I'm having trouble configureing a cisco router to run multiple vlans to an hp procurve managed switch for voice over ip with computers daisychained off the phone. i'm sure i'm just overlooking something simple. anyone have any suggestions? problem is i'm not able to access an interface that is tagged on the HP switch. i think it's a routing issue but can't figure out what it is.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco router and HP switch VOIP config 2
- Thread starter insureme
- Start date
SweetRevelation
Technical User
You should be set to dot1q on the switchport facing the router and using subinterfaces on the router port, why don't you paste the relevant config for both devices so we can see what's going on.
-
1
- #3
imbadatthis
Technical User
also on the cisco, force trunk mode, dont leave it to auto negotiate.
switchport mode trunk
switchport trunk vlan allowed add [vlan ID]
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
switchport mode trunk
switchport trunk vlan allowed add [vlan ID]
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
-
1
- #4
VinceWhirlwind
Technical User
The HP switch needs each VLAN added to the interface the router is patched to.
Make sure your VLANs are "tagged" except for whichever VLAN is "native" on the router interface, that VLAN needs to be "untagged" on the HP.
The HP edge switches would normally be configures with the PC VLAN "untagged" and the voice VLAN "tagged".
The phones should be configured for data "untagged" and have the voice VLAN number configured in them.
One essential step if you're not entirely sure what's going on, is to configure one port on the HP switch to be "untagged" in the voice VLAN. Patch a laptop to this port to test voice VLAN DHCP and basic connectivity in the voice VLAN.
Make sure your VLANs are "tagged" except for whichever VLAN is "native" on the router interface, that VLAN needs to be "untagged" on the HP.
The HP edge switches would normally be configures with the PC VLAN "untagged" and the voice VLAN "tagged".
The phones should be configured for data "untagged" and have the voice VLAN number configured in them.
One essential step if you're not entirely sure what's going on, is to configure one port on the HP switch to be "untagged" in the voice VLAN. Patch a laptop to this port to test voice VLAN DHCP and basic connectivity in the voice VLAN.
- Thread starter
- #5
Router Config Cisco 2901
========================================
Current configuration : 4194 bytes
!
! Last configuration change at 19:06:25 UTC Tue Mar 8 2011 by inlandadmin
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BP-RTR1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default enable
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
!
!
!
!
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name inlandprinting.com
ip name-server 172.17.1.50
ip name-server 172.16.1.50
multilink bundle-name authenticated
!
!
!
!
!
vtp domain INLAND-COREC
vtp mode transparent
username inlandadmin privilege 15 password
!
!
ip ssh time-out 60
ip ssh version 2
!
!
!
!
interface Loopback1
ip address 172.254.1.1 255.255.0.0
!
interface GigabitEthernet0/0
description ***Centurylink 5MB Metro Ethernet Mesh***
ip address 192.168.0.3 255.255.255.248
duplex full
speed 10
rj45-auto-detect-polarity disable
!
interface GigabitEthernet0/1
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4 native
ip address 172.24.1.1 255.255.0.0
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 172.26.1.1 255.255.0.0
ip helper-address 172.17.1.50
!
interface GigabitEthernet0/1.400
encapsulation dot1Q 400
ip address 172.28.1.1 255.255.0.0
ip helper-address 172.17.1.50
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.0.2 50
ip route 0.0.0.0 0.0.0.0 192.168.0.1 100
ip route 172.16.0.0 255.255.0.0 192.168.0.1
ip route 172.17.0.0 255.255.0.0 192.168.0.2
!
logging 172.16.10.4
!
!
snmp-server community 1nland-a1140ne RO
tacacs-server host 192.168.6.20 key
tacacs-server directed-request
!
control-plane
!
banner login ^C
Welcome to the interface...^C
banner motd ^C
Warning, Private Property! Authorized personnel only!^C
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
exec-timeout 0 0
privilege level 15
transport input telnet ssh
line vty 16 1114
exec-timeout 0 0
!
scheduler allocate 20000 1000
end
========================================
procurve config
===============================================
hostname "BP-CORE"
time timezone -360
module 1 type J9146A
interface 1
name "***BP-AP01***"
exit
interface 2
name "***BP-AP02***"
exit
interface 3
name "***BPofficePRT***"
exit
interface 24
name "***Metro Ethernet WAN***"
exit
ip routing
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
no ip address
exit
vlan 4
name "SERVERS"
untagged 1-6,21,23-24
ip address 172.24.1.2 255.255.0.0
exit
vlan 40
name "DATA"
ip helper-address 172.17.1.50
ip address 172.26.1.2 255.255.0.0
tagged 24
exit
vlan 400
name "VOICE"
untagged 7-20,22
ip helper-address 172.17.1.50
ip address 172.28.1.2 255.255.0.0
tagged 24
voice
exit
banner motd "Warning! Private Property, Authorized personnel only "
timesync sntp
sntp unicast
sntp server priority 1 172.16.1.50 3
tacacs-server host 192.168.6.20 key ""
ip route 0.0.0.0 0.0.0.0 172.24.1.1
ip route 172.16.0.0 255.255.0.0 172.24.1.1
ip route 172.17.0.0 255.255.0.0 172.24.1.1
snmp-server community "" operator
aaa authentication telnet login tacacs local
aaa authentication ssh login tacacs local
primary-vlan 4
no autorun
=================================================
so basically, what i've got is the metro ethernet is a mesh to the rest of the network. DHCP server is at one site, layer 2 mesh to second site. the second site then handles the transit network via layer 3 routing on g0/0. g0/1 is subinterfaced to three different interfaces matching the used vlan numbers 4, 40, and 400. what happens is i can get DHCP to the voice vlan (400), but when i try to tag the traffic so I can start setting up the data vlan i lose connectivity. On both devices i've changed the default Vlan (native Vlan) to be vlan 4.
Sweetrevelation: is there a command to enable Dot1q on the HP switches? i thought it was automatic
imbadatthis: good suggestion. i'll force relevant vlans only tomorrow and give it another go.
Vince: as you can see above, i've got vlan 4 untagged, and vlans 40 and 400 are tagged on port 24 (uplink to router). at the moment i don't have any additional ports setup for vlan 40, but eventually the idea is to match the port assignments for vlan 400. we'll be daisy-chaining computers off IP phones. I've also got vlan400 designated as voice. not sure what that does though.
Could part of my issue be the phone configuration itself? the phone does have the ability to set the vlans for each port, and priority, but i'm not sure what the priority means.
========================================
Current configuration : 4194 bytes
!
! Last configuration change at 19:06:25 UTC Tue Mar 8 2011 by inlandadmin
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BP-RTR1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default enable
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
!
!
!
!
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name inlandprinting.com
ip name-server 172.17.1.50
ip name-server 172.16.1.50
multilink bundle-name authenticated
!
!
!
!
!
vtp domain INLAND-COREC
vtp mode transparent
username inlandadmin privilege 15 password
!
!
ip ssh time-out 60
ip ssh version 2
!
!
!
!
interface Loopback1
ip address 172.254.1.1 255.255.0.0
!
interface GigabitEthernet0/0
description ***Centurylink 5MB Metro Ethernet Mesh***
ip address 192.168.0.3 255.255.255.248
duplex full
speed 10
rj45-auto-detect-polarity disable
!
interface GigabitEthernet0/1
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4 native
ip address 172.24.1.1 255.255.0.0
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 172.26.1.1 255.255.0.0
ip helper-address 172.17.1.50
!
interface GigabitEthernet0/1.400
encapsulation dot1Q 400
ip address 172.28.1.1 255.255.0.0
ip helper-address 172.17.1.50
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.0.2 50
ip route 0.0.0.0 0.0.0.0 192.168.0.1 100
ip route 172.16.0.0 255.255.0.0 192.168.0.1
ip route 172.17.0.0 255.255.0.0 192.168.0.2
!
logging 172.16.10.4
!
