Need to automatically provision your Polycom phones against Endpoint Manager in FreePBX, or another config source with a Ubiquiti EdgeRouter? Look no further.
Simply add this to your DHCP configuration and substitute YOUR_DHCP_NAME_HERE, your subnet (192.168.100.0/24) and the IP address (192.168.100.5) with your provisioning server below. To change to ftp or http, simply change the URL prefix.
set service dhcp-server global-parameters "option option-160 code 160 = string;" set service dhcp-server shared-network-name YOUR_DHCP_NAME_HERE subnet 192.168.100.0/24 subnet-parameters "option option-160 "tftp://192.168.100.5";"
Give me a high-five in the comments for saving you a few hours of head-banging! 🙂
Backstory: Client of mine was moving locations, and of course wanted to save money by ordering the Internet circuit themselves. 100mbps fiber circuit lands from AT&T and I get there to “hook everything up,” fully expecting a shiny ISP router your typical usable IP handoff. Lo and behold there is no ISP supplied router – turns out they didn’t know that the plus service from AT&T included a router, and the regular, unmanaged service which they ordered called for a customer supplied router. (surprise!) It needed to work in 72 hours and I had to find a quick solution that would make them happy, keep me sane and be secure.
By sheer coincidence, I purchased a Netgear GS748Tv5 switch for their new office. With a little experimentation and VLAN ninja fu I was able to make the switch a full blown layer 3 router replacing the need for something from the ISP (again in this case AT&T). In the following tutorial I’m going to show you how to make a 24 or 48 port Netgear smart switch an ISP router. Feel free to substitute AT&T in this tutorial with just about any ISP’s name, but my example is based on a live AT&T setup I did.
In the examples below we are using a dummy AT&T and LAN configuration. So for a moment pretend that these are the IPs the ISP has handed you and that 10.10.1.0 / 255.255.255.0 is your LAN.
AT&T Datalink IP for your router: 188.8.131.52 / 255.255.255.252
AT&T Datalink IP for the AT&T gateway: 184.108.40.206
AT&T Provided WAN IP for your “router”: 220.127.116.11 / 255.255.255.240
AT&T Provided first usable IP: 18.104.22.168 (your firewall would have this address or one in the usable range)
VLAN for Datalink: 99
VLAN for WAN: 98
Our dummy LAN subnet: 10.10.1.0 / 255.255.255.0
Step 1 – Logon to the admin interface of your Netgear smart switch.
Step 2 – Let’s start by running the VLAN wizard to create two VLANs, one for the datalink connection, the other for your WAN side where you will be connecting a firewall. In our case we had a HA pair of Sonicwalls (we actually assigned TWO ports to the #98 VLAN, but let’s not let that confuse you), but it could be any firewall, even a SOHO grade Asus or something.
Click Routing from the top menu, then VLAN. This should drop you right into the VLAN wizard. If not click it on the left hand side menu.Create the AT&T datalink VLAN, #99. Assign it 22.214.171.124, and assign a port to it. In this example we will use port 1 and set it to “untagged”
Note the VLAN can be fiber port 47-48 if you are using a GBIC – if using fiber to crossconnect to AT&T the dedicated GBIC ports at 49-50 don’t work for whatever reason. I believe this is due to the auto-sensing on the Netgear.
Click Apply to save this. Port 1 is where you will plug in your AT&T handoff.
Next create your WAN VLAN, #98. Assign it 126.96.36.199 the customer router IP supplied by AT&T. In this example we will use port 2 and again set it to untagged.
Click Apply to save. Port 2 is where you will plug your firewall’s WAN into.
Step 3 – We’ve got the VLANs created and the ports assigned to their respective VLANs. Based on the above example, plug your AT&T connection to port 1, and your firewall’s WAN port into port 2. Next we will setup the routing.
Click Routing on the top menu, and the Routing Table sub menu. This is where we will add our routes. Start by adding a static route for our AT&T datalink connection. You will be adding a network here, so decrement the AT&T datalink gateway’s IP by one and add it like so:
Click Add.Next we will add our static WAN route, again take the AT&T YOUR router IP and decrement by one and add it like so:
Lastly, we need to add the default route towards the AT&T datalink side of things:
Select the checkbox and you should be placed into default route. Enter the AT&T Datalink gateway here to route all traffic towards AT&T:
When complete the routing table should look like this. You will have working Internet at this point. But you aren’t quite done yet.
Step 4 – Now we need to lock down the administration interface so the switch’s web interface can’t be accessed from the WAN. This is optional but highly recommended!
Click on Security, Access, Access Control.Create an Access Profile Configuration by selecting that option on the left menu. You can name it whatever you like, in the example below we call it “security”. For now deactivate the profile.
Click Apply to save.
Now select Access Rule Configuration on the left. Create six rules to allow access to your switch from the LAN, but deny from any other sources.
Rule 1: Permit, HTTP, 10.10.1.1 (your LAN subnet here), 255.255.255.0, Priority 1
Rule 2: Permit, Secure HTTP(SSL), 10.10.1.1 (your LAN subnet here), 255.255.255.0, Priority 2
Rule 3: Permit, SNMP, 10.10.1.1 (your LAN subnet here), 255.255.255.0, Priority 3
Rule 4: Deny, HTTP, Priority 4
Rule 5: Deny, Secure HTTP(SSL), Priority 5
Rule 6: Deny, SNMP, Priority 6
When complete the access rules should look like:
Now go back to the Access Profile Configuration, activate the security profile and click Apply.
You should be able to access the web and SNMP interfaces of the switch from your LAN, but not from the Internet. Note I had troubles with the security profile deactivating across a reboot if I used a name with a space in it, combined with the source IP address ending with zero. Use my example for it to stick across reboots. I have no idea which combination of either the name or the address fixed it… but my example works for sure.
That’s it! You’ve just created an ISP router out of a Netgear smart switch. If you are not getting the speed you think you should have, make sure to check the duplex and auto negotiation settings on the switch ports to both the ISP and your router. Sonicwalls are notorious for strange problems here.
If I saved your bacon and you used this solution with success or not, please let me know in the comments section.
After running Voicemail Pro on a Windows 2003 domain controller (running Microsoft DNS) fine for 6 months, Voicemail Pro decided to stop communicating with the IP Office after a reboot. It looked like everything was fine as I could load the Voicemail Pro admin interface, but obviously there was no communication between the IP Office and Voicemail Pro. This is because MS DNS decided to eat the ports needed by the Voicemail Pro to communicate with the IP Office (UDP 50791-50801)…If you experience Voicemail Pro Not Operational, but it seems fine… and you get this in Monitor:
3233269mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: TimerExpired cause=CMTCNoAnswerTimeout
3233269mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: Retarget NOANSWER EXCEPTED=00000001 ValidTargets=1
3233269mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: Retarget on target_cfg_user=SMConference
3233269mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: ADD USER: SMConference depth=1 disallow_cw=0 dnd=0 real_call=1 group_call=0 type(CMNTypeUnknown) incl(0x1) excpt(0x1), allow_redir(1) remote=00000000
3233270mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: SELECT: TRY VOICEMAIL orig_hg() orig_user(8509)
3233270mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: ADD VM TARGET
3233270mS CMTARGET: Voicemail Pro not operational
3233270mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: ADD VM TARGET: FAILED availability=0
3233271mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: VM targeting failed. Remaining on final target SMConference
3233271mS CMTARGET: 5.20.1 27 Q931 Trunk:5 CHAN=1: GetNoAnswerTimer:22
Microsoft DNS will fight for UDP ports with IP Office. One way to test this is to shutdown the MS DNS server, restart VM Pro and then restart MS DNS. If THEN your server is working you need to reserve the IP office ports so Microsoft DNS can’t grab them:
Instructions for 2003 and 2003 R2 server:
Start Registry Editor (Regedit.exe).
Locate and then click the following registry subkey:
On the Edit menu, point to New, and then click Multi-string Value. There may be an entry already there, just modify it.
Right-click the new value, click Rename, type ReservedPorts, and then press ENTER.
Double-click the ReservedPorts value, type the range of ports that you want to reserve, and then click OK.
Quit Registry Editor.
Restart your voicemail pro system (full reboot)… now your MS DNS will not try to grab ports that VM PRO needs to operate.
Instructions for 2008 and 2008 R2 server:
Server 2008 and 2008 R2 do not support the above registry entry. You will need to download the following hotfix from Microsoft, install it, reboot and then run the command below.
Command prompt (elevated):
netsh int ipv4 Add excludedportrange protocol=udp startport=50790 numberofports=12 store=persistent
Instructions for 2012 and 2012 R2 server:
Server 2012 and 2012 R2 do not support the ReservedPorts registry entry. You will need to run the command below.
Command prompt (elevated):
netsh int ipv4 Add excludedportrange protocol=udp startport=50790 numberofports=12 store=persistent
This article is also posted on Tek-Tips IP Office FAQs, which was authored by me.
As of the writing of this blog article (1/22/15) Google Search is mysteriously missing from the Internet Explorer Gallery / IE Gallery. Need to add Google Search to IE, Microsoft says: tough luck, use crappy Bing instead. Here’s a solid workaround which I got from exporting the search entry from the registry of a Windows 7 system where Google was already active in IE. The following should work in all versions of IE 11 or later across all versions of Windows. This registry file has been tested with Windows 7, 8, and 8.1 as well as their parent server versions (2008 R2, 2012, 2012 R2).
To install the Google Internet Search in Internet Explorer:
- Close Internet Explorer
- Import the REG file below.
- Run Internet Explorer
- Be sure to set Google as default by clicking the Gear at top right, Manage add-ons, Search Providers, Right Click Google and click on “Set as Default”
- The icon for Google search should appear after you run the first search.
Note that “send keystrokes to Google” will be turned on by default. You can disable that behavior in Manage add-ons.
You may need to right-click the above and select “Save As” or “Save Target As”
I recently purchased a new home, and with it a new Asus RT-AC68U router, and two gen 2 Nest learning thermostats. I’ve been fighting Nest offline/disconnection issues with my Nest thermostats since I got installed them, and finally found the answer after hour and hours of Googling. This fix should work with any Asus router, such as the dark knight RT-N66U, RT-AC66U, even if you use the Merlin firmware (which I use). I will note that in attempting to fix this I also assigned my Nest thermostats DHCP static assignments, but that didn’t help with disconnects. Oddly in my previous residence I had a Linksys E2500 and a single gen 1 thermostat and never had this issue.
I spent an hour+ on the phone with Nest level 1 and level 2 support and they didn’t really have an answer, but led me to narrow down my options.
Even with my previous fix below, my Nests still disconnected all the time. I kept reading forums, etc., and now have the following settings, which seem to be working:
Beacon Interval: 211
Enable WMM APSD: Enable
Seems to be working. We’ll see long term. Lots of people are having issues with 4.3.3 and 4.3.2 and WiFi disconnects.
Unfortunately, my thermostats still go offline intermittently. I really wish Nest would get their s**t together. My thermostat is wired with power. This issue is seriously annoying, and is pervasive.
They mentioned that WMM sometimes creates issues, and I immediately gravitated to “WMM APSD” in the “Professional” tab of 2.4GHz. I disabled this feature and I have not had a drop off since. Set the following parameters in your “Wireless”, “Advanced” section for 2.4Ghz: “Enable WMM APSD” and select “Disable” For the record I also have “b/g protection” in “General” off as well, but I’m not sure that has anything to do with it.
A client of mine has a SyncToy process which synchronizes Office 365 Sharepoint document library files to a local drive. We map local drives to Sharepoint document libraries and then run SyncToy to copy the data locally. A friend of mine helped me with this VBS script (thanks Nick), which automatically logs a user in and then maps the drives so we don’t have to deal with the 24 hour SAML token timeout, requiring a user to logon every 24 hours. We use this script to automate our SyncToy procedure which runs throughout the day.
wShell.Run "cmd.exe /C " & NetCommand, 1, True Set wShell=Nothing objIE.quit Set objIE = Nothing