We are all familiar with the “Small Business” range of Information Technology products. They are the crippled versions of the Enterprise range of products for grown up big business.
Manufacturers work hard to remove or disable features so they can sell products to “Small Business” at a lower cost. As small business owner this is appealing as you need to watch your capex and opex costs. Running a small business is not easy.
So you buy your small business switches, because they are cheaper than the big boys switches.
However as you use these switches they become a source of pain. This is because although you are a small business, You still need 802.1x port security , DHCP Snooping, 802.1q trunking, Jumbo Frames, flow control, Qos, LACP aggregation etc etc.
The reason for this is because small business’s are now using smaller versions of Enterprise functionality.
Small business’s are using virtualisation, Voice Over IP, Wireless Mobile devices, Network attached storage and Video Conferencing.
This technology is no longer the area of just Enterprise big business.
Over the past years a few manufactures have realized this and started to produce feature rich affordable switches which have small business pricing but enterprise features.
Take for example the switch pictured in this post. This is a Zyxel 1910-48 Gigabit Switch. It cost the measly price of £240.00 ex VAT. ( I did mention this is a 48 port GIGABIT switch)
It is a layer 2 Access layer switch but it has everything you could need to deploy a VOIP, security, virtualisation or streaming project.
Show me any other Small business “Smart” switch which has this functionality.
It is quite simple, DON’T Buy fisher price “Small Business” switches because, that will be a very stupid thing to do ! You might think you are saving money, but you will pay later. Buy a Zyxel instead
- IEEE 802.3
- IEEE 802.3u
- IEEE 802.3ab
- IEEE 802.3z 1000BASE-X
- IEEE 802.3x flow control
- IEEE802.3az EEE support
- IEEE802.1p CoS support
- IEEE 802.3af/at (PoE models only)
- Store and forward
- N-way auto-negotiation
Traffic Management and QoS
- Port-based VLAN
- MAC-based VLAN
- Protocol-based VLAN
- IEEE 802.1Q VLAN tagging
- Voice VLAN
- Storm control
- 802.1p priority queues per port
- IEEE 802.1p queuing method (scheduler)
- Input priority mapping
- QoS control list (QCL mode)
- Port-based rate limiting (ingress/egress)
- Rate Limiting, by IP/TCP/UDP
- IEEE 802.3x flow control
- Policy-based prioritization
Class of Service (CoS)
- IEEE 802.1p class of service
- DiffServ (DSCP)
- Policy-based CoS
Resilience and Availability
- IEEE 802.1D STP/802.1w RSTP/802.1s MSTP
- IEEE 802.3ad LACP
- Port error Recovery
- IEEE 802.1x
- Port Security
- MAC authentication
- MAC address limit
- Layer 2 MAC filtering
- Layer 3 IP filtering
- Layer 4 TCP/UDP socket filtering
- BPDU guard
- Static MAC forwarding
- Multiple RADIUS servers
- Multiple TACACS+ servers
- DHCP snooping
- ARP inspection
- Policy-based security filtering
- Port isolation
- IP source guard
- ACL packet filtering
Layer 2 Multicast
- IGMP snooping (v1, v2, v3)
- MVR support
- IGMP filtering
- IPv6 MLD snooping
- Ipv6 management
- IPv6 over Ethernet (RFC 2464)
- Dual-stack (RFC 4213)
- ICMPv6 (RFC 4884)
- Neighbor discovery (RFC 4861)
- IPv6 addressing architecture (RFC 4291)
- IEEE 802.1AB LLDP
- Web-based management
- SNMP v1,v2c, v3
- RMON groups 1, 2, 3, 9
- DHCP relay
- Port mirroring
- RFC 1213 MIB II
- IEEE 802.1Q bridge MIB
- RFC 2819 RMON (group 1, 2, 3, 9)
- RFC 3414 user-based security model for SNMPv3
- RFC 3415 view-based access control model for SNMP
- RFC 4133 entity MIB v3
- RFC 4188 bridge MIB
- IEEE 802.1 MSTP MIB
- IEEE 802.3AB LLDP-MIB
- IEEE 802.3ad LACP MIB
- Safety: LVD
- EU RoHS compliant
- EMI: FCC, CE, CNS, ICES
- BSMI: CNS14336 & CNS13438
There are a number of assets required which as a business owner you have had to supply your staff to enable them to work effectively. Your facilities management department actually spend a large amount of time purchasing and maintaining office furniture to enable your staff to work in a productive manner.
Even after all this work your staff may be dissatisfied with the standard you have chosen and look for alternatives. Since the consumerisation of office furniture from vendors such as ikea and costco, most employees now have access to a wide range of office desks which they wish to use at work.
Many of your staff will have office desks at home where they would like to able to be productive and some may even bring their desks to work to create a more comfortable working environment.
The challenge here is that the facilities management have been unable to support this. Having a standard desktop allows the facilities management to effectively plan office space, run the cabling infrastructure and maintain the keys to the desk drawers to ensure that the documents and items stored in the desk drawers are kept secure.
Rather than cause tension between the facilities management, and possibly reduce the productivity of your staff, it is best to define your BYOD policy.
There are a number of new innovations to enable staff to use BYOD and allow facilities to cover some of the security risks and office space challenges.
According to a survey by ikea 71% of staff will be willing to pay for their own office desk for use for work.
There are some key opportunities for business’s to make big savings for facilities management. The key risks which you need to plan for is the management of item loss by staff using keys, and for the business owner to be able to manage desk content when the member of staff leaves the company or the desk is stolen.
There are a number of vendors which have a BYOD policy and can help you minimise these risks
Yealink phones are very feature rich VOIP handsets. However the documentation only covers the really basic stuff to get you working out of the box
All the cool stuff like
- Secure VPN connectivity to your voice system
- LDAP Address book integration
- Resilient server registration using DNS SRV records
- etc etc
All this information you are going to have to hunt for in their forums and other people blog posts.
The Feature I’m talking about here is a VPN feature in the T26P phone upwards which allows you to create a secure tunnel to your phone system. This allows all your SIP and RTP traffic to be sent over the internet using encryption. Not only do you get a secure path for all your traffic, You also bypass all the pain of hitting NAT and Firewall Application Layer Gateways messing with your traffic.
The problem with this is yealink have not documented it very well. This post is to document what I have found works.
This may change with future firmware updates, so be aware.
I used the IPBRICK unified comms product which has a built in OpenVPN server which is what the Yealink phones use. I have used the IPBRICK VPN client tool and also T26P phones.
Grab the latest firmware for your phone.
After the phone has performed the update and rebooted, power off the phone and turn it back on again after about 15-20 seconds
OpenVPN has 4 main files which the phone requires.
- OpenVPN CA Cert
- Client Cert
- Client Key
- VPN Configuration file
What ever OpenVPN system you are using, You will need to create these files for each of your phones. On IPBrick, this is easy…. I just follow the SSL client configuration in the SSL web management interface, and download the generated zip file.
The yealink phones expect a .tar file to be uploaded under the network->advanced web management.
This tar file has to be in a specific format.
In the above zip file you will find some upload instructions , and a sample Client.tar file. Rename your generated CA.crt, Cleint.key and Client.crt files to match the ones in the sample config file.
You also need to create the matching file structure
→keys (folder) →→ca.crt →→client.crt →→client.key
If your OpenVPN server generates a pass-phrase on your client key, you will need to remove it. This is because you have no way of entering the pass-phrase on the phone.
openssl rsa -in generatedclient.key -out keys/client.key
This is where you may need to do some more research. There are differences in the VPN.cnf file. After I had made the changes to the CA and client cert and key. I took the example VPN.cnf file and just changed the external remote server address to match my server.
You might need to change a few more settings, But just try this first.
Now create your .tar file:
tar cvf openvpn.tar ./vpn.cnf ./keys
Follow the documentation in the zip file your downloaded in the zip file from yealink to upload the .tar file.
After the phone reboots, you should see a [VPN] Icon in the top right hand corner of the screen on your phone.
You can now SIP register as though your phone was an internal phone.
I would appreciate if you could let me knoe if you found this usefull. Hopefully I have saved you a few hours of your time.
I have just been talking with a fellow Information Technology nerd and we have been discussing the merits of Free Software.
This was prompted by the extremely price focused Information Technology business owners who only look at price when it comes to selecting Information technology.
The assumption is that by using Open Source/Free Software Technology ,you immediately save money and can get cheaper Information technology solutions with immediate effect. After all Open Source is Free Software, right.
There is no such thing as free software, regardless of which definition you use.
Free as in beer
Somebody likes you enough to give you a free pint of beer. But was the beer actually free? The answer you are looking for is NO.
It cost your friend money to buy the pint and hand it to you, it cost the bar money to purchase, store and cool. It cost the brewer money to produce and transport and create.
Somebody some where has to pay. Your pint is NOT free.
The same goes for software. The software you got for free, somebody has to pay. The programmers time is worth money , the servers which host the software cost money, the equipment and knowledge that the programmer has learnt and gathered over the years to create the software, cost money.
A lot of free software actually costs you money indirectly without you ever noticing, due to the fixation of the zero monetary transfer for the software.
You can spend a lot of time trying to get your free software to perform how you want. Documentation and sometimes the quality of the software can be quite poor. You might have got the software for free, but your time is surely worth money. If not directly money it could be time you could have spent with your kids and family.
Please also be aware that some free software is actually designed to take up your time. The software is designed to be complicated or incomprehensible so you purchase a support plan or a “done for you service” from the programmers or vendor.
It is a sneaky way of recovering costs, but it may be worth considering when selecting “Free” software.
You might say “Well if free software is not free monetarily, It’s Open Source and I’m free to modify and adapt the code how I please.”
Free as in Freedom
The term “Free Software” is actually an oxymoron. This is because free software is not actually free. It is not free as in beer or free as in freedom.
Free software has a licence which states how and what you can do with the software. Anything which dictates how the software can be used restricts your freedom.
There are a large number of licences under which free software is licensed.
Here are 3 examples where legal cases have been established due to licence violations:
In general these licences are noble in intent. They are there to ensure that everybody has access to the software as intended. You have to be pretty selfish and arrogant to violate a free license and it rarely ends up in litigation. And most of the people who have been caught violating are vendors who took a gamble and lost.
The point I’m trying to make is you are not free to do as you please with free software. You have to be aware of the conditions of use and follow the conditions outlined.
I’m an advocate of open source/free software and use many of the tools in this genre. This actual post exists because of Free/Open Source software.
The reason for this post is to highlight that what you get for free is not actually free. You have to take into account that there is always a cost involved. When you are so focused on getting something for free you can actually end up spending a lot of money or value.
You can build some very cost-effective solutions based on Free Software, but please analyse all the key factors when comparing solutions.
As you may know I deploy and design computing platforms and the associated network architecture using Cisco UCS. It is a virtualisation powerhouse to put it into a few words as possible. The platform enables what is called stateless computing. You can purchase UCS in bundles which provide you with storage, network , compute resources and a virtualisation platform such as VMware
For this install the IPBRICK.4CC (Cloud Computing) platform was installed on a Cisco UCS platform using EMC VNX SAN Storage. IPBRICK.4CC provides the full range of unified computing and security. Using this platform allow you to create multi-tenant environments and using the built in Billing application to invoice your customers for resources used.
Significant costs saving can be made in Virtualisation Licensing and associated operating systems licences by utilising this platform. Cisco UCS is a major investment for any enterprise, however with strategic use of IPBRICK products you will be well placed in reducing your acquisition costs as well as operating costs.
I will be investingating OpenStack in the near future to see what beneifts can be released from this API
If you have not seen it yourself, Watch it here
I have taken delivery of my shiny new IP BRICK SOHO appliance and a HP all in one scanner. I’m going to connect the appliance to my 3TB ReadyNAS Pro for addtional fail-safe storage.
If you think of all the documents you have to keep hold of in your household.
- Letters from the school
- Bank Documents
- Tax Man
- Insurance documents
You still need to keep hold of these paper documents when they arrive, but at least I can now scan them in and retrieve them at will.
Rather than dumping them into a fileshare and using filenames to help search and locate documents, I know have a fully fledged Document management system using the iPortalDOC application which runs on the IPBrick Appliance.
Hopefully this should make us all a lot more productive.
To find out more please visit :
My company Trenchant Systems will be an exhibitor at the business start-up show in the 17th and 18th of May at Excel London. This is our first Expo and we are all busy rushing around like headless chickens preparing.
Grab yourself some free tickets and come and have a chat with us on our stand. We are launching partnership with a European unified communications manufacturer. Come over to our stand for a demonstration.
This is a shameless plug for a good buddy of mine who has setup a consultancy firm providing IPV6 Consultancy.
Take up of IPv6 over the last ten years has been slow, however with IPv4 addresses starting to run out across the world more and more users and companies are connecting to the IPv6 Internet.
Over the next year as the last IPv4 addresses are finally allocated, a new breed of Internet user will emerge – those connected to only the IPv6 Internet.
Network Revolution can help you ensure that the content and services you have made available on the Internet are fully accessible to IPv6 only users. They offer two tracks to connect your organisation to the IPv6 Internet.
03333 321 426 (UK)
00 44 3333 321 426 (Worldwide)
Tell Them jason simmons sent you
get-console.com sell serial console applications for network engineers for IPAD…..Really ! I’m going to take an IPAD into a data-center to configure cisco devices. I’m going to take £400 to £600 IPAD into a data-center to configure network equipment.
Have these guys actually been to a data-center?
Please don’t be a moron and fall for this crap.
Go to ebay and buy an tough old IBM X60 laptop (I use mine to smash through walls when my access card fails to work at the exit) from ebay for £60, pass by Maplins on the way to the datacenter and buy a USB to Serial converter cable so you can use the billions of blue cables that birds steal from data-centers to line nests, and then put linux on the x60.
You can then put the following on the X60 for *FREE*.
- Adobe Reader for the endless ebooks release notes and best practice guides
- Nmap Port scanner
- dhcp server
- tftp server
- Apache Webserver
- Minicom or Putty for console sessions
- USB Port to plugin you 3G Dongle for INTERNET access to download firmware
- PXE boot server
Please enlighten me if I have i missed something. Why would i take some bullshit shiny device that has only just got cut and paste to configure network equipment. When I can spend £60 -£100 and get SO much more functionality.keep looking »