Solved: 2900 no reply to ARP FOR TFTP server - Page 2

markmanogamo · ‎07-27-2021

2921 has 9-port HWIC FE switch module. IP phones send ARP broadcast for TFTOP SERVER, but router is either not forwarding the ARP, or the CUCM PUB TFTP server is not reciving the ARP request, so phones cannot find TFTP SERVER.

WIRESHARK SHOWS phones sending ARP for TFTP SERVER, but not getting a reply.

what am I missing ?

phones on Fast Eth port set as access port with voice vlan. the def GW is the other end of the Gig0/2 that goes out to the CUCM VM MACHINE WHERE TFTP is enabled, CUCM TFTP traces show no attempts to get config files from phones.

interface FastEthernet0/3/5
description 9951 SIP PHONE
switchport access vlan 100
switchport voice vlan 10
no ip address
spanning-tree portfast

static route to get to all CUCM servers on the DL620 server where the VM are running.

ip route 192.168.15.0 255.255.255.0 GigabitEthernet0/2

how do i get the CUCM TFTP to reply to the ARP requests from the phones, so they dont get TFTP timeout ?

Nithin Eluvathingal · ‎07-28-2021

I Made some changes on your config. try the below and I hope your issue will be resolved.

No ip dhcp excluded-address 192.168.1.1 192.168.1.12

ip dhcp excluded-address 192.168.15.0 192.168.15.50

ip dhcp excluded-address 192.168.15.200 192.168.15.254

!

No ip dhcp pool DATA_SCOPE – FOR OLD CME CONFIG, NOT USED NOW

network 172.16.2.0 255.255.255.0

default-router 192.168.1.1

dns-server 8.8.8.8

domain-name mark.com

!

No ip dhcp pool VOICE_SCOPE - FOR OLD CME CONFIG, NOT USED NOW

network 172.16.1.0 255.255.255.0

default-router 192.168.1.1

option 150 ip 192.168.15.31

!

UCM PUB WITH TFTP RUNNING ON ESXI SERVER ***

No ip dhcp pool LAB

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

option 150 ip 192.168.15.31

ip dhcp pool LAB

network 192.168.15.0 255.255.255.0

default-router 192.168.15.254

option 150 ip 192.168.15.31

interface FastEthernet0/3/0

description 9951 SIP PHONE

switchport access vlan 1

switchport voice vlan 10

no ip address

spanning-tree portfast

!

interface FastEthernet0/3/1

switchport access vlan 1

switchport voice vlan 10

no ip address

spanning-tree portfast

!

interface FastEthernet0/3/2

description 9951 SIP PHONE

switchport access vlan 1

switchport voice vlan 10

no ip address

spanning-tree portfast

!

interface FastEthernet0/3/3

description 7962

switchport access vlan 1

switchport voice vlan 10

no ip address

spanning-tree portfast

!

interface FastEthernet0/3/4

description laptop

switchport access vlan 1

no ip address

!

interface GigabitEthernet0/2

description *** UPLINK to VMware server DL620 *** >>>>>>> Remove the dell server from this port and connect to the witch port >>>>>>>

No ip address 192.168.15.254 255.255.255.0

duplex auto

speed auto

interface FastEthernet0/3/5

description 9951 SIP PHONE

switchport access vlan 1

switchport voice vlan 10

no ip address

spanning-tree portfast

!

interface FastEthernet0/3/6

description 7962 SCCP PHONE

switchport access vlan 1

switchport voice vlan 10

no ip address

spanning-tree portfast

!interface SM1/1

no ip address

!

interface FastEthernet0/3/7

description *** UPLINK to VMware server DL620

switchport access vlan 10

No interface Vlan1

no ip address

shutdown

!

No interface Vlan10

description VOICE VLAN

ip address dhcp

interface Vlan10

description VOICE VLAN

ip address 192.168.15.254 255.255.255.0

ip helper-address 192.168.15.254

No interface Vlan100

description DATA ACCESS VLAN

ip address dhcp

markmanogamo · ‎07-29-2021

I read that solution late last night, and had a chuckle at how simple and elegant the fix was, I was confident it would work.

Today i made those few changes, and the phones loaded the ITL, GOT TFTP CONFIG, AND phone default sip-load, and registered with a 10 digit DN, since I had pre-staged them to register.
**** -->> FANTASTIC <<----- !!!!! it all resolved within 12 mins, and the loading took most of the time, over a Fast E connection, somewhat odd.

It still is complaining of no DNS server but luckily found the CUCM cluster via TCPIP addr.

which is good, it uses IP, NOT DNS.

**** --> Last question:

add a DNS server for my local cluster, instead of using the public internet DNS provided by my ISP (( dns-server 209.18.47.63) . it works for public, but seems not for internal DNS resolve. Do i need to install a DNS server on my ESXi host ?, on a WIN 2008 VM machine on my ESXI host ? or on the CUCM server itself ?
NOTE: The ITL shows server DNS names, so does it mean the DNS is already loaded in my CUCM cluster, the ISO was built by a 3rd party, so i dont know if DNS is loaded internally.
If I usde a public DNS from my ISP, will that be safe and useful to use for MRA later on ?

NOTE :: I know not to use DNS for internal CUCM cluster comms, rather for other web apps, phone GUI HTTP USER apps, Jabber apps, , and Expway MRA later on.

Nithin Eluvathingal · ‎07-29-2021

Go to CUCM system>>server. change host name to IP address..

Last question:

Build an internal DNS... I do have an internal DNS on windows server...

With just using ISP IP won't be helpful.For MRA to work, its not just DNS IP. you need to have DNS entries. This can be done when you purchased a domain. Certificate need to be signed etc...

For testing purpose you can make two DNS sever one locally and one outside which you connect through a different WIFI..

Roger Kallberg · ‎07-29-2021

You would need to use a separate server to provide the DNS service. Using your ISP public DNS service would not let you add the needed records for either internal services nor the SRV record for MRA.

As a matter of fact CM is recommended in the SRND since a few years to use DNS. This is to stop the Jabber clients to show a warning message for security all the time. It would also need to use signed certificates for this.