t
VoIP General Network Requirements
The below requirements apply to all VoIP solutions and should be reviewed before proceeding with any implementation of VoIP Services.
Packet Inspection
All traffic to and from these VoIP systems and clients must be allowed and unmodified. This includes both hosting and client sites. Many firewalls have features that inspect, filter, other otherwise alter packets passing through for security purposes. These features must be disabled for the VoIP services provided to function correctly. Especially when relating to SIP, H323, or H225. These features can have different names depending on the firewall manufacturer. Below is a list of some of the names from popular manufacturers:
- Application-Level Gateway
- ALG
- Application Layer Gateway
- Application Gateway
- Application Proxy
- Application-Level Proxy
- Firewall Proxy
- Inspection
- Application Control
- Web Filtering (ESP Streaming Media)
- Deep Packet Inspection
- Session Helper
Outbound Traffic
All traffic from the client (IP phone, softphone, smartphone) to the server(s) is defined as outbound traffic. If outbound port filtering/whitelisting is a requirement of your organization, the outbound traffic will match the port definitions specified and will only need to be allowed to the destination server(s). See specific requirement documents for a list of ports in the tabs below.
It is assumed that the local firewall or router allows all outbound traffic from the office or home network to pass through and allows all symmetric traffic. That is, if the phone sends RTP/RTCP to a public IP address and port, it will be able to receive RTP/RTCP from that same IP address and port. If this is not the case, any configuration required of the user's router to support that is not covered by this documentation.
Multi-WAN / SD-WAN
When using multiple external circuits, all traffic from the client must originate from the same IP address. If any of the traffic from the client starts originating from another external IP address, the voice services may behave unexpectedly or not work at all.
In the event of a fail-over (the primary circuit goes down, and traffic must come from a backup circuit for a period of time), clients may need to re-register to the server from the new IP address to regain functionality, depending on the solution. For phones, this can be accomplished via a reboot if required. In these situations, failing back to the primary may also require re-registering due to the IP change.
Vendor KBs
Below are some helpful resources on common firewall vendors. Note that these links are provided as a best effort and may no longer be relevant to your situation or not contain all the information required to make VoIP work in your environment. When in doubt, a Google search for "VOIP on VENDOR" and "disable sip alg on VENDOR" usually turns up with the correct information.
Sonicwall
How to Troubleshoot VoIP
How to Configure Quality of Service
Palo Alto
How to Disable SIP ALG
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEsCAK
Ubiquiti
Disable SIP and H323 ALG
https://community.ui.com/questions/Disable-SIP-ALG-on-USG/6ce1f278-e658-4ac8-8063-2c60696cbcb6
Cisco ASA
Disable SIP ALG
https://community.cisco.com/t5/network-security/asa-ho-do-i-disable-sip-alg/td-p/2329095
Endpoints
Please refer to the endpoint vendor below for specific configuration options and recommendations for your network.
Yealink
Recommended Network Setup for Yealink Devices
When deploying Yealink devices such as the T5 and T3 series, proper network configuration is crucial to ensure seamless communication and performance. Here's a step-by-step guide to the network setup process:
VLAN Configuration
- Segregation of VoIP Traffic: Yealink devices perform best when their traffic is segregated from other network traffic. Setting up a dedicated VLAN for voice traffic ensures minimal interference, improved security, and optimized quality of service (QoS).
- QoS Prioritization: Ensure QoS settings prioritize voice traffic to maintain call quality, even in environments with heavy data usage.
LLDP Support (RECOMMENDED)
Link Layer Discovery Protocol (LLDP) is essential for device discovery and network management. Yealink T5 and T3 series devices support LLDP-MED (Media Endpoint Discovery), which can automatically provision network settings and VLAN IDs when LLDP is enabled on network switches.
-
Configuring LLDP on Network Switches:
- Enable LLDP globally on your managed switches.
- Make sure LLDP-MED is enabled, as it is critical for passing VLAN, QoS, and power information to the Yealink devices.
- Confirm that the switch ports are correctly configured for the voice VLAN.
This will allow Yealink devices to auto-discover and configure their network settings, reducing manual setup time and potential misconfigurations.
Yealink Device Management Server Configuration (RECOMMENDED)
For streamlined provisioning, Yealink devices are setup to automatically connect to the Yealink Device Management Server (YDMP) or Yealink Management Cloud Service (YMCS), bypassing the need for DHCP Option 66.
This is usually setup by default for your devices and the only requirement is to ensure you have allowed traffic to the following IP addresses and ports in your firewall settings if you are blocking it.
Server IPs:
- 54.174.154.29
- 52.5.133.228
- 52.71.103.102
- 52.201.1.15
- 34.238.237.220
- 34.235.12.107
- 35.153.119.139
Ports:
- 80 (HTTP)
- 443 (HTTPS)
- 8443
- 9989
- 9090
- 8446
This configuration ensures Yealink devices can easily connect to their provisioning servers for a seamless setup process without the need for DHCP Option 66.
DHCP Scope Options for Yealink T5 and T3 Series Devices
To auto-provision and simplify device configuration, DHCP Scope Options need to be properly configured. Here’s how to set this up:
Option 66 – TFTP Server Name: Yealink devices use DHCP Option 66 to obtain the address of the provisioning server.
- Set Option 66 to point to the IP or domain name of the provisioning server that hosts the configuration files.
DHCP Option Setup Instructions:
Provisioning Server Address - If using this method please let us know so we can get you this information.
- Open your DHCP server management console.
- Navigate to the Scope Options for the VLAN or subnet where Yealink devices are located.
- Add Option 66 and input the provisioning server address.
- Save and apply changes.
This setup will ensure that Yealink T5 and T3 devices can automatically find and download their provisioning configuration when connected to the network.
In addition to Options 66, DHCP Option 132 can be used to assign VLANs for switches that are unable to set up LLDP. By configuring Option 132, Yealink devices can automatically join the correct VLAN for voice traffic without relying on LLDP for dynamic discovery.
DHCP Option 132 – VLAN ID:
- Purpose: This option allows you to define the VLAN ID that the Yealink devices should use. It's particularly useful in environments where LLDP cannot be configured or supported on network switches.
- How It Works: When the Yealink T5 or T3 device connects to the network and receives its IP address via DHCP, Option 132 will deliver the VLAN ID that the phone should use for its voice traffic.
VLAN Setup Instructions Using DHCP Option 132:
Access DHCP Server:
- Open your DHCP server management console and navigate to the Scope Options for the VLAN or subnet where the Yealink devices are located.
Configure Option 132:
- Add DHCP Option 132 to the scope.
- Set the value to the appropriate VLAN ID (e.g., VLAN 100 for voice traffic).
Save and Apply:
- Save the changes and apply the updated DHCP configuration.
Once configured, the Yealink devices will automatically be assigned the correct VLAN for voice traffic, allowing them to send and receive VoIP data through the designated network segment.
PoE Requirements
Yealink T5 and T3 series devices are PoE (Power over Ethernet) compatible, which simplifies the deployment by reducing the need for power adapters. However, PoE needs to meet certain power requirements depending on the model:
T5 Series PoE Requirements:
- Yealink T5 devices typically require IEEE 802.3af PoE (Class 3) for standard operation.
- Some advanced models with color displays and more features may benefit from 802.3at PoE (Class 4) for optimal performance.
T3 Series PoE Requirements:
- The T3 series generally operates under IEEE 802.3af PoE (Class 2), which consumes less power compared to the T5 series.
When deploying these devices, ensure that your PoE switches are capable of delivering the required power across all devices, particularly if a large number of phones are being deployed on a single switch.
Conclusion
By following these guidelines, your Yealink devices will be properly configured for optimal network performance. Correct VLAN setup, DHCP scope options, LLDP configuration, and ensuring appropriate PoE support will simplify your deployment, improve call quality, and reduce configuration errors across your network.
Grandstream
Recommended Network Setup for Grandstream Devices
When deploying Grandstream devices, proper network configuration is crucial to ensure seamless communication and performance. Here's a guide to help with the network setup process:
VLAN Configuration (RECOMMENDED)
- Segregation of VoIP Traffic: Grandstream devices perform best when their traffic is segregated from other network traffic. Setting up a dedicated VLAN for voice traffic ensures minimal interference, improved security, and optimized quality of service (QoS).
- QoS Prioritization: Ensure QoS settings prioritize voice traffic to maintain call quality, even in environments with heavy data usage.
LLDP Support (RECOMMENDED)
While the HT802 ATA does not support LLDP, VLAN configuration through DHCP (see below) can achieve similar results by automatically assigning VLAN IDs to the device.
Grandstream Device Management Server (RECOMMENDED)
To streamline provisioning, Grandstream devices, including the HT802, are best managed through the Grandstream Device Management System (GDMS). GDMS provides centralized provisioning, monitoring, and troubleshooting, eliminating the need for DHCP Option 66 configuration.
To use GDMS, ensure that your firewall allows traffic to the following IP addresses and ports:
Server IPs:
- 35.172.228.199
- 35.196.177.28
- 35.237.76.31
- 35.196.88.16
- 35.203.145.56
Ports:
- 80 (HTTP)
- 443 (HTTPS)
- 8443
By enabling these IP addresses and ports, your Grandstream HT802 devices can automatically connect to GDMS for a seamless setup process.
DHCP Option 132 – VLAN ID:
- Purpose: This option allows you to define the VLAN ID that the Grandstream devices should use. It's particularly useful in environments where LLDP cannot be configured or supported on network switches.
- How It Works: When the Grandstream device connects to the network and receives its IP address via DHCP, Option 132 will deliver the VLAN ID that the phone should use for its voice traffic.
VLAN Setup Instructions Using DHCP Option 132:
Access DHCP Server:
- Open your DHCP server management console and navigate to the Scope Options for the VLAN or subnet where the Grandstream devices are located.
Configure Option 132:
- Add DHCP Option 132 to the scope.
- Set the value to the appropriate VLAN ID (e.g., VLAN 100 for voice traffic).
Save and Apply:
- Save the changes and apply the updated DHCP configuration.
Once configured, the Grandstream devices will automatically be assigned the correct VLAN for voice traffic, allowing them to send and receive VoIP data through the designated network segment.
DHCP Scope Options for Grandstream Devices
To auto-provision and simplify device configuration, DHCP Scope Options need to be properly configured. Here’s how to set this up:
Option 66 – TFTP Server Name: Grandstream devices use DHCP Option 66 to obtain the address of the provisioning server.
- Set Option 66 to point to the IP or domain name of the provisioning server that hosts the configuration files.
DHCP Option Setup Instructions:
Provisioning Server Address - If using this method please let us know so we can get you this information.
- Open your DHCP server management console.
- Navigate to the Scope Options for the VLAN or subnet where Grandstream devices are located.
- Add Option 66 and input the provisioning server address.
- Save and apply changes.
This setup will ensure the Grandstream devices can automatically find and download their provisioning configuration when connected to the network.
In addition to Options 66, DHCP Option 132 can be used to assign VLANs for switches that are unable to set up LLDP. By configuring Option 132, Grandstream devices can automatically join the correct VLAN for voice traffic without relying on LLDP for dynamic discovery.
PoE Requirements
The Grandstream HT802 is not a PoE-enabled device, so it will require an external power adapter to function. Ensure that a power source is available when deploying these devices.
Conclusion
By following these guidelines, your Grandstream devices will be properly configured for optimal network performance. GDMS offers a streamlined way to provision and manage your devices, while VLAN setup and QoS configuration ensure quality VoIP traffic handling across your network.
Avaya
Recommended Network Setup for Avaya IP Phones
When deploying Avaya IP phones, proper network configuration is essential to ensure seamless communication and performance. Here's a guide to the network setup process:
VLAN Configuration (RECOMMENDED)
- Segregation of VoIP Traffic: Avaya devices perform best when their traffic is segregated from other network traffic. Setting up a dedicated VLAN for voice traffic ensures minimal interference, improved security, and optimized quality of service (QoS).
- QoS Prioritization: Ensure QoS settings prioritize voice traffic to maintain call quality, even in environments with heavy data usage.
LLDP Support (RECOMMENDED)
Avaya IP phones generally support LLDP for dynamic provisioning of VLAN and QoS information. However, if LLDP is unavailable or you want to enforce VLAN assignment via DHCP, the instructions using DHCP Option 242 as above can achieve similar results.
Avaya Device Enrollment Service (DES) (RECOMMENDED)
To streamline provisioning, Avaya phones can be set up to automatically connect to the Avaya Device Enrollment Service (DES). DES simplifies provisioning, monitoring, and troubleshooting for Avaya devices.
VLAN Info
Using DES does not automatically configure the VLAN for the phone. LLDP outlined above or DHCP Option 242 can be used to apply the VLAN (outlined below)
For Avaya's Device Enrollment Service (DES), you'll need to ensure your network is configured to allow communication with Avaya's provisioning servers. The following ports and IPs should be allowed through your firewall:
Server:
- des.avaya.com
Ports:
- 80 (HTTP)
- 443 (HTTPS)
These ports ensure that devices can communicate securely with Avaya's provisioning servers for configuration and updates. Be sure to verify with your specific Avaya system documentation for any additional network settings or IPs required for your environment.
VLAN Setup Instructions Using DHCP Option 242:
Access DHCP Server:
- Open your DHCP server management console and navigate to the Scope Options for the VLAN or subnet where the Avaya devices are located.
Configure Option 242:
- Add DHCP Option 242 to the scope.
- Set the value to the appropriate string for voice VLANs and call servers. For example,
L2Q=1,L2QVLAN=100.
Save and Apply:
- Save the changes and apply the updated DHCP configuration.
Once configured, the Avaya devices will automatically be assigned the correct VLAN for voice traffic.
DHCP Scope Options for Avaya IP Phones
To auto-provision and simplify device configuration, the following DHCP Scope Options could be configured:
DHCP Option Setup Instructions:
Provisioning Server Address - If using this method please let us know so we can get you this information.
- Open your DHCP server management console.
- Navigate to the Scope Options for the VLAN or subnet where Avaya devices are located.
- Add Option 242 and input the provisioning server address.
- Save and apply changes.
This setup will ensure the Avaya devices can automatically find and download their provisioning configuration when connected to the network.
Option 242 – VLAN and Call Server Information: For newer Avaya IP phones (16xx, 96xx series), DHCP Option 242 is used for VLAN configuration and call server provisioning.
- Example:
L2Q=1,L2QVLAN=100,MCIPADD=192.168.42.1,MCPORT=1719
PoE Requirements
Most Avaya IP phones support PoE (Power over Ethernet), reducing the need for external power supplies. Ensure your network switches are PoE-capable to power the phones directly, particularly if you’re deploying a large number of phones on a single switch.
All Avaya J139, J159, J169, and J179 IP phones support IEEE 802.3af Power over Ethernet (PoE). When PoE is unavailable, the phones can be powered using an external 5VDC, 2 Amp (12W) power adapter.
- J139, J159, J169, J179: Use IEEE 802.3af Class 2 PoE.
- For environments lacking PoE, use the following power adapter models:
- US: 700512377
When deploying these phones, ensure your PoE switches are capable of delivering the required power, particularly for larger setups.
Conclusion
By following these guidelines, your Avaya IP phones will be properly configured for optimal network performance. Using DES for streamlined provisioning, setting up the correct VLANs, and configuring DHCP options ensure that your Avaya devices are easily deployable and maintain high call quality across your network.