Hiccup on setting up first IP Phone
sendalot
Member Posts: 328
After reading over half of the OCG, I have begun to start entering commands and trying things out.
I'm starting out with CME.
So far, I have set up a DATA and VOICE vlan on the PWR switch.
I have two different DHCP, one from main DHCP/Default Gateway router and second from CME Voice Router. The CME Voice Router has a DHCP with Voice_Scope on a different subnet than the original main DHCP network. I set option 150 and also had the default-router point to the main DHCP/Default Gateway router.
On the CME Voice Router, I set up the first "ephone 1" with the mac address from the IP phone.
My topology is kind of like this:
IP Phone <-> PWR-SW <-> Main-DHCP-Router<-> SW <-> CME-Voice-Router;
But the IP phone is stuck on "Configuring IP" screen.
What am I doing wrong?
Thanks.
I'm starting out with CME.
So far, I have set up a DATA and VOICE vlan on the PWR switch.
I have two different DHCP, one from main DHCP/Default Gateway router and second from CME Voice Router. The CME Voice Router has a DHCP with Voice_Scope on a different subnet than the original main DHCP network. I set option 150 and also had the default-router point to the main DHCP/Default Gateway router.
On the CME Voice Router, I set up the first "ephone 1" with the mac address from the IP phone.
My topology is kind of like this:
IP Phone <-> PWR-SW <-> Main-DHCP-Router<-> SW <-> CME-Voice-Router;
But the IP phone is stuck on "Configuring IP" screen.
What am I doing wrong?
Thanks.
Comments
-
ande0255 Banned Posts: 1,178Have you tried setting it up with just the single instance of DHCP to see if you can get that working? And could you post the config of Main-DHCP-Router?
I'd guess it's a VLAN mishap, but then again I'm not sure what kind of impact two DHCP sources would have on a phones ability to register itself. Is the scope you defined for DHCP on the same network as your voice VLAN? -
sendalot Member Posts: 328I would assume they are on the same network but different subnet? How would you go about tying voice DHCP to voice VLAN?
Main-DHCP-Router doesn't have voice functionality.
Thanks. -
shodown Member Posts: 2,271If this is a CME. You need a option 150 setup for the phone to register.
You can run a Debug TFTP events to see if you are even getting info to you phone.Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
pitviper Member Posts: 1,376 ■■■■■■■□□□Start with just the following for now:
IP Phone <-> PWR-SW <-> CME ROUTER
Introduce the other device later.CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT -
ande0255 Banned Posts: 1,178Remember that if devices are in different subnets, they are not on the same network, they are broken up into different sub-networks. I guess I was asking more from the perspective of having vlans separating voice and data traffic, and if your DHCP scope is for the 10.5.x.x /16 network, but your voice vlan is in the 10.10.x.x /16 network, DHCP won't be talking to your phone.
I agree to get the most basic network functionality working like Phone -> Switch -> CME router, and expand from there, and also running through lab manuals before freestyle labbing helped me a lot with my CCNA Voice labbing. -
swild Member Posts: 828When it passes through the data router, you are losing your layer 2 connection. You will need to setup a route between the two routers, the easiest way would be to setup a static route pointing to the other router on each router.
Or connect the two switches with a trunk link and you would have continous layer 2 vlans. -
cisco_nerd Member Posts: 198If you are using a L3 switch, create two SVIs, one each for the VLANS required. Since you are using a DHCP server for your VOIP that is on another router you need a way to allow the DHCP requests to actually reach the CME router for the correct scope - remembering that L3 devices will block broadcasts (since it is a L2 broadcast domain).
Your phone is stuck in that state of configuring an IP becuase it can't get to the DHCP server on your CME. So a possible solution would be to set up a SVI on the switch for your VLAN and configure an IP Helper address to forward the DHCP packets on.
example config:
CME ROUTER:
int lo100
ip add 1.1.1.1 255.255.255.255
h323-gateway bind srcaddr 1.1.1.1
h323-gateway bind voip interface
ip dhcp excluded-address 192.168.100.1
ip dhcp pool VOICE
network 192.168.100.0 255.255.255.0
option 150 ip 1.1.1.1
PWR SWITCH:
int vlan 100
ip add 192.168.100.1 255.255.255.0
ip helper-address 1.1.1.1
As long as your main router has a route back to the CME, then your DHCP will be forwarded to 1.1.1.1 (or whatever you what it to be) for the voice vlan. If you have multiple scopes, it will always know which one to used based on which vlan it came from and the address assigned to that SVI.
