03-12-2012 04:44 PM
3 Network Engineers later. . . I'm appealing to these boards for ideas.
Situation:
Rolling out new Avaya POE VOIP phone system for our corporate office.
Existing Infrastructure:
1 Core Cisco 3560 connected to 7 Cisco 2960 with ethertrunking enabled and passing VLAN 1, 100, 300, 400, 500.
Data VLAN 1/100 (Split to allow the DHCP requests coming from the diffrent sides ofthe building to hand out VLAN appropriate scop Addresss)
Vlan 1 - 192.168.0.0/24
Vlan 100 - 192.168.0.0/24
Vlan 300 (Avaya Servers and Phone Gear4)
Vlan 400 Avaya DHCP scope for phone addreeses
Vlan 500 Management VLAN for all SF 302 Switches.
Because many of the offices have more PC's and phones in them than network drops we purchased 30 SF302-08P switches to power the phones and PC's in the offices. We started by flashing them all to the current release of the firm ware 1.1.2.0 and successfully configured them to work with Vlan 1. The PC's get vlan specific DHCP addresses as do the phones, PC's connected through phones also grab the correct IP address range. We then setup the configuration for Vlan 1, after monkeying around and testing the only major diffrence being we blocked the inheritence of VLAN 1 at a switch port level on the Access switch so that the Vlan 100 would be the data vlan and the PC's would pull the correct IP addresses from DHCP.
We deployed a few switches on each side and began testing, on the 192.168.0.0/24 side of the network everything is working gloriously, Mac's Windows XP PC's and Windows 7 PC's are all able to conected to the internet and access the pages needed for our call center employees to do what they need to.
However, on the 192.168.1.0/24 side of the network things got interesting. We found that windows xp machines connected to the SF302 switches which have pulled correct DHCP and DNS information. Can ping, for example, www.expedia.com but when you try to navigate to the website with a browser the page times out. Connecting the same PC directly to a wall port connected to the Access 2950 switch and it can reach the website without a problem. Plug a windows 7 PC into the SF302-08P switch and it can surf to the same websites without issues.
I've had three diffrent network engineers look at this and it has them stumped, I'm at a loss and any hel would be greatly appreciated.
here is the running config from one of the SF302 switches that is not working.
interface fa4
spanning-tree link-type point-to-point
exit
vlan database
vlan 1,100,400,500
exit
voice vlan id 400
voice vlan state oui-enabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 2cf4c5 "new avaya"
interface fastethernet1
voice vlan enable
exit
interface fastethernet2
voice vlan enable
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return>
exit
interface fastethernet3
voice vlan enable
exit
interface fastethernet4
voice vlan enable
exit
interface fastethernet4
voice vlan cos mode all
exit
interface fastethernet5
voice vlan enable
exit
interface fastethernet6
voice vlan enable
exit
interface fastethernet7
voice vlan enable
exit
interface fastethernet8
voice vlan enable
exit
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return>
interface fastethernet1
lldp med disable
exit
interface fastethernet2
lldp med disable
exit
interface fastethernet3
lldp med disable
exit
interface fastethernet4
lldp med disable
exit
interface fastethernet5
lldp med disable
exit
interface fastethernet6
lldp med disable
exit
interface fastethernet7
lldp med disable
exit
interface fastethernet8
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return>
lldp med disable
exit
interface gigabitethernet1
lldp med disable
exit
interface gigabitethernet2
lldp med disable
exit
interface vlan 500
ip address 192.168.100.27 255.255.255.0
exit
ip default-gateway 192.168.100.1
ip dhcp relay address 192.168.0.3
ip dhcp relay enable
interface vlan 100
ip dhcp relay enable
exit
interface vlan 400
ip dhcp relay enable
exit
interface vlan 500
no ip address dhcp
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return>
exit
hostname access-302-18
ip ssh server
no snmp-server server
interface fastethernet4
macro description switch
exit
interface gigabitethernet1
macro description "switch | no_switch | switch | no_switch | switch | no_switch | switch | no_switch"
exit
interface fastethernet1
switchport mode general
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet2
switchport mode general
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet3
switchport mode general
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return>
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet4
!next command is internal.
macro auto smartport dynamic_type unknown
switchport mode general
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet5
switchport mode general
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet6
switchport mode general
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet7
switchport mode general
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return>
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface fastethernet8
switchport mode general
switchport general allowed vlan add 100 tagged
switchport general pvid 100
exit
interface gigabitethernet1
switchport trunk allowed vlan add 100,400,500
exit
interface gigabitethernet2
switchport mode access
switchport access vlan 500
exit
n
03-12-2012 06:03 PM
Hi joshua,
You mention "However, on the 192.168.1.0/24 side of the network things got interesting"
I see no mention within the description of the network setup or the CLI script, of network 192.168.1.
Would it be possible to see a network or topology diagram of how this network is setup?
i see that you have put some switch ports in general mode. I would have thought the default trunk mode would have been ok.
When you go to the section in the SF302-8P GUI on VLAN Management > interface settings , then click the "help" text in the top right hand corner of the GUI. A popup window will come up defining the three modes. General mode is a very specific mode, and i am trying to figure why you used it.
I am also trying to figure why in the cli you have some DHCP relays on VLAN interface 100 and 400, but the interfaces don't have IP addresses associated with them.
By the sound of your result, where almost everything is working, you have done a great job. The GUI does take a bit of getting used to
Seems like I am getting only part of the story here, but i and i guess others want to assist, but really need some more information.. Can you please go over your description again, or if the description is completly correct, you better have a chat witjh the good folk at SBSC.
regards Dave
03-12-2012 06:31 PM
Bear with me, I am a fledgling network guy, I know enough to truly be dangerous, and when the guy who was administering our networks left to move to another company I got tasked with taking over the phone migration, mid stream.
Here is the diagram of our network.
Hope this is legible. . . and expandible so it can be read, here is an overall view of our network. The SF302 Switches Exist in their own management VLAN (500) and use IP addresses 192.168.100.1-30 are connected into the Access switches in this network topology using the Ge1 uplink port. The port on the Access switch is configured for Trunking to pass all the VLAN information to the devices connected to the SF302 switch.
As to the why:
For simplicity, we about 230+ PCs in our office, with this many PC's using so many DHCP addresses along with printers, switches, wifi devices, etc all needing iP addresses to provide enough IP's and limit the broadcast domain the designers split the network into multiple DHCP scopes routed through the core 3560 Switch.
The result was the east half of the building is assigned IP addresses out of the 192.168.0.0/24 subnet and the West side of the building is assigned DHCP Addresses out of the 192.168.1.0/24 subnet. From a centrally located DHCP server (Our Primary DC)
The FastEthernet ports are in general mode; from what the guy who set them explained to me, this allows them to pass both the Tagged Vlan 400 Traffic for the phones and the untagged Vlan 100 traffic for the data vlan. This allows either a PC or a VOIP phone to be plugged into any port on the switch and pull the appropriate DHCP address and as far as I am able to tell is functioning as designed.
The DHCP relay as I understand it, is required to forward dhcp requests to the DHCP Server so that it knows which DHCP scope to assign an IP address to.
03-12-2012 07:22 PM
Hi Joshua,
Ah, i think i understand sorry, I'm not the sharpest tool in the toolbox.
So we want VLAN 100 as untagged VLAN on the fastethernet ports. This may vary because you are using VLAN100 to half the data clients broadcast domain. East client may use a different VLAN and West client for the sake of this discussion use VLAN100 for data access.
You also want VLAN 400 as a tagged interface on the fast Ethernet ports for connection of Avaya phones
You have Gig 2 setup for vlan access mode in VLAN 500, so I guess you are using this port to plug into for management purposes.
Since we are using 2960 switches to plug into and the SF300 series uses a discovery protocol called CDP, voice vlan information will be propagated to the SF300 series switches. Kewl stuff
If it's that simple, it's a very easy vlan configuration
I guess the uplink port G1 is going to be the uplink to the 2960 switch.
We are going to start of simple to get connectivity going, and then you can play with the VOICE VLAN QOS setting and LLDP-MED settings.
I will create a short webex video to set this up. I do not have a SF300 switch but a SG300-10P switch.
The configuration via the gui should be pretty much identical. I will paste a video link below;
Click here to see 5 minute video
hope this gets you started.
regards Dave
03-12-2012 07:51 PM
I appreciate it and will give it a watch. I will be interested to see if the VLAN and VIOP setup you recomend will resolve the issue with windows XP pc's connected to the SF302 switch not being able to access expedia.com on our network.
03-12-2012 08:16 PM
Hi Joshua,
I left a few things out of the video, I pasted the link in my last post above..
Plug the switch into the 2960 and turn the switch on, you may see in the console, if the Sf300 learns some voice VLAN settings.
I am out of the office for a few days, so it may be a little while before I can respond. But let me know how the configuration went.
Here is the configuration it produced, modified slightly for your switch. try it out if you want.
interface gi2
spanning-tree link-type point-to-point
exit
vlan database
vlan 100,400,500
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface vlan 500
ip address 192.168.10.27 255.255.255.0
exit
interface vlan 1
no ip address dhcp
exit
hostname dave
no passwords complexity enable
no snmp-server server
interface gigabitethernet1 - learnt this from Cisco switch
macro description "switch | no_switch | switch"
exit
interface fastethernet1
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet2
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet3
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet4
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet5
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet6
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet7
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface fastethernet8
switchport trunk allowed vlan add 400
switchport trunk native vlan 100
exit
interface gigabitethernet1
!next command is internal.
macro auto smartport dynamic_type switch
switchport trunk allowed vlan add 100,400,500
exit
interface gigabitethernet2
switchport mode access
switchport access vlan 500
exit
interface vlan 400
name avaya-dhcp
exit
interface vlan 500
name management-vlan
exit
switch0fdcfd#
regards Dave
03-13-2012 05:24 PM
Wow, very easy and best of all, it works, XP PC's connected to the SF302 switches on that side of the building are now having ZERO issues and everything is working as designed,
Thank you so much for you timely assistance.
~Josh Franklin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide