cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1269
Views
5
Helpful
6
Replies

Trying to fix incorrect initial setup by different vendor

Mark O'Connors
Level 1
Level 1

I have a cisco UC520 with the data vlan1 at the default 192.168.10.1. The original vendor connected to their network via the WAN(FastEthernet0/0) port getting dhcp from the windows server. Their phone service is a sip service connected at FastEthernet0/1/2 on a seperate vlan200. I am trying to correct it so that it connects to the network via expansion port(FastEthernet0/1/8) with a  static ip of 10.0.0.201 255.255.255.0 on the data vlan1. When I change it, I lose phone service. I am assuming i am missing something in the access list. Below is the config minus most of the phone info and any other info you don't need to see. Any help would be great.

!

version 15.1

parser config cache interface

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

service internal

service compress-config

service sequence-numbers

!

hostname UC520

!

boot-start-marker

boot system flash uc500-advipservicesk9-mz.151-2.T2

boot-end-marker

!

!

logging buffered 300000

no logging console

no logging monitor

!

no aaa new-model

!

clock timezone GMT -8 0

clock summer-time GMT recurring

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1533260434

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1533260434

revocation-check none

!

!

dot11 syslog

ip source-route

ip cef

!

!

ip dhcp relay information trust-all

ip dhcp excluded-address 10.1.1.1 10.1.1.10

ip dhcp excluded-address 192.168.10.1 192.168.10.10

!

ip dhcp pool phone

   network 10.1.1.0 255.255.255.0

   default-router 10.1.1.1

   option 150 ip 10.1.1.1

!

ip dhcp pool data

   import all

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

   dns-server 63.203.35.55

!

!

!

no ip domain lookup

ip name-server 63.203.35.55

ip inspect WAAS flush-timeout 10

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW vdolive

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW udp

no ipv6 cef

!

multilink bundle-name authenticated

!

stcapp ccm-group 1

stcapp

!

stcapp feature access-code

!

!

!

!

!

!

voice call send-alert

voice rtp send-recv

!

voice service voip

allow-connections h323 to h323

allow-connections h323 to sip

allow-connections sip to h323

allow-connections sip to sip

no supplementary-service h450.2

no supplementary-service h450.3

supplementary-service h450.12

no supplementary-service sip moved-temporarily

no supplementary-service sip refer

sip

  bind control source-interface Vlan200

  bind media source-interface Vlan200

  no update-callerid

!

voice class codec 1

codec preference 1 g711ulaw

codec preference 2 g729r8

!

!

ip tftp source-interface Vlan1

!

!

!

!

!

!

!

interface Loopback0

description $FW_INSIDE$

ip address 10.1.10.2 255.255.255.252

ip access-group 101 in

ip nat inside

ip virtual-reassembly in

!

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip access-group 104 in

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex auto

speed auto

!

interface Integrated-Service-Engine0/0

ip unnumbered Loopback0

ip nat inside

ip virtual-reassembly in

service-module ip address 10.1.10.1 255.255.255.252

service-module ip default-gateway 10.1.10.2

!

interface FastEthernet0/1/0

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/1

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/2

switchport access vlan 200

macro description cisco-phone

!

interface FastEthernet0/1/3

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/4

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/5

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/6

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/7

switchport voice vlan 100

macro description cisco-phone

!

interface FastEthernet0/1/8

switchport mode trunk

macro description cisco-switch

!

interface Vlan1

description $FW_INSIDE$

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan100

description $FW_INSIDE$

ip address 10.1.1.1 255.255.255.0

!

interface Vlan200

ip address x.x.x.x 255.255.255.248

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http path flash:/gui

ip nat inside source list 1 interface FastEthernet0/0 overload

ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0

ip route 192.169.1.110 255.255.255.255 192.168.1.10

!

logging esm config

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.1.1.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 10.1.10.0 0.0.0.3

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny   ip 192.168.10.0 0.0.0.255 any

