Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




613 posts

Ultimate Geek
+1 received by user: 160


Topic # 222879 1-Sep-2017 18:32
Send private message quote this post

I've been in the new serviced office (REGUS) for two days and their networking is driving me mad.

The single office has 8 RJ45 network ports. Each port has access to the internet but even though all 8 network port is on the same subnet, none of the computers, NAS or printers can access each other. Now I'm quite competent in the networking as I been doing this kind of thing for 20 years.

 

I have never been so frustrated. If I want to get any kind of IT support it going to cost me $$.

 

Also, my VoIP phones are not working correctly either, suffering from the one-way audio issue. They can hear me but I can't hear them. But I think this is a common problem with Serviced Offices as they block the VoIP traffic so you have to use their phone system. $$                                                                                              

 

So does anybody know how to set-up a local LAN network in a REGUS serviced office?

 

 

 

 






View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
25376 posts

Uber Geek
+1 received by user: 5202

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1856906 1-Sep-2017 19:20
3 people support this post
Send private message quote this post

Offering isolated ports in a serviced office is a perfectly normal way of configuring things - you don't want people being able to see each other's devices.

 

As for one way voice that just sounds like an organisation who won't know how to configure their router or have double NAT rather than an intentional attempt to block VoIP traffic.

 

If you want your devices to be able to talk to each other you may be able to plug in your own switch, assuming they're just using isolated ports rather than firewall rules also blocking L3 connectivity.

 

 

 

 




613 posts

Ultimate Geek
+1 received by user: 160


  Reply # 1856911 1-Sep-2017 19:36
Send private message quote this post

sbiddle:

 

Offering isolated ports in a serviced office is a perfectly normal way of configuring things - you don't want people being able to see each other's devices.

 

As for one way voice that just sounds like an organization who won't know how to configure their router or have double NAT rather than an intentional attempt to block VoIP traffic.

 

If you want your devices to be able to talk to each other you may be able to plug in your own switch, assuming they're just using isolated ports rather than firewall rules also blocking L3 connectivity.

 

 

 

 

 

 

 

 

I can imagine having a logical separation between offices, but to have the same level of separation within the same office room gets a bit frustrating?

 

So starting from basics, how to I get our MFC printer connected to four desktops using the existing infrastructure?

 

 

 

Double NATing of the VoIP has been particularly frustrating.   






 
 
 
 


25376 posts

Uber Geek
+1 received by user: 5202

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1856928 1-Sep-2017 20:10
One person supports this post
Send private message quote this post

If you plug your own switch into an existing port and plug your devices into that switch they may talk to each other. This assumes there is no L3 blocking occurring in the router. If that is the case then you're out of luck.

 

What do they say when you complain about the VoIP issue?

 

 

 

 


153 posts

Master Geek
+1 received by user: 19


  Reply # 1857460 3-Sep-2017 09:05
Send private message quote this post

Sounds like they've setup Private VLANs which is perfect good in a serviced office. In fact I'd go as far to say what they are doing is good practice. You don't want some numpty spreading something like wannacry across the LAN.

 

 

 

As for the VOIP it's most likely your VoIP system if it's based on SIP. SIP is the most arse protocol known to mankind, the standard was ratified by drunk orangutans. The clown that decided that SIP would ignore packet header information needs to be taken out and disemboweled.

 

 

 

Plugging a switch in should work. sboiddle not sure what you mean by Layer 3 blocking? A switch is a layer 2 device.


25376 posts

Uber Geek
+1 received by user: 5202

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1857513 3-Sep-2017 10:39
2 people support this post
Send private message quote this post

vulcannz:

 

 sboiddle not sure what you mean by Layer 3 blocking? A switch is a layer 2 device.

 

 

It's not uncommon in such a setup to also block L3 connectivity at the router as well as port isolation.

 

As somebody who's spent 15 years playing with SIP I highly dissagree with everything you've said about SIP. It's a great protocol that's only hampered by 2 things - vendors who build SIP ALG's into hardware, and people who build networks with double NAT.

 

 


153 posts

Master Geek
+1 received by user: 19


  Reply # 1857617 3-Sep-2017 14:21
Send private message quote this post

sbiddle:

 

vulcannz:

 

 sboiddle not sure what you mean by Layer 3 blocking? A switch is a layer 2 device.

 

 

It's not uncommon in such a setup to also block L3 connectivity at the router as well as port isolation.

 

As somebody who's spent 15 years playing with SIP I highly dissagree with everything you've said about SIP. It's a great protocol that's only hampered by 2 things - vendors who build SIP ALG's into hardware, and people who build networks with double NAT.

 

 

 

 

A switch is a layer 2 device. Layer 3 would block by IP. A typical unmanaged switch does not have an IP address. Port Isolation aka private VLANs works on port, not IP nor MAC address even.

 

SIP is terrible. SIP assumes it is direct connected to the internet, hence it doesn't honour/recognize the header data in the packet but uses its own embedded data. Hence is struggles with single NAT even. It also typically uses the same source port as the destination port making things even more difficult (this is why vendors need SIP ALGs). Finally SIP has no security, it's the most insecure protocol known to the universe.

 

 




613 posts

Ultimate Geek
+1 received by user: 160


  Reply # 1858042 4-Sep-2017 12:05
Send private message quote this post

Quick update.

 

I got one PC and I have it working with a local NAS (Synology) server and a printer bundled together on one switch. However, the other side of the room is without access until I get another switch and a very long cable.

 

My VoIP provider is 2talk and we use Yealink t22p desk phones. I setup the phones to use 2talks own Auto Provisioning service and the desk phone configured correctly i.e. it Registered with 2talk. However, I can't receive incoming calls. I can make out going calls but still, have the audio issue where I cannot hear the other party's voice, but they can hear me.

 

2talk is also a bit strange as it showing the IP address of my desk phone (Yealink T22p) and not a public facing IP address??

 

 

Click to see full size

 

 

 

Is there a tool I can use to check my firewall VoIP access?

 

 

 

 

 

 

 

 






153 posts

Master Geek
+1 received by user: 19


  Reply # 1858053 4-Sep-2017 12:13
Send private message quote this post

Yeah that's what SIP does. Instead of looking at the packet header for your public IP it embeds it in the data and uses the actual IP of the device behind the NAT.

 

 

 

I have a Yealink IP phone (the wireless one). I don't think you need to do anything special though I do have the Enable Outbound Proxy set as the same IP as the SIP gateway.

 

 

 

 




613 posts

Ultimate Geek
+1 received by user: 160


  Reply # 1858059 4-Sep-2017 12:19
Send private message quote this post

Just in case anybody whats to knows the setting used for Yealink phones to configure with 2talk using 2talk's own auto provisioning tool.

 

 

 

Click to see full size






787 posts

Ultimate Geek
+1 received by user: 32

Subscriber

  Reply # 1858066 4-Sep-2017 12:32
One person supports this post
Send private message quote this post

I've dealt with Regus overseas at least - and was able to get in their serviced office all of our staff plugged into our own switch - so network was separate and we could do things 'our way' we also organised dedicated IP and bandwidth.

 

 


153 posts

Master Geek
+1 received by user: 19


  Reply # 1858091 4-Sep-2017 13:13
Send private message quote this post

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

 

 

 

 

 




613 posts

Ultimate Geek
+1 received by user: 160


  Reply # 1858097 4-Sep-2017 13:23
Send private message quote this post

vulcannz:

 

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

 

 

Currently, my desk phone is plugged directly into the network wall socket. I don't' have access to the firewall. 

 

 

 

I'm thinking about getting a static IP address to resolve my issues, but I'm still not sure if it's going to work.

 

 

 

 






25376 posts

Uber Geek
+1 received by user: 5202

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1858327 4-Sep-2017 17:33
One person supports this post
Send private message quote this post

vulcannz:

 

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

 

 

 

I do have to say in the many thousands of phones I've deployed I've never encountered that as an issue. What type of firewall are you using? A Sonicwall by any chance?

 

 

 

 


3122 posts

Uber Geek
+1 received by user: 943

Subscriber

  Reply # 1858329 4-Sep-2017 17:37
One person supports this post
Send private message quote this post

If you are using 2talk, then port 50600 is an alternate you can register on. May help if there is a router screwing with 5060 traffic.


153 posts

Master Geek
+1 received by user: 19


  Reply # 1858342 4-Sep-2017 18:15
Send private message quote this post

sbiddle:

 

vulcannz:

 

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

 

 

 

I do have to say in the many thousands of phones I've deployed I've never encountered that as an issue. What type of firewall are you using? A Sonicwall by any chance?

 

 

 

 

 

 

 

 

Yip and it is standard practice for most firewalls. It avoids port conflicts. For example here is Fortinets document http://kb.fortinet.com/kb/documentLink.do?externalID=FD30357   (I am a certified engineer on other firewalls like Netscreen/Juniper/McAfee/Palo Alto etc).

 

This is what an ALG is for, it detects the SIP traffic and at the very least turns off NAPT. An ALG may also modify the SIP contents.

 

In some cases you find custom VoIP systems have modified the SIP standard - and ALGs fail to see them (3CX is a good example).

 

However 2Talk has a pretty standard setup, nothing odd or different (I've been using them for about 4 and a half years on UFB... behind a Sonicwall obviously ;)  ).

 

 

 

The other thing to consider is 2Talk have a custom Android app that just seems to work no matter what network you are on.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chow brothers plan to invest NZ$100 million in technology
Posted 24-Sep-2017 16:24


Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33


FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.