+ Reply to Thread
Results 1 to 19 of 19
  1. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #1

    Default Hiccup on setting up first IP Phone

    After reading over half of the OCG, I have begun to start entering commands and trying things out.

    I'm starting out with CME.

    So far, I have set up a DATA and VOICE vlan on the PWR switch.

    I have two different DHCP, one from main DHCP/Default Gateway router and second from CME Voice Router. The CME Voice Router has a DHCP with Voice_Scope on a different subnet than the original main DHCP network. I set option 150 and also had the default-router point to the main DHCP/Default Gateway router.

    On the CME Voice Router, I set up the first "ephone 1" with the mac address from the IP phone.

    My topology is kind of like this:

    IP Phone <-> PWR-SW <-> Main-DHCP-Router<-> SW <-> CME-Voice-Router;

    But the IP phone is stuck on "Configuring IP" screen.

    What am I doing wrong?
    Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. /threadkiller ande0255's Avatar
    Join Date
    Sep 2013
    Location
    Around
    Posts
    1,160

    Certifications
    CCNA R&S, Voice, Security
    #2
    Have you tried setting it up with just the single instance of DHCP to see if you can get that working? And could you post the config of Main-DHCP-Router?

    I'd guess it's a VLAN mishap, but then again I'm not sure what kind of impact two DHCP sources would have on a phones ability to register itself. Is the scope you defined for DHCP on the same network as your voice VLAN?
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #3
    I would assume they are on the same network but different subnet? How would you go about tying voice DHCP to voice VLAN?


    Main-DHCP-Router doesn't have voice functionality.


    Thanks.
    Last edited by networker050184; 04-10-2014 at 03:33 PM.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,205

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #4
    If this is a CME. You need a option 150 setup for the phone to register.


    You can run a Debug TFTP events to see if you are even getting info to you phone.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  6. Senior Member pitviper's Avatar
    Join Date
    May 2008
    Location
    Right Coast, US
    Posts
    1,363

    Certifications
    CCNP:Collaboration, CCNP:R+S, CCNA:R+S, CCNA:V(IIUC), CCNA:S, CCENT, CNSS 4011
    #5
    Start with just the following for now:

    IP Phone <-> PWR-SW <-> CME ROUTER

    Introduce the other device later.
    Reply With Quote Quote  

  7. /threadkiller ande0255's Avatar
    Join Date
    Sep 2013
    Location
    Around
    Posts
    1,160

    Certifications
    CCNA R&S, Voice, Security
    #6
    Remember that if devices are in different subnets, they are not on the same network, they are broken up into different sub-networks. I guess I was asking more from the perspective of having vlans separating voice and data traffic, and if your DHCP scope is for the 10.5.x.x /16 network, but your voice vlan is in the 10.10.x.x /16 network, DHCP won't be talking to your phone.

    I agree to get the most basic network functionality working like Phone -> Switch -> CME router, and expand from there, and also running through lab manuals before freestyle labbing helped me a lot with my CCNA Voice labbing.
    Last edited by ande0255; 04-10-2014 at 03:32 PM.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Aug 2011
    Location
    Little Rock, AR
    Posts
    818

    Certifications
    CISSP, CCNA (R&S, Sec), WGU BS:IT Sec, MCTS: Win 7 Config, Sec+, Project+, Storage+, Net+, A+
    #7
    When it passes through the data router, you are losing your layer 2 connection. You will need to setup a route between the two routers, the easiest way would be to setup a static route pointing to the other router on each router.

    Or connect the two switches with a trunk link and you would have continous layer 2 vlans.
    Reply With Quote Quote  

  9. Senior Member cisco_nerd's Avatar
    Join Date
    Dec 2010
    Location
    Brisbane, Australia
    Posts
    198
    #8
    If you are using a L3 switch, create two SVIs, one each for the VLANS required. Since you are using a DHCP server for your VOIP that is on another router you need a way to allow the DHCP requests to actually reach the CME router for the correct scope - remembering that L3 devices will block broadcasts (since it is a L2 broadcast domain).

    Your phone is stuck in that state of configuring an IP becuase it can't get to the DHCP server on your CME. So a possible solution would be to set up a SVI on the switch for your VLAN and configure an IP Helper address to forward the DHCP packets on.

    example config:
    CME ROUTER:

    int lo100
    ip add 1.1.1.1 255.255.255.255
    h323-gateway bind srcaddr 1.1.1.1
    h323-gateway bind voip interface

    ip dhcp excluded-address 192.168.100.1

    ip dhcp pool VOICE
    network 192.168.100.0 255.255.255.0
    option 150 ip 1.1.1.1


    PWR SWITCH:

    int vlan 100
    ip add 192.168.100.1 255.255.255.0
    ip helper-address 1.1.1.1

    As long as your main router has a route back to the CME, then your DHCP will be forwarded to 1.1.1.1 (or whatever you what it to be) for the voice vlan. If you have multiple scopes, it will always know which one to used based on which vlan it came from and the address assigned to that SVI.

    My production networks use this heavily for data and voice to help keep DHCP servers in a central location behind multiple layer 3 devices.

    I do hope that this has helped you!!
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #9
    Thank you very much for the kind replies.

    So I'm going to connect the PWR-Switch directly to the CME router then.

    So now the CME router has 3 interfaces.

    (CME-Router's Int 0 to a switch to Main-DHCP-Router) and (CME-Router's Int 1 to the PWR-Switch).

    Shall I set a static route from the PWR-Switch side interface 1 to int 0?

    As in on CME Router, say "ip route 0.0.0.0 0.0.0.0 int 0" ?

    Then since only IP phones connect to the PWR-Switch, DHCP will be handled by the CME-Router?

    Thanks again.
    Reply With Quote Quote  

  11. Senior Member JeanM's Avatar
    Join Date
    Mar 2012
    Location
    California
    Posts
    1,105

    Certifications
    CCNA, MCP, S+, N+, A+
    #10
    CME router connect to switch, using trunk port. CME router config with dhcp, and option 150 for the voice scope.
    Set default gateway and default route. You can then use other interface on CME router to connect to another cme running router or to establish a sip trunk over the internet for example.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #11
    I just re-did my network and now I can't get even get an ip address for LAN. Please take a look.
    CME-Router now default-gateway at 10.10.10.10 with gi 0/0 to ISP and gi 0/1 to PWR-Switch.

    [CME-Router]
    Building configuration...




    *Apr 12 16:31:00.519: %SYS-5-CONFIG_I: Configured from console by sndlt on console
    Current configuration : 4437 bytes
    !
    ! Last configuration change at 16:31:00 UTC Sat Apr 12 2014 by sndlt
    version 15.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    no service dhcp
    !
    hostname sndlt
    !
    boot-start-marker
    boot-end-marker
    !
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    !
    ip cef
    !
    !
    !
    ip dhcp excluded-address 10.10.10.1
    !
    ip dhcp pool VOICE_SCOPE
    network 10.10.20.0 255.255.255.0
    default-router 10.10.10.10
    option 150 ip 10.10.10.10
    dns-server 8.8.8.8
    !
    ip dhcp pool DATA_SCOPE
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.10
    dns-server 8.8.8.8 8.8.8.8
    !
    !
    !
    ip domain name sndlt
    no ipv6 cef
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !


    rsakeypair TP-self-signed-1645340178
    !
    !


