BE4000 Customer Network Requirements
BE4000 requires certain network specifications for its deployment. Ensure that the customer network meets all the requirements before adding a site in the Cisco Business Edition 4000 Management Portal.
BE4000 Management Tunnel
Cisco Business Edition 4000 requires permanent access to the internet to communicate with the cloud portal, receive NTP time updates, receive software upgrades, and if configured, for carrying SIP traffic.
If the internet connection is lost, the BE4000 still handles the calls that do not involve calls over the internet.
The following DMVPN Ports and Protocols are required to be open outbound on the connection used to connect to the Cisco Business Edition 4000 Management cloud:
-
UDP Port 500
-
Internet Security Association and Key Management Protocol (ISAKMP). Used in IKE
-
-
UDP Port 4500
-
NAT Traversal (NAT-T). When the BE4000 is behind NAT, NAT-T encapsulates ESP in UDP port 4500 to allow ESP to communicate in and out of the network
-
-
HTTP (port 80) and HTTPS (port 443) access from the BE4000 to the internet
-
Outbound access to Domain Naming System (DNS): DNS port 53 must be open
-
ICMP (Internet Control Message Protocol) access to SEA (208.115.101.160/27) and DFW (4.16.236.64/27) servers
Note |
Each BE4000 appliance needs to be connected behind a NAT device behind a public IP address for management connectivity. Multiple BE4000 appliances cannot be configured behind the same public IP address. |
DHCP Server
-
By default the BE4000 uses a DHCP address for initial deployment. A static address may be configured locally if a DHCP server is not available. Connection can be via console, or Ethernet to the MGMT port. For information on console and Ethernet based connection, see Local Administration.
-
When deploying Cisco Unified IP Phones, it is necessary for the phones to automatically discover the BE4000 to download phone configuration files. DHCP Option 66 and/or DHCP Option 150 is required to provide the TFTP address of the BE4000 for connecting the IP phones. If neither DHCP option 66 nor DHCP Option 150 is available, you must manually configure each IP phone's TFTP configuration with the IP address of the BE4000.
Note
The following IP Networks are not supported:
-
10.0.1.x/24
-
10.0.2.x/24
-
10.0.3.x/24
-
10.1.1.x/24
-
10.1.2.x/24
-
10.1.3.x/24
-
10.2.x.x/16
-
10.3.x.x/16
-
BE4000 in Voice VLANs
Before the phone has its IP address, the phone determines which VLAN it should be in by the Cisco Discovery Protocol (CDP) negotiation that takes place between the phone and the switch. This negotiation allows the phone to send packets with 802.1Q tags to the switch in a "voice VLAN" so that the voice data and all other data coming from the computer behind the phone are separated from each other at Layer 2. Voice VLANs are not required for the phones to operate, but they provide additional separation from other data on the network.
Voice VLANs can be assigned automatically from the switch to the phone, thus allowing for providing Layer 2 and Layer 3 separation between voice data and all other data on a network. A voice VLAN also allows for a different IP addressing scheme because the separate VLAN can have a separate IP scope at the Dynamic Host Configuration Protocol (DHCP) server.
The BE4000 can be deployed on the voice VLAN or on a different IP subnet. In both the ways, the BE4000 needs to have directed routed access to all phones, and be able to access the internet.
Note |
The BE4000 proxies the media. Phones only need signaling and media connectivity to the BE4000. They do not need signaling nor media connectivity to other phones. |