Hi balaji, sorry, my mistake, copied the wrong port, this is the configuration I have

interface GigabitEthernetx/x/x
description Vlan 106 VoiP 620
switchport access vlan 106
switchport mode access
switchport voice vlan 620
spanning-tree portfast

Can you post full configuration not working and working one,

can you give us more information on how this was uplinked ? (small network diagram help us)

Hi Balaji, attached 2 words containing running from two IDFs, the failing one (IDF11) and the right one (IDF6)

Added the network diagram too with CDP and LLDP neibourghs

You´ll find when checking routes 10.72.0.41 (cisco core 4507)

and 10.72.0.53 (stonesoft FW)

Thanks

Thank you for the config, High level i did not see any difference here other below observed one.

1. working one having Port-chanel with dual links   - not working switch has only 1 Trunk link that should be good to work

why you have many ip route statement  - you need only 1 static route if you have only 1 exit point towards your code -

ou´ll find when checking routes 10.72.0.41 (cisco core 4507)

and 10.72.0.53 (stonesoft FW)

you do need so many default routes, you need only  -ip route 0.0.0.0 0.0.0.0 10.72.0.30 (thinking this is your uplink switch).

if this switch doing routing you do not need the below command :

ip default-gateway 10.72.0.30  ( so remove it)

Hope you have created VLAN Locally (i think you are since you confirmed that voice and data work separately).

i also check the DHCP setting for the DATA scope point to voice VLAN (what DHCP Server you have ?)

https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/19580-dhcp-multintwk.html

You only have an issue - when you connect Phone and PC - they work individually right ? are they getting an IP addresses from the right VLAN IP range?

Hi Balaji, and thanks for your time and help

ok, here we go
1. working one having Port-channel with dual links - not working switch has only 1 Trunk link that should be good to work
Yes, forgot to mention that, not working IDF has only one FO to Cisco Core 4507

2 why you have many ip route statement - you need only 1 static route if you have only 1 exit point towards your code -

ip route 0.0.0.0 0.0.0.0 10.72.0.53
ip route 0.0.0.0 0.0.0.0 10.72.0.41
ip route 0.0.0.0 0.0.0.0 10.72.0.30

Because I inherited this job with a full Juniper EX4200 series topology, where the actual cisco IDFs were ALL Juniper 4200, AND the core (the actual cisco 4507, yes, I know, I should move to some 9xxx series) was an 8-Juniper 4200 EX stack with some virtual IP to manage all routing capabilities, this is, the HW itself had IP 10.72.0.41, the Virtual router had 10.72.0.30, the default gateway
Here what looks like a juniper vrrp-thing

}

vlan {

unit 0 {

family inet {

address 10.72.0.41/22 {

vrrp-group 1 {

virtual-address 10.72.0.30;

priority 254;

}

}

}

}

so when replacing Juniper IDFs to Cisco 2960X or XR, WITH juniper core, we had to point to 10.72.0.30

Once we replaced Juniper core with Cisco Core 4507 (10.72.0.41), the stonesoft FW was the one who routes (10.72.0.53)

in fact, the cisco core has this

ip route 0.0.0.0 0.0.0.0 10.72.0.53

3. Hope you have created VLAN Locally (i think you are since you confirmed that voice and data work separately).
Yes, locally

4. I also check the DHCP setting for the DATA scope point to voice VLAN (what DHCP Server you have ?)
Windows 2019

5. You only have an issue - when you connect Phone and PC - they work individually right ? are they getting an IP address from the right VLAN IP range?

Yes, I get the right IP from the correct Vlan, that´s the weird thing, I get IP from DHCP, I can reach IDF core, the phone register ok at some positions, and magically they DON´T GET IP in other ones...so I put the laptop...and I get IP, it is really confusing

Hi, Balaji.

I removed 10.72.0.30 and checked

it seems to work

I took two phones, one laptop and checked every plce I got n error early and worked fine, even with laptop cpnnected to phone, the internal switch worked fine and the laptop took the right IP from the right Vlan, the same for the phone

But the werid thing is that several IDFs got that same GW 10.72.0.30 and still work

This IDF11 is just a copy-paste template from the prior 10 IDFs, so the only thing I changed was to set an int range to configure all ports in their correct Voice and data Vlan, change hostname and manager IP and HW ip, the usual.

The IDF6 sample I uploaded yesterday happened to have GW to 10.72.0.53 (FW stonesoft9, the same like cisco core v(10.72.0.41)

Attached the cisco core config

the link to IDF core is ten5/11

interface TenGigabitEthernet5/11
 description A IDF-11
 switchport mode trunk
 ip device tracking maximum 10
 storm-control broadcast level 40.00
 ip dhcp snooping trust
end

in fact today the IDF11 seems to work fine, so I´ll make further tests today and if all ok I´ll colse this with your answer being the right one

I have to thank you for your time and wisdom

glad all good, appreciated your input

Not sure how others working, (what is the uptime of the other device ?) - may be once you reboot you see some surprises that device.

you do not need so many static route, which is not your next hop.

Hi, Leo and thanks

The phones are UNIFY openscape cp600 and they are working fine all over 50 cisco 2960X and XR within the building except in this stack (IDF11) they all (over 450 phones) have the same config as this stack (IDF11).

I mean the rest of the "world/LAN" works fine with dual VLAN, but here no..it is weird

Hi,  mohsiala

do you mean a port-mirroring ? (SPAN)

thanks