Best Practice when changing IP address

Answered Question
Jun 25th, 2010

Hi All,

I'm running the latest CCA, CME on the UC500 and would like to change the Voice, Data VLAN addressing scheme post implementation. As I'm am new to the UC500 I am running scenario based labs to see what would happen.

The UC500 is connected to an existing network via the switchport (F0/1/8 trunking). Router is providing DHCP for Data VLAN 192.168.0.0/24 and the UC500 is providing DHCP for Voice VLAN 10.1.1.0/24.

Default gateway for Voice VLAN 10.1.1.1 and Data VLAN 192.168.0.1. InterVLAN Routing done by router.

  • Changed Voice VLAN address to 10.1.1.250 and gateway to 10.1.1.1. Noticed in the configuration that ip source- address was still 10.1.1.1 and sccp ccm 10.1.1.1 priority 1.
  • The option 150 ip address was 10.1.1.1, not 10.1.1.250.
  • Changed the Data address to 192.168.0.250 and was able to connected to UC500 via CCA.

Also I disabled the firewall and NAT however the config still had some ACL's referenced to the 192.168.10.0 network.

The obvious result was that if I plugged my phones into the embedded switch on the UC500 or the existing switches they failed to get on IP address on the Voice VLAN.

Is it common practice to clean up the config via CLI after changing IP addressing scheme and firewall in CCA or have I missed a step.

Remember I'm a newbie so please feel free to shot me down if it is warranted.

    I have this problem too.
    0 votes
    • 1
    • 2
    • 3
    • 4
    • 5
    Overall Rating: 5 (1 ratings)
    Loading.
    chrisavants Sat, 06/26/2010 - 13:43

    First of all knobody should shoot you down for asking any question, that is after all how we learn:)

    As a long time Cisco Engineer I at first could not stand CCA, it writes lots of code for seemingly simple takss and at first seemed to not do allot of things it says it could. I will say thought, CCA has come a very long way and has become an awsome tool we give to new Engineers to help design and configure Cisco SMB solutions...

    With all of that out of the way, here is the best practice...

    The IOS Firewall features right ACL,s and scripts based around the IP information it has at the time it is enabled, so you cannot just simply change IP addresses and work:(

    The best practice is to delete your firewall config and NAT Settings (FIRST) then you can change IP schemes, and build new FW and NAT policies around it... This will ofcourse require some downtime, so keep that in mind:)

    CCA writes standard code, for standard feature sets. You have to apply the features in order for them to function properly...

    Remember to backup your configs prior to and after changes, and keep asking questions! That's how you learn!

    Regards,

    Chris

    CSE - MCSE - CCNA - CCDA - CCNP - CCVP

    David Trad Sat, 06/26/2010 - 14:51

    Hi Chris,

    Great response, I'd been scratching my head on how i could best answer his question for days now, and you did it so well

    CCA writes standard code, for standard feature sets. You have to apply the features in order for them to function properly...

    Remember to backup your configs prior to and after changes, and keep asking questions! That's how you learn!

    The best peice of advise anyone can give.

    Steve I will point out to you though, if you do this the system most likely can not be managed with CCA, read the OOB guide lines and see if you can stick as close as possible to that guide when configuring it up, this might still allow you to use CCA.

    Viva 'la CCC

    Cheers,

    David.

    SteveOrfanos Sat, 06/26/2010 - 17:21

    Chris/David,

    Thank you for your valuable advice. However, that being said I did disable the firewall and NAT before I changed the IP address. The main issue was when I changed the Voice VLAN IP scheme it did not propagate the changes to option 150, ip source-address etc.

    Based on the network described in my post what would be the best way to deploy the UC500 and not loose the functionality of CCA? Most of the customers I deal with have a network in place and are only requiring telephony features and so far I am extremely impressed with the way Cisco does it. Some are on a flat network and don't require logical separation of there network regardless of our recommendations.

    I'm comfortable with command line so I'm not concerned if I loose CCA functionality. I'm new to Cisco Unified Communications so but I have a long backgroung in IP telephony and switching, routing etc.

    Thank you

    Steve

    David Trad Sat, 06/26/2010 - 22:43

    Hi steve,

    I accidently deleted your e-mail thinking it was just a forum update, can you please re-send to me

    Or I am too sick and I should really be fining other things to do on a Sunday LOL.

    Cheers,

    David.

    chrisavants Sun, 06/27/2010 - 00:01

    CCA has come such a long way, but as the UC500 contains a Switch, Router, Firewall, AP, CME, and CUE, as you can imagine it may be some time before it answers all the features we would without CLI...

    If you did disable the features you followed best practices, you could ofcourse load a default config, follow the wizard and change all addresses that way but since you know some CLI, maybe easier to just clean it up:)

    Good Luck!

    Chris

    SteveOrfanos Mon, 06/28/2010 - 02:39

    Hi All,

    I'm happy to report that I have successfully integrated the UC540 into our existing network with very minimal CLI intervention. CCA is still fully functional.

    What I did discover though was that the UC500 is heavily reliant on CDP. All our switches are HP who canned CDP a while back.

    I had to downgrade one of the switches as at present in my lab I only have a SPA504 and 525G. Still waiting on the 7900 series to arrive.

    Is Cisco planning on implementing LLDP as this a vendor neutral discovery protocol?

    Which, if any of the Cisco IP Phones support both CDP and LLDP.

    Actions

    This Discussion