Settings > Network > Settings Telephone Ethernet
Settings Telephone Ethernet
Proceed as follows:
Using the telephone (page  > Settings > Network > Ethernet)
Ethernet
  DHCP
DHCP (Dynamic Host Configuration Protocol) is a client/server protocol for dynamically allocating IP addresses and network parameters. The IP addresses are requested by the DHCP clients (PCs in the network) on the DHCP server (for example, a router or the Internet service provider). The DHCP server takes these IP addresses from a set address pool and sends them to the client. In addition, the client receives additional information (for example, the addresses for the standard gateway and DNS server). The IP address is temporarily allocated for a certain amount of time. If the address is no longer required by the client, the server has access to it again and can allocate it to another client.
 IP address is received automatically.
 The IP address must be assigned manually. Addtional entries must be made:
IP address 
Enter IP address. In order to ensure that the data packets reach the correct recipients, all of the devices in a TCP/IP network require a unique address, known as the IP address. IPv4 addresses comprise four numbers between 0 and 255 that are separated by a point, for example, 192.168.0.14. The network addresses are divided up into different classes (Class A to C) depending on how many computers can be located in a network. Certain ranges are reserved for the operation of local networks:
Class A: 10.x.x.x (for networks with up to 16.5 million PCs)
Class B: 172.16.x.x to 172.31.x.x (for networks with up to 65534 PCs)
Class C: 192.168.0.x to 192.168.255.x (for networks with up to 254 PCs)
These addresses have no validity on the Internet; this means that data packets with this sender type or recipient address cannot be transported on the Internet. However, they can be used in local networks without restriction. The advantage of this is that if data from a local network configured in this way comes in contact with the Internet, none of the data on the computers in the local network can leak out or be accessed externally.
Net mask 
Enter the subnet mask. Configuring subnetworks makes it possible to connect many totally different networks located in totally different areas because each subnetwork receives its own address and can therefore be addressed by the router. A subnetwork is created when the IP address is linked with a subnet mask. If a bit in the subnet mask is set, the corresponding bit in the IP address is considered a part of the network address. If a bit is not set in the subnet mask, the corresponding bit in the IP address is used as a part of the PC address. The value of the subnet mask, as with IP addresses, is often given in decimal form (for example, 255.255.255.0 for IPv4 addresses).
Gateway 
Enter the gateway. A gateway is a PC or router that acts as an intermediary between two different networks. The Internet service provider is the gateway for direct Internet dial-up connections. If you use a router, this is the gateway in a local network.
DNS server 1 
Enter the DNS server. DNS (Domain Name Service) is needed to translate Internet addresses. The name of a computer on the Internet (for example, www.auerswald.de) is assigned to the corresponding IP address. This service is provided by DNS servers at the various Internet service providers or by upper domain servers.
DNS server 2  (optional)
 
  VLAN settings
 VLAN internal port VLAN gateway:
All data packets are forwarded, unchanged, between the ports (POE port, PC port and internal port).
 VLAN internal port VLAN gateway:
The internal port is placed in its own VLAN. The associated data packets are protected and transported in this VLAN (tagged with the VLAN ID of the internal port and prioritised with the VLAN priority of the internal port).
All data packets are forwarded, unchanged, between the POE port and the PC port.
You can connect a non-VLAN-enabled device, such as a PC, to the telephone's external port (PC port) without adding this device to a VLAN. You can also connect additional telephones to the external port (daisy chain) and use your own VLANs in the telephones.
 VLAN internal port VLAN gateway:
The internal port is placed in its own VLAN. The associated data packets are protected and transported in this VLAN (tagged with the VLAN ID of the internal port and prioritised with the VLAN priority of the internal port).
The external port is also placed in its own VLAN. The associated data packets are tagged with the VLAN ID of the external port and prioritised with the VLAN priority of the external port.
You can connect a non-VLAN-enabled device, such as a PC, to the telephone's external port (PC LAN port) and add this device in the external port VLAN.
 
