UC560 multisite calls not working intermittently

kpoon · ‎09-25-2012

Hello, here's the setup:

We have a PTP wireless connection (25Mbps) between 2 buildings about 150M apart. There's a router at each site connected to the antenna.

site 1 :

data vlan 1 192.168.1.2/24 (UC), gw 192.168.1.1 (PTP router 1)

voice vlan 100 192.168.101.2/24 (UC)

WAN 192.168.201.2/24, gw 192.168.201.1 (PTP router 1)

site 2 :

data vlan 1 192.168.2.2/24 (UC), gw 192.168.2.1 (PTP router 2)

voice vlan 100 192.168.102.2/24 (UC)

WAN 192.168.202.2/24, gw 192.168.202.1 (PTP router 2)

multisite configuration is done on both site and VPN status is up. However, call between 2 sites via extension only work 50% of the time. We dial the extension, it rings on the other right away when it works. When it doesn't, we get busy signal after 15 seconds or so and it displays unknown number on the phone. The VPN is still up when it doesn't work. The data still works without problem. We also do a continuous ping from a pc on site 1 to 192.168.202.1 (PTP router at site 2) and it never drops.

We don't know what the problem is since it's intermittent. Also the fact that the VPn never actually drops but call wouldn't go through puzzle us. There's also qos setup on the 2 routers to reserve 2Mbps for 192.168.20x.0. We have contacted TAC and they suggest to bring the 2 UC560 together to test but that's almost impossible as they are in production environment.

Also we cannot ping from the UC WAN interfaces to each other 192.168.201.2 to 192.168.202.2, but to 192.168.202.1 (router) is fine. I suspect that it's the firewall that's blocking it? How can we disable the firewall completely on the UC just to test???

Any idea to resolve the entire problem would be appreciated?

Thanks in advance.

bkwon · ‎09-27-2012

this seems not FW issue, ICMP is blocked by the FW by default.

could you provide detial topology that how a router and a UC is connected in a site, and provide "show cry detail" from both site will be help.

kpoon · ‎09-28-2012

site 1 :

data port 1 on vlan 1 on UC vlan 1 192.168.1.2/24 (UC), gw 192.168.1.1 (PTP router 1), connected to a cisco switch, and a port of the switch connects to the route on port 7 w access to vlan 1 on the PTP router.

voice vlan 100 192.168.101.2/24 (UC)

WAN port on UC 192.168.201.2/24, connected to 192.168.201.1 (PTP router 1, port 8 w access to the vlan 99 192.168.201.0 subnet)

site 2 :

data port 1 on vlan 1 on UC vlan 1 192.168.2.2/24 (UC), gw 192.168.2.1 (PTP router 1), connected to a cisco switch, and a port of the switch connects to the route on port 7 w access to vlan 1 on the PTP router.

voice vlan 100 192.168.102.2/24 (UC)

WAN port on UC 192.168.202.2/24, connected to 192.168.202.1 (PTP router 1, port 8 w access to the vlan 99 192.168.201.0 subnet)

the computers on both sites connect on the back of the phones, get IP from a DHCP window server on data vlan so that the computers talk to each other on both data vlan on both sites.

If I disconnect the WAN port on the UC, obviously the VPN is down, when we try to call from site to site via extension, it gets fast busy signal right awal.

If the WAN port is connected, and when the call doesn't go thru, it waits for about 15 second before a long busy signal comes up. also the the status of the VPN stays up.

another challenge we have is that we cannot manage, ping, etc 192.168.1.2 (UC on site 1) from 192.168.2.0/24 or vise versa. We can get to the switches, any computer, router but not the UC itself. but it works from 192.168.1.0 locally. We need to be able to manage both systems from both sites. what could it be? I check the acl and they seem fine.

I have also disabled the firewall on both UC

I'll get the sh cry detail shortly when I get back onsite.

Thanks.

bkwon · ‎10-01-2012

you dont need to connect a UC swtich port to router, connect UC WAN port to router is enough. please refer to the site for detail multi site deployment.

https://supportforums.cisco.com/docs/DOC-9568

kpoon · ‎10-02-2012

We tried with the UC WAN port only to the router but the computers on the 2 data VLANs cannot talk to each others except from 192.168.1.0/24 to 192.168.2.2 (UC) or 192.168.2.0/24 to 192.168.1.2 (UC). They can't get the other computers, servers, or even the switches on the other site but only the UC.

bkwon · ‎10-02-2012

basically, UC500 multisite (site to site VPN) is between 2 data VLAN in 2 sites, which means each VLAN should have not problem to access each others data VLAN. if you configure a multisite with CCA there should be no issue. can i have your configuration in both site, bkwon@cisco.com.

kpoon · ‎10-02-2012

thanks, I'll send you the 2 config of the 2 UCs rightaway.

thanks for your help again.