+ Reply to Thread
Results 1 to 10 of 10
  1. Senior Member
    Join Date
    Apr 2009
    Location
    New Orleans, LA
    Posts
    199

    Certifications
    MCSE, MCITP:EA, CCNA, CCNP
    #1

    Default PCs cannot access network behind phones.

    Hello all,

    I've been having issues lately on some of the UC500 deployments I've done. It it bad practice to leave DHCP on the UC500 for the Voice Vlan, while letting another server take care of the Data Vlan? I ask because during a recent installation, I had DHCP for both subnets on the UC500, and I tested connectivity behind the Cisco phones without issues. However, I took the DHCP config off the UC for the data Vlan and let the sysadmin handle it via a Windows machine, and now I'm getting reports that no one can connect to the network if they are connected behind their phone, but if they bypass the phone and plug straight into the wall - they are able to access the network and internet without issues. In the past I've had this happen, but I simply disabled DHCP on the server and let the UC500 take care of it, but I don't have that option in this scenario. I'll verify when I'm on site that it's not just an issue with the switch being misconfigured, but I'm fairly certain that isn't the case. I'm anticipating that I'll configure a static IP address, and be alright - but we'll see.

    Any suggestions or past experiences would be greatly appreciated.

    Thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,201

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #2
    Most of the networks with UC500's are usually small enough that you can do the DHCP on both networks. You may not have this options, but more than likely you will have to use a IP helper command if the data DHCP server is on another subnet.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2009
    Location
    New Orleans, LA
    Posts
    199

    Certifications
    MCSE, MCITP:EA, CCNA, CCNP
    #3
    Yeah, unfortunately it is a rather small network - that's whats so frustrating about it. The UC serves only as the CME, and doesn't participate in any type of WAN connectivity or other options. I'll have to see what the sysadmin thinks about combining both DHCP scopes on the UC...
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,201

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #4
    This sounds like one of those networks where they want the data and voice separate. I usually will build them completely separated where they provide there own cabling for the PC's.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  6. Member 535irob's Avatar
    Join Date
    May 2006
    Location
    Houston
    Posts
    31

    Certifications
    CCNA-Voice,CCNA, CCENT, MCP (70-270/290), A+, Network+, Project+, Security+, CIW Java script
    #5
    Quote Originally Posted by shodown View Post
    This sounds like one of those networks where they want the data and voice separate. I usually will build them completely separated where they provide there own cabling for the PC's.
    Why on earth would you run 2 network cables to a single desk? The Vlan's keep them separate..

    OP - the location of the DHCP doesn't really matter as long as option 150 is given out from the VOICE Vlan DHCP server pointing to the correct and working tftp server.

    On your switch, make sure cdp is up and running:

    sh cdp nei

    and the ports should look something like this:

    Interface FastEthernet 0/1
    Description Phones and Computers
    Switchport mode access vlan DATA
    Switchport mode access
    Switchport Voice vlan VOICE
    Auto qos voip cisco-phone
    spanning-tree portfast


    If your setup is working correctly phones should register with no issues. If the register and people are still having problems plugging in and getting online, a possible few issues come to mind. First was the new DHCP server given a static IP address on the correct DATA vlan? ( assuming that the port the server is plugged into is programmed as above ). Second Can the new DHCP server see the gateway of your network? Can it ping other network servers/computers. Also when a user plugs directly into the wall what IP range are they given?
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,201

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #6
    Quote Originally Posted by 535irob View Post
    Why on earth would you run 2 network cables to a single desk? The Vlan's keep them separate..

    OP - the location of the DHCP doesn't really matter as long as option 150 is given out from the VOICE Vlan DHCP server pointing to the correct and working tftp server.

