Configuring 'services' on CME with seperate voice & data vlan

Answered Question
Mar 13th, 2007
User Badges:

this may seem a silly question, however i'm still going to ask.

i have configured CME (3.3) and have an E1 PRI voice circuit to the PSTN however my voice vlan (3) is fine, however data access (i.e. services and browser acccess) would be gained through data vlan (2). i cannot seem to allow or direct 'services' requests out of the router interface conected to the data vlan.


can anyone spot the obvious mistake?

Correct Answer by paolo bevilacqua about 10 years 1 month ago

OK, I see. I would change the switch config as follows assuming FA2/1 is not really a trunk port.


interface FastEthernet2/12

switchport access vlan 2

switchport trunk native vlan 2 <-- remove

switchport trunk pruning vlan none <-- remove

switchport mode access

switchport voice vlan 3

spanning-tree portfast trunk <--remove 'trunk'

spanning-tree bpduguard enable <--remove


And Gi0/0 DATA to Switch port:

interface FastEthernet2/2

switchport access vlan 2

switchport mode access

spanning-tree portfast


And Gi0/1 Voice to Switch port:

interface FastEthernet2/3

switchport access vlan 3

switchport trunk pruning vlan none

switchport mode access

switchport voice vlan 3 <--remove


Then:

- make sure that in the in the DHCP config for phones, default gateway is router address on voice VLAN

- remove the static route pointing to DNS server

- under "telephony-services" you have "url services" configured to the web/xml server that is providing services

- said server above is using 2851 as default gateway, or have a static route for phones subnet.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
paolo bevilacqua Tue, 03/13/2007 - 15:43
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi Robert,


the thing is that in practice you need to have routing between data and voice vlan. That is not really because of the "services" that are accessed by phones only, but because sometime you want your browser (reasonably residing in data vlan) to access phone's embedded webserver (in voice vlan).

Then if you want to configure ACL or whatever limitation for this type of access routing, it is up to you.


Hope this helps, if so please reate post!

robertbrown877 Wed, 03/14/2007 - 03:10
User Badges:

I forgot to mention that the Data VLAN is being provided by a separate DHCP server, so the Gi0/0 is connected to a DATA only port on the switch and the Gi0/1 is on a VOICE only port, however on the router there is a static route for all DATA traffic (i.e. ip route 192.168.2.0 255.255.255.0 192.168.2.10) with 192.168.2.10 being a DNS server and 192.168.2.0 being the DATA VLAN. Sorry if this is not clear

paolo bevilacqua Wed, 03/14/2007 - 10:06
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi Robert,


the DNS is also a router? Unless it is, you do not need the static route, the router knows already how to route things, because it has interface in both VLANs.

Perhaps send a sort ascii diagram into an attachment so we can understand how you wired things together.

robertbrown877 Wed, 03/14/2007 - 11:53
User Badges:

Attached is an ASCII diagram.


From phone i cannot access web based 'Services', Switch ports have this config:


interface FastEthernet2/12

switchport access vlan 2

switchport trunk native vlan 2

switchport trunk pruning vlan none

switchport mode access

switchport voice vlan 3

spanning-tree portfast trunk

spanning-tree bpduguard enable


And Gi0/0 DATA to Switch port:

interface FastEthernet2/2

switchport access vlan 2

switchport mode access

spanning-tree portfast


And Gi0/1 Voice to Switch port:

interface FastEthernet2/3

switchport access vlan 3

switchport trunk pruning vlan none

switchport mode access

switchport voice vlan 3


I hoope this makes sense

Correct Answer
paolo bevilacqua Wed, 03/14/2007 - 12:51
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

OK, I see. I would change the switch config as follows assuming FA2/1 is not really a trunk port.


interface FastEthernet2/12

switchport access vlan 2

switchport trunk native vlan 2 <-- remove

switchport trunk pruning vlan none <-- remove

switchport mode access

switchport voice vlan 3

spanning-tree portfast trunk <--remove 'trunk'

spanning-tree bpduguard enable <--remove


And Gi0/0 DATA to Switch port:

interface FastEthernet2/2

switchport access vlan 2

switchport mode access

spanning-tree portfast


And Gi0/1 Voice to Switch port:

interface FastEthernet2/3

switchport access vlan 3

switchport trunk pruning vlan none

switchport mode access

switchport voice vlan 3 <--remove


Then:

- make sure that in the in the DHCP config for phones, default gateway is router address on voice VLAN

- remove the static route pointing to DNS server

- under "telephony-services" you have "url services" configured to the web/xml server that is providing services

- said server above is using 2851 as default gateway, or have a static route for phones subnet.



robertbrown877 Wed, 03/14/2007 - 13:19
User Badges:

OK, I see. I would change the switch config as follows assuming FA2/12 is not really a trunk port.


interface FastEthernet2/12

switchport access vlan 2

switchport trunk native vlan 2 <-- remove

switchport trunk pruning vlan none <-- remove

switchport mode access

switchport voice vlan 3

spanning-tree portfast trunk <--remove 'trunk'

spanning-tree bpduguard enable <--remove


I failed to mention that the config above is the typical phone switch port. Do you think this would still need the noted changes made? As far as i understood it was a trunk port between switch and phone, so as to facilitate the separate voice and data.


Then:

- make sure that in the in the DHCP config for phones, default gateway is router address on voice VLAN >>

ip dhcp pool voice

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

option 150 ip 192.168.3.1

- remove the static route pointing to DNS server >> I will remove this.


- under "telephony-services" you have "url services" configured to the web/xml server that is providing services >> This has been added.


- said server above is using 2851 as default gateway, or have a static route for phones subnet. >> The router type is 2851 with CME 3.3, with the Server (W2K) being the DHCP source for PC's on the data vlan, with no routing information provided on this voice subnet(Phones).


Thank you for taking the time to look into this.


Rob


paolo bevilacqua Wed, 03/14/2007 - 13:26
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

interface FastEthernet2/12

switchport access vlan 2

switchport trunk native vlan 2 <-- remove

switchport trunk pruning vlan none <-- remove

switchport mode access

switchport voice vlan 3

spanning-tree portfast trunk <--remove 'trunk'

spanning-tree bpduguard enable <--remove


I failed to mention that the config above is the typical phone switch port. Do you think this would still need the noted changes made? As far as i understood it was a trunk port between switch and phone, so as to facilitate the separate voice and data.


yes, really change that. When you configure "switchport voice vlan" the port will become a specialized trunk for phones that have a PC downstream, that it will carry only the two VLANs and no more (actually only the voice VLAN is tagged 802.1q). The trunk configuration is for ports that are really trunks, that is carrying a number of VLANs between switches or switches and routers.


There is a lot of dcumentation about this in the switch manuals.



robertbrown877 Wed, 03/14/2007 - 03:43
User Badges:

I forgot to mention that the Data VLAN is being provided by a separate DHCP server, so the Gi0/0 is connected to a DATA only port on the switch and the Gi0/1 is on a VOICE only port, however on the router there is a static route for all DATA traffic (i.e. ip route 192.168.2.0 255.255.255.0 192.168.2.10) with 192.168.2.10 being a DNS server and 192.168.2.0 being the DATA VLAN. Sorry if this is not clear

markoller Wed, 03/14/2007 - 04:17
User Badges:

A couple of questions


1) Are you trying to access the CME web page via the data vlan if so what is the exact URL you are trying? Is there CUE? Are you trying to access the CUE page as well? URL?


2) If you are using a FQDN have you tried using the IP instead?


3) Can you ping the web page you are trying to access?


4) can you ping the voice vlan and data vlan ip addresses from the data network?

Actions

This Discussion