Solved: Re: DHCP connection timeout on Voice vlan- intermittent occurance

athomas1 · ‎05-06-2024

I've got this interment problem where my ip phones aren't able to get an IP address from DHCP.

I've got a mix of 9200L and 2960s POE switches. I've experienced the issue on both models, with different version of firmware on each. Different DHCP servers makes no difference.

Voice VLAN is 84 in this case. PCs connected directly not via the phone as max 100MB uplink available.

Other phones continue to work without issue. I used wireshark to check whether the dhcp requests from the problem phone were reaching i- they were not. SO presumed it was a vlan issue. I can ping the DG of the voice VLAN from the problem switch, no issue, so I know the switch can see the VLAN. IP helper command set on the VLAN to direct DHCP traffic.

I have ruled out the phone completely. Two different models, different access switches, they work fine.- when they get an IP!

Voice VLAN config below. I have redacted specific details for security reasons.

interface Vlan84
description VOIP VLAN *NEW*
ip address 10.44.84.xxx
ip helper-address 10.44.104.xxx
standby 84 ip 10.44.84.xxx
standby 84 priority 120
standby 84 preempt
end

Access port is:

interface GigabitEthernet1/0/2
description services phone
switchport voice vlan 84
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust cos
spanning-tree portfast
end

I have tried different switchport/ access switch/ different firmware/ newly configured switch/ different dhcp server.

I have had this same issue before and replacing the entire switch stack/ fresh config, for some reason worked. Tried that this time, no joy. I'm starting to draw a blank so any help greatly appreciated. Diagnostics not my strong suit, still learning!

acampbell · ‎05-07-2024

Hi,

When you plug the phone into a port cofigured with "switchport voice vlan 84"
How does the phone know it is to use tagging on vlan 84
CDP ?
LLDP ?
Manual config of phone ??

Regards, Alex. Please rate useful posts.

View solution in original post

balaji.bandi · ‎05-06-2024

what code running those Switches you mentioned, and what Phone models they are ?

You have Switch - that connect Phone and PC behind or dedicated voice port ?

what is the Data VLAN here, you have HSRP configured here - how is your network diagram looks like ?

I've got this interment problem where my ip phones aren't able to get an IP address from DHCP

when you see intermittent - that time on the switch what logs you see ? is there any HSRP flapping, STP convergence ? do you ARP table on the device, do you have MAC address on the port ?

when the intermittent time, what is the error message on the phone ?

have you configured DHCP spoofing on the switch ?

example config you posted what switch - cat 9K switches QoS config bit different

you can look couple of examples :

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKCRS-2501.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

athomas1 · ‎05-06-2024

PCs all connect via their own switchport. HSRP is configured. Ring topology.

No HSRP flapping, no STP changes. Yes I have checked arp, MAC address has been learnt.

By intermittent i mean it happens randomly. Plugging in a new phone somewhere, exact same siwtchport config, same phone model/ firmware, it just sits there on dhcp connecting screen. Phones are NEC DT series, but I have eliminated the phone from being the issue. DHCP spoofing not currently configured. One of many things to fix. Only recently gained full management of this network- there's a lot to do.

Yes i know QoS config varies between 2k and 9k, I have it working 99% of the time on all other switches onsite.

MHM Cisco World · ‎05-06-2024

First add two commands under the hsrp svi interface

No ip icmp redirect

No ip icmp unreachable

If not work

Share

Debug ip dhcp packet for both SW

MHM

balaji.bandi · ‎05-06-2024

Do you have diagram of how these connected and where the DHCP and Call manager or Phone registration server located any IP information.

for testing near by the switch - i was about to suggest same @Georg Pauwen the way thinking to see of that help ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎05-06-2024

Hello,

what if you add:

auto qos voip trust

under the interface(s) ?

athomas1 · ‎05-07-2024

Following further testing this morning it appears as though when the switch learns the phone mac it only tags it with vlan1 and not vlan84 as well, which all other switches ive looked at do. The port is tagged with switchport voice vlan 84, but when the device connects only Vlan1 comes up, not Vlan84 as well. If the phone cannot see the Vlan84 I know it won't stand a chance with the DHCP.

What might cause the switchport not to assign Vlan84 to learned mac address of the phone and only Vlan1?

acampbell · ‎05-07-2024

Hi,

When you plug the phone into a port cofigured with "switchport voice vlan 84"
How does the phone know it is to use tagging on vlan 84
CDP ?
LLDP ?
Manual config of phone ??

Regards, Alex. Please rate useful posts.

athomas1 · ‎05-08-2024

In this instance LLDP hadn't been configured on the access when I thought it was. Part of a default script i normally use so dismissed it out of hand.

athomas1 · ‎05-07-2024

We have LLDP configured on our switches...

However, it had not been configured on this switch. I had been told by who provided these phones that on our new system LLDP was not required. Clearly it is still very much necessary! I know it was used to allow non-cisco devices to be detected for the purpose of topology mapping and device scanning, I didn't know it was required for non-cisco devices to be given the correct VLAN.

I have had it on other switches however, where this has been configured and most phones worked, but one specific one didn't Tried the phone in a different switchport on same switch, still didn't work. Tried it on another switch entirely, phone worked.

SO I am happy to say in this case problem appears to be solved, however it doesn't make sense given the different situations I have seen this to not work properly.

MHM Cisco World · ‎05-07-2024

do

show switchport interface GigabitEthernet1/0/2

check see if the interface is Access or trunk
share result here
I dont think it SW issue it port config issue

MHM

athomas1 · ‎05-08-2024

I use standard scripts for the switchports on the phones, they are all set to access ports. I am pleased to say at least with access/trunk i know the difference. Thanks for your help.

MHM Cisco World · ‎05-08-2024

My fault
I must see that you use
swithcport voice vlan
not
switchport access vlan
that why Voice phone use vlan1 not vlan 84 without CDP or LLDP

sorry for that

MHM

acampbell · ‎05-08-2024

Hi,
It does look like the phone knows what vlan tagging to apply.
You could try adding LLDP to this switch and try just one port.

conf t

!
lldp run
!
int gig1/0/2
lldp transmit
lldp receive
!
end

Try a phone in gig1/0/2 see if it now taggs vlan 84 and hopefully pickups a correct DHCP address.

HTH

Regards, Alex. Please rate useful posts.

Elliot Dierksen · ‎05-08-2024

I am drawing some inferences here that the DHCP in the untagged VLAN doesn't provide the correct information for the phone to locate its call control server. I have found it helpful on the access switch where phones are connected to use the command "show mac addr dyn int g X/Y/Z" (X/Y/X would be the appropriate interface) to see you are learning MAC addresses in the expected VLAN's. That might lead you to troubleshooting voice vlan discovery failure on the phone sooner. That said, why are you using tagged VLAN's for the phone if the port for phone is dedicated to the phone? You could make the port an access port in the voice vlan and then no tagging or discovery is required. That could be a security issue, but it is a thought. That is also something I will try with a problem phone to bypass the vlan discovery for troubleshooting purposes.