12-20-2023 03:36 AM
Hello,
We have set up separate VLANs for phones and data, with the phone VLAN2 and Data on a native VLAN. I am able to access the phones and UCM IPPBX GUI from the native VLAN, which is on my 192.168.0.0 subnet, to the voice VLAN, which is on the 192.168.70.0 subnet.
Before separating the VLANs, I was able to upload firmware on our IP phones, but after isolating the voice VLAN, I am unable to do so. We have an ASA firewall with two interfaces, one on the 192.168.0.0 and the second one for voice on the 192.168.70.0 subnet. The security levels are the same, and I am able to ping and access the GUI of phones and IPPBX.
Are there any extra commands that I need to add to enable traffic from one subnet to another for uploading the firmware?
Snapshot of the Phone and uploading path attached.
Please assist and advise.
Solved! Go to Solution.
12-21-2023 02:16 AM
Hello
I dont see anything from that PT negating access on the FW , The only thing I can think of is both local http server and client need to be in the same LAN ( a bespoke requirement for this type of process) hence why it worked before you created the additional LAN and relocated the phones.
I would suggest check the manufacturer guidelines for local firmware upgrades
12-21-2023 02:31 AM
Hello,
Yes before separating the LAN it was connected to the same switch and native VLAN by default but the IP of the interface remained separate and the uploading of firmware worked without issues. After isolating the network keeping data on native vlan and voice vlan2, i am not able to upload and apply firmware through GUI anymore.
The firmware can be done through network using TFTP and i have not used it.
I will ask the manufacturer guidelines.
Regards
Manoj
12-21-2023 02:36 AM
As I mention for previous your post,
I need to see the topology
MHM
12-21-2023 03:27 AM
Hello @Manojy
I have since managed to check for you, it does indeed suggest local upgrade needs to be LAN specific - please se below.. page 5 ( also a screen snippet attached)
https://www.grandstream.com/hubfs/Product_Documentation/Firmware_Upgrade_Guide.pdf
12-21-2023 04:27 AM
Hello Paul,
Thankyou for your time and assistance.Highly Appreciated.
My question remains the same if i can browse the GUI of phone and i get the file path from my inside subnet where the phone can see the folder but it cannot upload and my asa has no restriction in such situation what will be the solution ?
I was looking if without hooking out the phone just browse and upload the firmware.
Brainstorming.
Thanks in advance.
12-21-2023 07:06 AM
Hello
as a work around you could put the pc that’s the http server in the same vlan as the ip phones
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide