Connectivity to UC560 problem

Unanswered Question
Dec 2nd, 2011

Hello, I can't get connectivity between my computer and UC560. My UC560 with the IP 192.168.10.1 is connected to a poe switch where the ip phones are connected.The phones are in the 192.68.10.x net. On the other hand, the computers are connected to a net with 192.168.0.x  and gateway 192.168.0.1. Well, by that networks configuration I can ping from my computer to the phones, but in the case of making a ping to the UC560, i get this response "destination net unreachable". Checking the UC560 log I get:

==================show ip route==================

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks

C        10.1.1.0/24 is directly connected, BVI100

L        10.1.1.1/32 is directly connected, BVI100

C        10.1.10.0/30 is directly connected, Vlan90

S        10.1.10.1/32 is directly connected, Vlan90

L        10.1.10.2/32 is directly connected, Vlan90

S     192.168.0.0/16 [1/0] via 192.168.10.2

      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.10.0/24 is directly connected, Vlan1

L        192.168.10.1/32 is directly connected, Vlan1

==================show access-list==================

Standard IP access list 1

    10 permit 10.1.1.0, wildcard bits 0.0.0.255

    20 permit 192.168.10.0, wildcard bits 0.0.0.255

    30 permit 10.1.10.0, wildcard bits 0.0.0.3

---------------------------------------------------------------------------------

So, which could be the problem? Thank you very much

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
danielwiebe Fri, 12/02/2011 - 10:25

Stop me if I'm on the wrong track here but it looks like your phones are in the default untagged VLAN 1. Usually the UC560 at 192.168.10.1 is in the data VLAN and the phones are in a 10. network. Just curious why you would have done this?

Also if you look at your IP routing the closest match for 192.168.0.X points at a static route to 192.168.10.2 which I don't think will work because it's on a different network than 192.168.0.x  (I'm going to assume that's a /24)

What is 192.168.10.2

itdeltastocks Mon, 12/05/2011 - 03:28

Thanks,I'm a newbie on cisco voice systems so I'll try to explain the situation: I've received the previous configuration explained in the other post from another person. Yes, Vlan 1 is in 192.168.10.x and my phones are configured in 192.158.10.x/24, gateway 192.168.10.1. So, the question/doubt is that I want to install the smart call connector toolbar in my computers but I don't know how to do this and which is the properly configurations because my computers and phones are in diferents subnets.

Extended info: The phones subnet is connected to a sonic wall port with ip:192.168.10.2 and like I explain before, I can ping my phones (192.168.10.x/24) from my computers in the 192.168.0.x/24. The other sonic wall port is the lan port for subnet wich has 192.168.0.1 gateway.

Thanks for help!

David Trad Tue, 12/06/2011 - 16:13

Hi Jordi,

I am not sure why you are making this a difficult deployment for yourself, your setup is typically a management nightmare

Since you have a Sonic Firewall system on the edge, you should try and keep the configuration of the network simple, for instance, VLAN-1 should be 192.168.10.X and VLAN-100 should be 10.1.1.X and if you have a UC-560 VLAN-90 (CUE) should be 10.1.10.X

This is a default Cisco Smart Design, and by sticking with it you should not have any problems, the UC will do the inter-vlan-routing for you, but with the Sonic firewall in the mix you will need to make sure that the Sonic is aware of all the subnets being used by the UC to ensure that you can achieve inter-subnetting (Or routing between the subnets).

You do not want to run the voice and data on the same VLAN and in the same subnet, that is just sheer madness in my opinion and something that any sane person should avoid at all costs.

Is this a CLI built system or a CCA built system?

In order to use Smart Call Connector the systems would need to have a route to both the UC-500 and to the server hosting the server side software (The database etc..etc..), you need to minimize the amount of interaction the Sonic Firewall has to the system, Sonic's and UC do not play nice in my experience having done many installs with them haunting me.

SCC will not work unless the network topology is correct, when it is not correct it falls apart very quickly and usually in spectacular fashion.

