PC Behind the Phones + Vlan tagging with a Cisco Switch + Data DHCP on SSG5

[f3liC]

So this is a little complicated. Usually we will use a cisco sf/sg 300 PoE switch with a cisco firewall or windows server that hosts the dhcp server for our data segment. In this case however, we are using IP Office 500v2 (dhcp server for voice located here, a SG300, + a juniper SSG5 (data dhcp server located here). I can't work my googlefu to find any information relating to this although I remember seeing a command I would enter in CLI on the SSG5 about a year ago....

Any help would be greatly appreciated!

 

[janni78]

What you wanna do? Disable ALG?

unset alg h323 enable
unset alg ras
unset alg q931
unset alg h245

"Trying is the first step to failure..." - Homer

 

[f3liC]

Sorry I was not too clear. We would would like to use the PCs behind the phone through a Cisco switch with the SSG5 hosting the DHCP server. However, we cannot find any information on vlan tagging in order to do so.

For a DHCP server located on windows server, we would put a line like the following:
MCIPADD=X.X.X.X,X.X.X.X,HTTPSRVR=X.X.X.X,TFTPSRVR=X.X.X.X,IRSTATE=0,VLANTEST=0,L2QVLAN=X

However, I do not have any information on juniper's method of doing so. Right now, the phone is obviously trying to get a dhcp address from the data segment but is unable to register correctly due to missing/incorrect vlan tagging. This is where I am looking for assistance on.

 

[janni78]

Think it's easier to config the SSGs DHCP through the webinterface,

http://kb.juniper.net/InfoCenter/index?page=content&id=KB4243

Custom option through CLI would be
set interface <interface name> dhcp server option custom <code value> <Type=String/IP/Integer> <Value>

"Trying is the first step to failure..." - Homer

 

[f3liC]

I have a DHCP server created under the SSG5 already. The article that was linked doesn't provide strings options through GUI but I believe I did enter it in the correct location. However, I do not know the syntax as well...

I'd prefer to do it over GUI if possible as well

 

[f3liC]

I set this over GUI but this what it looks like under CLI all in one line

set interface ethernet0/3 dhcp server option custom 242 string "MCIPADD=192.168.42.1,MCPORT=1719,HTTPSRVR=192.168.42.1,L2Q=1,L2QVLAN=100"

 

[janni78]

It should be something like

set interface <datainterface> dhcp server option custom 242 string "L2Q=1,L2QVLAN=XXX,VLANTEST=0"

set interface <voiceinterface> dhcp server option custom 242 string "MCIPADD=ip-of-pbx,HTTPSRVR=ip-of-fileserver,VLANTEST=0"

"Trying is the first step to failure..." - Homer

 

[jhengel]

The IP Office can handle DHCP for each phone on the voice vlan once it's there, so all you need to do is create an option 176/242 (depending on what type of phones) ASCII string on the SSG5 for the voice vlan that simply tells the phone to reboot with the proper VLan ID. Be sure to set the IPO port on the switch to be an access port on the voice vlan.

The string on the data VLan would only need to be something like this:
L2Q=1,L2QVLAN=10,VLANTEST=0

Where "10" would be the VLan ID for the voice vlan (replace with yours).

The phones will load on the data vlan, get the option 176/242 then reboot on the proper voice vlan and get an IP from the IPO. Also be sure your settings for firmware are proper in the IPO config.

Not super familiar with SSG5's, they are ScreenOS right? Does this look like your GUI for provisioning the ASCII string on the SSG5?:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21318

If so, just follow and substitute your proper vlan ID's and option numbers via the string above.

 

[f3liC]

Our latest looks like the following (added the vlan test):

set interface ethernet0/3 dhcp server option custom 242 string "MCIPADD=192.168.42.1,MCPORT=1719,HTTPSRVR=192.168.42.1,L2Q=1,L2QVLAN=100,VLANTEST=0"

Phones still don't grab a dhcp address from the voice dhcp server located on the pbx itself. Phone gets stuck on waitng for LLDP and restarts after a few attempts. PCs behind the phone works fine because it is still trunked natively on the data vlan given as long as the phone isn't rebooting from waiting on LLDP.

 

[derfloh]

Look a little like one of your DHCP servers is located in two VLANs. I've seen this behavior when the data DHCP server is connected with voice VLAN tagged and data VLAN untangled.

That's not my understanding how VLANs should work but I learned to live with it.

 

[f3liC]

?
Is that not how most pbxs work? Two dhcp servers one for voice/data in general with the voice as tagged and data as untagged so that if you plug a PC in without behind the phone purposes, it will natively grab the data segment for flexibility?

In my case, I have two DHCP servers one for data on the firewall and one for voice on the pbx. Regardless, we're not gonna combine voice and data together into one so we'll have two separate vlans. Ideally, its the devices are going to connect to their respective DHCP servers as that is what we have been doing for DHCP servers (data) located on a windows server or cisco device.

 

[janni78]

If you want the IPO to give DHCP for the phones you only need (although I rather handle that from the same firewall to have everything in the same place)

set interface ethernet0/3 dhcp server option custom 242 string "L2Q=1,L2QVLAN=100,VLANTEST=0"

Assuming ethernet0/3 is your data network interface.
In that case you should also have an interface called something like ethernet0/3.1 which is your interface on the voice network that's has VLAN tag 100.

You could skip the VLAN interface on the SSG if you don't need routing between the network and just connect the IP Office to a port untagged on VLAN 100.

"Trying is the first step to failure..." - Homer