PCs cannot access network behind phones.
Agent6376
Member Posts: 201
Hello all,
I've been having issues lately on some of the UC500 deployments I've done. It it bad practice to leave DHCP on the UC500 for the Voice Vlan, while letting another server take care of the Data Vlan? I ask because during a recent installation, I had DHCP for both subnets on the UC500, and I tested connectivity behind the Cisco phones without issues. However, I took the DHCP config off the UC for the data Vlan and let the sysadmin handle it via a Windows machine, and now I'm getting reports that no one can connect to the network if they are connected behind their phone, but if they bypass the phone and plug straight into the wall - they are able to access the network and internet without issues. In the past I've had this happen, but I simply disabled DHCP on the server and let the UC500 take care of it, but I don't have that option in this scenario. I'll verify when I'm on site that it's not just an issue with the switch being misconfigured, but I'm fairly certain that isn't the case. I'm anticipating that I'll configure a static IP address, and be alright - but we'll see.
Any suggestions or past experiences would be greatly appreciated.
Thanks!
I've been having issues lately on some of the UC500 deployments I've done. It it bad practice to leave DHCP on the UC500 for the Voice Vlan, while letting another server take care of the Data Vlan? I ask because during a recent installation, I had DHCP for both subnets on the UC500, and I tested connectivity behind the Cisco phones without issues. However, I took the DHCP config off the UC for the data Vlan and let the sysadmin handle it via a Windows machine, and now I'm getting reports that no one can connect to the network if they are connected behind their phone, but if they bypass the phone and plug straight into the wall - they are able to access the network and internet without issues. In the past I've had this happen, but I simply disabled DHCP on the server and let the UC500 take care of it, but I don't have that option in this scenario. I'll verify when I'm on site that it's not just an issue with the switch being misconfigured, but I'm fairly certain that isn't the case. I'm anticipating that I'll configure a static IP address, and be alright - but we'll see.
Any suggestions or past experiences would be greatly appreciated.
Thanks!
Comments
-
shodown
Member Posts: 2,271
Most of the networks with UC500's are usually small enough that you can do the DHCP on both networks. You may not have this options, but more than likely you will have to use a IP helper command if the data DHCP server is on another subnet.Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
Agent6376
Member Posts: 201
Yeah, unfortunately it is a rather small network - that's whats so frustrating about it. The UC serves only as the CME, and doesn't participate in any type of WAN connectivity or other options. I'll have to see what the sysadmin thinks about combining both DHCP scopes on the UC...
-
shodown
Member Posts: 2,271
This sounds like one of those networks where they want the data and voice separate. I usually will build them completely separated where they provide there own cabling for the PC's.Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
535irob
Member Posts: 31 ■■□□□□□□□□
This sounds like one of those networks where they want the data and voice separate. I usually will build them completely separated where they provide there own cabling for the PC's.
Why on earth would you run 2 network cables to a single desk? The Vlan's keep them separate..
OP - the location of the DHCP doesn't really matter as long as option 150 is given out from the VOICE Vlan DHCP server pointing to the correct and working tftp server.
On your switch, make sure cdp is up and running:
sh cdp nei
and the ports should look something like this:
Interface FastEthernet 0/1
Description Phones and Computers
Switchport mode access vlan DATA
Switchport mode access
Switchport Voice vlan VOICE
Auto qos voip cisco-phone
spanning-tree portfast
If your setup is working correctly phones should register with no issues. If the register and people are still having problems plugging in and getting online, a possible few issues come to mind. First was the new DHCP server given a static IP address on the correct DATA vlan? ( assuming that the port the server is plugged into is programmed as above ). Second Can the new DHCP server see the gateway of your network? Can it ping other network servers/computers. Also when a user plugs directly into the wall what IP range are they given? -
shodown
Member Posts: 2,271
Why on earth would you run 2 network cables to a single desk? The Vlan's keep them separate..
OP - the location of the DHCP doesn't really matter as long as option 150 is given out from the VOICE Vlan DHCP server pointing to the correct and working tftp server.
On your switch, make sure cdp is up and running:
sh cdp nei
and the ports should look something like this:
Interface FastEthernet 0/1
Description Phones and Computers
Switchport mode access vlan DATA
Switchport mode access
Switchport Voice vlan VOICE
Auto qos voip cisco-phone
spanning-tree portfast
If your setup is working correctly phones should register with no issues. If the register and people are still having problems plugging in and getting online, a possible few issues come to mind. First was the new DHCP server given a static IP address on the correct DATA vlan? ( assuming that the port the server is plugged into is programmed as above ). Second Can the new DHCP server see the gateway of your network? Can it ping other network servers/computers. Also when a user plugs directly into the wall what IP range are they given?
I don't think you understood what I was saying. When I deploy these boxes and there are problems with the existing IT team as in they dont' want to integrate the Voice and Data or have documented business reasons on why not to I have used a separate CAT5 cable for the phones. This is pretty common in the DC area where everyone is paranoid about one thing or another. I do agree that it makes life easier for them to be separated, but you always run into difficult situations when you deploy. Now onto the Voice network option 150 will always take care of the phones, but if the PC's can't pull a IP address and the DHCP is on another subnet something will have to be done to ensure they can pull a IP.Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
535irob
Member Posts: 31 ■■□□□□□□□□
If they have business reason, so be it. I just think its a waste to double the work..
