Hi Roger,

Let me be clear:

phones + Sub1_CM+Unity in Voice VLAN => because all RTP flow is here

Pub + Sub2_TFTP => no Voice traffic, so I wanna put it in another VLAN

+ Also fo r a matter of NAT/SRST/IP Lookup, I had to remove Sub1_CM from the Voice VLAN

Did I make it clear enough?

Thanks, that’s sort of what I thought. Minus the mention of NAT. What would be the reason for NAT being used for an internal sourced service?

About the RTP traffic, there are barely any traffic of this kind to any CM node. For sure it would be for CUC, but still the recommendation would be to put the phones and servers on different vlans. All this is very well described in the SRND, Solution Reference Network Design document. If your not familiar with this I recommend you to read up on the parts that you have questions about.

Here is the link to UC 12 SRND. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab12/collab12.html

As far as I know and from experience there is no reason for why NAT would be needed for SRST.

Yes there would be RTP between phones and the voice gateway(s) that interface with external services, like an ITSP or TDM service provider. That traffic wouldn’t however go via a CM, other than signaling.

Hi Roger,

I am afraid I forgot

This is a military project, so here it is briefly =>

IP from central => satellite up/RF=> satellite down/RF => IP to remote stations

Thats why it is really particular., this is not full IP, for a private company, bank
There is no direct RTP in this condition(how could it be?), all flows, sig+RTP, are going thru CM, so it is not an easy-to-deploy infrastructure...

Does anyone have any kid of experience on that kind of military + IP + RF environment?

Thx for advice

Julien

Hi Julien,

From reading your previous post I was wondering if you were DoD. I manage multiple clusters world wide. I would let your satcom engineers handle the RF and transport, let the network engineers handle all the routing and KGs. As long as you have full ip connectivity you should be fine assuming you have enough bandwidth. Let me know if you have any further questions.

Thank you for reply, DP215.

1st, I dont know what is a DoD.
But if you manage multiple Clusters worlwide, you can be my man(despite being beginer, lol)

I think I need to tell you the whole story of my worries:

In fact, I have jumped on this project like 3, 4 months ago.
Design was already done: All Pub + Subs in same Voice VLAN than phones: I know it can look strange but again, My predecessor was pretty weak. Of course, I'd never do that. And again it it is not a full IP network. Signalling + RTP are going thru Sub_CM, it can not be different on this military IP<>RF(satellite blabla)<>IP network

The thing is I do not have Cisco IP Phones, I have third party rugged SIP phones, which allow only 1 SIP server IP@ in it.

I know SRST is not validated for other than Cisco IP phones, but I managed to make it work with a loopback IP@, therefore declared in the SIP rugged phones. I had no other choice because customer really wanted this feature. And it works pretty OK.

But, during lab testing, I+my colleagues discovered some "hole" in our customized config. 

So we decided to put CM_Sub1 in a dedicated "CUCM" VLAN, leaving others(Pub+Sub2+Unity) in their old VoIP VLAN.

But as you can imagine, all PUB+ Sub were on BE7K/ESX port#2(1to4)

So obviously now, I do not have access anymore to Publisher.

And as Publisher is the only R+W DB server, I can not do any more setup(creation, modification, whatever... not allowed from CM_Sub1).

I have to tell you that PUB is correctly licensed.

So what would you advise for me to recover access to PUB? Obviously Pub and CM_Sub1 need to see each other, as when you do some setup from Pub, it downloads with R rights only to CM_Sub1...

Put PUB on ESX port #3? Put it in which VLAN? A dedicated one?

Because I have so much more setup to do: SIP trunk, FXO/FXS Gateway/trunk, modification... ANd curretnly, from CM_Sub1, not possible obviously

I hope I've been cleared enough

Thank you so much for advice

Julien