Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

6509 in VSS mode with callmanager 8.5

Dears,

I have some strange things about the communication between 6509s in VSS mode with CUCM 8.5.

First, when I just connect eth0 of the publisher/subscriber/unity connection to 6509-1 and configure these ports in vlan 21 (UC SERVER VLAN), other subnets (VLANs) can ping these servers without packet lost (VSS works as the gateway for all LAN subnets). The strange thing is when I ping these servers from VSS itself, packets will be lost every 4 packets inlcuding PUB/SUB/CUN (MCS7825), but C2921 is ok.

Second, when I enable the NIC team for network fault tolerence on MCS7825, connect to two 6509s, and create channel group for each sevre NIC team. The network team seems work well on CM/CUN, but strange thing is some phones in other subnets can't ping and register with CM servers; some phones in same subnet can register normally. When I disabled the NIC teaming and channel group, every thing is OK except the ping from VSS.

What is the problem? Is MCS7825 (IBM) NIC teaming supported by VSS and need a channel group?

Thanks,

Kirin

1 ACCEPTED SOLUTION

Accepted Solutions
Green

6509 in VSS mode with callmanager 8.5

Kirin,

1) My mistake it is not the IP redirect that drops the packets. Although you are advised to configure the

CUCM server default gateway interface to deny redirects.

A basic config could be

!

int vlan 701

desc CUCM SERVERS VLAN

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip directed broadcast

!

The CUCM itself (and unity etc) run internal firewalls as part of the CSA

It is very common to see every 6th ping to CUCM being dropped.

Please see this post

https://supportforums.cisco.com/thread/2098441

2) CUCM type servers only support network failover teamed interfaces.

This has been the case even a way back to CUCM 3 etc

A good port config on both the primary lan port & the secondary (Failover) something along these lines depending on the model of LAN switch.

int g1/0/1

desc  *** MY CUCM SERVER PRIMARY CONNECTION ***

switchport host

switchport access vlan 701

!QOS If in use

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

spanning-tree bdpuguard enable

!

int g1/0/2

desc  *** MY CUCM SERVER SECONDARY CONNECTION ***

switchport host

switchport access vlan 701

!QOS If in use

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

spanning-tree bdpuguard enable

!

HTH

Alex

Please rate useful posts

Regards, Alex. Please rate useful posts.
4 REPLIES
Green

6509 in VSS mode with callmanager 8.5

Kirin,

1) Cisco CUCM servers run a security agent CSA.

They do not support IP redirects etc.

2) For fault tolerence the server ports DO NOT connect to a port channel group.

You need 2 access ports but they must be in the same VLAN.

You will only see the MAC address on the working link.

It will switch when the fault condition ocurrs

HTH

Alex

Regards, Alex. Please rate useful posts.
New Member

6509 in VSS mode with callmanager 8.5

Hello Alex,

Thanks for your kind help.

1) which features used like ip redirects when ping from 6509 itself? If CSA blocked some traffic, why ping from other hosts work normally? Can I disable the CSA in the Operation system?

2) ok, I will remove the channle group, it seems MCS NIC team use the mode network fault tolerence only without load balance.

Thanks,

Kirin

Green

6509 in VSS mode with callmanager 8.5

Kirin,

1) My mistake it is not the IP redirect that drops the packets. Although you are advised to configure the

CUCM server default gateway interface to deny redirects.

A basic config could be

!

int vlan 701

desc CUCM SERVERS VLAN

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip directed broadcast

!

The CUCM itself (and unity etc) run internal firewalls as part of the CSA

It is very common to see every 6th ping to CUCM being dropped.

Please see this post

https://supportforums.cisco.com/thread/2098441

2) CUCM type servers only support network failover teamed interfaces.

This has been the case even a way back to CUCM 3 etc

A good port config on both the primary lan port & the secondary (Failover) something along these lines depending on the model of LAN switch.

int g1/0/1

desc  *** MY CUCM SERVER PRIMARY CONNECTION ***

switchport host

switchport access vlan 701

!QOS If in use

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

spanning-tree bdpuguard enable

!

int g1/0/2

desc  *** MY CUCM SERVER SECONDARY CONNECTION ***

switchport host

switchport access vlan 701

!QOS If in use

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

spanning-tree bdpuguard enable

!

HTH

Alex

Please rate useful posts

Regards, Alex. Please rate useful posts.
New Member

6509 in VSS mode with callmanager 8.5

Dear Alex,

Thanks for your great help, now I know the reason.

Kirin

596
Views
0
Helpful
4
Replies