should be a fairly simple question but does UC560 WAN port support dot1q trunking back to switch? Can't see any doc on this.
Aim is to run 3 VLAN's back to switch one for data,voice,SSL VPN for remote teleworker.
I believe the WAN port is a L3 interface. You will have to use subinterfaces to do specific vlan communication between a switch.
You may look at this document. By the way, this is not possible via CCA and can only be done via CLI.
CLI will break our CCA unfortunately.
Problem we have here is Gig 0/4 seems to be trunking fine for data and voice vlan, however to enable SSL VPN for teleworker you need the WAN port enabled. This goes back to switch and then to GW router for SIP trunk.
Not really sure how else we can enable the WAN port without breaking the trunk on Gig 0/4. Any ideas welcome.
Normally no tagging is needed on the WAN port because it goes straight to Internet connections and does not need that. If there is a switch in between set access vlan on it correctly.
Tagging is done on the other interfaces, connected to the switch.
Yes, in this case it's connected back to a switch and then goes out via GW router to the internet though.
We're trying to find a way to enable the WAN port for SSL VPN?
If we create VLANs, data,voice,SSL VPN on the UC560, and enable the WAN wondering should not the UC560 tag the VLAN's then exit the WAN port via a trunk port back to switch?
so we have an existing trunk when we enabled WAN port it broke the call routing? seems the UC560 started routing calls out the WAN port? instead of the existing trunk gig 0/4 on UC560
I don't know your setup details, anyway calls are normally done on LAN ports, not WAN.
If you have further doubts I recommend you engage a reputable consultant, or UC certfied Cisco partner.
If you already have connectivity to your network via a LAN port I don't see why you would need to plug the WAN Interface into a switch.
If your UC500 is sitting behind a router and you want to enable SSL VPN the best method would be to terminate the SSL VPN at the router and then route the proper traffic to the UC500.
the router is 1921 isn't there a teleworker router we can purchase that will match this for remote workers.
We did look into this previously, got a reply from Cisco that the above method was supported?
You can terminate the VPN at the 1921 or the UC500. It would probably be easier though to terminate the VPN at the 1921.
I don't know what you mean by a router that can match this for remote workers.
That's ok I looked into it SR520 looks like the teleworker router. Haven't used this but I'm wondering if that can terminate on the 1921 or does it have to connect back to UC540?
Exploring all options none look easy. Was even thinking that SPA525G built in client can connect back to 1921 rtr for SSL vpn.
I'll keep at it thanks.
The SPA525's built in SSL VPN client should have no problem terminating a VPN at another router(1921 included).
Just make sure there are routes in place to the voice network on the UC.
Was hoping that was the case. Makes the job a whole lot easier. it's trunking back to UC box from router so I may have to manually program the TFTP on phone to point to UC.
However now QoS is an issue, no DTLS or MTP resource?
I haven't worked on the 1921 but you may see if you can enable DTLS:
MTP can be configured on the remote ephone so you should still be able to use it.