    voice-card 0
    !
    !
    !
    !
    !
    !
    !
    !
    license udi pid CISCO2911/K9 sn FGL1715114L
    license accept end user agreement
    license boot module c2900 technology-package uck9
    hw-module pvdm 0/0
    !
    !
    !
    username sndlt privilege 15 secret 4 hGL4wojn8KJThGXpBblLtyVuuFMnFxF2DRXDzR4MB0Q
    !
    redundancy
    !
    !
    !
    !
    !
    !
    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    description $ETH-WAN$
    ip address dhcp hostname 2911
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    no ip address
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1.10
    encapsulation dot1Q 10
    ip address 10.10.20.10 255.255.255.0
    !
    interface GigabitEthernet0/1.50
    encapsulation dot1Q 50
    ip address 10.10.10.10 255.255.255.0
    !
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    ip forward-protocol nd
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    !
    access-list 23 permit 10.10.10.0 0.0.0.7
    !
    !
    !
    control-plane
    !
    !
    voice-port 0/2/0
    !
    voice-port 0/2/1
    !
    voice-port 0/2/2
    !
    voice-port 0/2/3
    !
    voice-port 0/3/0
    !
    voice-port 0/3/1
    !
    voice-port 0/3/2
    !
    voice-port 0/3/3
    !
    !
    !
    !
    !
    !
    mgcp profile default
    !
    !
    !
    !
    !
    gatekeeper
    shutdown
    !
    !
    telephony-service
    no auto-reg-ephone
    max-ephones 58
    max-dn 300
    ip source-address 10.10.10.10 port 2000
    max-conferences 8 gain -6
    web admin system name
    dn-webedit
    time-webedit
    transfer-system full-consult
    !
    !
    ephone-dn 1
    number 1000
    !
    !
    ephone 1
    mac-address 0014.A998.D06D
    !
    !
    !
    !
    line con 0
    login local
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input ssh


    end

    [PWR-Switch]
    Building configuration...


    Current configuration : 5637 bytes
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    no service dhcp
    !
    hostname sndlt3550
    !
    enable secret 5 $1$e1ToZOKhpGolzq0
    enable password 7 000A0575B
    !
    username sndlt password 7 02085F7018
    no aaa new-model
    ip subnet-zero
    ip domain-name sndlt.com
    !
    !
    !
    crypto pki trustpoint TP-self-signed-3185929216
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3185929216
    revocation-check none
    rsakeypair TP-self-signed-3185929216
    !
    !
    crypto pki certificate chain TP-self-signed-3185929216
    certificate self-signed 01
    3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33313835 39323932 3136301E 170D3933 30333031 30303031
    30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31383539
    32393231 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100AD89 A77B594C DB9C2934 FA6DFF7F C06AFCC1 B335AA5B 086147F7 C8B5B1EC
    D7274697 DAF5A1A9 5DE62084 17174522 12CD7B16 FE10F1AD 9EC63B6E B5F78E8E
    59A1340E 3F433715 05921A75 8CFE7E3B 514A4B0B 508681ED 9086530F E7FA7074
    4299352B 06B1C19B 25263F0F 6F5C2115 EA75E28D 7C7EFCAE 72D9831C C5EC3B8B
    C99F0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
    551D1104 17301582 13736E64 6C743335 35302E73 6E646C74 2E636F6D 301F0603
    551D2304 18301680 14E10EF3 6F5DF8E9 EEAD89D9 C988AE7F A38617B2 78301D06
    03551D0E 04160414 E10EF36F 5DF8E9EE AD89D9C9 88AE7FA3 8617B278 300D0609
    2A864886 F70D0101 04050003 81810045 D9F062EE A5C73B67 E48EAF44 D938392C
    09E0AF89 552E8C46 8FA4AA92 1FE6754E D2292B93 3D87EA17 AA38A9DE 8A3125A6
    73D7D917 3FC57D62 E2C2D199 E27A5526 9B2F2E59 1C98A69F BA2743AD 5675E103
    895E3656 FCE89C11 293A2E5F 09D6DDC4 3176AAC1 0C91E78A 78E95915 D6C3CD0B
    A26A4204 D257D464 68A8EB03 AB8D26
    quit
    !
    !
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    ip ssh version 2
    !
    !
    interface FastEthernet0/1
    no switchport
    no ip address
    duplex full
    !
    interface FastEthernet0/2
    switchport access vlan 50
    switchport mode access
    switchport voice vlan 10
    spanning-tree portfast
    !


    !
    interface FastEthernet0/24
    switchport access vlan 50
    switchport mode access
    switchport voice vlan 10
    spanning-tree portfast
    !
    interface GigabitEthernet0/1
    switchport mode dynamic desirable
    !
    interface GigabitEthernet0/2
    switchport mode dynamic desirable
    !
    interface Vlan1
    ip address 10.10.10.12 255.255.255.0
    !
    ip default-gateway 10.10.10.10
    ip classless
    ip http server
    ip http secure-server
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
    login local
    transport input ssh
    line vty 5
    login local
    transport input none
    line vty 6 15
    login
    !
    end
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #12
    Changed int fa 0/24 of PWR-Switch to trunk! But still hosts aren't getting IP addresses.
    Last edited by sendalot; 04-12-2014 at 06:00 PM.
    Reply With Quote Quote  

  14. Senior Member cisco_nerd's Avatar
    Join Date
    Dec 2010
    Location
    Brisbane, Australia
    Posts
    198
    #13
    Quote Originally Posted by sendalot View Post
    Changed int fa 0/24 of PWR-Switch to trunk! But still hosts aren't getting IP addresses.
    Just from reading the config I suggest the following:

    Are you using 0/24 as your trunk to CME, and not one of the Gig ports? Just double check your trunk is not physically connected to the wrong port. And confirm that both VLANs can travel over the trunk.

    Have you confirmed L1/L2 connectivity? And that the Switch can actually ping the default gw?

    Adjust your voice scope to have the default-router and TFTP server for that subnet pointing to 10.10.20.10 as this is the subnet you have assigned for your voice vlan interface on the router. Currently your config is pointing them to address outside the local subnet for the voice traffic.

    Bind the Voice VLAN default-gateway as the h323-gateway voip interface and srcaddr (since you have used this as the telephony source address under telephony config).

    Configure DHCP exclusion for all your statically assigned interfaces within the two subnets. i.e. Int VLAN 1 on the switch, and the two sub-interfaces on the router for each VLAN. This way you will avoid getting DHCP errors from addresses trying to use the statically assigned values.

    You have an access list that matches the subnet 10.10.10.0/29 for the http server, but you have the subnet 10.10.10.0/24 configured for your DATA_SCOPE. This seems odd - or have you got other devices within this range that are also configured statically? If so further exclusions should be provisioned for them to prevent unwanted HTTP access from the subnet.

    You still need a route to go to your main router. Either through a static/default route or whatever dynamic routing protocol you use within the network. If you bind the h323 gateway to a loopback and use that as the source IP, then you don't need to advertise your voice network out to any other routers (keeps it private).

    Hope this helps. Let me know if you need any more help!!
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #14
    Quote Originally Posted by cisco_nerd View Post
    Just from reading the config I suggest the following:

    Are you using 0/24 as your trunk to CME, and not one of the Gig ports? Just double check your trunk is not physically connected to the wrong port. And confirm that both VLANs can travel over the trunk.

    Have you confirmed L1/L2 connectivity? And that the Switch can actually ping the default gw?

    Adjust your voice scope to have the default-router and TFTP server for that subnet pointing to 10.10.20.10 as this is the subnet you have assigned for your voice vlan interface on the router. Currently your config is pointing them to address outside the local subnet for the voice traffic.

    Bind the Voice VLAN default-gateway as the h323-gateway voip interface and srcaddr (since you have used this as the telephony source address under telephony config).

    Configure DHCP exclusion for all your statically assigned interfaces within the two subnets. i.e. Int VLAN 1 on the switch, and the two sub-interfaces on the router for each VLAN. This way you will avoid getting DHCP errors from addresses trying to use the statically assigned values.

    You have an access list that matches the subnet 10.10.10.0/29 for the http server, but you have the subnet 10.10.10.0/24 configured for your DATA_SCOPE. This seems odd - or have you got other devices within this range that are also configured statically? If so further exclusions should be provisioned for them to prevent unwanted HTTP access from the subnet.

    You still need a route to go to your main router. Either through a static/default route or whatever dynamic routing protocol you use within the network. If you bind the h323 gateway to a loopback and use that as the source IP, then you don't need to advertise your voice network out to any other routers (keeps it private).

    Hope this helps. Let me know if you need any more help!!
    Yes fa 0/24 as trunk to CME. And this is 3550-PWR switch and I only see 24 fa interfaces. I wonder why there are gi on the switch. How do I confirm both VLANs can travel over? also, switch can't ping 10.10.10.10. How do I fix this? argh.. Thanks.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Aug 2011
    Location
    Little Rock, AR
    Posts
    818

    Certifications
    CISSP, CCNA (R&S, Sec), WGU BS:IT Sec, MCTS: Win 7 Config, Sec+, Project+, Storage+, Net+, A+
    #15
    Your gig ports are SFP slots. You should see fa0/24 show up when to do show interface trunk. Change your SVI to Vlan 10.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #16
    Quote Originally Posted by swild View Post
    Your gig ports are SFP slots. You should see fa0/24 show up when to do show interface trunk. Change your SVI to Vlan 10.
    How do I do that? I failed to find how to change SVIs.
    Thanks.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Dec 2012
    Location
    Chicago, IL
    Posts
    328

    Certifications
    Juniper/Cisco/CompTIA Gandam
    #17
    Update: I enabled dhcp-service and ip nat the router. Now hosts connected to the PWR-Switch can connect to internet via the CME router.


    But still the switch cannot ping the default-gateway even though hosts connected to the switch has internet working (consoling switch and can't SSH either).


    Also now the IP phone gets past the IP stage and is stuck on "Opening 192.168.70.1" and I'm not sure where the address came from.


    Thanks.
    Reply With Quote Quote  

  19. Senior Member cisco_nerd's Avatar
    Join Date
    Dec 2010
    Location
    Brisbane, Australia
    Posts
    198
    #18
    Quote Originally Posted by sendalot View Post
    How do I do that? I failed to find how to change SVIs.
    Thanks.
    Your switch config has the following:

    interface Vlan1
    ip address 10.10.10.12 255.255.255.0

    That is your SVI (switch virtual interface). According to your router config, that subnet is applied to VLAN 10. So delete int vlan 1 and config int vlan 10.

    If you have changed the topology to have a central switch with the Main router and the CME router each with their own trunk port then an SVI on the switch is not strictly required. Just filter the trunk ports to only allow the VLAN for each network (10 VOICE and 50 DATA). You would still need an SVI to manage the switch and telnet/SSH into it but it can be on your management VLAN. L3 switches can support multiple SVIs configured with IP addresses. L2 switches can only have 1 SVI configured and it is advised that they are configured for management only as L2 switches are usually used for the Access layer.

    If your topology has an off-site CME that is not connected to the same L2 broadcast domain, then use an SVI for VLAN 10 and have an ip helper-address configured pointing back to the CME. This can then go through the main router as a trunk port and then be routed out the network.

    To confirm what VLANs are going across the trunks issue the command "sh int trunk" but by default all trunk ports will allow all VLANs.

    Your Gig ports are not SFPs they are actually GBIC ports (rectangular slots as wide as a duplex SC fibre connector). SFPs are in the newer series of switches and have the switch would use the naming convention of Gi1/0/x.

    I would also suggest a bit more study into VLAN tagging (802.1Q) as this is paramount when configuring any network. I don't mean to sound rude, but there is a few basic concepts that you might be lacking strength in, but i'm happy to help you get through. It brings great confidence when you get through a fault and take something out of to enhance your knowledge.
    Reply With Quote Quote  

  20. Senior Member cisco_nerd's Avatar
    Join Date
    Dec 2010
    Location
    Brisbane, Australia
    Posts
    198
    #19
    Quote Originally Posted by sendalot View Post
    Update: I enabled dhcp-service and ip nat the router. Now hosts connected to the PWR-Switch can connect to internet via the CME router.


    But still the switch cannot ping the default-gateway even though hosts connected to the switch has internet working (consoling switch and can't SSH either).
    Thanks.


    You can't ping the gateway because your switch is not on the same subnet or does not have a route to that subnet. It is because your SVI is configured incorrectly.

    The phone probably requires a factory reset procedure to be completed if it has come from eBay as it will have all the load info from a previous installation. Just look through the Cisco website at all the documentation on their IP phones, you will find everything you need on that website - highly recommend reading through it.

    Also now the IP phone gets past the IP stage and is stuck on "Opening 192.168.70.1" and I'm not sure where the address came from.

    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks