05-22-2013 08:09 PM - edited 03-21-2019 07:22 AM
Hi,
should be a fairly simple question but does UC560 WAN port support dot1q trunking back to switch? Can't see any doc on this.
Aim is to run 3 VLAN's back to switch one for data,voice,SSL VPN for remote teleworker.
Thanks,
Joseph
05-22-2013 09:39 PM
I believe the WAN port is a L3 interface. You will have to use subinterfaces to do specific vlan communication between a switch.
You may look at this document. By the way, this is not possible via CCA and can only be done via CLI.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006
05-22-2013 09:47 PM
CLI will break our CCA unfortunately.
Problem we have here is Gig 0/4 seems to be trunking fine for data and voice vlan, however to enable SSL VPN for teleworker you need the WAN port enabled. This goes back to switch and then to GW router for SIP trunk.
Not really sure how else we can enable the WAN port without breaking the trunk on Gig 0/4. Any ideas welcome.
05-23-2013 03:13 AM
Normally no tagging is needed on the WAN port because it goes straight to Internet connections and does not need that. If there is a switch in between set access vlan on it correctly.
Tagging is done on the other interfaces, connected to the switch.
05-23-2013 03:26 AM
Yes, in this case it's connected back to a switch and then goes out via GW router to the internet though.
We're trying to find a way to enable the WAN port for SSL VPN?
If we create VLANs, data,voice,SSL VPN on the UC560, and enable the WAN wondering should not the UC560 tag the VLAN's then exit the WAN port via a trunk port back to switch?
JL
05-23-2013 03:40 AM
No, as above, WAN is not to be tagged. It can has to be connected to switch via access port, not trunk.
05-23-2013 03:44 AM
so we have an existing trunk when we enabled WAN port it broke the call routing? seems the UC560 started routing calls out the WAN port? instead of the existing trunk gig 0/4 on UC560
any ideas??
05-23-2013 03:49 AM
I don't know your setup details, anyway calls are normally done on LAN ports, not WAN.
If you have further doubts I recommend you engage a reputable consultant, or UC certfied Cisco partner.
05-23-2013 03:59 AM
thanks for your assist bolo.
appreciate your help anywayz.
05-23-2013 11:32 AM
Hi Joseph,
If you already have connectivity to your network via a LAN port I don't see why you would need to plug the WAN Interface into a switch.
If your UC500 is sitting behind a router and you want to enable SSL VPN the best method would be to terminate the SSL VPN at the router and then route the proper traffic to the UC500.
05-23-2013 07:12 PM
the router is 1921 isn't there a teleworker router we can purchase that will match this for remote workers.
We did look into this previously, got a reply from Cisco that the above method was supported?
05-24-2013 09:33 AM
You can terminate the VPN at the 1921 or the UC500. It would probably be easier though to terminate the VPN at the 1921.
I don't know what you mean by a router that can match this for remote workers.
05-24-2013 10:47 AM
That's ok I looked into it SR520 looks like the teleworker router. Haven't used this but I'm wondering if that can terminate on the 1921 or does it have to connect back to UC540?
Exploring all options none look easy. Was even thinking that SPA525G built in client can connect back to 1921 rtr for SSL vpn.
I'll keep at it thanks.
05-24-2013 10:49 AM
The SPA525's built in SSL VPN client should have no problem terminating a VPN at another router(1921 included).
Just make sure there are routes in place to the voice network on the UC.
05-24-2013 11:11 AM
Was hoping that was the case. Makes the job a whole lot easier. it's trunking back to UC box from router so I may have to manually program the TFTP on phone to point to UC.
However now QoS is an issue, no DTLS or MTP resource?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide