Dual WAN single port

Simon · August 27, 2018, 11:30pm

I am in the process of adding a SIP second trunk from my ISP and its on a private /30 IP, they are providing me a second port on the modem currently used. The issue is I only have the one ethernet port and the PBX needs access to the public and the private networks. My network switch I am using is a layer 3 so I can do configuration for ports and Vlans if needed.

My first questions is, I noticed that in FreePBX I can add a secondary or VLan off the main eth0. Is this what i need to do to allow both networks reachable to the PBX system?

arielgrin · August 28, 2018, 4:28am

Easiest way would be to add a second nic.

Simon · August 28, 2018, 4:51am

I wish I could but the system in use does not have any expansion capabilities.

arielgrin · August 28, 2018, 5:08am

Not even usb? Even though is not recommended to use a usb-to-ethernet adapter, you could try that way first.

If not, you can go the way of assigning two different IPs to the nic, it is not mandatory to use vlans.

Stewart1 · August 28, 2018, 6:56am

This is easy to do with VLANs. I don’t know the details of your hardware or network, so I’ll pretend you’re using a simple ‘smart’ switch such as https://www.amazon.com/Ethernet-Unmanaged-Shielded-Replacement-TL-SG105E/dp/B00N0OHEMA/ or https://www.amazon.com/NETGEAR-Gigabit-Lifetime-Protection-GS105Ev2/dp/B00HGLVZLY/ .

On the PBX, set up a VLAN interface. If your NIC is eth0, use eth0.3 (for example). Configure it with a static IP address appropriate for your new trunk. Add the subnet to Local Networks (in Asterisk SIP Settings).

Connect port 1 of your switch to the PBX, port 2 to your normal LAN and port 3 to the modem port for the new trunk. Configure switch:
VLAN2: port 1 untagged, port 2 untagged.
VLAN3: port 1 tagged, port 3 untagged.
PVIDs: port 1 VLAN2, port 2 VLAN2, port 3 VLAN3.

Confirm that the PBX can ping hosts on your LAN and on the internet, as well as the new trunk interface.

Set up the trunk and test.

Simon · August 28, 2018, 7:25pm

Hello Stewart1, thank you for the info. I think i will give this a try but maybe I can get a little more information and help from you.

We currently have a Netgear GS728TP switch that is managed and I am able to do some configuration. My network is currently 10.10.99.0/24 and the private LAN is in the range of 172.17.3.120/29.

So from my understanding there are 2 VLAN’s configured, VLAN 2 is for normal internet and VLAN 3 is for the private LAN. All normal ports should be on VLAN 2 including ports for computers and printers. The PBX port should be VLAN 3.

As for the tagged and untagged this is where I get a little lost. I’m guessing this is the config;
port 1: untagged vlan 2, tagged vlan 3
port 2: untagged vlan 2
port 3: untagged vlan 3
port 4 to 24 : untagged vlan 2

Stewart1 · August 28, 2018, 9:31pm

This should be fine. Make sure that untagged packets coming into port 3 (from the new trunk) are sent to VLAN3. On some switches, this requires a separate ‘PVID’ setting.

Simon · September 8, 2018, 3:06pm

Hello Stewart1,

This looks like it worked on a production setup. Thank you for the help.

system · September 15, 2018, 3:06pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.