Re: IP phone registration problem

vakeesan thevarajah · ‎11-21-2010

I have a head office and couple of branch offices, Head office IP phones are connected with call manager correctly. head office i have 4500 series switch, in the switch phones are connected with vlan 112, callmanager connected with vlan 100. In the call manager connected switch port is configured as following;

interface GigabitEthernet3/21

description CCM

switchport access vlan 100

switchport mode access

switchport voice vlan 112

service-policy output autoqos-voip-policy

qos trust device cisco-phone

qos trust cos

auto qos voip cisco-phone

tx-queue 3

priority high

shape percent 33

spanning-tree portfast

out side interface connected with pix firewall and configured with vlan 500

interface GigabitEthernet3/24

description FIREWALL

switchport access vlan 500

switchport mode access

switchport voice vlan 112

load-interval 30

spanning-tree portfast

!

problem is none of the branch office phones registered with call manager even though IP connectivity is still there. branch offices do not have any vlan configurations

please any help on this

thanks

theva

Richard Burts · ‎11-21-2010

Theva

Having switchport voice vlan 112 configured on ports where there may be phones connected makes good sense. But I do not see why you have it configured on the port that connects to the firewall.

My first guess at the problem focuses on your statement that the remote does not have any VLANs configured. So please explain to us how the phones are connected at the remote and what is configured to send the phone traffic from the remote to the head office.

My second guess is that the firewall may not be permitting the traffic from the remote sites to the Call Manager. Can you verify that there are access rules on the firewall that permit the phone traffic to Call Manager?

HTH

Rick

HTH

Rick

vakeesan thevarajah · ‎11-22-2010

Hi Rick,

Thanks a lot for your prompt response,

In the remote sites phones are connected with the switch (POE) with out any specific configuration, and getting the IP via DHCP configured on the router next to the Switch.

In the firewall IP traffic open, what else has to open?

regards,

Theva

cadet alain · ‎11-22-2010

It would be great seeing the firewall rules, can you post them?

Cisco phones are using SCCP( TCP port 2000 by default ) to communicate with CallManager.

Regards.

Don't forget to rate helpful posts.

vakeesan thevarajah · ‎11-22-2010

dear cadetalin,

following is my firewall inbound rule regarding the TFTP and call manager

access-list inbound permit udp any host 10.12.3.24 eq 2000
access-list inbound permit tcp any host 10.12.3.24 eq 2000
access-list inbound permit tcp any host 10.12.3.24 eq 3389
access-list inbound permit udp any host 10.12.3.24 eq tftp

regards,

Theva

cadet alain · ‎11-22-2010

hi,

In your ACL the tftp keyword will match port 69 which is control port for tftp but afterwards the tftp daemon will choose a random udp port for data transfer and here the traffic from your cisco phones to this port will be blocked by your ACL.

I would modify this ACL like this:

access-list inbound extended

line 50 permit udp "ip-phones subnet" "wildcard mask" host 10.12.3.24 ge 1024

regards.

Don't forget to rate helpful posts.

vakeesan thevarajah · ‎11-22-2010

Hi Cadetalain,

I amend my access list as you said and also permit all the ip traffic with out any restriction. but when I checked the hit count, none of the traffic match the UDP traffic

access-list inbound line 9 permit udp 172.16.96.0 255.255.224.0 host 10.12.3.24 gt 1024 (hitcnt=0)
access-list inbound line 11 permit ip any any (hitcnt=167)

regards,

Theva

vakeesan thevarajah · ‎11-22-2010

Hi,

further more to access-list and firewall i would also like to mention here that 99% phones are not registering at all. but some time only one or two phones registered properly and later they also unstable.

regards,

Theva

cadet alain · ‎11-22-2010

what is the hit count for the line with tftp?

Don't forget to rate helpful posts.

vakeesan thevarajah · ‎11-22-2010

Hi,

I actually removed all the accesslist and have only permit ip any any statement

Theva

cadet alain · ‎11-22-2010

which is the same as no ACL anyway and so has it helped doing so?

Regards.

Don't forget to rate helpful posts.

vakeesan thevarajah · ‎11-23-2010

Hi,

No, Problem did not solve yet

Don't you think problem on the VLANs?

Regards,

Theva

cadet alain · ‎11-23-2010

At which stage of boot process are your phones stuck? Are they getting an IP with DHCP? maybe you can try on some phones to do config on the phone directly and put the correct VLAN and a static IP along with the address of TFTP server and UCM server.

Regards.

Don't forget to rate helpful posts.

vakeesan thevarajah · ‎11-23-2010

Hi,

phones are stucks in the "opening ip"stage. i have tried with static phone configuration but things are remaining as same.

Regards,

Theva

cadet alain · ‎11-23-2010

Can you post config of branch office switches and routers please.

Regards.

Don't forget to rate helpful posts.