My production networks use this heavily for data and voice to help keep DHCP servers in a central location behind multiple layer 3 devices.
I do hope that this has helped you!! -
sendalot Member Posts: 328Thank you very much for the kind replies.
So I'm going to connect the PWR-Switch directly to the CME router then.
So now the CME router has 3 interfaces.
(CME-Router's Int 0 to a switch to Main-DHCP-Router) and (CME-Router's Int 1 to the PWR-Switch).
Shall I set a static route from the PWR-Switch side interface 1 to int 0?
As in on CME Router, say "ip route 0.0.0.0 0.0.0.0 int 0" ?
Then since only IP phones connect to the PWR-Switch, DHCP will be handled by the CME-Router?
Thanks again. -
JeanM Member Posts: 1,117CME router connect to switch, using trunk port. CME router config with dhcp, and option 150 for the voice scope.
Set default gateway and default route. You can then use other interface on CME router to connect to another cme running router or to establish a sip trunk over the internet for example.2015 goals - ccna voice / vmware vcp. -
sendalot Member Posts: 328I just re-did my network and now I can't get even get an ip address for LAN. Please take a look.
CME-Router now default-gateway at 10.10.10.10 with gi 0/0 to ISP and gi 0/1 to PWR-Switch.
[CME-Router]
Building configuration...
*Apr 12 16:31:00.519: %SYS-5-CONFIG_I: Configured from console by sndlt on console
Current configuration : 4437 bytes
!
! Last configuration change at 16:31:00 UTC Sat Apr 12 2014 by sndlt
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname sndlt
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool VOICE_SCOPE
network 10.10.20.0 255.255.255.0
default-router 10.10.10.10
option 150 ip 10.10.10.10
dns-server 8.8.8.8
!
ip dhcp pool DATA_SCOPE
network 10.10.10.0 255.255.255.0
default-router 10.10.10.10
dns-server 8.8.8.8 8.8.8.8
!
!
!
ip domain name sndlt
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
rsakeypair TP-self-signed-1645340178
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2911/K9 sn FGL1715114L
license accept end user agreement
license boot module c2900 technology-package uck9
hw-module pvdm 0/0
!
!
!
username sndlt privilege 15 secret 4 hGL4wojn8KJThGXpBblLtyVuuFMnFxF2DRXDzR4MB0Q
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address dhcp hostname 2911
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.20.10 255.255.255.0
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 10.10.10.10 255.255.255.0
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
control-plane
!
!
voice-port 0/2/0
!
voice-port 0/2/1
!
voice-port 0/2/2
!
voice-port 0/2/3
!
voice-port 0/3/0
!
voice-port 0/3/1
!
voice-port 0/3/2
!
voice-port 0/3/3
!
!
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
telephony-service
no auto-reg-ephone
max-ephones 58
max-dn 300
ip source-address 10.10.10.10 port 2000
max-conferences 8 gain -6
web admin system name
dn-webedit
time-webedit
transfer-system full-consult
!
!
ephone-dn 1
number 1000
!
!
ephone 1
mac-address 0014.A998.D06D
!
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input ssh
end
[PWR-Switch]
Building configuration...
Current configuration : 5637 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname sndlt3550
!
enable secret 5 $1$e1ToZOKhpGolzq0
enable password 7 000A0575B
!
username sndlt password 7 02085F7018
no aaa new-model
ip subnet-zero
ip domain-name sndlt.com
!
!
!
crypto pki trustpoint TP-self-signed-3185929216
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3185929216
revocation-check none
rsakeypair TP-self-signed-3185929216
!
