Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1128
Views
10
Helpful
10
Replies

Unable to access UC320W via WAN Interface

Philip Denton
Level 1
Level 1

‎08-08-2012 11:04 PM - edited ‎03-21-2019 06:08 AM

Ladies and gentlemen,

I'm in the middle of my first UC320W install this week.  It's a greyfield scenario where the client has a Westell DSL router that both terminates the DSL connection and also provides the office Internet access via WLAN.

My plan (as per SMART design) is to add an SF200-24P to build out the voice network and also to extend the Data VLAN to the desktop via the phones' switchports.  The Westell will continue to serve DHCP for the Data network (10.0.0.x) and the UC320W will serve for the Voice network (192.168.0.x).

To support those goals, I have thus far:

  • Configured VVLAN 100 on the switch
  • Given both the switch and the UC320W static IPs on the data network
  • Left GE2 on the switch as a trunk link and connected it to one of the Westell's LAN interfaces
  • Tagged GE1 on the switch for VVLAN 100 and connected it to a LAN port on the UC320W
  • Attached the UC320's WAN port to one of the Westell router's available LAN interfaces
  • Attached all the phones to the switch

All my phones are registered and configured.  When I plug in to the switch with my laptop I can hit the managment address of the switch and the Westell in via web browser but I can't hit the UC320W.  In the UC320W I have the "Enable Remote Administration" box checked and I left it at the default port of 8080.  Neither https://10.0.0.100:8008 or http://10.0.0.100 works from the "WAN"; however, if I plug my laptop directly into the back of the UC320W I can still access the administrative interface via http://10.0.0.100.

Is there a firewall in place somewhere that's keeping me from managing the UC320W from the Data network (WAN interface)?

Thanks in advance,

Phil

Labels:
0 Helpful
10 Replies 10

rbordner
Cisco Employee
Cisco Employee

‎08-09-2012 07:24 AM

Phil,

You provided alot of information here and I am trying to visualize your topology.

Couple questions/comments:

1) If you connect a pc to the UC320W lan ports can you access the internet? That will confirm the default route via the WAN port is operating correctly.

2) If step 1 is succesful can you login to UC320 -> Services (upper right corner) -> Feedback-> Report Problems (drop down) -> Enter Attn  Randy Bordner in the issues and suggestions field.

This will provide me the configuration of your UC320W.

Thanks,

Randy

0 Helpful

Philip Denton
Level 1
Level 1
In response to rbordner

‎08-09-2012 08:58 AM

Randy, I won't be returning to the customer site until tomorrow but I don't think I'm able to access the Internet from the LAN side of the UC320W.

Also, I've attached a super detailed Visio for your review.

0 Helpful

Christopher Edgeworth
Level 6
Level 6

‎08-09-2012 07:51 AM

Hi Phil,

A couple of comments to consider:

  • If you have a SPA8800 or ever plan to connect one, you should not use the 192.168.0.x/24 network as that is a private internal network to the SPA8800 and has cause other partners problems.
  • In the information provided I only see 2 subnets mentioned.  You should have 3 subnets:  1 for WAN side of UC320W, 1 for LAN side data (DHCP provided by your DSL router), and 1 for the Voice VLAN on VLAN 100 (DHCP provided by UC320W (LAN side interface)).  The WAN side of UC320W subnet MUST be different from the data subnet for PCs.  A number of customers will connect the WAN port to the DMZ of the Internet router.
  • If you are trying to access the UC320W on the WAN interface from the public Internet, make sure you have configured port forwarding on your Westell DSL from the Public TCP port (and IP if applicable) to the UC320W WAN side static IP and port 8080.  This port forward is for HTTPS traffic.

Hope this helps!

Chris

Philip Denton
Level 1
Level 1
In response to Christopher Edgeworth

‎08-09-2012 09:16 AM

Chris, I'm not too worried about adding SPA8800s to this deployment but that IS a good tidbit of information to remember for future ones.  I definitely haven't see any guidance on NOT using 192.168.x.x on the UC320W anywhere in the docs I've read thus far.

As for your second point, why can't I make the WAN port of the UC320W part of the Data VLAN?  I don't think that would be out of the ordinary for a CME/SRST box so is there something different about how the UC320W handles LAN/WAN traffic?  Unfortunately this site only has a handful of employees and haven't even thought about a DMZ.  I guess I'll just have to carve one out...

Since I can't access the UC320W from the LAN via WAN port yet I haven't thought about accessing it via the Internet.  That would be nice though

Thanks for the help, guys.  If you can think of anything else that would be helpful I for my deployment I still have about 20 horus until I'm on-site again.

0 Helpful

rbordner
Cisco Employee
Cisco Employee
In response to Philip Denton

‎08-09-2012 02:15 PM

Phil,

One update on using 192.168.0.x network on any UC320W interfaces.  I opened a defect on our documentation to highlight this point.  Defect id CSCub54377.

Thanks, Randy

0 Helpful

Philip Denton
Level 1
Level 1
In response to rbordner

‎08-09-2012 09:36 PM

Great, thanks!

Also, I've been reading through the documentation for the DSL router my client has on-site and the configuration options are pretty limited when it comes to DMZ functionality.  Looks like I'll have to get pretty creative to get their SMTP relay working...

0 Helpful

Philip Denton
Level 1
Level 1
In response to Christopher Edgeworth

‎08-09-2012 10:52 PM

Chris,

After some more thought I think the correct way to set this up would be to configure the Westell as a "dumb modem" to simply convert DSL to Ethernet and then use the UC320 to route both data and voice and proceed with the Greenfield Install steps.

In that case I should be able to factory reset the switch and then just reconfigure the UC320 to route both voice and data.  Word on the street is the 200-series switch works "out of box" with the UC320 so I won't have to make any changes there other than the firmware upgrade.

I feel like this process will go much faster if I can just follow the Cisco Install Guides and documented solutions rather than having to beat my head on the wall figuring out how to make this Westell play nice with the Cisco gear...

Your thoughts?

0 Helpful

Christopher Edgeworth
Level 6
Level 6
In response to Philip Denton

‎08-10-2012 07:23 AM

Phil,

Yes, the 'UC320W routes voice and data' certainly much more easy to install and maintain.  We have a large number of installs doing it this way.

Cheers,

Chris

0 Helpful

rbordner
Cisco Employee
Cisco Employee
In response to Philip Denton

‎08-10-2012 07:27 AM

Phil,

Attached is a ppt slide show showing configuration steps when manually configuring a switch with UC320W.  The switch in the example was a SFE2000P.  You can use this to help with your installation if needed.

Thanks,

Randy

133119-UC320_SFE2000P_Training-v2.ppsx

Philip Denton
Level 1
Level 1
In response to rbordner

‎08-10-2012 08:19 AM

Thanks Randy!  Looking forward to knocking this out as soon as the firmware upgrade is complete.

0 Helpful
Customers Also Viewed These Support Documents