jevansau99
MIS
Specs on software/hardware I have:
CallManager 3.0(9)
PIX 515
Cat6k Sup 6.2(2), MSFC IOS 12.1(8a)E
Dot1q trunking on all - CatOS/IOS mix on internal switches
ok, anyone with VoIP experience or knowledge ... here's the situation. upon the purchase of a bloody
Cat6000, we just upgraded our entire network, which is NAT'd behind a PIX 515, to have a seperate voice
or aux. VLAN 14. We also moved, in addition to the ports which have a 7960 phone attached, CallManager
and the Voice Gateway router to VLAN 14. AFter a few mishaps ( I was stupid enough to accidentally make
a port connected to a redundant Local Directory utilizing HUB an Auxiliary port) all our phones at the
Main location work fine and live happily in good ol' VLAN 14. All phones reside in a /24 subnet of 10.5.14.0
as do CM, VG, and the VLAN14 interface on the MSFC on the Cat.
However, we have a branch in another city which is connected through a PIX IpSec Tunnell and the IP
phones there use the same VG and CM as the Main branch, b/c it should be almost completely transparent
(with almost being the operative word). One problem is (I think) the PIX can't recognize the 802.1q
tagging w/ regards to VLANs.
The phones at the remote office are working, however, the Quality is choppy (I understand that upon
hitting layer 3 the Cos/ToS bits are dropped when reclassified to layer 2)AND they can NOT see the Corporate
Directory located on CM. I don't understand this at all b/c it's obviously exhanging skinny's with CM
if its booting up and making/receiving calls. The phone are not using the DHCP on the CM, and instead
are assigned IP's statically. The fact that they are in the default native VLAN shouldn't matter when
it comes to seeing the corporate directory. When you try to see the Directory it attempts to connect
and times out?
My questions are:
1) Am I right in assuming that even if do make the ports at the remote branch trunked voice ports assigned
to VLAN 14 that PIX will not pass the VLAN dot1q tagging? I didn't initially think this, but another
ntwk engineer here said this was so. How can I get these devices into VLAN14?
2) Why can the phones at the Remote site not connect to the corporate directory on CM, and how can i
fix it? From that network, i can ping CM and the phones are making calls. The remote phones are on network:
10.2.14.0 255.255.248.0 - w/ the default route being the PIX interface 10.2.9.1. Routers at both ends
are 7500's over PVC.
the tracert from an interface on that network goes like:
1) 10.5.9.17 (Main branch internal routing via linux kernel/4912)
2) 10.5.12.1 (cat6k msfc)
3) 10.5.14.2 (callmanager1.xxxx.com)
3) ALSO: We use UNITY 2.4 voicemail and it is located on Exchange Srvr. on VLAN 1. We can't
listen to voice messages through outlook now that VLAN14 is implemented, and the MWI's are not working?
Does Unity have to be in the voice VLAN?
Any help on any of these issues would be great!
thanks in advance!
jason
CallManager 3.0(9)
PIX 515
Cat6k Sup 6.2(2), MSFC IOS 12.1(8a)E
Dot1q trunking on all - CatOS/IOS mix on internal switches
ok, anyone with VoIP experience or knowledge ... here's the situation. upon the purchase of a bloody
Cat6000, we just upgraded our entire network, which is NAT'd behind a PIX 515, to have a seperate voice
or aux. VLAN 14. We also moved, in addition to the ports which have a 7960 phone attached, CallManager
and the Voice Gateway router to VLAN 14. AFter a few mishaps ( I was stupid enough to accidentally make
a port connected to a redundant Local Directory utilizing HUB an Auxiliary port) all our phones at the
Main location work fine and live happily in good ol' VLAN 14. All phones reside in a /24 subnet of 10.5.14.0
as do CM, VG, and the VLAN14 interface on the MSFC on the Cat.
However, we have a branch in another city which is connected through a PIX IpSec Tunnell and the IP
phones there use the same VG and CM as the Main branch, b/c it should be almost completely transparent
(with almost being the operative word). One problem is (I think) the PIX can't recognize the 802.1q
tagging w/ regards to VLANs.
The phones at the remote office are working, however, the Quality is choppy (I understand that upon
hitting layer 3 the Cos/ToS bits are dropped when reclassified to layer 2)AND they can NOT see the Corporate
Directory located on CM. I don't understand this at all b/c it's obviously exhanging skinny's with CM
if its booting up and making/receiving calls. The phone are not using the DHCP on the CM, and instead
are assigned IP's statically. The fact that they are in the default native VLAN shouldn't matter when
it comes to seeing the corporate directory. When you try to see the Directory it attempts to connect
and times out?
My questions are:
1) Am I right in assuming that even if do make the ports at the remote branch trunked voice ports assigned
to VLAN 14 that PIX will not pass the VLAN dot1q tagging? I didn't initially think this, but another
ntwk engineer here said this was so. How can I get these devices into VLAN14?
2) Why can the phones at the Remote site not connect to the corporate directory on CM, and how can i
fix it? From that network, i can ping CM and the phones are making calls. The remote phones are on network:
10.2.14.0 255.255.248.0 - w/ the default route being the PIX interface 10.2.9.1. Routers at both ends
are 7500's over PVC.
the tracert from an interface on that network goes like:
1) 10.5.9.17 (Main branch internal routing via linux kernel/4912)
2) 10.5.12.1 (cat6k msfc)
3) 10.5.14.2 (callmanager1.xxxx.com)
3) ALSO: We use UNITY 2.4 voicemail and it is located on Exchange Srvr. on VLAN 1. We can't
listen to voice messages through outlook now that VLAN14 is implemented, and the MWI's are not working?
Does Unity have to be in the voice VLAN?
Any help on any of these issues would be great!
thanks in advance!
jason