    On your switch, make sure cdp is up and running:

    sh cdp nei

    and the ports should look something like this:

    Interface FastEthernet 0/1
    Description Phones and Computers
    Switchport mode access vlan DATA
    Switchport mode access
    Switchport Voice vlan VOICE
    Auto qos voip cisco-phone
    spanning-tree portfast


    If your setup is working correctly phones should register with no issues. If the register and people are still having problems plugging in and getting online, a possible few issues come to mind. First was the new DHCP server given a static IP address on the correct DATA vlan? ( assuming that the port the server is plugged into is programmed as above ). Second Can the new DHCP server see the gateway of your network? Can it ping other network servers/computers. Also when a user plugs directly into the wall what IP range are they given?

    I don't think you understood what I was saying. When I deploy these boxes and there are problems with the existing IT team as in they dont' want to integrate the Voice and Data or have documented business reasons on why not to I have used a separate CAT5 cable for the phones. This is pretty common in the DC area where everyone is paranoid about one thing or another. I do agree that it makes life easier for them to be separated, but you always run into difficult situations when you deploy. Now onto the Voice network option 150 will always take care of the phones, but if the PC's can't pull a IP address and the DHCP is on another subnet something will have to be done to ensure they can pull a IP.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  8. Member 535irob's Avatar
    Join Date
    May 2006
    Location
    Houston
    Posts
    31

    Certifications
    CCNA-Voice,CCNA, CCENT, MCP (70-270/290), A+, Network+, Project+, Security+, CIW Java script
    #7
    If they have business reason, so be it. I just think its a waste to double the work..

    Maybe the windows server does not have scopes defined for both VLans. If 1 dhcp server hosts the scopes for all vlans, all vlans must be able to ping the server...
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,201

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #8
    well when you work for a vendor and you don't own the entire network its actually not double the work. When things are broken you can quickly eliminate your gear as you aren't part of it. I have several customers where we dont' own the network, just the phones and it keeps them from calling us when things go wrong. We have customers where we own the network and they blame for phones for everything from there PC's being slow, to the network crashing, so I can see it from both point of views. I would rather own the entire network, or keep my phones isolated, or have comptent engineers on the other end that when things go wrong we can "collaborate on a solution" instead of throwing stones to see who's fault it is. I come to this conclusion due to the fact that 50 percent of the engineers out here suck, and the management sucks so they don't know if they are hiring competent engineers or not sorry for the long rant, but as I'm typing this I'm on a conference call with the type of people I'm talking about.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  10. Senior Member chmorin's Avatar
    Join Date
    Feb 2010
    Location
    Texas
    Posts
    1,443

    Certifications
    CCNP:Voice, CCNA:V(IIUC), CCNA, CCENT, Security +, Network +, A+,CIW
    #9
    To Jump back to the OP.

    Quote Originally Posted by Agent6376 View Post
    Hello all,

    I've been having issues lately on some of the UC500 deployments I've done. It it bad practice to leave DHCP on the UC500 for the Voice Vlan, while letting another server take care of the Data Vlan? I ask because during a recent installation, I had DHCP for both subnets on the UC500, and I tested connectivity behind the Cisco phones without issues. However, I took the DHCP config off the UC for the data Vlan and let the sysadmin handle it via a Windows machine, and now I'm getting reports that no one can connect to the network if they are connected behind their phone, but if they bypass the phone and plug straight into the wall - they are able to access the network and internet without issues. In the past I've had this happen, but I simply disabled DHCP on the server and let the UC500 take care of it, but I don't have that option in this scenario. I'll verify when I'm on site that it's not just an issue with the switch being misconfigured, but I'm fairly certain that isn't the case. I'm anticipating that I'll configure a static IP address, and be alright - but we'll see.

    Any suggestions or past experiences would be greatly appreciated.

