Sign in

Network and IT Requirements for TOPS Office Communicator VoIP Platform

Last updated on 
Network and IT Requirements for TOPS Office Communicator VoIP Platform

Reliable Internet Connection

A reliable internet connection is a vital requirement for uninterrupted voice communication. Downtime or fluctuations in an internet connection can result in poor call quality and dropped phone calls. TOPS defines a reliable internet connection as a connection with sufficient bandwidth to support existing data traffic requirements while maintaining low average latency and jitter over an extended period of time.

TOPS performs a network assessment for all customers before installing cloud-based phones. TOPS network assessment uses open-source and proprietary tools to measure latency, jitter, packet loss, and simulate VoIP phone calls on a network. The results of TOPS network assessment determine the reliability of the network and its capacity to support VoIP.

Ability to Install Required Software

TOPS Office Communicator includes the TOC desktop software with all UC user licenses. The software offers many useful features beyond what is available through desktop phones or even web-based applications.

The software can be deployed by IT personnel or installed by TOPS technicians. Local administrator access is required for software installation by TOPS technicians.

In some cases, IT personnel may prefer to deploy the software themselves. If so, please contact TOPS for installation instructions and list of users.

Firewall Configuration

A basic NAT firewall, such as a service provider modem/router combination unit with default settings, can support most small businesses with low-to-moderate phone usage - no configuration changes required.

Advanced firewalls with active security features and/or outbound traffic filtering often require dedicated configuration to optimize the performance of VoIP phones and applications. If not properly configured, these firewalls can cause a wide range of issues which can often appear random or intermittent.

Please reference these general guidelines to optimize your firewall for TOPS Office Communicator VoIP Platform:

SIP ALG

Disable SIP ALG (Application Layer Gateway).

Session and State Table Tuning

Increase RTP/UDP media stream timeouts to at least 180–300 seconds.

Increase UDP session timeout values for SIP (recommend 90–300 seconds).

Split Tunneling

If remote workers connect through a VPN, configure split tunneling on the VPN server.

Multiple WAN Connections

If the firewall has multiple WAN connections, configure a policy to send VoIP traffic over the most reliable link at all times - use other link(s) for failover only.

Traffic Prioritization (QoS)

Enable Quality of Service (QoS) on the firewall to prioritize VoIP packets over general data traffic. Mark VoIP traffic with DSCP (Differentiated Services Code Point) values:

  • Voice/RTP: EF (Expedited Forwarding) — DSCP 46
  • SIP Signaling: CS3 — DSCP 26

Traffic Shaping and Bandwidth Restriction

High speed fiber internet usually does not require traffic shaping and bandwidth restriction policies to be implemented. These settings are only recommended if normal data traffic approaches the maximum bandwidth (upload or download) available on the internet connection:

  • Reserve dedicated bandwidth for VoIP — 5-10 mbps upload and download is recommended for VoIP phone calls and VoIP application traffic.
  • Set a traffic shaper or bandwidth restriction policy to guarantee dedicated bandwidth is always available for VoIP traffic even during peak usage times.
  • Do not over-provision bandwidth. These policies are only effective when total throughput is restricted significantly below advertised/tested bandwidth on the internet connection. TOPS recommends 80% utilization.

IP Ports and Server Addresses used by TOC Platform

Use the list of IP ports and server addresses below to identify TOC VoIP traffic and whitelist it or explicitly allow it through the firewall:

Protocol Port Range Usage
TCP 80, 443 Web
TCP 5060-5069 SIP TLS Signalling
UDP 5060-5069 SIP Signalling
TCP 10001 SIP Signalling
UDP 10000-20000 RTP
TCP 10005, 10007, 10009 TOC Application Ports
TCP 11389, 11636 Central Phone Book

Server Address:

toc.tops.tel

Recommendations

Microsoft Single Sign-on

If all users have Microsoft Office365 / Azure AD accounts, they can sign into the TOPS Office Communicator desktop and mobile applications using their Microsoft credentials through Microsoft Single Sign-on.

Single Sign-on simplifies deployment and usage for the end-user, and it increases security company-wide by shielding potentially sensitive internal communications behind Microsoft authentication.

If all users have Microsoft accounts, please contact TOPS support to receive a link to grant consent to our Microsoft Entra SSO application.

Disable IGMP Snooping

IGMP (Internet Group Management Protocol) Snooping is a feature on managed network switches that controls how multicast traffic is forwarded across a network. It is enabled by default on some managed switches such as Aruba Instant-On series. TOPS often configures VoIP phones to perform multicast paging, which requires multicast traffic to be delivered to all other VoIP phones on the network. IGMP snooping should always be disabled globally or on the voice VLAN to allow multicast traffic to flow freely.

Use of VLANs to Segregate Phone Traffic

Use of VLANs is an industry-wide best practice on larger networks. The benefits of VLANs include increased security, confinement of broadcast domains, and ease of administration. TOPS recommends deploying a separate VLAN for VoIP phones. All TOPS VoIP phones have two Gigabit Ethernet ports with VLAN assignment through LLDP/CDP or static configuration.

The steps to configure a basic voice VLAN are:

  1. Choose a VLAN ID and subnet – TOPS often uses VLAN 6 for voice
  2. Create the new VLAN in the switch VLAN database
  3. Enable Voice VLAN or LLDP-MED in global/system config
  4. Enable Voice VLAN or LLDP-MED on all switch ports
  5. Configure all switch ports to tag traffic on the voice VLAN
  6. Create the VLAN interface on your router/firewall
    1. Assign the subnet, gateway and DNS settings
    2. Enable DHCP server
    3. Allow routing between voice and data subnets

If you would like further assistance please contact TOPS support.

Power over Ethernet (PoE) Network Switches

PoE switches can power your VoIP phones through your Ethernet cable, reducing the need for additional power adapters and improving cable management at each users desk. PoE can also power other devices such as WiFi access points and surveillance cameras. Managed PoE switches offer additional network troubleshooting tools for IT personnel including remote power cycling of PoE devices.

Use Reputable Network Equipment

Use reputable managed network equipment designed for business applications such as Cisco, HPE Aruba, Fortinet, Watchguard, or Ubiquiti. Avoid consumer grade network equipment - specifically WiFi routers marketed for home use. Many WiFi routers from brands like Asus and TP-Link can support a small number of VoIP phones and low phone usage, but some can cause intermittent problems over time, especially older models.

Avoid CG-NAT and Double NAT

Carrier-Grade Network Address Translation (CG-NAT) can cause unexpected call drops or random loss of audio mid-call. In some instances, such as with Starlink internet, changes to CG-NAT tables can cause VoIP servers to trigger security protocols that block end user devices and applications out of the system.

Double NAT refers to multiple NAT routers connected in series and most commonly occurs when service provider modem/router combination devices are misconfigured. Double NAT can cause issues with VoIP and other types of network traffic.