!
crypto pki certificate chain TP-self-signed-3185929216
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313835 39323932 3136301E 170D3933 30333031 30303031
30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31383539
32393231 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AD89 A77B594C DB9C2934 FA6DFF7F C06AFCC1 B335AA5B 086147F7 C8B5B1EC
D7274697 DAF5A1A9 5DE62084 17174522 12CD7B16 FE10F1AD 9EC63B6E B5F78E8E
59A1340E 3F433715 05921A75 8CFE7E3B 514A4B0B 508681ED 9086530F E7FA7074
4299352B 06B1C19B 25263F0F 6F5C2115 EA75E28D 7C7EFCAE 72D9831C C5EC3B8B
C99F0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13736E64 6C743335 35302E73 6E646C74 2E636F6D 301F0603
551D2304 18301680 14E10EF3 6F5DF8E9 EEAD89D9 C988AE7F A38617B2 78301D06
03551D0E 04160414 E10EF36F 5DF8E9EE AD89D9C9 88AE7FA3 8617B278 300D0609
2A864886 F70D0101 04050003 81810045 D9F062EE A5C73B67 E48EAF44 D938392C
09E0AF89 552E8C46 8FA4AA92 1FE6754E D2292B93 3D87EA17 AA38A9DE 8A3125A6
73D7D917 3FC57D62 E2C2D199 E27A5526 9B2F2E59 1C98A69F BA2743AD 5675E103
895E3656 FCE89C11 293A2E5F 09D6DDC4 3176AAC1 0C91E78A 78E95915 D6C3CD0B
A26A4204 D257D464 68A8EB03 AB8D26
quit
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface FastEthernet0/1
no switchport
no ip address
duplex full
!
interface FastEthernet0/2
switchport access vlan 50
switchport mode access
switchport voice vlan 10
spanning-tree portfast
!
!
interface FastEthernet0/24
switchport access vlan 50
switchport mode access
switchport voice vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 10.10.10.12 255.255.255.0
!
ip default-gateway 10.10.10.10
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5
login local
transport input none
line vty 6 15
login
!
end -
sendalot Member Posts: 328Changed int fa 0/24 of PWR-Switch to trunk! But still hosts aren't getting IP addresses.
-
cisco_nerd Member Posts: 198Changed int fa 0/24 of PWR-Switch to trunk! But still hosts aren't getting IP addresses.
Just from reading the config I suggest the following:
Are you using 0/24 as your trunk to CME, and not one of the Gig ports? Just double check your trunk is not physically connected to the wrong port. And confirm that both VLANs can travel over the trunk.
Have you confirmed L1/L2 connectivity? And that the Switch can actually ping the default gw?
Adjust your voice scope to have the default-router and TFTP server for that subnet pointing to 10.10.20.10 as this is the subnet you have assigned for your voice vlan interface on the router. Currently your config is pointing them to address outside the local subnet for the voice traffic.
Bind the Voice VLAN default-gateway as the h323-gateway voip interface and srcaddr (since you have used this as the telephony source address under telephony config).
Configure DHCP exclusion for all your statically assigned interfaces within the two subnets. i.e. Int VLAN 1 on the switch, and the two sub-interfaces on the router for each VLAN. This way you will avoid getting DHCP errors from addresses trying to use the statically assigned values.
You have an access list that matches the subnet 10.10.10.0/29 for the http server, but you have the subnet 10.10.10.0/24 configured for your DATA_SCOPE. This seems odd - or have you got other devices within this range that are also configured statically? If so further exclusions should be provisioned for them to prevent unwanted HTTP access from the subnet.
You still need a route to go to your main router. Either through a static/default route or whatever dynamic routing protocol you use within the network. If you bind the h323 gateway to a loopback and use that as the source IP, then you don't need to advertise your voice network out to any other routers (keeps it private).
Hope this helps. Let me know if you need any more help!! -
sendalot Member Posts: 328cisco_nerd wrote: »Just from reading the config I suggest the following:
Are you using 0/24 as your trunk to CME, and not one of the Gig ports? Just double check your trunk is not physically connected to the wrong port. And confirm that both VLANs can travel over the trunk.
Have you confirmed L1/L2 connectivity? And that the Switch can actually ping the default gw?
Adjust your voice scope to have the default-router and TFTP server for that subnet pointing to 10.10.20.10 as this is the subnet you have assigned for your voice vlan interface on the router. Currently your config is pointing them to address outside the local subnet for the voice traffic.
Bind the Voice VLAN default-gateway as the h323-gateway voip interface and srcaddr (since you have used this as the telephony source address under telephony config).
Configure DHCP exclusion for all your statically assigned interfaces within the two subnets. i.e. Int VLAN 1 on the switch, and the two sub-interfaces on the router for each VLAN. This way you will avoid getting DHCP errors from addresses trying to use the statically assigned values.
You have an access list that matches the subnet 10.10.10.0/29 for the http server, but you have the subnet 10.10.10.0/24 configured for your DATA_SCOPE. This seems odd - or have you got other devices within this range that are also configured statically? If so further exclusions should be provisioned for them to prevent unwanted HTTP access from the subnet.
You still need a route to go to your main router. Either through a static/default route or whatever dynamic routing protocol you use within the network. If you bind the h323 gateway to a loopback and use that as the source IP, then you don't need to advertise your voice network out to any other routers (keeps it private).
Hope this helps. Let me know if you need any more help!!
Yes fa 0/24 as trunk to CME. And this is 3550-PWR switch and I only see 24 fa interfaces. I wonder why there are gi on the switch. How do I confirm both VLANs can travel over? also, switch can't ping 10.10.10.10. How do I fix this? argh.. Thanks. -
swild Member Posts: 828Your gig ports are SFP slots. You should see fa0/24 show up when to do show interface trunk. Change your SVI to Vlan 10.
-
sendalot Member Posts: 328Your gig ports are SFP slots. You should see fa0/24 show up when to do show interface trunk. Change your SVI to Vlan 10.
How do I do that? I failed to find how to change SVIs.
Thanks. -
sendalot Member Posts: 328Update: I enabled dhcp-service and ip nat the router. Now hosts connected to the PWR-Switch can connect to internet via the CME router.
But still the switch cannot ping the default-gateway even though hosts connected to the switch has internet working (consoling switch and can't SSH either).
Also now the IP phone gets past the IP stage and is stuck on "Opening 192.168.70.1" and I'm not sure where the address came from.
Thanks. -
cisco_nerd Member Posts: 198How do I do that? I failed to find how to change SVIs.
Thanks.
Your switch config has the following:
interface Vlan1
ip address 10.10.10.12 255.255.255.0
That is your SVI (switch virtual interface). According to your router config, that subnet is applied to VLAN 10. So delete int vlan 1 and config int vlan 10.
If you have changed the topology to have a central switch with the Main router and the CME router each with their own trunk port then an SVI on the switch is not strictly required. Just filter the trunk ports to only allow the VLAN for each network (10 VOICE and 50 DATA). You would still need an SVI to manage the switch and telnet/SSH into it but it can be on your management VLAN. L3 switches can support multiple SVIs configured with IP addresses. L2 switches can only have 1 SVI configured and it is advised that they are configured for management only as L2 switches are usually used for the Access layer.
If your topology has an off-site CME that is not connected to the same L2 broadcast domain, then use an SVI for VLAN 10 and have an ip helper-address configured pointing back to the CME. This can then go through the main router as a trunk port and then be routed out the network.
To confirm what VLANs are going across the trunks issue the command "sh int trunk" but by default all trunk ports will allow all VLANs.
Your Gig ports are not SFPs they are actually GBIC ports (rectangular slots as wide as a duplex SC fibre connector). SFPs are in the newer series of switches and have the switch would use the naming convention of Gi1/0/x.
I would also suggest a bit more study into VLAN tagging (802.1Q) as this is paramount when configuring any network. I don't mean to sound rude, but there is a few basic concepts that you might be lacking strength in, but i'm happy to help you get through. It brings great confidence when you get through a fault and take something out of to enhance your knowledge. -
cisco_nerd Member Posts: 198Update: I enabled dhcp-service and ip nat the router. Now hosts connected to the PWR-Switch can connect to internet via the CME router.
But still the switch cannot ping the default-gateway even though hosts connected to the switch has internet working (consoling switch and can't SSH either).
Thanks.
You can't ping the gateway because your switch is not on the same subnet or does not have a route to that subnet. It is because your SVI is configured incorrectly.
The phone probably requires a factory reset procedure to be completed if it has come from eBay as it will have all the load info from a previous installation. Just look through the Cisco website at all the documentation on their IP phones, you will find everything you need on that website - highly recommend reading through it.
Also now the IP phone gets past the IP stage and is stuck on "Opening 192.168.70.1" and I'm not sure where the address came from.