOIP-PBX
 switchport access vlan 10
!
interface Vlan1
 ip address 10.0.1.20 255.255.255.0
 no ip route-cache
!
interface Vlan10
 description Phones
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan20
 description Computers
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan30
 description WIFI
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan100
 no ip address
 no ip route-cache
!
ip default-gateway 10.0.1.1
ip http server
snmp-server community flewid.local.write RW
snmp-server community flewid.local RO
snmp-server location Downstairs
snmp-server contact Matt Gibson
banner login ^C
Access for authorized users only. Please enter your username and password.
^C
banner motd ^C
This is a secure site. Only authorized users are allowed.
For access, contact technical support.
^C
!
line con 0
line vty 0 4
 password 
 login
line vty 5 15
 password 
 login
!
ntp clock-period 17180357
ntp server 192.43.244.18 key 0
!
end

cisco1#

OUTPUT OF "show vlan brief" on cisco 2950 switch

cisco1#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
10   VLAN0010                         active    Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
20   VLAN0020                         active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16
30   VLAN0030                         active    Fa0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
cisco1#

Written by Voip Phreak · Filed Under Asterisk Tidbits, Howtos 

Comments

Got something to say?





Bottom