Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1116
Views
0
Helpful
11
Replies

Isolated network for UC migration

Yangjp715
Level 2
Level 2

‎07-16-2018 06:03 PM - edited ‎03-17-2019 01:13 PM

 

Hi all,

 

I need to build an isolated network for CUCM migration. The CUCM ip address and gateway is in 10.192.143.0/24, but the IP of the NTP server is 10.192.1.5/24. the following is my lab connection:

 

ESXi host (VMs in 10.192.143.0/24)-->SW2950(all interfaces are in VLAN1, default-gateway is 10.192.1.5)-->Cisco 2821 G0/0(Primary ip 10.192.143.1/24, the secondary IP 10.192.1.5/24). Is there any way the NTP server 10.0.0.5 can be reached from VMs in 10.192.143.0/24?

 

Thanks in advance,

Eric

Labels:
0 Helpful
11 Replies 11

Yangjp715
Level 2
Level 2

‎07-16-2018 06:06 PM

Router configurations:

 

Current configuration : 1307 bytes
!
! Last configuration change at 22:51:56 UTC Sun Jul 15 2018
! NVRAM config last updated at 22:51:58 UTC Sun Jul 15 2018
! NVRAM config last updated at 22:51:58 UTC Sun Jul 15 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
license udi pid CISCO2821 sn FHK1306F3D9
!
redundancy
!
!
interface GigabitEthernet0/0
 ip address 10.192.1.5 255.255.255.0 secondary
 ip address 10.192.143.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 10.192.1.0 255.255.255.0 GigabitEthernet0/0
ip route 10.192.143.0 255.255.255.0 GigabitEthernet0/0
!
nls resp-timeout 1
cpd cr-id 1
!
!
!
control-plane
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
 shutdown
!
!
!
line con 0
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp master 4
end

 

 

Switch:

Current configuration : 1467 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
 no ip address
!
interface FastEthernet0/2
 no ip address
!
interface FastEthernet0/3
 no ip address
!
interface FastEthernet0/4
 no ip address
!
interface FastEthernet0/5
 no ip address
!
interface FastEthernet0/6
 no ip address
!
interface FastEthernet0/7
 no ip address
!
interface FastEthernet0/8
 no ip address
!
interface FastEthernet0/9
 no ip address
!
interface FastEthernet0/10
 no ip address
!
interface FastEthernet0/11
 no ip address
!
interface FastEthernet0/12
 no ip address
!
interface FastEthernet0/13
 no ip address
!
interface FastEthernet0/14
 no ip address
!
interface FastEthernet0/15
 no ip address
!
interface FastEthernet0/16
 no ip address
!
interface FastEthernet0/17
 no ip address
!
interface FastEthernet0/18
 no ip address
!
interface FastEthernet0/19
 no ip address
!
interface FastEthernet0/20
 no ip address
!
interface FastEthernet0/21
 no ip address
!
interface FastEthernet0/22
 no ip address
!
interface FastEthernet0/23
 no ip address
!
interface FastEthernet0/24
 no ip address
!
interface Vlan1
 ip address 10.192.1.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.192.1.5
ip http server
!
!
line con 0
line vty 5 15
!
end

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎07-16-2018 09:43 PM

I am assuming your isolated 10.192.143.0/24 is also alrady a prod subnet?

 

in which case, use NAT to hide the isolated 10.192.143.0/24  to allow it to connect to the NTP server

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Yangjp715
Level 2
Level 2
In response to Dennis Mink

‎07-17-2018 06:37 AM

Hi Dennis,

 

The BE6k is in our office, not in customer side. Do i need to replace the 2950 by using a layer 3 switch and configure a default route on it, such as "ip route 0.0.0.0 0.0.0.0 10.192.1.5".

 

Thanks.

0 Helpful

Yangjp715
Level 2
Level 2
In response to Yangjp715

‎07-17-2018 09:08 AM

Is there anybody who have ideas for building an isolated network environment in Lab environment? Thanks.

0 Helpful

mikeleebrla
Level 1
Level 1

‎07-17-2018 11:38 AM

The easiest thing to do would be to configure your CUCM to use its own gateway as its NTP server (or any IP in its own subnet). Remember Cisco routers are NTP servers by default. This way there will be no routing issues for the CUCM (production or isolated migration environment) when accessing the NTP server.  In the isolated VLAN get an old cisco router and configure it with an IP in the 10.192.143.X range and configure this router with the "NTP Master" command so it will be its own master and have a low stratum so it will be considered a 'valid' NTP server by CUCM. Remember this router/NTP server will be in an isolated environment so it cannot reach valid NTP server. The "NTP Master" command solves this issue.

0 Helpful

Yangjp715
Level 2
Level 2
In response to mikeleebrla

‎07-17-2018 12:55 PM

The IP of the NTP server in production environment is 10.192.1.5. So i have to use this IP in an isolated environment to restore the configurations.

0 Helpful

mikeleebrla
Level 1
Level 1
In response to Yangjp715

‎07-17-2018 01:00 PM

Why couldn't you change the NTP server to an IP in your production environment?  I've done what I've suggested dozens of time and it works flawlessly.

0 Helpful

Yangjp715
Level 2
Level 2
In response to mikeleebrla

‎07-17-2018 01:06 PM

I asked them before, but the client does not want change anything in their network.

0 Helpful

mikeleebrla
Level 1
Level 1
In response to Yangjp715

‎07-17-2018 01:25 PM

In that case you can replicate what they have in production on your isolated network. You should be able to use your 2821 as the gateway and NTP server all in one using two of its interfaces. Configure one interface with 10.192.143.1 and plug this side into your isolated network.... on another interface on the 2821 put IP 10.192.1.5 on another interface and plug something into it so the interface will be up. Configure the 2821 as an NTP master and then your CUCM isolated environment will then be able to reach your newly created NTP server at IP of 10.192.1.5 (which is just the other interface of your 2821).

 

 

CUCM---------10.192.143.1-Router-10.192.1.5---

0 Helpful

Yangjp715
Level 2
Level 2
In response to mikeleebrla

‎07-18-2018 12:09 PM

Thanks Mike, Now the IP address of the NTP is reachable. But i got an error message: Default gateway name/address is invalid or gateway is not responding. Right now i am installing CUCM 8.6 on a brand-new BE6M. I changed Linux to 64 bit based on some postings, but it did not work. 

 

 Image 6.png

0 Helpful

mikeleebrla
Level 1
Level 1
In response to Yangjp715

‎07-24-2018 01:47 PM

all you need to do to solve this issue is put whatever IP you have set as the gateway in your CUCM config on the interface of the router that 'faces' your isolated CUCM environment. It can be the primary or secondary address on that interface. CUCM just needs something to respond to pings.

0 Helpful
Customers Also Viewed These Support Documents