atcomsystems.ca/forum Forums TDM Business Telephone Systems Toshiba Telephones & Systems MAS Question

Hello,

We have a CIX system that we are adding ACD, TASKE and Call Manager to.

We have 2 different computer networks, an Admin LAN and a Sales LAN, that are not connected together at the moment for security purposes. We will need people on both the Admin LAN and Sales LAN to be able to access Call Manager and Taske. Is this going to be an issue connecting the MAS to both networks? Do we need to connect them together and create VLANs? What is the best practice to do this? Surely this has come up before.

Thanks in advance!

A better understanding of the LAN topology would help us to answer this.

Are the LANs currently physically and logically separate or are you using VLANs now to accomplish this?

Hi Michael,

The LANs are currently not connected physically in any way.

Thanks

Just a little more info on the system:

CIX (LAN port on the CIX processor is connected to the Admin office LAN)
16 port digital card
PRI Card
LVMU
Internal IPU card for a few IP phones inside the Admin Office LAN
External IPU card with Static External IP connected directly to a cable modem for a couple of teleworkers and a remote office.

Currently our Sales office is a part of the Admin office building but the admin LAN and the Sales LAN are not connected in any way (two separate modems, routers and switches).

I think a USB based Ethernet adapter on the MAS configured with a Sales IP address would easily do the trick as far as getting it working. I am not sure if that would bust the security requirement since this PC now touches both LANs logically and physically. Someone with local access to the PC or that somehow gains unauthorized remote access would have access to both LANs.

Some MAS servers have 2 NIC cards in them and you might be able to configure the 2nd card as a host on sales.

With Windows firewall I think you could build rules to only allow Taske and CM traffic through.

Just going for the easiest route so a substantial investment in equipment in time might not be needed.

Throw this against the wall and see what sticks. There is a guru here (newtecky) that will probably have some great insight into this as well. ~ Mike

I have had to connect a 2U MAS to two different LANs using the second NIC adapter on the MAS. But it wasn't for the purpose of what you're trying to do. I had to use the second NIC port for remote access. Give it a try. I think it might work for you.

I have seen companies have separate networks for legal reasons. Just for fun, I'll play the evil network security guy. You have the networks split for a reason, probably on the advice from a network guy.

Once you have any common device between these networks, they are now physically joined in some way. In practice having 2 different NICs connected to 2 different networks does not bridge them, but it is possible. I have done this intentionally using my PC as a bridge.

As mentioned, you can lock down the NIC to only allow specific traffic in. You can also put a good router in between the 2 networks as a gate-keeper to only allow specific traffic across the 2 networks and block everything else.

There isn't much reason to setup VLANS if you already have physically separated networks. Even with VLANs you still need a router connecting the 2 VLAN networks together and acting as a gatekeeper.

You did not mention if you were getting a 2U MAS or a MicroMAS (I am assuming not a Virtual ACD). The MicroMAS does not have 2 NICs in them.


*Related Side story: I had to deal with a corporate network policy that did not want the Toshiba CIX having both an external IP connection and an internal IP connection. I, and a Toshiba rep, had to assure them that there was no way any data traffic could bypass their firewall from 1 IP card to to the other through the PBX. In that previous case it was impossible to pass data around the firewall. In your case it is actually possible to bridge the networks with a PC.

Hi All,

Thank you all for the responses. We are not overly concerned about the security because we already have a couple of PCs that are connected to both networks using 2 NICs and the MAS will be in a locked area that only a couple of authorized users have access to. So that should not be a problem. It is going to be a 2U MAS so my hope was that we could connect the main NIC to the Admin network where the CIX sits and there are pcs that will need to be able to access CM and TASKE and the secondary NIC to the Sales network so they have access to CM and TASKE as well. I didn't know if this would work as they are 2 different networks with 2 different network addresses. I was concerned that there might be an issue. Has anyone done this before? I know this is a bit of a weird setup.

Thanks for all your help!

This should work fine. The 2nd NIC is fully functional so you just need to set up with a static IP address on the appropriate network.

Admittedly, I have not done the above exactly but we had an old ACD PC that was on a LAN just for the Toshiba. We installed a USB NIC and assigned an address to the LAN so the ACD PC would have internet access. We then set up Team Viewer and all was well. Just like Pheonemeister above explained. ~ Mike

As mentioned, having 2 networks with 2 separate network addresses is not a problem with communicating on both networks. What would be a problem is if the 2 different networks had the SAME network range.

The only possible concerns I would have (and I think they are very minor, but I'll mention them anyway);

1- The internal services for Taske communicate to each other via IP, even through they are on the same machine. During the initial setup you have to tell Taske the IP address the other services. In this case the machine will have 2 IP addresses. Taske does not like 127.0.0.1 as an IP.

2- The MAS is licenses to the NIC. Having 2 NICs enabled and connected may confuse the licensing application. I have not had a problem with a MAS licensing, but I have on other applications that are licensed to a MAC address.

Again I don't think this will be a problem, but I would run the setup and install the licensing with only the main NIC plugged in. Once the system a is running good, connect the second NIC, assign an IP for the 2nd network and plug into the other data switch.