Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
1
Replies

DTMF not passing accross VLANS??

drichardson1982
Level 1
Level 1

‎01-17-2012 05:49 AM - edited ‎03-16-2019 09:02 AM

Good morning all! I have been searching and have not found the answer. We are having issues with our soft-phones that are on either VPN or Wireless VLAN sendinf DTMF tones. The soft-phones will register and makes calls but no DTMF is reconized. If the soft-phone is placed on the "DATA" VLAN (where the PBX is) all is good. I have tried a "permit ip any any" on the wireless VLAN to see if anything is being blocked and did not see any difference. I am not sure if there is some specific protocal that I am missing. I will paste the configuration and infranstructure setup below.

Thank You in advance!!

Current Setup

Cisco 881 Router with k9 Sec

Cisco SLM2048

Trixbox CE = 192.168.70.15

VLAN100 = Data

VLAN200 = Wireless

!

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$UzW8$YIlSVw2t5OVcoyyGv6n.Y1

!

aaa new-model

!

!

aaa authentication login userauthen group radius local

!

!

!

!

!

aaa session-id common

!

memory-size iomem 10

crypto pki token default removal timeout 0

!

!

ip source-route

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

username admin password 7 023C2603290D16

!

!

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 1

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group XXXXXXXX

key XXXXXXXXXXXXX

dns 192.168.70.56

domain helios.com

pool pptp-pool

acl 150

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!!

!

interface FastEthernet0

switchport trunk native vlan 100

switchport mode trunk

!

interface FastEthernet1

shutdown

!

interface FastEthernet2

shutdown

!

interface FastEthernet3

shutdown

!

interface FastEthernet4

ip address XXX.XXX.XXX.XXX 255.255.255.252

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map clientmap

!

interface Vlan1

no ip address

!

interface Vlan2

no ip address

!

interface Vlan100

ip address 192.168.70.2 255.255.255.0

ip flow ingress

ip nat inside

ip virtual-reassembly in

!

interface Vlan200

ip address 192.168.80.1 255.255.255.0

ip access-group 120 in

ip access-group 121 out

ip helper-address 192.168.70.56

ip flow ingress

ip dns view-group 1

ip nat inside

ip virtual-reassembly in

!

ip local pool pptp-pool 192.168.90.100 192.168.90.150

no ip classless

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip dns view-list cf

ip nat inside source list 100 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.70.104 3389 XXX.XXX.XXX.XXX 3388 extendable

ip nat inside source static tcp 192.168.70.56 3389 XXX.XXX.XXX.XXX 3399 extendable

ip nat inside source static tcp 192.168.70.15 80 XXX.XXX.XXX.XXX 8080 extendable

ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX

!

logging esm config

access-list 100 deny   ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255

access-list 100 deny   ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255

access-list 100 permit ip 192.168.70.0 0.0.0.255 any

access-list 100 permit ip 192.168.80.0 0.0.0.255 any

access-list 120 permit udp any host 255.255.255.255 eq bootps

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.2

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.56

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.57

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.104

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.201

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.4

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.5

access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.15

access-list 120 deny   ip 192.168.80.0 0.0.0.255 192.168.70.0 0.0.0.255

access-list 120 permit ip 192.168.80.0 0.0.0.255 any

access-list 121 permit ip any any

access-list 150 permit ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255

access-list 150 permit ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255

!

!

!

!

radius-server host 192.168.70.56 auth-port 1812 acct-port 1813 key 7 10465A154447564D1E543F3B757A60

!

!

control-plane

!

!

line con 0

password 7 081B6E162B121C

no modem enable

line aux 0

line vty 0 4

password 7 033E7953240438

transport input ssh

!

end !
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$UzW8$YIlSVw2t5OVcoyyGv6n.Y1
!
aaa new-model
!
!
aaa authentication login userauthen group radius local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
username admin password 7 023C2603290D16
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group XXXXXXXX
key XXXXXXXXXXXXX
dns 192.168.70.56
domain helios.com
pool pptp-pool
acl 150
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!!
!
interface FastEthernet0
switchport trunk native vlan 100
switchport mode trunk
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
ip address XXX.XXX.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map clientmap
!
interface Vlan1
no ip address
!
interface Vlan2
no ip address
!
interface Vlan100
ip address 192.168.70.2 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Vlan200
ip address 192.168.80.1 255.255.255.0
ip access-group 120 in
ip access-group 121 out
ip helper-address 192.168.70.56
ip flow ingress
ip dns view-group 1
ip nat inside
ip virtual-reassembly in
!
ip local pool pptp-pool 192.168.90.100 192.168.90.150
no ip classless
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns view-list cf
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.70.104 3389 XXX.XXX.XXX.XXX 3388 extendable
ip nat inside source static tcp 192.168.70.56 3389 XXX.XXX.XXX.XXX 3399 extendable
ip nat inside source static tcp 192.168.70.15 80 XXX.XXX.XXX.XXX 8080 extendable
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX
!
logging esm config
access-list 100 deny   ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 permit ip 192.168.70.0 0.0.0.255 any
access-list 100 permit ip 192.168.80.0 0.0.0.255 any
access-list 120 permit udp any host 255.255.255.255 eq bootps
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.2
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.56
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.57
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.104
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.201
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.4
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.5
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.15
access-list 120 deny   ip 192.168.80.0 0.0.0.255 192.168.70.0 0.0.0.255
access-list 120 permit ip 192.168.80.0 0.0.0.255 any
access-list 121 permit ip any any
access-list 150 permit ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 150 permit ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255
!
!
!
!
radius-server host 192.168.70.56 auth-port 1812 acct-port 1813 key 7 10465A154447564D1E543F3B757A60
!
!
control-plane
!
!
line con 0
password 7 081B6E162B121C
no modem enable
line aux 0
line vty 0 4
password 7 033E7953240438
transport input ssh
!
end

Labels:
0 Helpful
1 Reply 1

Daniele Giordano
Level 8
Level 8

‎01-21-2012 01:08 AM

DTMF and VLAN are not directly concerned.

What is the DTMF relay method used from your softphone?

RFC2833, SIP INFO ?

I think in an ACL problem. Try to remove access-groups from interface (in and out) just for a test and let me know what happens?

Regards.

0 Helpful
Customers Also Viewed These Support Documents