Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2177
Views
0
Helpful
2
Replies

Default Gateway on Voice VLAN

brent.marceaux
Level 1
Level 1

‎01-23-2012 05:01 AM - edited ‎03-21-2019 05:14 AM

Greetings, I have configured the UC320 W working in "Routes Voice and Data" with External DHCP server mode.  I am using an ASA 5505 to provide DHCP to my data VLAN 1 and the UC320 is working fine for the voice portion.  I have the ASA trunked to a Catalyst 2960 C compact switch and also the UC320 trunked to the same switch.  Everything works fine except that any computer plugged into the LAN cannot ping or http browse to any of the phones (SPA504G) in the voice VLAN 100, neither plugged into the switch or plugged behind the phone.

My ASA has the VLAN 100 interface with a connected route to the voice vlan having it's vlan 100 interface as the gateway.  The UC320 has itself as the voice vlan gateway and it hands that gateway out to the phones.  I'm thinking that since they are not all sharing a common gateway of the interface on the ASA, this is why my data devices cannot hit the voice devices.

The ASA can ping both the UC320 voice vlan gateway and also the IP phones.

Any ideas without me posting configs or additional info?  How can I get access to the phones on the voice vlan from the data vlan?

Brent

Labels:
0 Helpful
2 Replies 2

rcastillo
Level 1
Level 1

‎01-23-2012 05:20 AM

You need to get an IP from the UC320W, perhaps with the wireless, that is in the same VLAN.  Set the wirless on the UC320W to hand out IP addresses for VLAN100.  This just looks like a VLAN issue.

You might also amend your ACL on the 5505 to allow you to access both VLANS if you plug into a port on the 5505.

All the best,

Robcast

0 Helpful

August Ritchie
Level 1
Level 1

‎01-23-2012 09:12 PM

Without too much information it is hard to say, but a few things come to mind.

First is asymetric routing. The ASA doesn't being left out of the loop so to speak when it comes to stateful traffic.

What might be happening is this:

Forward path: Data vlan client -> ASA -> Voice vlan client

Return path: Voice vlan client -> UC320W -> Data vlan client

Since the return path is different, stateful traffic like http will fail to handshake correctly through the ASA blocking the traffic. (You should see errors on the ASA like "Deny (no connection)" if this is the case.)

Additionally, you may want to run the built in packet tracer on ASDM to see if the traffic is theoretically allowed between the two interfaces on the ASA. (Packet-tracer is also available through CLI)

Hopefully this helps somewhat.

0 Helpful
Customers Also Viewed These Support Documents