07-07-2008 05:31 AM - edited 03-15-2019 11:46 AM
Hi I have an 871 that has the following config. The phone connected behind the VLAN 174 will not communicate with the Cisco Call manager. IS there anything I need to do to have the phone communicate with Call manager? The VPN works fine.
Tory#sh run
Building configuration...
Current configuration : 6182 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Tory
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3758255453
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3758255453
revocation-check none
rsakeypair TP-self-signed-3758255453
!
!
dot11 syslog
!
dot11 ssid toryblaha
authentication open
!
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.46.1
ip dhcp excluded-address 156.33.174.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.46.0 255.255.255.0
dns-server 192.168.46.1
default-router 10.10.46.1
!
ip dhcp pool 174NET
import all
network 156.33.174.0 255.255.255.248
dns-server 156.33.250.10
default-router 156.33.174.1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name yourdomain.com
ip name-server 192.168.46.1
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
connect auto
group xxxxx key xxxxx
mode network-extension
peer 156.33.195.51
virtual-interface 1
xauth userid mode http-intercept
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 174
!
interface FastEthernet2
switchport access vlan 174
!
interface FastEthernet3
switchport access vlan 174
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface Dot11Radio0
no ip address
!
ssid toryblaha
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Vlan174
ip address 156.33.174.1 255.255.255.248
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1 inside
!
interface BVI1
description $ES_LAN$
ip address 10.10.46.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.46.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
07-07-2008 05:40 AM
Hi, from the CM, can you ping the phone and viceversa ?
If you're not able to do that, the VPN is not set properly, or you have other routing problems.
07-07-2008 05:41 AM
Unless you have it configured manually on the phone, you will need to configure a TFTP server address in the DHCP pool, such as:
option 150 ip 1.1.1.1
Hope this helps. If so, please rate the post.
Brandon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: