Configuration on 1906VA for 1x Cable-Internet, 2x SIP-Trunk, and 3CX PBX

[DFLiddle]

Greetings, all, and thank you for tolerating a request for help in English—I just don't want to make any mistakes in my description or terminology.

For several years, our organization's campus has had a cable internet connection from Unitymedia and two ISDN connections from Telekom—one for the administration and one for the conference center. The internet connection and internal network was handled by a ZyXEL ZyWALL 310 unit. The phone system was handled by an Askozia appliance with a built-in beroNet card for the ISDN channels, and last year this appliance was upgraded to 3CX. Support for ISDN is ending, and I have purchased a Lancom 1906VA to handle all three connections at the edge of our network. The ZyWALL does not handle voice traffic at all well, I find. The Lancom configuration and user interfaces are so different from those of the ZyWALL that I have not yet adjusted, which is why I need your help.

One of our Telekom connections has already been converted to All-IP, and this connection is temporarily being handled by a Digitalisierungsbox Basic with a single ISDN connection to the PBX. However, we are able to use only 2 of the 4 channels available to the account. 3CX makes an internal SIP connection to the beroNet card and ISDN modules.

Here is our environment as it will be:

Internet:

• 1x Unitymedia Business Internet, 600 down / 40 up, over Hitron CGNV4-EU modem

Telephony, external:

1. 1x Telekom DeutschlandLAN SIP-Trunk, 16 down / 2.5 up, 4 voice channels, 300-number block (administration)
2. 1x Telekom DeutschlandLAN SIP-Trunk, 16 down / 2.5 up, 4 voice channels, 70-number block (conference center)

Telephony, internal:

• Hardware: Askozia appliance, Intel Celeron 1.99 GHz, 4 GB RAM, 512 GB SSD, 1x Gigabit Ethernet, 2x beroNet bf4S0 modules
• Software: 3CX Professional, v.16.0.910, 8 simultaneous calls
• Can be virtualized after conversion to All-IP is complete
• 85+ Snom desk phones: D375, 715, 710 and 320 models
• 15+ Snom DECT phones: 5 m700 base stations; m65, m25 handsets

Preferences:

• I do not wish to use the Telekom connections as backup for the internet connection; they should be used only for the SIP-Trunk connections.
• If possible, I would like for the 1906VA to handle both the DSL and the SIP-Trunk connections, but pass all calls to 3CX.
• If possible, I would like for 3CX to make a local SIP connection to the 1906VA, similar to what it does now with the beroNet card.

The 1906VA is temporarily in its own VLAN on our network so that I can program as much as possible in advance without interfering with everyday operations.

I hope that I have provided enough information to allow you to make suggestions and give advice. This project is my priority now, so I am ready and happy to provide additional information when needed. I would like to have a stable system that isn't complicated to manage! Many thanks!

[Maurice]

That doesn't look too complicated, especially since you want to use the DSL connections for VoIP only. So no need to configure load balancing / backup connections / QoS. The 1906VA can easily handle 3 WANs and multiple LANs.

Not sure if using the 1906VA's VoIP features really makes sense here. 3CX can handle the Telekom SIP trunks natively. QoS shouldn't be an issue since there is only voice traffic on the DSL connections. And having two separate systems involved in call handling could make troubleshooting harder.

Since you're new to Lancom, you should familiarize yourself with the concept of interface tags and routing tags. This is very Lancom specific and essential for handling multiple WANs and LANs. See "Advanced Routing and Forwarding (ARF)" in the LCOS manual.

Cheers

Maurice

[DFLiddle]

Thank you for the suggestion. I have been working my way through the reference manual, but unique features such as these take more time to absorb. I'll be sure to read those sections again, in both English and German, and then try to find some examples "out there" to help me connect better with the concepts.

There are two things that prompted me to suggest the arrangement I did:

• My failed experiences with the one converted connection and the ZyWALL made me reluctant to try the direct connection again, and
• Due to efficiency or laziness, it would mean that I didn't need to create a new trunk in 3CX and add the DIDs all over again.

One further question at this time: will this tagging feature allow me to distinguish the two SIP-Trunk accounts that I will have by the time I finish? That is, it seems to me that 3CX won't know or care that there is a DSL connection dedicated to each account. I'll be on the lookout for examples that give me some inspiration and ingenuity on this subject.

[DFLiddle]

In addition to the LCOS reference manual, the following (archived) publication was very helpful:

Network Connectivity - Advanced Routing and Forwarding
https://www.lancom-systems.com/#pub_263

It seems to me that interface and route tagging is similar to ZyXEL's "zones", on which the firewall rules are especially based. The information I have gleaned leads me to ask (or re-pose) a few more questions:

• Our network has several VLANs to separate office networks from guest networks. Do I understand correctly that the use of interface tags eliminates the need to have firewall rules that specifically deny access?
• For each of our Telekom SIP-Trunk accounts, the destinations for the registrar and proxy will be the same. I do not yet understand how tags can help route traffic from the 3CX PBX for each account over the corresponding DSL connection. Should the two DSL connections be set up in a load-balancing arrangement with a WAN tag shared with the VoIP VLAN?
• Are there any limitations to tagging that should be expected when using switches from another manufacturer? Our network is built on Ubiquiti UniFi switches and APs.

Thank you all for patiently considering my situation and questions! Little by little, I will get it ...

[Maurice]

My failed experiences with the one converted connection and the ZyWALL made me reluctant to try the direct connection again

Our PBX (not 3CX) directly connects to a Telekom SIP trunk and sits behind a Lancom router. This setup proved to be pretty reliable.

Due to efficiency or laziness, it would mean that I didn't need to create a new trunk in 3CX and add the DIDs all over again.

But you would have to create the SIP trunks on the Lancom router and configure the Call Manager. Not sure if that would be easier.

Our network has several VLANs to separate office networks from guest networks. Do I understand correctly that the use of interface tags eliminates the need to have firewall rules that specifically deny access?

Correct. By default, there is no routing between networks with different interface tags (exception: the privileged interface tag "0").

For each of our Telekom SIP-Trunk accounts, the destinations for the registrar and proxy will be the same. I do not yet understand how tags can help route traffic from the 3CX PBX for each account over the corresponding DSL connection. Should the two DSL connections be set up in a load-balancing arrangement with a WAN tag shared with the VoIP VLAN?

If you configure the Telekom SIP trunks directly on the 3CX, you could use one (V)LAN for each SIP trunk (if 3CX supports this). On the Lancom, you can then route each (V)LAN via a specific WAN by creating multiple default routes with different routing tags (matching the interface tags). There might be other solutions.

Are there any limitations to tagging that should be expected when using switches from another manufacturer? Our network is built on Ubiquiti UniFi switches and APs.

Lancom interface tags / routing tags work on the IP layer and are being used internally only, they never "leave" the router. They are unrelated to VLAN tagging (which is also supported).

Cheers

Maurice

[DFLiddle]

Thank you very much for the confirmations and ideas—it's helpful guidance for my introduction to the Lancom world and perspective. I will give it all a go when I put the 1906VA into full service at the end of the month.

For each of our Telekom SIP-Trunk accounts, the destinations for the registrar and proxy will be the same. I do not yet understand how tags can help route traffic from the 3CX PBX for each account over the corresponding DSL connection. Should the two DSL connections be set up in a load-balancing arrangement with a WAN tag shared with the VoIP VLAN?

If you configure the Telekom SIP trunks directly on the 3CX, you could use one (V)LAN for each SIP trunk (if 3CX supports this). On the Lancom, you can then route each (V)LAN via a specific WAN by creating multiple default routes with different routing tags (matching the interface tags). There might be other solutions.

This idea in particular is a good one, but I think that it will need to wait until I virtualize the PBX, since the appliance has but a single Ethernet port.