SKYSWITCH Configuring an Edgemarc – Nov 2017

Configuring An Edgemarc

Volume

1

S K Y S W I T C H

Creating An Edgemarc

SkySwitch 608 Robin Road

Lakeland FL 33803 Phone 747-900-5401 • Fax 863-647-5192

Table of ContentsGetting Started .......................................................................... 1

Configuring Laptop to Communicate with Edgemarc ...................... 1Changing The Default Passwords ............................................. 2

Changing Administrative Password ................................................. 2Changing Read-Only Password ...................................................... 2

Changing the Command Line Password ................................... 3Changing the password ................................................................... 3Make sure the changes stick by running this command .................. 3

Adding More Security ................................................................ 4Picture for Reference ....................................................................... 4

Adding More Security (Cont’d) .................................................. 5Entering the Trusted Hosts .............................................................. 5

LAN Configuration ..................................................................... 6Changing the IP address ................................................................. 6

LAN Configuration (Cont’d) ....................................................... 7Updating Local Area Connection ..................................................... 7

WAN Configuration .................................................................... 8Entering WAN Network Information ................................................. 8Reference Picture ............................................................................ 8

Configuring the DHCP ............................................................... 9Adding A Range .............................................................................. 9Reference Picture ............................................................................ 9

VOIP ALG ................................................................................ 10Survivability ............................................................................. 11

Reference Picture .......................................................................... 12Other Settings ......................................................................... 13

PPTP Server .................................................................................. 13The Final Test ......................................................................... 14

C O N F I G U R I N G A N E D G E M A R C

1

Getting Started his guide should serve as an example for an Edgemarc setup on the SkySwitch Network. Many of the options mentioned in this guide can be configured differently (such as LAN IP subnet). We recommend that you pay close attention to the SIP ALG and the SURVIVABILITY settings. Incorrectly entering settings on these pages can inhibit your phone’s communication with the

Switch.

Configuring Laptop to Communicate with Edgemarc Connect the laptop to one of the Edgemarc’s LAN ports. Make sure the ethernet cord is not plugged into the WAN port. Otherwise, the laptop will not be able to access the Edgemarc. The laptop’s local area connection will need to be set to the following.

• IP Address: 192.168.1.2

• Subnet Mask: 255.255.255.0

• Gateway: 192.168.1.1

After this has been correctly entered, the laptop will now be able to access the router. To test this, open up the command prompt and run the command:

• Ping 192.168.1.1

The laptop is now ready to configure the Egdgemarc if the ping command was successful.

Section

1 T

C O N F I G U R I N G A N E D G E M A R C

2

Changing The Default Passwords Open a web browser such as Firefox or Google Chrome.

irst enter the ip address of the Edgemarc into the address bar of the web browser. A message box will then appear, prompting for a username and password. The username is “root”, and the password is “default”.

Changing Administrative Password The first screen which appears is all of the Egdgemarc’s system information. The section located second from the bottom of the page is labeled “Change Administrative Password”. Locate and click the link “changed”. Change the password to a strong random password

Changing Read-Only Password The first screen which appears is all of the Egdgemarc’s system information. The last section on this page is labeled “Change Read-Only Password”. Locate and click the link “changed”. Change the password to a strong random password

Section

2 F

C O N F I G U R I N G A N E D G E M A R C

3

Changing the Command Line Password Open the program called Putty on Windows or Terminal Client on Linux or Mac.

nter the IP address of the Edgemarc into the text filed labeled “Host Name (or IP address)”. After opening a connection, the Edgemarc will prompt for a username and password. The username is “root” and the password is “@#$%^&*!90”. (The character will not show when typing the password)

If you are using a mac or do not have putty then you will need to ssh into the router using the terminal or command prompt.

Type in: ssh -lroot 192.168.1.1 (the ip address of the router). Hit enter. If you receive a warning error message, it is because you have ssh'ed into a router before. This is a safety feature with ssh. you will need to type in nano /user/(user name)/.ssh/known_hosts. Then you will need to remove the mac address associated with the last router you accessed.