Maybe the windows server does not have scopes defined for both VLans. If 1 dhcp server hosts the scopes for all vlans, all vlans must be able to ping the server... -
shodown
Member Posts: 2,271
well when you work for a vendor and you don't own the entire network its actually not double the work. When things are broken you can quickly eliminate your gear as you aren't part of it. I have several customers where we dont' own the network, just the phones and it keeps them from calling us when things go wrong. We have customers where we own the network and they blame for phones for everything from there PC's being slow, to the network crashing, so I can see it from both point of views. I would rather own the entire network, or keep my phones isolated, or have comptent engineers on the other end that when things go wrong we can "collaborate on a solution" instead of throwing stones to see who's fault it is. I come to this conclusion due to the fact that 50 percent of the engineers out here suck, and the management sucks so they don't know if they are hiring competent engineers or not sorry for the long rant, but as I'm typing this I'm on a conference call with the type of people I'm talking about.Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
chmorin
Member Posts: 1,446 ■■■■■□□□□□
To Jump back to the OP.Hello all,
I've been having issues lately on some of the UC500 deployments I've done. It it bad practice to leave DHCP on the UC500 for the Voice Vlan, while letting another server take care of the Data Vlan? I ask because during a recent installation, I had DHCP for both subnets on the UC500, and I tested connectivity behind the Cisco phones without issues. However, I took the DHCP config off the UC for the data Vlan and let the sysadmin handle it via a Windows machine, and now I'm getting reports that no one can connect to the network if they are connected behind their phone, but if they bypass the phone and plug straight into the wall - they are able to access the network and internet without issues. In the past I've had this happen, but I simply disabled DHCP on the server and let the UC500 take care of it, but I don't have that option in this scenario. I'll verify when I'm on site that it's not just an issue with the switch being misconfigured, but I'm fairly certain that isn't the case. I'm anticipating that I'll configure a static IP address, and be alright - but we'll see.
Any suggestions or past experiences would be greatly appreciated.
Thanks!
I wouldn't consider it 'bad practice' to separate the dishing of DHCP address among different servers. In my company, we have the VoIP DHCP server run on the local gateway, and the Data DHCP server run on a local DC. The configuration should essentially be the same. I'd make sure CDP didn't get disabled for some reason on the switch, confirm your VLAN configuration, and if the data DHCP server is on a different subnet make sure you have helper-addresses where you need them. Let us know what you find out.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
hermeszdata
Member Posts: 225
To Jump back to the OP.
I wouldn't consider it 'bad practice' to separate the dishing of DHCP address among different servers. In my company, we have the VoIP DHCP server run on the local gateway, and the Data DHCP server run on a local DC. The configuration should essentially be the same. I'd make sure CDP didn't get disabled for some reason on the switch, confirm your VLAN configuration, and if the data DHCP server is on a different subnet make sure you have helper-addresses where you need them. Let us know what you find out.
I'm with you on this issue. My home office uses the local gateway (2811) to provide VoIP DHCP and my DC to handle Data DHCP. This sounds more like a Switch configuration issue than a phone issue. This problem twisted my already twisted mind for a few weeks before I finally nailed the concept.
Config for CME Router (Cisco 2821)! ip dhcp pool Voice_DHCP Description - DHCP Pool for Voice VLAN import all network 10.10.11.32 255.255.255.224 default-router 10.10.11.33 option 150 ip 10.10.11.33 domain-name hermesz.local dns-server 10.10.11.3 4.2.2.2 ! ! interface GigabitEthernet0/1.10 description $FW_INSIDE$ VLAN 10 is teh Management VLAN for all Cisco Devices on the network encapsulation dot1Q 10 native ip address 192.168.254.1 255.255.255.224 no ip redirects no ip unreachables ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.11 description $FW_INSIDE Data Subnet$ DC and all devices/PCs on DATA Subnet encapsulation dot1Q 11 ip address 10.10.11.1 255.255.255.224 ip access-group hdtLANsecure in no ip redirects no ip unreachables ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.12 description $FW_INSIDE Voice Subnet$ encapsulation dot1Q 12 ip address 10.10.11.33 255.255.255.224 no ip redirects no ip unreachables ip nat inside ip virtual-reassembly in !
Config for Switch Port(s)! interface FastEthernet0/1 description $Connection to Office$ [COLOR=#FF0000]switchport trunk native vlan 11 [/COLOR] switchport trunk allowed vlan 1,11,12,1002-1005 switchport mode trunk switchport voice vlan 12 spanning-tree portfast !
Note the highlighted line in the Switchport configuration. VLAN 11 in my configuration is the DATA VLAN which is where my DC and all PCs are connected. Setting the Native VLAN as above provides teh connected devices access to ALL DHCP Servers on the network.
I should also note that I run a Cisco WLC4136 Wireless LAN COntroller on my network that lives on VLAN 100. The switchports that the APs plug into are configured as follows:! interface FastEthernet0/5 description $Connection to WAP-1$ [COLOR=#B22222]switchport trunk native vlan 100[/COLOR][COLOR=#800080] [/COLOR] switchport mode trunk ! interface FastEthernet0/6 description $Connection to WAP-2$ [COLOR=#B22222]switchport trunk native vlan 100 [/COLOR] switchport mode trunk ! interface FastEthernet0/7 description $Connection to WAP-3$ [COLOR=#B22222]switchport trunk native vlan 100 [/COLOR] switchport mode trunk !
Again, note the highlighted config lines. As with the switchports that the IP Phones connect to, the APs could not get their DHCP assignments without the proper NATIVE VLAN assignment on the switch.
Just a bit of food for thought.
JohnJohnCurrent Progress:
Studying:CCNA Security - 60%, CCNA Wireless - 80%, ROUTE - 10% (Way behind due to major Wireless Project)Exams Passed:
CCNA - 640-802 - 17 Jan 2011 -- CVOICE v6 - 642-436 - 28 Feb 2011
2011 Goals
CCNP/CCNP:Voice