Do you have a network diagram? Can you give us a proper run down of the network topology how you want things to work, the reason behind it I.E the drivers steering you in that direction, and what your ultimate goal is (SCC seems to be part of it)... The more info we have to play with, the better everyone can assist you

Cheers,

David.

itdeltastocks Wed, 12/07/2011 - 09:01

First of all, thanks for you reply. I've receieved the current configuration network from another person who is not working anymore in my company. It's a CCA built system. Vlans are exactly configured as you see in bottom picture. As I said before, with the current network configuration I can ping from my computers to the phones with the interface 2 settings in sonicwall and adding a static route on UC560 (see pictures) but when I try to ping the UC560 I'm getting "Destination net ureachable". My achievement is to fix the current topology and built an easy and correct topology to get working at the beginning just the scc toolbar on my computers. I'll hope that this pictures could help for understanding the problem. Again, thank you for your help

Current network configuration


David Trad Fri, 12/09/2011 - 21:05

Hi Jordi,

In the second picture you have a Voice VLAN-100 but with no IP address or anything listed... Actually I am not sure how your system is working at all, this looks like a broken configuration you have inherited and from someone who doesn't understand how the Cisco UC's work or how a voice network should work.

Assign the VLAN-100 with a subnet, use the default one 10.1.1.0/24

This will propagate to any of the Cisco switches connected to the UC via CDP, the phones will then register to this VLAN so long as the propagation of information has passed to all relevant devices, if not then the config is beyond CCA's repair capabilities and you may need to resolve it via CLI (Not recommended but last resort).

If VLAN-91 is not being used delete it, this would be just adding another layer ontop of the already existing issues, and since it does not have a subnet on it, I cannot see any valid reason for it being there????

Your first picture tells me that you are trying to run the phones on VLAN-1 which in theory on the Cisco's is the data vlan, change VLAN-1 to be the same subnet as your computer subnet, set your voice vlan as I have explained above, and make sure your CUE VLAN stays sound as it is now... If you are not sure how to do this with minimal issues then you should get support involved and ask for their assistance on this, do not struggle with this and get yourself in a worse position, but your topology is all sorts of wrongs right now and you should fix that before you attempt to fix anything else...

(PS) There is nothing worse than inheriting a configuration from someone else who showed no regards for those who may come after them, I truly hope you overcome this and get it working right, then I hope you extend the courtesy to the next person who might replace you

Cheers,

David.

itdeltastocks Mon, 12/12/2011 - 02:29

I completely agree with your PS. I don't how/why but the phones are working in the Vlan-1, configuration that apparently has been like this since the first day. I will try to make and fix the things correctly and at the end hopefully I can use the advantatges of UC560 like smart call, etc to help workers on their daywork as know they are using them as simple phones.

Step by step, first I'll try to change the phones lan to vlan-100 as you suggested and configure the data lan like my computers subnet and see if all is working as might be.

Thanks, I'll post the result when I make all this changes.

renato.guimaraes Mon, 12/12/2011 - 08:58

Is your PoE switch from Cisco? If it's not, I think I understand why the previous guy did what he did, though I wouldn't have done it that way. Because Cisco switches can see other Cisco devices (I think this is the CDP protocol) it automatically fixes the VLAN situation for you, hence automatically setting all your phones to vlan100 and putting the tagged vlan100 in all the ports of the switch. If that is the case, where you don't have a Cisco switch, then you have to manually configure vlan100 in the switch, and manually configure EACH phone to use vlan100. That can be a PITA but I still wouldn't have messed with the vlans in the UC.

I think the best thing for you to do is start from scratch and factory reset that puppy. We are also a Sonicwall shop so this is my recommendation for you:

UC560 config

VLAN1: 192.168.0.x (static IP address based on your Sonicwall's LAN subnet)

Don't modify the other vlan IPs. Remove the DHCP pool from Vlan1 so that it doesn't conflict with your Sonicwall.

Each phone must be set with VLAN100 if you don't have a Cisco switch. (Settings -> Network Configuration -> Admin. VLAN Id, press * * # to get the Edit button)

Your switch must be configured with VLAN100. All ports must be "tagged" with vlan100 and "untagged" with the default vlan1. If you don't have vlan capability on your poe switch (this is highly unlikely, but not impossible), then it's time to upgrade to a Cisco switch (an ESW 520 is what we use at another office).

You didn't mention which model phones you're using so I don't know if it's possible for you, but our phones (7900 series) have a switch port and PC port where you can daisy chain a computer to it so essentially using the same switch for both computers and phones. This is the ideal setup.

Hope this helps.

-Renato

itdeltastocks Thu, 12/15/2011 - 02:18

Thanks for your reply. The PoE switch is a Linksys Business Series SRW224G4P with the cisco label on the right side. So is possible that this kind of switch could see my UC560? In the other hand the phones model are Cisco SPA 504. Thanks for help, I'll follow your advices.

renato.guimaraes Thu, 12/15/2011 - 05:25

According to this post: https://supportforums.cisco.com/thread/2023415 your Linksys switch does not support CDP. Therefore, you will have to manually create the entries in your switch for vlan100.  There is also a document that Chris Cooper attached on how to configure the phone. It's the first response to the initial post.

