<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7655.3">
<TITLE>RE: [asterisk-users] OT: NAT in SPA922</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>-----Original Message-----<BR>
From: asterisk-users-bounces@lists.digium.com on behalf of Noah Miller<BR>
Sent: Thu 5/6/2010 10:41 AM<BR>
To: Asterisk Users Mailing List - Non-Commercial Discussion<BR>
Subject: Re: [asterisk-users] OT: NAT in SPA922<BR>
<BR>
>>> It is a building, with 24 separated rooms, each room will have a PC and a IP<BR>
>>> Phone. Every room connected to a switch Cisco 2950.<BR>
>>> I want keeping all PCs isolated behind a NAT (no access to neighbour's PC),<BR>
>>> and still keep communication in same LAN between all IP Phones.<BR>
>>><BR>
>>> Should I take another approach on that?<BR>
>>><BR>
>> Put each PC in its own VLAN. Keep all the phones in one VLAN.<BR>
>><BR>
>> Although having a $30 router in each room hanging off the phone would<BR>
>> accomplish what you want also.<BR>
><BR>
> Take j's suggestion to use VLANs. This is not a good situation for<BR>
> NAT. Cisco 2950's can do VLANs.<BR>
><BR>
<BR>
to be clear, the only way this will work with the PCs is if each PC vlan is *also* a unique ip subnet (else how do all the vlans access a common default gw?)<BR>
<BR>
place the phones in a voice vlan, and the phone problem is solved.<BR>
as for the PC isolation, you might get better feedback on a cisco or other networking forum.<BR>
<BR>
-david</FONT>
</P>
</BODY>
</HTML>