A. General Information
Note the following items pertaining to your network in order to use Plug & Play:
General
- Please inform your IT department of the scheduled start date and check beforehand if router or firewall configurations are required.
- In general, every end device requires its own IP address which can be issued either manually from the respective device or via a DHCP server.
- When using a DHCP server please be sure you have sufficient IP addresses available for assignment. The DHCP server may not propagate option 66. It might be necessary to deactivate an excisting DHCP conflict database for the telephones.
Settings for switches
- Generally we anticipate te use of Spanning Tree Protocol for your switches. With an activated Spanning tree, all ports that are used with telephones and similar devices need to be configured accordingly. Depending on the switch provider and firmware, the recommended option for configuration is "edge mode" or "PortFast". These options allow for an instant connection of the device without blocking the connection for 30 seconds initially. Deactivate load-depending Spanning Tree for Cisco switches (PVST + Mode).
- Deactivate proxy ARP mechanisms and set up a protection against MAC spoofing.
Setting for router and firewall
- Port forwarding does not need to be set up. Do not set up port forwarding on the ports specified on the following pages!
- Based on the assumption that firewalls are stateful and answers in open TCP and UDP sessions are accepted, note the following settings:
- Any current SIP ALG as well as Store&Forward must be deactivated!
- Use an IDS/IPS and make sure it has no negative effect on the telephony. You might need to adjust settings or deactivate the system.
- We recommend a protection against ICMP redirect, route injection and DoS.
- Using network address translation (NAT) a UDP-NAT timeout of more than 130 seconds is necessary.
- Activation of a consistant NAT mode (required especially for SonicWall!)
- Please inform your email provider to whitelist our network (109.68.96.0/21), otherwise it could be possible that you can not receive your emails.
- Once encryption is activated for a customer, all devices approved for encryption will automatically be switched to this setting. It is not possible to selectively approve individual devices of this type for encryption or to exclude them from it. Billing will always only include the encryption compatible devices.