Also, according this image I found:

http://www.callvoip.nl/images/cisco/SPA504G_back_450x375_m.jpg

I would recommend you use the switch port available on the phone itself to take advantage of using just one switch for your phones + computers.  This means you only need one Ethernet port for each desk.

-Renato

itdeltastocks Thu, 12/15/2011 - 06:45

Wow, thanks for that post. I think I understand how to fix the hole network configuration. Therefore, I explain the steps to achieve this for the above network diagram, and correct me if I'm wrong.

Step one (UC): Modify vlan1 to be like my computers subnet 192.168.0.x/24 and remove dhcp. Question: Do I not have to assign the vlan100 as

as 10.1.1.0/24? Should I delete vlan91? Any changes in the static routes?

Step two (Switch). Configure all ports "tagged" with vlan100 and "untagged" with the default vlan1.

Step three (phones) Manually configuration of the vlan100 and vlan1 and use the port PC to connect to computers.

It's OK? Therefore, what happens with the sonic wall configuration, I should change anything in the sonic wall schema? Thank you very much.

itdeltastocks Mon, 05/14/2012 - 08:26

I'm still having problems to fix the network configuration, phones still working on vlan 1(data and voice). However, following your advices, I started to fix the UC560 conf. and network. I configured my switch ports for taggeg vlan100 and untagged vlan1. Switch is connected to UC trough SmartPort GigabitEthernet0/1/1 role Ip phone + Desktop (Acces VLAN:default 1, Voice VLAN:default1. I'm testing with Cisco Ip phone Spa 525G selecting VLAN ID 100 on Network Configuration option. The problem is when I change SmartPort attribute Voice VLAN to Cisco-Voice 100, Ip Phone can't register. I'm attaching the current config.Thanks a lot

David Trad Mon, 05/14/2012 - 13:53

Hi Jodi,

The problem your having is a typical results, choosing voice vlan-100 means

just that "vlan-100". Since you are running a flat network, you are stuck

with having to manually configure everything, your setup goes against all

principles of integrated voice and data network, thus putting your setup

outside of standard scope. You need to configure the phones to work on

vlan-1 and potentially delete vlan-100 of the UC if you are nit going to

use it, and further to that change the smart port roles of the switch to

desktop only.

In the last 8 years I have never seen a flat network work as one would

like, in fact the majority of them became the exact nightmare network one

would hope to never have to manage.

Find a way to properly segment your network, and I assure you that life

will become incredibly simpler for you.

Cheers,

David Trad

"Sent from my Acer Iconia A500"

On May 15, 2012 1:27 AM, "itdeltastocks" <

itdeltastocks Tue, 05/15/2012 - 00:38

I'm trying to fix and change the topology of my network to make it simply, but the most important change to fix the whole part is making use of the pc port in my ip phones, changing the data Vlan to be in the same range of my current computers and printers and make my ip phones working on Vlan 100 default voice Vlan set in CCA. Hoewer the first step is trying to make working my ip phone on Cisco Voice Lan (100) where I'm stuck now and then join the data VLAN to my current computers net and make use of the phone's PC port. Thanks

David Trad Tue, 05/15/2012 - 00:56

                

Hi ,

I really want to help you, and get to the bottom of this.. Truly I know how frustrating this is and how much it is probably aggravating you right now.

Please can you post your entire configuration up as a  file and just remove username/passwords so that  can look at the entirety of your configuration and  its operation.

Once posted give me some time to inspect it.

Cheers,

David.

       

itdeltastocks Tue, 05/15/2012 - 01:33

Thank you very much, I'm attaching the log file.

I'ts an aggravating situation because I want to fix it properly, however the configurations that I inherated from someone else has been (working ) like this since 2010. As I explain, actually the phones are working on data vlan 1 (192.168.10.x).

The configuration I'm trying to achieve is first make working the phone on cisco voice lan and second use phones's pc port and change data vlan to 192.168.0.x which is my current computer's net. Also my Linksys SRW224G4P (non CDP protocol compatible) is manually configured to tag Vlan 100 and untag vlan1.

Thanks to all of your responses I know that this is the best and simply conf and I'm starting to think that maybe someday I'll need to start UC560 from scratch to set conf properly because I'm 99% sure that is a Vlan conf problem. If you read the log, correct me if I'm wrong, but I think that interface Vlan100 (cisco default voice vlan) is not taking any ip address. Maybe that is the problem, but CCA doesn't allow me to type 10.1.1.1 255.255.255.0 (default voice vlan) because there is an interface BVI100 wich has that values and I don't what BVI interfaces are for. Thanks

David Trad Tue, 05/15/2012 - 02:17

Hi Jordie,

That has to be the most unusual config I have seen in quite sometime, this

system was originally designed by CCA or at least part of it, and then

heavily modified via CLI.

Its this part of the config that concerns me:

interface Vlan1

description $FW_INSIDE$

ip address 192.168.10.1 255.255.255.0

ip access-group 101 in

ip nat inside

ip virtual-reassembly

!

!

interface Vlan90

description $FW_INSIDE$

ip address 10.1.10.2 255.255.255.252

ip access-group 102 in

ip nat inside

ip virtual-reassembly

!

!

interface Vlan100

description $FW_INSIDE$

no ip address

ip access-group 103 in

!

!

interface BVI1

description $FW_INSIDE$

mtu 1514

ip access-group 101 in

ip nat inside

ip virtual-reassembly

!

!

interface BVI100

description $FW_INSIDE$

mtu 1514

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

A normal configuration that I would see is the following:

interface Vlan1

description $FW_INSIDE$

no IP address

ip access-group 101 in

!

!

interface Vlan90

description $FW_INSIDE$

ip address 10.1.10.2 255.255.255.252

ip access-group 102 in

ip nat inside

ip virtual-reassembly

!

!

interface Vlan100

description $FW_INSIDE$

no ip address

ip access-group 103 in

!

!

interface BVI1

description $FW_INSIDE$

mtu 1514

ip address 192.168.10.1 255.255.255.0

ip access-group 101 in

ip nat inside

ip virtual-reassembly

!

!

interface BVI100

mtu 1514

ip address 10.1.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip virtual-reassembly

Anyway it would be good if I can organise a remote session with you, I

would like to work on this with you, don't change anything with the config

and save it (Commit it to memory) until fully tested, I would like to go

through some other configs I have and do some comparison testing just to be

certain.

Cheers,

David Trad

"Sent from my Acer Iconia A500"

On May 15, 2012 6:33 PM, "itdeltastocks" <

itdeltastocks Tue, 05/15/2012 - 03:53

Thank you David. As you mention is the most unusual config you ever see and it's our current config . Maybe instead of trying to fix step by step the Vlans an other stuff, the best solution is reset factory the UC560 and start the CCA setup wizard to make the default smart cisco design. What do you think? It's hard to reconfigure all again, however if finally I can achive a proper configuration the reward will worth it.

David Trad Tue, 05/15/2012 - 04:13

Hi Jordi,

≥ 30 handsets you can rebuild the system to a very much usable state within

3 hours Max, a further 1 hour to tweak it, this is assuming no issues

during the build process.

Make sure you follow the PDD principle: Plan - Develop - Deploy

I am happy to help you with the planning and development segments as this

is the most critical part if the rebuild.

You should peg it for a weekend rebuild just in case you do fall into some

trouble.

Cheers,

David Trad

"Sent from my Acer Iconia A500"

On May 15, 2012 8:53 PM, "itdeltastocks" <

itdeltastocks Tue, 05/15/2012 - 06:25

Ok, I'll do it next month on holidays period. Thank you very much for your time. I'll post the result, hoping that everything goes well

itdeltastocks Mon, 06/18/2012 - 04:06

Hi David, last weekend I did a factory reset of our UC560 configured the hole thing again and now it seems everything goes OK!(Attached actual log configuration). UC560 Ip is 192.168.0.20. Phones are working on voice vlan 100 (10.1.1.x), Data Vlan 1 is assigned to 192.168.0.x (I changed the default 192.168.10.x) and connecting a computer to the phone's pc port assigns a ip of 192.168.0.x to that computer(manually because I removed the data DHCP server). I think the hard part is done, so now the next step is tweak the network.Thank you very much

PD: Just last question, before reset from factory internal extensions dial automatically, now after the reset, we must dial the extension and press the button dial, where can I configure this feature only for internal extensions? Thank you    

Actions

Login or Register to take actions

This Discussion

Posted December 2, 2011 at 8:21 AM
Stats:
Replies:20 Avg. Rating:
Views:4151 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard