Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

UC560 WAN PORT support for dot1q?

Hi,

should be a fairly simple question but does UC560 WAN port support dot1q trunking back to switch? Can't see any doc on this.

Aim is to run 3 VLAN's back to switch one for data,voice,SSL VPN for remote teleworker.

Thanks,

Joseph

17 REPLIES
New Member

UC560 WAN PORT support for dot1q?

I believe the WAN port is a L3 interface.  You will have to use subinterfaces to do specific vlan communication between a switch. 

You may look at this document.  By the way, this is not possible via CCA and can only be done via CLI.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006

-Trent Good ** Please rate useful posts! **
New Member

UC560 WAN PORT support for dot1q?

CLI will break our CCA unfortunately.

Problem we have here is Gig 0/4 seems to be trunking fine for data and voice vlan, however to enable SSL VPN for teleworker you need the WAN port enabled. This goes back to switch and then to GW router for SIP trunk.

Not really sure how else we can enable the WAN port without breaking the trunk on Gig 0/4. Any ideas welcome.

Hall of Fame Super Gold

Re: UC560 WAN PORT support for dot1q?

Normally no tagging is needed on the WAN port because it goes straight to Internet connections and does not need that. If there is a switch in between set access vlan on it correctly.

Tagging is done on the other interfaces, connected to the switch.

New Member

Re: UC560 WAN PORT support for dot1q?

Yes, in this case it's connected back to a switch and then goes out via GW router to the internet though.

We're trying to find a way to enable the WAN port for SSL VPN?

If we create VLANs, data,voice,SSL VPN on the UC560, and enable the WAN wondering should not the UC560 tag the VLAN's then exit the WAN port via a trunk port back to switch?

JL

Hall of Fame Super Gold

Re: UC560 WAN PORT support for dot1q?

No, as above, WAN is not to be tagged. It can has to be connected to switch via access port, not trunk.

New Member

Re: UC560 WAN PORT support for dot1q?

so we have an existing trunk when we enabled WAN port it broke the call routing? seems the UC560 started routing calls out the WAN port? instead of the existing trunk gig 0/4 on UC560

any ideas??

Hall of Fame Super Gold

UC560 WAN PORT support for dot1q?

I don't know your setup details, anyway calls are normally done on LAN ports, not WAN.

If you have further doubts I recommend you engage a reputable consultant, or UC certfied Cisco partner.

New Member

Re: UC560 WAN PORT support for dot1q?

thanks for your assist bolo.

appreciate your help anywayz.

New Member

Re: UC560 WAN PORT support for dot1q?

Hi Joseph,

If you already have connectivity to your network via a LAN port I don't see why you would need to plug the WAN Interface into a switch.

If your UC500 is sitting behind a router and you want to enable SSL VPN the best method would be to terminate the SSL VPN at the router and then route the proper traffic to the UC500.

-Trent Good ** Please rate useful posts! **
New Member

UC560 WAN PORT support for dot1q?

the router is 1921 isn't there a teleworker router we can purchase that will match this for remote workers.

We did look into this previously, got a reply from Cisco that the above method was supported?

New Member

UC560 WAN PORT support for dot1q?

You can terminate the VPN at the 1921 or the UC500.  It would probably be easier though to terminate the VPN at the 1921.

I don't know what you mean by a router that can match this for remote workers.

-Trent Good ** Please rate useful posts! **
New Member

UC560 WAN PORT support for dot1q?

That's ok I looked into it SR520 looks like the teleworker router. Haven't used this but I'm wondering if that can terminate on the 1921 or does it have to connect back to UC540?

Exploring all options none look easy. Was even thinking that SPA525G built in client can connect back to 1921 rtr for SSL vpn.

I'll keep at it thanks.

New Member

UC560 WAN PORT support for dot1q?

The SPA525's built in SSL VPN client should have no problem terminating a VPN at another router(1921 included).

Just make sure there are routes in place to the voice network on the UC.

-Trent Good ** Please rate useful posts! **
New Member

UC560 WAN PORT support for dot1q?

Was hoping that was the case. Makes the job a whole lot easier. it's trunking back to UC box from router so I may have to manually program the TFTP on phone to point to UC.

However now QoS is an issue, no DTLS or MTP resource?

New Member

UC560 WAN PORT support for dot1q?

I haven't worked on the 1921 but you may see if you can enable DTLS:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/administration/23admin3.html

MTP can be configured on the remote ephone so you should still be able to use it.

-Trent Good ** Please rate useful posts! **
New Member

UC560 WAN PORT support for dot1q?

ah the fun and games start.

I'll check it out thanks Trent.

New Member

UC560 WAN PORT support for dot1q?

Your quite correct though it is L3 int.

506
Views
0
Helpful
17
Replies
CreatePlease to create content