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 deny   ip 192.168.10.0 0.0.0.255 any

access-list 101 deny   ip 10.1.1.0 0.0.0.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 deny   ip 10.1.10.0 0.0.0.3 any

access-list 102 deny   ip 10.1.1.0 0.0.0.255 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip any any

access-list 103 remark auto generated by SDM firewall configuration

access-list 103 remark SDM_ACL Category=1

access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 deny   ip 192.168.10.0 0.0.0.255 any

access-list 103 deny   ip host 255.255.255.255 any

access-list 103 deny   ip 127.0.0.0 0.255.255.255 any

access-list 103 permit ip any any

access-list 104 permit ip any any

access-list 104 remark auto generated by SDM firewall configuration

access-list 104 remark SDM_ACL Category=1

access-list 104 deny   ip 10.1.10.0 0.0.0.3 any

access-list 104 deny   ip 192.168.10.0 0.0.0.255 any

access-list 104 deny   ip 10.1.1.0 0.0.0.255 any

access-list 104 permit udp any eq bootps any eq bootpc

access-list 104 permit icmp any any echo-reply

access-list 104 permit icmp any any time-exceeded

access-list 104 permit icmp any any unreachable

access-list 104 deny   ip 10.0.0.0 0.255.255.255 any

access-list 104 deny   ip 172.16.0.0 0.15.255.255 any

access-list 104 deny   ip 192.168.0.0 0.0.255.255 any

access-list 104 deny   ip 127.0.0.0 0.255.255.255 any

access-list 104 deny   ip host 255.255.255.255 any

access-list 104 deny   ip any any

!

!

!

!

control-plane

!

!

sccp local Loopback0

sccp ccm 10.1.1.1 identifier 1 version 3.1

sccp

!

sccp ccm group 1

associate ccm 1 priority 1

!

!

!

!

telephony-service

video

no auto-reg-ephone

max-ephones 40

max-dn 160

ip source-address 10.1.1.1 port 2000

auto assign 1 to 1 type bri

calling-number initiator

service phone videoCapability 1

timeouts interdigit 3

system message SAGE

url services http://10.1.10.1/voiceview/common/login.do

url authentication http://10.1.10.1/voiceview/authentication/authenticate.do

time-zone 5

voicemail 399

max-conferences 8 gain -6

call-forward pattern .T

call-forward system redirecting-expanded

moh flash:VinceG-lowdb.au

multicast moh 239.10.16.16 port 2000

dn-webedit

time-webedit

transfer-system full-consult dss

transfer-pattern 9.T

transfer-pattern .T

secondary-dialtone 9

create cnf-files version-stamp 7960 Aug 22 2011 12:41:03

!

!

6 Replies 6

I wouldn't change the data vlan1 unless you are trying to match it with your internal computer network. Are you using the UC as your main router?  Please provide more information about your network topology and configuration so we can help you better.

-Renato

Yes I am trying to match the data vlan to their existing network. I am not going to use the UC as the main router. I want to setup the uc on ip 10.0.0.201 255.255.255.0.

Just make sure you use CCA to change the smartports to the correct setting (IPPhone/Desktop) on fe0-7.  Make sure you delete the DHCP scope for vlan1 as well. I'm not sure why you have vlan 200 for their SIP service. Usually SIP is configured to go through the WAN port. In CCA, Configure->Telephony->Ports and Trunks->SIP Trunk. I don't know how it would any other way unless there are some custom config via CLI.

I was told that this setup is not CCA supported so I need cli help. Yes I believe they have custom cli and that is where most of these issues originated.

I guess it would help to know more information on the SIP provider to see if you can use CCA to configure it. It would also help to see the rest of your config.

David Trad
VIP Alumni
VIP Alumni

Hi Mark,

I believe the problem to be this " ip nat inside source list 1 interface FastEthernet0/0 overload"

Your UC is acting as a routing device, but in an unusual way, who ever set it up before might not have fully understood the UC and how it operates, or the best practice of configuration.

If you had a spare 2 hours I would have strongly suggested you blow the configuration away entirely and redo the whole thing using CCA telephony Wizard, it takes about <45 minutes to go through the wizard if you know all the info before hand you can even do it in about 20 minutes... You would then have a fully supported system, your life would be much..much...MUCH more easier and you wont have to worry about working with a CLI based system that might have a CCNA Data person configure it with without understanding the full implication of what they have done.

The 2 hours is to cover any upgrades you might do to the CME/CUE and also the tweaking that will need to be done after the system reloads from doing the configuration, to be on the safe side though I would allocate 4 hours to ensure you get the system back up to where it is now or in a better state.

Probably not the advise you wanted, but it is the most honest and up front one to give

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: