Solved: VoIP Configuration ISR4331

danijel_knezic · ‎01-18-2021

Hi Guys,

I have on one of my project problem with VoIP router Cisco ISR 4331 and Cisco Switch SG 250 interconnection. So ISR 4331 configuration on the port g0/0/0 which is connected with SG 250 is as follow:

interface GigabitEthernet0/0/1
ip address 10.13.0.2 255.255.255.0
ip nat outside
ip nbar protocol-discovery
negotiation auto
spanning-tree portfast disable

and on the other side on SG 250 I have configuration:

interface GigabitEthernet44
description ***ISR4331***
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2-7
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown

My native vlan is vlan 1 and according to documentation which unfortunate is not accurate 100% ISR 4331 IP: 10.13.1.254 but in my case I am getting IP: 10.13.2.254. I know if I allow the Native vlan 1 I will get IP as per documents but in that case I loss all my Cisco phones form the ARP table:

MYALRT01#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.13.0.2 - a4b2.393e.5851 ARPA GigabitEthernet0/0/1
Internet 10.13.2.1 3 0090.0b6e.3a76 ARPA GigabitEthernet0/0/0
Internet 10.13.2.20 23 a4c3.f0ab.5289 ARPA GigabitEthernet0/0/0
Internet 10.13.2.240 171 d4ad.bd0c.79be ARPA GigabitEthernet0/0/0
Internet 10.13.2.242 1 5061.bf3d.f344 ARPA GigabitEthernet0/0/0
Internet 10.13.2.243 85 c064.e4ec.e0de ARPA GigabitEthernet0/0/0
Internet 10.13.2.251 4 0013.cb03.f0fa ARPA GigabitEthernet0/0/0
Internet 10.13.2.253 57 0013.cb0d.3d2b ARPA GigabitEthernet0/0/0
Internet 10.13.2.254 - a4b2.393e.5850 ARPA GigabitEthernet0/0/0
Internet 10.13.6.1 66 0090.0b6e.3a77 ARPA GigabitEthernet0/0/1

I am not sure if my SIP server:

sip-ua
registrar ipv4:10.13.2.254 expires 600
sip-server ipv4:10.13.2.254

has IP: 10.13.2.254 then in this case I should really have configured IP: 10.13.1.254 on my interface g0/0/0.

COuld you please help me recitfiye this issue and clear what I should have configured on ISR 4331 and SG 250 interface to be sure I will have native and SIP communication because at moment my Desk IP phone is not registering with SIP server.

Any info or help is more then welcome and if you need more details I am happy to share it.

Giuseppe Larosa · ‎01-20-2021

Hello @danijel_knezic ,

the listed error " No trust list installed" should mean the phone is missing the TFTP server certificate and for this reason does not accept the downloaded file .xml.

at this point I would suggest you to move your thread under IP telephony forum where hopefully you can find better help from other colleagues.

It is not a networking issue it is more a security issue specific to IP telephony.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎01-18-2021

Hello @danijel_knezic ,

on the switch gi44 you have configured :

>> switchport trunk native vlan 2

How you have configured gi0/0/0 on the router and why you are configuring switch gi44 as a trunk if gi0/0/1 on the router is not using subinterfaces?

! examle configuration with subinterfaces the number following enc dot1q command is the vlan id.

int gi0/0/1

no ip address

int gi0/0/1.2

enc dot1q 2 native

ip address ...

int gi0/0/1.3

enc dot1q 3

The IP address used for the SIP server has to be configured on a router interface to make it reachable by endpoint that attempt to register with it. IF it is a physical interface it must be up/up.

Hope to help

Giuseppe

danijel_knezic · ‎01-18-2021

By mistake I have put config of the g0/0/1 instead g0/0/0.

This is how my ISr4331 g0/0/0 has been configured:

interface GigabitEthernet0/0/0
ip address dhcp
ip nat inside
ip nbar protocol-discovery
negotiation auto

vlan-id dot1q 2

My g0/0/0 use sub interface so g44 has to be in trunk am I right?

danijel_knezic · ‎01-18-2021

Ok

I have setup switch interface g44 in trunk mode and nativ vlan 2 and ISR interface got IP 10.13.2.254. Now when I try to ping ISR for SW i dont get replay and other way around but I cna ping my defualt GW form the ISR 10.13.2.1 and I can ping from my firewall 10.13.1.1 to ISR and other way around.

I ARP table I can see al my phones

Internet 10.13.0.1 14 0090.0b6e.3a77 ARPA GigabitEthernet0/0/1
Internet 10.13.0.2 - a4b2.393e.5851 ARPA GigabitEthernet0/0/1
Internet 10.13.1.1 1 0090.0b6e.3a77 ARPA GigabitEthernet0/0/1
Internet 10.13.2.1 6 0090.0b6e.3a76 ARPA GigabitEthernet0/0/0
Internet 10.13.2.240 2 d4ad.bd0c.79be ARPA GigabitEthernet0/0/0
Internet 10.13.2.242 0 5061.bf3d.f344 ARPA GigabitEthernet0/0/0
Internet 10.13.2.243 42 c064.e4ec.e0de ARPA GigabitEthernet0/0/0
Internet 10.13.2.250 0 0013.cb03.f309 ARPA GigabitEthernet0/0/0
Internet 10.13.2.251 0 0013.cb03.f0fa ARPA GigabitEthernet0/0/0
Internet 10.13.2.252 0 0013.cb03.f9a0 ARPA GigabitEthernet0/0/0
Internet 10.13.2.253 0 0013.cb0d.3d2b ARPA GigabitEthernet0/0/0

But still my desk phone is not registering with SIP server. Any suggestion what to check it this case.

Giuseppe Larosa · ‎01-19-2021

Hello @danijel_knezic ,

from wireshark OUI seach page I see

00:13:CB Zenitel Norway AS

Are your phones from Zenitel?

What device is acting as DHCP server ?

the phones may need a paramater passed as DHCP option to get the IP address of the SIP server to contact

it is important to find out the option number and the format to be used to pass the info to the clients

150 for example for TFTP server

Otherwise you have to manually configure the SIP server IP address on eacn phone.

Hope to help

Giuseppe

danijel_knezic · ‎01-19-2021

I have Cisco IP phone CP-7861 and Cisco wireless phones 8821. My wireless phones are connect to vlan 2 but no communication with SIP server.

00:13:CB Zenitel Norway AS This is wall mounted communication device which is working fine. I have 4 of them. They are on same vlan as phones but no interaction between phones and them.

My DHCP server is as well my Firewall Kerio NG 500 IP:10.13.1.1

the phones may need a paramater passed as DHCP option to get the IP address of the SIP server to contact. How to check this?

danijel_knezic · ‎01-20-2021

Hi,

I have my DHCP server passing TFTP server address but my phones are giving error message as on photo. I am not sure what could be reason of this....Please help...

Giuseppe Larosa · ‎01-20-2021

Hello @danijel_knezic ,

the listed error " No trust list installed" should mean the phone is missing the TFTP server certificate and for this reason does not accept the downloaded file .xml.

at this point I would suggest you to move your thread under IP telephony forum where hopefully you can find better help from other colleagues.

It is not a networking issue it is more a security issue specific to IP telephony.

Hope to help

Giuseppe

danijel_knezic · ‎01-20-2021

Thanks Giuseppe.

I will open new case with IP telephony.