!
snmp-server community 1nland-a1140ne RO
tacacs-server host 192.168.6.20 key
tacacs-server directed-request
!
control-plane
!
banner login ^C
Welcome to the interface...^C
banner motd ^C
Warning, Private Property! Authorized personnel only!^C
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
exec-timeout 0 0
privilege level 15
transport input telnet ssh
line vty 16 1114
exec-timeout 0 0
!
scheduler allocate 20000 1000
end
========================================
procurve config
===============================================
hostname "BP-CORE"
time timezone -360
module 1 type J9146A
interface 1
name "***BP-AP01***"
exit
interface 2
name "***BP-AP02***"
exit
interface 3
name "***BPofficePRT***"
exit
interface 24
name "***Metro Ethernet WAN***"
exit
ip routing
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
no ip address
exit
vlan 4
name "SERVERS"
untagged 1-6,21,23-24
ip address 172.24.1.2 255.255.0.0
exit
vlan 40
name "DATA"
ip helper-address 172.17.1.50
ip address 172.26.1.2 255.255.0.0
tagged 24
exit
vlan 400
name "VOICE"
untagged 7-20,22
ip helper-address 172.17.1.50
ip address 172.28.1.2 255.255.0.0
tagged 24
voice
exit
banner motd "Warning! Private Property, Authorized personnel only "
timesync sntp
sntp unicast
sntp server priority 1 172.16.1.50 3
tacacs-server host 192.168.6.20 key ""
ip route 0.0.0.0 0.0.0.0 172.24.1.1
ip route 172.16.0.0 255.255.0.0 172.24.1.1
ip route 172.17.0.0 255.255.0.0 172.24.1.1
snmp-server community "" operator
aaa authentication telnet login tacacs local
aaa authentication ssh login tacacs local
primary-vlan 4
no autorun
=================================================
so basically, what i've got is the metro ethernet is a mesh to the rest of the network. DHCP server is at one site, layer 2 mesh to second site. the second site then handles the transit network via layer 3 routing on g0/0. g0/1 is subinterfaced to three different interfaces matching the used vlan numbers 4, 40, and 400. what happens is i can get DHCP to the voice vlan (400), but when i try to tag the traffic so I can start setting up the data vlan i lose connectivity. On both devices i've changed the default Vlan (native Vlan) to be vlan 4.
Sweetrevelation: is there a command to enable Dot1q on the HP switches? i thought it was automatic
imbadatthis: good suggestion. i'll force relevant vlans only tomorrow and give it another go.
Vince: as you can see above, i've got vlan 4 untagged, and vlans 40 and 400 are tagged on port 24 (uplink to router). at the moment i don't have any additional ports setup for vlan 40, but eventually the idea is to match the port assignments for vlan 400. we'll be daisy-chaining computers off IP phones. I've also got vlan400 designated as voice. not sure what that does though.
Could part of my issue be the phone configuration itself? the phone does have the ability to set the vlans for each port, and priority, but i'm not sure what the priority means.
- Thread starter
- #6
imbadatthis
Technical User
priority is probably your DSCP settings or maybe CoS - for quality of service setup.
this would allow you to extend the trust boundary to your phone instead of the switch port.
glad things worked oot.
cheers mate,
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
this would allow you to extend the trust boundary to your phone instead of the switch port.
glad things worked oot.
cheers mate,
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
VinceWhirlwind
Technical User
Sounds like the phones weren't configured.
By default, the phone has no way of knowing what the voice VLAN is - that configuration needs to go on the phone (preferably via DHCP, LLDP, etc..., not manually!).
By default, the phone has no way of knowing what the voice VLAN is - that configuration needs to go on the phone (preferably via DHCP, LLDP, etc..., not manually!).
- Status