  VLAN internal port
A VLAN (Virtual Local Area Network) is a logical network within a physical network. You can use a VLAN to operate several logical networks in the same physical network, to represent a company's departments within the network in a logical way or to separate traffic streams on the network, e.g. to separate PC data from voice data and give them different priorities.
To run a VLAN, you require VLAN-enabled network components that comply with the IEEE 802.1Q standard.
Requirements:
VLAN provided on the network
Set up network interface type VLAN (can be configured in the telephone under  > Settings > Providers & PBXs > Name of provider/PBX > Network interface type)
 VLAN is enabled and additional entries must be made:
VLAN ID internal port (1...4094) 
Enter the internal VLAN ID port.
VLAN priority internal port (0...7) 
Enter VLAN priority of the internal port (0 (lowest priority) to 7 (highest priority).
 
  VLAN gateway
Requirements:
Enabled VLAN
Important: Assign different values to the VLAN-ID internal port and the VLAN-ID external port.
 The external port is placed in a separate VLAN.
 All data packages are forwarded to the external port.
The following entries must also be made:
VLAN ID external port (1...4094) 
Enter VLAN IP for the external port.
 
Proxy
  Proxy
A proxy server acts as the interface to the Internet or between two networks. For example, it receives queries from a computer in an intranet.
  The proxy, instead of the computer, connects to the Internet to forward queries and return the responses. If necessary, the responses are filtered. To achieve this, the HTTP proxy uses the Internet's HTTP protocol.
The following entries must also be made:
Proxy port (1...65535) 
Note: You find an overview of the PBX ports in the Configuration Manager of the PBX under Overviews > Ports.
Proxy hostname 
Bypass proxy for 
Enter the address of the local host for which the proxy is to be bypassed. The following entries are possible (several entries are to be separated by a comma):
IP address within the range from 0 to 255 (Example: 123.123.123.123)
Hostname
 
VoIP
  Quality of service: DiffServ (Differentiated Services)
DiffServ (Differentiated Services) ist a method that organizes IP data packets for transmission or forwarding in service classes. A higher service class means that the data packets are treated preferentially (e. g. VoIP voice packets for a better voice quality).
Requirements:
Available and enabled support for DiffServ in all active network components (e. g. hubs, switches, router, etc)
Note: DiffServ is not supported by all VoIP providers. When used in a standard VoIP account, these settings may not be applied in some situations.
 The activation of DiffServ requires a reboot of the telephone. For VoIP calls, the service class in accordance with RFC 4595 is set.
 
RTP port
The RTP port is a port on the local system and is used as outgoing port for RTP transfers.
Lowest RTP port (1024...65471) 
Enter RTP port (port number).
RTP port range (64...256) 
Enter RTP port range.
Note: You find an overview of the PBX ports in the Configuration Manager of the PBX under Overviews > Ports.
 
OpenVPN
  OpenVPN
OpenVPN allows the configuration of a virtual private network (VPN).
Requirements:
ConfiguredVPN network interface type (Settings > Provider & PBXs > Settings Configuration Manager Providers and PBXs)
OpenVPN configuration file saved into the telephone
OpenVPN certificate saved into the telephone
 The telephone uses OpenVPN libraries to establish a VPN over a TLS/SSL-encrypted connection.
Important: When you restart the telephone, the time will be reset unless it is updated automatically by a time server (NTP server). As data packets are given a time stamp when they are encrypted, it is important that the current time is configured on the telephone (see chapter Settings > Date and Time). A connection cannot be established via a VPN if a data packet time stamp is different from the time on the telephone.
 
OpenVPN log 
View or open the OpenVPN log file. In the OpenVPN log file, all actions are logged which are performed when OpenVPN is enabled.
 
OpenVPN certificate deleting
Requirements:
OpenVPN certificate saved in the Configuration Manager
Delete the existing OpenVPN certificate.
 
