cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3216
Views
45
Helpful
23
Replies

Virtual NIC issue on VOIP system and SG500X

Mike Horowitz
Level 1
Level 1

We have a VOIP system with 1 physical NIC attached to our SG500X. It has a virtual MAC address along with the physical MAC address. It has 2 IP addresses tied to it.

I can ping the physical IP address, but can only ping the virtual address from the same vlan as the virtual nic. However, if I clear the arp table, a few pings will go through until they all time out again. This is causing problems on my phone system, and I need to establish this communication. I have tried putting in static MAC and ARP entries, but that does not work. Any ideas? Thank you in advance!

23 Replies 23

Tom Watts
VIP Alumni
VIP Alumni

Hi Mike, can give more details about the switch configuration and more details about the topology? There is not enough information to work with.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Gladly. I have 2 sites, with an NEC SV8100 VOIP system at each location. The 2 sites are tied together by a 100mb fiber point to point ecity line (LightPath). The core switches at each location is the SG500X (2 in a stack at location #1, and 1 at the other location #2), and I have 6 SG200 switches (for clients) spread out through the buildings connecting to the SG500X's.

Voice is in vlan 40 at 1 location, and in vlan 140 at the other. The connecting circuit is in vlan 100. I am using class B 10.x subnets. All vlan's are routable from the layer 3 SG500x's. Clients, servers, and other devices are in separate vlan's. The NEC VOIP's each connect to the SG500X's via one ethernet cable connecting at 1Gbps full duplex. Voicemail is in one of the VOIP units, and both sites utilize the same voicemail.

The phone systems connect to each other, but UDP traffic is supposed to go from one system to the other over the virtual IP address. This is causing errors on the phone system, and while calls can still be made, the system slows down from the volume of errors. Voice calls connect great, and there is no problem with quality. All calls between systems sound perfect, but the errors cause delays in connection time and sometimes prevent connection across the point to point (calls from the outside are fine, unless transferred between buildings).

Let me know if there are any specifics you need. Thank you!

How is the port configured on the switch connecting to the physical NIC? What kind of errors are being logged and from where? The ports connecting the buildings, what is their configuration?

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

The ports are set to auto-negotiate for all. The phone system ports negotiate to 1Gbps full duplex, while the point to point negotiates to 100Mbps full duplex. Flow control is disabled, and MDI/MDIX is Auto for all.

As for the errors, they are being "logged" on the NEC units, but cannot be deciphered. NEC is adamant that it is a networking issue causing the problem. The overload of error messages, not the errors themselves , are what is causing the call connection delay.

The initial problem that I have to get past is why the pings cannot be completed to the virtual NIC, while they are fine to the physical NIC. Except when a PC is put on the same vlan as the phone system - then all pings are perfect. The pings do not like being routed between the vlan's for the virtual NIC only. NEC is mandating that I get past this issue to continue. It does not sound like a logical problem, so there must be something in the SG500X that is preventing this from happening.

For what its worth, I should mention that I am on version 1.2.0.97 firmware, though 1.2.7.0 just came out.

Mike, I am thinking you may be simply missing a vlan tag on some ports, such as the port connecting to the NIC and possibly the ports connecting the sites.

Can you post the following outputs;

show run

show vlan

show ip route

show spanning-tree active

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

You might be right. Vlan's list as untagged, but still fall under the proper vlan. Here is the output for all 4 commands:

Message was edited by: Mike Horowitz I removed full configuration to shorten posts (and to hide my internal network configs from the general public). If you need these outputs again, please let me know!

Mike, try changing the port connecting to the NIC as follow

switchport mode general

switchport general ingress-filtering disable

switchport general pvid 40

switchport general allowed vlan add 40 untagged

I believe I have the VLAN correct? Please correct me if I am incorrect about the VLAN ID.

If this doesn't work, try adding the vlans involved to the port with a command such as

switchport general allowed vlan add xx tagged   (*xx = vlan id desired)

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Thomas,

I upgraded the firmware of the switches to 1.2.7.76, and changed the settings as you said. Neither worked. I changed the port to tagged, but lost connectivity entirely so I put it back to untagged. Let me know if you can think of anything else. Thank you for your help.

Mike

Mike, I think this needs a bit more looking at. Do you have time after 9pm eastern today?

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Yes, but I won't be physically on site. But I can make changes to the system at that time.

On another note, I put a PC with 2 IP addresses tied to the same physical NIC in the voice VLAN (40), and was able to ping both addresses successfully from outside vlan 40. But, the PC still uses the same physical MAC address for both IP addresses, whereas the phone system has a virtual MAC address for their virtual IP address.

I am thinking along the same lines. When the switch has a valid interface up it builds the connected routes automatically. So the layer 3 IP route shouldn't be an issue.

So the question is, how is the layer 2 affected? Using the PC, if you do show mac address-table I suspect you will see the MAC showing up on both VLAN of which the IP resides for the VLAN interface.

I almost wonder if the smart port or a port security setting needs to be changed to handle that Virtual NIC better. Out of curiosity, can you change the smart port on the Virtual NIC port to be "other"? This will allow more MAC address on the port.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Thanks Thomas. All smartport settings are disabled right now for those ports. I will make that change you suggested tonight around 5:30PM.

Mike, I am available now, please provide me a contact #.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Thomas,

I changed the SmartPort configuration on that port (on the switch) to IP Phone + Desktop, and I still cannot ping the virtual NIC. I did not see the "other" option among the choices. I emailed you my phne number if you would like to call. Thanks again.

Mike