Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1833
Views
0
Helpful
3
Replies

Help to configure external DHCP for VoIP phones

max_gbp777
Level 1
Level 1

‎10-08-2010 09:31 AM - edited ‎03-16-2019 01:14 AM

I am having difficulty getting the VoIP phones to DHCP through an external DHCP server. The initial/ current design was installed just to get the phones working. The current setup is working but the design does not conform to our security standards. I need help to configure the phones to DHCP from the external DHCP server.

(Our VoIP service supplier will not allow the use of the internal DHCP servers.)

We attempted the target setup but could not get the phones to DHCP. It does not look as if the phones DHCP requests are making it to the firewall. We did see SCCP traffic from the phones through the firewall logs.

Any assistance appreciated.

Thank you,

Max

Target Setup:

PC >> VoIP Phone >> 3750 switch >> Distrib Switch >> Server Farm Switch >> Firewall >> External VoIP DHCP server

We had a limited maintenance window so had revert changes in the end.

Access Switch Cisco 3750 Switchport configuration

interface FastEthernet1/0/1

switchport access vlan 10

switchport mode access

switchport voice vlan 20

no logging event link-status

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

priority-queue out

no snmp trap link-status

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Priority_Data

Configuration on Distribution switch for Data VLAN

           

interface Vlan10

           description Department_Data

           ip address 10.1.10.3 255.255.255.0

ip helper-address 10.1.4.17

           ip helper-address 10.1.4.19

           no ip redirects

           standby 10 ip 10.1.10.1

           standby 10 preempt

Configuration on Distribution switch for VoIP VLAN

           

interface Vlan20

           description Department_VoIP

           ip address 10.1.20.3 255.255.255.0

ip helper-address 10.118.118.212

            no ip redirects

           standby 10 ip 10.1.20.1

           standby 10 preempt

Initial/ Current Setup (This setup is currently working):

PC >> VoIP Phone >> 3750 switch >> Distrib Switch >> Server Farm Switch >> External VoIP DHCP server

PC connects through VoIP phone, into switch (dual VLAN), server

VLAN 10 = PC VLAN (DHCP Server on LAN)

VLAN 20 = Phone VLAN (external DHCP Server ISP CPE router)

Access Switch Cisco 3750 Switchport configuration

interface FastEthernet1/0/1

switchport access vlan 10

switchport mode access

switchport voice vlan 20

no logging event link-status

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

priority-queue out

no snmp trap link-status

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Priority_Data

Configuration on Distribution switch for Data VLAN

           

interface Vlan10

           description Department_Data

           ip address 10.1.10.3 255.255.255.0

ip helper-address 10.1.4.17

           ip helper-address 10.1.4.19

           no ip redirects

           standby 10 ip 10.1.10.1

           standby 10 preempt

No interface configuration on Distribution switch for Voice VLAN only named

            vlan 20

           name vlan_20_Voice

Configuration on Server Farm Switch:

vlan 20

           name vlan_20_Voice

interface GigabitEthernet1/47

description Trunk to Voice Gateway

no ip address

speed 100

duplex full

wrr-queue cos-map 1 1 1

wrr-queue cos-map 2 1 0

wrr-queue cos-map 3 1 4

wrr-queue cos-map 3 2 2

wrr-queue cos-map 3 3 3

wrr-queue cos-map 3 4 6

wrr-queue cos-map 3 5 7

switchport

switchport access vlan 20

switchport trunk allowed vlan 20

switchport mode access

service-policy input Priority_Data

end

Any assistance appreciated.

Thank you,

Max

Message was edited by: max_gbp777

Labels:
0 Helpful
3 Replies 3

ADAM CRISP
Level 4
Level 4

‎10-13-2010 06:54 AM

Hello.

I'm assuming you have Cisco phones - which means that the "switchport voice vlan 20" command configured CDP to tell the phone to tag frames in VLAN20. If this isn't the case, and you have for example Avaya phones, then you'll need to check out how to configure your Data DHCP server to tell the Avaya's to use VLAN 20 etc.

Your current setup is working, because the Vlan 20 DHCP packets get sent out of your Server farm switch, and make it to the external voip dhcp server.


When you convert to the firewall model, you're going to need to get your own infrastructre to proxy the DHCP messages and also to look at the connection through the firewall.

eg

This means setting up the ip helper address and not forgetting the ip forward udp bootpc/ps protocol command on a switch in vlan 20

so your Distribution switch needs to have:

!
ip forward udp bootpc
!
int vlan 20
ip helper-address 10.118.118.212
!

Please can you fix the Standby group for vlan 20. Using the same group name as vlan 10 is confusing.

You then need to set up the link via the firewall, This link probably isn't in Vlan 20 however you haven't posted your target switchport configuration for this one.

thanks

Adam

0 Helpful

max_gbp777
Level 1
Level 1
In response to ADAM CRISP

‎10-14-2010 07:15 AM

Hi Adam,

Thanks for the reply.

The phones are Cisco 7911Gs.

The ip helper address is configured on the VLAN 20 interface for the target solution.

I have not configured the: ip forward udp bootpc command on any of the switches though. How will this affect DHCP rquestes from data VLANs DHCPing to the internal DHCP server, etc.?

The firewall has been configured to relay DHCP requests. Having checked the firewall logs, it seems that the DHCP requests are not making it to the firewall....? We had some initial DHCP requests for the first few minutes, then none, even though I unplugged a few phones.

We did have SCCP and TFTP traffic traversing the firewall, but no reply traffic. I will ask the ISP to check the routing for the VoIP interface.

I think I need to run a sniffer to get more detail on what is actually happening. (need to check availability with the ISP for testing dates)

Any further input would gladly be received.

Thanks again for your help so far, much appreciated.

Kind Regards

Max

0 Helpful

ADAM CRISP
Level 4
Level 4
In response to max_gbp777

‎10-14-2010 09:22 AM

Hi,

The IP helper command and the ip forward protocol are used together. - so you need to add in the forward-protocol part. (or at least I always have done) Having said that the command reference http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdipadr.html#wp1018318 appears to say that some protocols are forwarded by default. I would check this with your sniffer

Once you've done this you hopefully will see the DHCP requests come from your switch to the external dhcp via your firewall.

Adam

0 Helpful
Customers Also Viewed These Support Documents