#87696 by FX4
Tue Sep 27, 2011 6:22 pm
That's an interesting idea. I would have to route the wan port interface on my router to do this, but it's an option.

I was thinking something like this for an ACL:

ip access-list extended Deny_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps
permit ip any any

interface Fa0/23
ip access-group Deny_DHCP in

So I guess there are at least three ways to solve this problem, probably more.
#87700 by thunderbird
Tue Sep 27, 2011 8:50 pm
FX4 wrote:Yeah I understand all this. My goal was to be able to manage Ooma and check it's status without having to plug a laptop into it's lan port. Just put it on my network. I guess it can't be done unless I create a private Vlan for the lan port then route to it.

The usual way to access Ooma Seup for a Modem-Router-Ooma connection, with out connecting a computer to the Ooma device's Home port every time access is requred, is to reserve a static IP address with a permenant lease, for the Ooma device in the Router.
Next port forward in Ooma Setup at bottom of Advanced page. Then from any computer connected to the LAN side of the Router, type http:// and the IP assigned to the Ooma device, and the Ooma Setup pages opens.
#87707 by FX4
Wed Sep 28, 2011 7:40 am
I understand this, but it assumes you have a flat topology on the lan side. In my case I do not. I have a voice vlan that is isolated from the data vlan. The only thing that traverses my voice vlan is voice. What I want is the lan side of the Ooma Telo connected to my data vlan for management of the box.

WAN<-----| Router|-----(Vlan 10, 192.168.2.x)----|Ooma Telo|---Lan Port
xxxxxxxx| Cisco |-----(Vlan 5, 192.168.1.x)----|Lan, Cisco 2900XL|------
xxxxxxxx| 881W |-----(Vlan 1, 10.10.x.x)----NOT USED

The objective at this point is to just connect the Lan Port of the Ooma to the 192.168.1,x subnet, probably on a spare router port because the 2900XL has extremely limited ACL functionality. There is no intra-vlan routing in my configuration.
#87774 by FX4
Thu Sep 29, 2011 2:47 pm
Just an FYI for anybody trying to do what I did, my ACL ended up being assigned to the vlan and I used the lan ip address of the Ooma Telo:

ip access-list extended Deny_DHCP
deny udp any eq bootpc
deny udp any eq bootps
permit ip any any

interface vlan5
ip access-group Deny_DHCP in

It works quite well, or at least it seems to work well. I haven't put wireshark on it yet but I did dump a couple of DHCP clients on the network and the proper DHCP server answered and Ooma did not.