This link will also help: SSH HELP

You will be asked if you wish to continue. Type yes and hit enter.

Type in the password “@#$%^&*!90” and hit enter.

Changing the password The following command will need to be executed to change the password:

• passwd

After running the command, the Edgemarc will prompt for a new password. Change the password to a strong random password

Make sure the changes stick by running this command While the connection is still open, run the following command…

• /etc/conf/bin/cfg_commit

All passwords have been successful changed after this step.

E

C O N F I G U R I N G A N E D G E M A R C

4

Adding More Security Setting up the firewall will be done in this section

n the left hand side of the GUI under the “Configuration Menu” click the link “Security”. This will allow the set-up of the firewall. Make sure the following boxes have been checked.

• Enable Firewall for WAN

• Allow HTTP access through firewall (optional)

• Allow HTTPS access through firewall (optional)

• Allow SSH access through firewall (optional)

• Allow SNMP access through firewall (optional)

Picture for Reference

Section

3 O

C O N F I G U R I N G A N E D G E M A R C

5

Adding More Security (Cont’d) Setting up the Trusted Hosts

n the left hand side of the GUI under “Configuration Menu”. Locate and click the link “Security”. Once click, more option will appear and the link “Trusted Hosts” will need to be click.

Entering the Trusted Hosts When entering the trusted hosts. The full IP address and Netmask will need to be entered in dotted decimal format. The following is an example, you should enter the LAN subnet as well as any WAN IP that should be allowed access.

IP address Netmask

192.168.1.0 255.255.255.0

192.168.16.0 255.255.255.0

23.20.121.238 255.255.255.255

If the preceding was entered correctly, the page should look like the following…

*Note: the default LAN network is 192.168.1.0/24. Later in this document we will be changing the LAN network to 192.168.16.0/24. It is important to define the LAN network in the trusted hosts or your ability to access to management interfaces of the Edgemarc from the LAN side will be lost.

O

C O N F I G U R I N G A N E D G E M A R C

6

LAN Configuration All of the configuration for the LAN will be done in this section

irst, on the left hand side under “Configuration Menu”. Find and click the link “Network”. Once the page display notice this is where the LAN and WAN configuration occurs. Please only change the LAN fields during this section.

Changing the IP address Change the IP address to the following…

• 192.168.16.1

Make sure the following box is check marked and entered…

• Enable VLAN Support should have a check mark

• In the following example, we set the default Vlan ID to 790

Section

4 F

C O N F I G U R I N G A N E D G E M A R C

7

LAN Configuration (Cont’d) First, on the left hand side under “Configuration Menu”. Find and click the link “Network”. More options will be displayed and then find and click the link “VLAN Configuration”. Once the page has been displayed, at the top there will be three links. “Create VLAN”, “VLAN Membership”, and “VLAN Port”. Click the “VLAN Membership” link, and check the

following…

Now is a good time to submit all the changes which have been made so far. At the top of the screen there will a button labeled “Submit All”. Click the button and wait for the changes to take effect.

Updating Local Area Connection Since the LAN IP address has been changed. The local area connection of the laptop will need to be changed to …

• 192.168.16.2

T

C O N F I G U R I N G A N E D G E M A R C

8

WAN Configuration The WAN Configuration will be set up in the section. Retrieve the WAN Information such as Static IP, Subnet Mask, Gateway, and DNS addresses

irst, on the left hand side under “Configuration Menu”. Find and click the link “Network”. Once the page display notice this is where the LAN and WAN configuration occurs. Please only change the WAN fields during this section.

Entering WAN Network Information Skip the IPv6 Settings as nothing needs to be changed in this section. In the IPv4 Settings, the interface needs to be changed to Static IP. The following text boxes should be entered with the following information…

• The first static IP address should be entered in “IP Address” field

• The subnet mask of the static IP address should be entered in the “Subnet Mask” field

• The Gateway should be entered into the “Default Gateway” field

• The first or primary DNS address should be entered into “Primary DNS Server” field

• The second or secondary DNS address should be entered into “Secondary DNS Server” field

Reference Picture

Section

5

F

C O N F I G U R I N G A N E D G E M A R C

9

Configuring the DHCP Need to find out what the range of static DHCP IP address should be

ocate under “Configuration Menu” the link called “DHCP Server”. Once this link has been click, the “DHCP Leases” link should be available to click. After the page has loaded, enter the decided DCHP IP address range appropriate for the community.

Adding A Range Locate the box labeled Add a DHCP range. In the field labeled “Start IP Address” put the starting DHCP range. In the field labeled “End IP Address” put the ending DHCP range. Any preset range will need to be deleted. Make sure the following is checked and entered into the appropriate field…

• “Enable DHCP Server” should be checked

• “TFTP/FTP Server Name (option 66) should have “http://sipcfg.io/cfg

• If using Cisco 79xx phones, set Option 150 to “75.98.50.201”

Reference Picture

L

C O N F I G U R I N G A N E D G E M A R C

10

VOIP ALG Make sure this page looks identical to the “Picture Reference”

ocate and click the “SIP” link under the “VoIP” menu item on the left hand side of the web page. The following information should be entered…

• Enter the reseller outbound proxy address into the “SIP Server Address” field. Note the reseller outbound proxy address follows the format <reseller id>.hpbx.outboundproxy.com where <reseller id> is your 5 digit reseller id with SkySwitch. Example 15611.hpbx.outboundproxy.com.

• Make sure the following are checked

o “Enable Transparent Proxy Mode” o “Limit Outbound to listed Proxies / SIP Servers” o “Limit Inbound to listed Proxies / SIP Servers”

Reference Picture

Section

6 L

C O N F I G U R I N G A N E D G E M A R C

11

Survivability Make sure this page looks identical to the “Picture References”

ocate the “Survivability” link under “VoIP” menu option on the left hand side of the web page.

Since we will be configuring the phones behind the Edgemarc to register directly to the SIP server and not to the Edgemarc we will disable most of the survivability options in the Edgemarc as we

do not want it to interfere. Click on the link and make sure the following are UNCHECKED…

• Uncheck “Enable keepalive messages for active server”

• Uncheck “Monitor SIP Messages”

• Uncheck “Register user with softswitch”

• Check only the following under “SIP Server Redundancy Configuration”

o Enable SIP server redundancy

o Enable SRV Lookup

o Enable 503 response for SUBSCRIBE with transparent mode after server failover

• Uncheck all options under “Sip Registration Control”

o Set “Rate-Pacing behavior” to “None”

After saving the configuration verify that the Edgemarc properly detected the reseller SRV record. Verify the redundant servers are listed in the “SIP Server Reachability” table.

L

C O N F I G U R I N G A N E D G E M A R C

12

Reference Picture

C O N F I G U R I N G A N E D G E M A R C

13

Other Settings

PPTP Server Under “VPN”, in the left hand menu find and click the link “PPTP Server”. Make sure this server is NOT enabled. This can be used as an attack vector by hackers.

Section

7 This section is meant to record other preferable settings.

C O N F I G U R I N G A N E D G E M A R C

14

The Final Test All changes have been made. Please submit all changes at this time.

astly, unplug and then plug the power cable on the device to restart it. Spot check to verify the Edgemarc comes back up with the previously configured settings. Next, set up the laptop as if it were the modem/gateway at the customer site. Open up the command prompt and try to ping the router, this time adding –t to the command. Once the Edgemarc is reachable by the ping

command. Unplug the ethernet cord from the back of the Edgemarc and plug it back in. Notice the request time out and then the Edgemarc become reachable again. Finally, do the same by unplugging the power source from the Edgemarc.

Section

8 L