VPN settings
VPN 
The telephone uses PPTP to establish a remote access connection.
The telephone uses IPsec to transport IP packages cryptographically secured via public networks.
Requirements:
Screen lock enabled (page Settings > Security > Screen lock)
Network interface type VPN enabled (page Settings > Providers & PBXs > Network interface type)
Important:
When you restart the telephone, the time will be reset unless it is updated automatically by a time server (NTP server). As data packets are given a time stamp when they are encrypted, it is important that the current time is set on the telephone (see chapter Settings > Date and Time). A connection cannot be established via a VPN if a data packet time stamp is different from the time on the telephone.
If you enable IPsec VPN or PPTP VPN, devices in the local network can no longer be reached. Furthermore, the device on which IPsec is enabled, can no longer be reached by other devices in the local network.
The encryption of PPTP is considered as insecure.
 
Add new IPsec VPN or PPTP VPN profile. The following entries must also be made:
Name 
Enter profile name.
Type 
Options for IPsec VPN:
L2TP/IPsec PSK
L2TP/IPsec RSA
IPsec Xauth PSK
IPsec Xauth RSA
IPsec Hybrid RSA
Options for PPTP VPN:
PPTP
Server address 
Enter server address.
For some VPN types additional settings must be made.
 
Connecting VPN profile to server
A VPN (Virtual Private Network) is a private, closed network within an open network, such as the Internet. Data packets are encrypted, and VPN subscribers can be required to authenticate themselves, to ensure that the data packets are transferred between subscribers without being vulnerable to eavesdropping or manipulation.
The telephone supports three different VPN clients:
Tap on the profile name to establish a connection to the corresponding server. The following entries must also be made:
Username 
Enter username.
Password 
Enter password.
 
Disconneting VPN profile from server
Requirements:
Existing connection to the correspondign server
Tap on the profile name to disconnect the server.
 
Deleting/editing VPN profile
Touch and hold the profile name to edit or delete the profile.
 
BLACKLIST AND WHITELIST SETTINGS
As soon as the phone is connected to the Internet, there is a risk of attacks via the Internet, for example DoS  (Denial of Service) attacks, or attacks aimed at the internal SIP server.
To prevent this, you can enable the blacklist.
  Blacklist and whitelist
If traffic from a particular IP address is judged as being too high - and therefore probably malicious- this IP address is blocked. This means accesses from this IP address to the telephone are blocked (block time). Initially this block lasts for five minutes. A note appears in the status line on the home screen. During the block time the telephone continues to monitor traffic from this IP address. If traffic from this IP address to the PBX continues to be too high, the single block time is extended (block time restarts).
Important: Switching off the IP blacklist and whitelist or restarting the telephone deletes all the entries in the locking list.
 
 Network-based access attempts, such as the number of data packets per second or SIP authentication failures are monitored and evaluated.
 
IP whitelist > ADD TO ENTRY LIST
Important:
To set the IP whitelist, contact the system administrator.
Only release as many IP address ranges as necessary. The larger the released address range, the greater the danger of attacks.
 
IP address 
The telephone supports the IPv4 Internet protocol, with a prefix length of 0 to 32 bits.
Network prefix (CIDR) 
The network prefix provides the net mask for the IP address and specifies how many IP addresses are released in a network range. The larger the network prefix, the fewer the number of IP addresses that are released.
Example
Example:
 
IP address
192.168.0.240
Network prefix
Released address range
8
192.x.x.x
16
192.168.x.x
24
192.168.0.x
32
192.168.0.240 (only the explicitly entered IP address is released.)
 
IP blacklist
IP whitelist
Requirements:
Enabled blacklist and whitelist settings
Touch and hold the IP address to delete IP addresses that are saved under IP black or IP whitelist.
 
COMfortel 1400 IP/2600 IP/3600 IP - Firmware V2.8 - Advanced Information V08 12/2020