Cisco ISR 871 and VOIP

Unanswered Question
Jul 7th, 2008

Hi I have an 871 that has the following config. The phone connected behind the VLAN 174 will not communicate with the Cisco Call manager. IS there anything I need to do to have the phone communicate with Call manager? The VPN works fine.

Tory#sh run

Building configuration...

Current configuration : 6182 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Tory

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-3758255453

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3758255453

revocation-check none

rsakeypair TP-self-signed-3758255453

!

!

dot11 syslog

!

dot11 ssid toryblaha

authentication open

!

no ip source-route

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.46.1

ip dhcp excluded-address 156.33.174.1

!

ip dhcp pool sdm-pool1

import all

network 10.10.46.0 255.255.255.0

dns-server 192.168.46.1

default-router 10.10.46.1

!

ip dhcp pool 174NET

import all

network 156.33.174.0 255.255.255.248

dns-server 156.33.250.10

default-router 156.33.174.1

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip bootp server

ip domain name yourdomain.com

ip name-server 192.168.46.1

!

!

!

!

!

!

!

!

crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1

connect auto

group xxxxx key xxxxx

mode network-extension

peer 156.33.195.51

virtual-interface 1

xauth userid mode http-intercept

!

!

archive

log config

hidekeys

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

bridge irb

!

!

interface FastEthernet0

!

interface FastEthernet1

switchport access vlan 174

!

interface FastEthernet2

switchport access vlan 174

!

interface FastEthernet3

switchport access vlan 174

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

ip address dhcp client-id FastEthernet4

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1

!

interface Virtual-Template1 type tunnel

no ip address

tunnel mode ipsec ipv4

!

interface Dot11Radio0

no ip address

!

ssid toryblaha

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

no ip address

ip tcp adjust-mss 1452

bridge-group 1

!

interface Vlan174

ip address 156.33.174.1 255.255.255.248

crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1 inside

!

interface BVI1

description $ES_LAN$

ip address 10.10.46.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet4 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.10.46.0 0.0.0.255

no cdp run

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner exec ^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Mon, 07/07/2008 - 05:40

Hi, from the CM, can you ping the phone and viceversa ?

If you're not able to do that, the VPN is not set properly, or you have other routing problems.

Brandon Buffin Mon, 07/07/2008 - 05:41

Unless you have it configured manually on the phone, you will need to configure a TFTP server address in the DHCP pool, such as:

option 150 ip 1.1.1.1

Hope this helps. If so, please rate the post.

Brandon

Actions

This Discussion