    Thanks!
    I wouldn't consider it 'bad practice' to separate the dishing of DHCP address among different servers. In my company, we have the VoIP DHCP server run on the local gateway, and the Data DHCP server run on a local DC. The configuration should essentially be the same. I'd make sure CDP didn't get disabled for some reason on the switch, confirm your VLAN configuration, and if the data DHCP server is on a different subnet make sure you have helper-addresses where you need them. Let us know what you find out.
    Reply With Quote Quote  

  11. Cantankerous Old Fart hermeszdata's Avatar
    Join Date
    Jan 2010
    Location
    Colorado
    Posts
    225

    Certifications
    CCNA, CCNA:Voice (Ent) AdTran ATSA Internetworking
    #10
    Quote Originally Posted by chmorin View Post
    To Jump back to the OP.



    I wouldn't consider it 'bad practice' to separate the dishing of DHCP address among different servers. In my company, we have the VoIP DHCP server run on the local gateway, and the Data DHCP server run on a local DC. The configuration should essentially be the same. I'd make sure CDP didn't get disabled for some reason on the switch, confirm your VLAN configuration, and if the data DHCP server is on a different subnet make sure you have helper-addresses where you need them. Let us know what you find out.
    I'm with you on this issue. My home office uses the local gateway (2811) to provide VoIP DHCP and my DC to handle Data DHCP. This sounds more like a Switch configuration issue than a phone issue. This problem twisted my already twisted mind for a few weeks before I finally nailed the concept.

    Config for CME Router (Cisco 2821)
    Code:
    !
    ip dhcp pool Voice_DHCP
       Description - DHCP Pool for Voice VLAN
       import all
       network 10.10.11.32 255.255.255.224
       default-router 10.10.11.33 
       option 150 ip 10.10.11.33 
       domain-name hermesz.local
       dns-server 10.10.11.3 4.2.2.2 
    !
    !
    interface GigabitEthernet0/1.10
     description $FW_INSIDE$ VLAN 10 is teh Management VLAN for all Cisco Devices on the network
     encapsulation dot1Q 10 native
     ip address 192.168.254.1 255.255.255.224
     no ip redirects
     no ip unreachables
     ip nat inside
     ip virtual-reassembly in
    !
    interface GigabitEthernet0/1.11
     description $FW_INSIDE Data Subnet$ DC and all devices/PCs on DATA Subnet
     encapsulation dot1Q 11
     ip address 10.10.11.1 255.255.255.224
     ip access-group hdtLANsecure in
     no ip redirects
     no ip unreachables
     ip nat inside
     ip virtual-reassembly in
    !
    interface GigabitEthernet0/1.12
     description $FW_INSIDE Voice Subnet$
     encapsulation dot1Q 12
     ip address 10.10.11.33 255.255.255.224
     no ip redirects
     no ip unreachables
     ip nat inside
     ip virtual-reassembly in
    !
    Config for Switch Port(s)
    Code:
    !
    interface FastEthernet0/1
     description $Connection to Office$
     switchport trunk native vlan 11
     switchport trunk allowed vlan 1,11,12,1002-1005
     switchport mode trunk
     switchport voice vlan 12
     spanning-tree portfast
    !
    Note the highlighted line in the Switchport configuration. VLAN 11 in my configuration is the DATA VLAN which is where my DC and all PCs are connected. Setting the Native VLAN as above provides teh connected devices access to ALL DHCP Servers on the network.

    I should also note that I run a Cisco WLC4136 Wireless LAN COntroller on my network that lives on VLAN 100. The switchports that the APs plug into are configured as follows:

    Code:
    !
    interface FastEthernet0/5
     description $Connection to WAP-1$
     switchport trunk native vlan 100
     switchport mode trunk
    !
    interface FastEthernet0/6
     description $Connection to WAP-2$
     switchport trunk native vlan 100
     switchport mode trunk
    !         
    interface FastEthernet0/7
     description $Connection to WAP-3$
     switchport trunk native vlan 100
     switchport mode trunk
    !
    Again, note the highlighted config lines. As with the switchports that the IP Phones connect to, the APs could not get their DHCP assignments without the proper NATIVE VLAN assignment on the switch.

    Just a bit of food for thought.

    John
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks