Reply
New Member
Posts: 4
Registered: a week ago

ER-X VoIP

Hello,

 

I realy nead your help. I have a ER-X and the Internet ist workint fine on eth0.132.

On eth2 i have a Cisco SPA112for VoIP but it dosent work....

I have no idea what i have to do...

Thes are the information from the Provider (Innogy):

voip_zugangsdaten.PNG 

Please can somebody help me?

(sorry for the bad english)

 

Sincerely yours

Nils

Veteran Member
Posts: 7,226
Registered: ‎03-24-2016
Kudos: 1860
Solutions: 822

Re: ER-X VoIP

Seems like your ISP gives you a seperate channel for VOIP on VLAN232.

Either VLAN232 or phone itself needs login info, login at ISP portal for details

 

To get this working requires an advanced config.  

 

Two approaches

-VLAN232 switch-mode: (requires vlan-aware switch0)

Move internet interface to switch0-vif132 , internet modem remains connected at eth0

All firewall rules , NAT rules...also need to move from eth0 to switch0.132

Add vid=232 onto eth0.  Set pvid=232 on eth2.  This gets you vlan232 untagged on eth2,  to directly attach the phone.

Don't create switch0-vif232 layer3 interface

 

-VLAN232 routed mode

Add extra eth0.232 interface, so the ER gets extra "WAN2" interface. 

Make sure this WAN2 interface has worse default route, to not mess up normal routing

Spoiler
 set interfaces ethernet eth0 vif 232 dhcp-options default-route-distance 240

Add masquerade rule on eth0.232

Add LB group, with only WAN2 interface in it. (maybe ping.ubnt.com isn't reachable on WAN2, find another address to ping, or use ping script that always returns "alive")

Use firewall modify rules, to make sure traffic from SPA112 is using this LB group

New Member
Posts: 4
Registered: a week ago

Re: ER-X VoIP

Thank you for your realy fast help! I will try it tomorow or at th we and let you know if i get it to runMan Happy 

 

New Member
Posts: 4
Registered: a week ago

Re: ER-X VoIP

I am trying the -VLAN232 routed mode.

 

But i does not understand the part with the ping script and the firewall modify rules. 

I cat find anything with load-balance groupe by the firewall rules...

 

Can you pleas explay this parts for a total noobMan Tongue 

Veteran Member
Posts: 7,226
Registered: ‎03-24-2016
Kudos: 1860
Solutions: 822

Re: ER-X VoIP

To give routed mode a shot, you need to dive into CLI, and look into:

https://help.ubnt.com/hc/en-us/articles/205145990-EdgeRouter-WAN-Load-Balancing

https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing

Better first look at ISP portal what they expect you to do

New Member
Posts: 4
Registered: a week ago

Re: ER-X VoIP

 Hello,

 

I failed with the routed mode...

I have tried the switched mode and I think I get it to work a little...

The telefon still does not work but I think there is probably some problems on the Provider site...

My main problem with the switched mode is that after some houers the Internet conection failed completly.

Here is my config... Can someone please show me what I doing wrong?

 

admin@ubnt:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name CAM {
default-action accept
description Cam
rule 1 {
action drop
description Mo-Fr_05:00-07:45
log disable
protocol all
source {
mac-address xx:xx:xx:xx:xx:xx
}
time {
starttime 05:00:00
stoptime 07:45:00
weekdays !Sat,Sun
}
}
rule 2 {
action drop
description Mo-Do_16:00-23:30
log disable
protocol all
source {
mac-address xx:xx:xx:xx:xx:xx
}
time {
starttime 16:00:00
stoptime 23:30:00
weekdays !Fri,Sat,Sun
}
}
rule 3 {
action drop
description Fr_14:00-23:30
log disable
protocol all
source {
mac-address xx:xx:xx:xx:xx:xx
}
time {
starttime 14:00:00
stoptime 23:30:00
weekdays Fri
}
}
rule 4 {
action drop
description Sa-So_07:30-23:30
log disable
protocol all
source {
mac-address xx:xx:xx:xx:xx:xx
}
time {
starttime 07:30:00
stoptime 23:30:00
weekdays Sat,Sun
}
}
}
name WAN_232 {
default-action reject
description ""
rule 1 {
action accept
log disable
protocol all
source {
group {
address-group ADDRv4_eth4
}
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
duplex auto
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
description Local
mtu 1500
switch-port {
interface eth0 {
vlan {
vid 132
vid 232
}
}
interface eth1 {
vlan {
pvid 1
}
}
interface eth2 {
vlan {
pvid 1
}
}
interface eth3 {
vlan {
pvid 1
}
}
interface eth4 {
vlan {
pvid 232
}
}
vlan-aware enable
}
vif 1 {
address 192.168.1.1/24
}
vif 132 {
address dhcp
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
out {
name CAM
}
}
}
vif 232 {
address dhcp
firewall {
out {
name WAN_232
}
}
}
}
}
load-balance {
}
port-forward {
auto-firewall enable
hairpin-nat disable
wan-interface switch0.232
}
protocols {
static {
interface-route 0.0.0.0/0 {
next-hop-interface switch0.132 {
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.150
}
static-mapping Drucker_Buero {
ip-address xxx.xxx.x.xx
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping LogiCircle {
ip-address xxx.xxx.x.xx
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping NAS213 {
ip-address xxx.xxx.x.xx
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping Unifi_Controller {
ip-address xxx.xxx.x.xx
mac-address xx:xx:xx:xx:xx:xx
}
unifi-controller xxx.xxx.x.xx
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0.1
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface switch0.132
protocol all
type masquerade
}
rule 5011 {
description telefon
log disable
outbound-interface switch0.232
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
conntrack {
expect-table-size 2048
hash-size 32768
modules {
sip {
disable
enable-indirect-signalling
}
}
table-size 262144
}
host-name ubnt
login {
user xxxxx {
authentication {
encrypted-password
plaintext-password
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Berlin
traffic-analysis {
custom-category 1 {
}
dpi enable
export enable
}
}

Reply