Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1429
Views
5
Helpful
3
Replies

What is the best practice for using an SA520 in front of a UC540?

timsoto25
Level 1
Level 1

‎07-15-2011 11:46 AM - edited ‎03-21-2019 04:21 AM

I have a client with 2 locations.  One has an older UC520 system and they have now expanded and we are putting in a new UC540 at the new location.  I have a SA520 to go in front of the UC540.  I was going to connect the 2 systems but was looking for the best practice for doing such and could not locate any such documentation.  Maybe I am missing something somewhere.  Just looking for some answers as far as how to set them up(ie Internet to SA and SA to WAN on UC and then everything else behind the UC or should i only setup phones behind the UC or not go through the UC WAN port at all), and some discussion on multi site UC's.

Any help would be appreciated.

Thanks.

Labels:
0 Helpful
3 Replies 3

William Gucciard
Level 1
Level 1

‎07-16-2011 08:09 AM

When you go through the telephony setup wizard in CCA the instructions mention setting up your UC500 with a SA500. The recommended way to configure them is SA switch port to UC500 WAN according to the wizard documentation.

From what I can tell from working on these units in our demo lab the reason for this instruction is due to the UC500 Vlan1 (default data) not allowing you (via CCA) to turn off DHCP (I believe Cisco is changing this in their next CCA version). In this configuration you would then connect your switch to the UC500 and phones/PC's to the switch and everything should work.

Of course if your following the networking this means the SA unit is Firewalling you from the internet and the UC500 is firewalling you from the SA unit there by creating a DMZ. Any phones plugged into the SA unit switch ports won't connect to the UC500 and though PC's connected will be able to get to the internet, they won't be able to see the rest of your internal network. Fine for some deployments, however you also mention you want to connect your 2 sites. The configuration for this, though do-able, would be a nightmare in my opinion.

There are a couple of options that should work to get around this:

1) disable NAT and Firewall on Wan port of UC500 there by opening up the WAN port for all traffic. At this point you have to make a decision on DHCP...(staying with in CCA support requirements I would disable DHCP on the SA unit as you currently have to use the CLI to remove it from the UC500). Configure the SA with a static IP or reserve it in the DHCP config and you should have everyone on the same network. Connecting sites should be an easy VPN config from there.

2) Don't use the SA unit at all. The UC500 comes with firewall, NAT and intrusion prevention(addl purchase I think). Connect and configure your internet to the WAN port of the UC500. Connect switch to UC500 switch port, connect phones / computers to switch. Use VPN capability on UC500 to connect both offices.

3) Connect UC500 switch port to SA switch port. Again, DHCP would need to stay on the UC500 as in option 1. This puts everyone on the same network, however in my lab the smart ports and topology view seemed to get a bit confused with phones plugged into the SA. With no phones plugged in smart port wants to make this port a router port, with phone plugged in to the SA smart ports wants to make the port a phone/pc port. Phone and computers seemed to function fine with Phone/computer setting though topology view showed a dual connection to the phone.

One addl note: I haven't tried to use internet connectivity from the phone (such as spa525G2 weather or news feeds) on any of these configurations so I would test it before you deploy into a live enviornment to make sure it performs as designed.

Hope this helps.

Robert Prideaux
Level 1
Level 1

‎07-17-2011 04:56 PM

Read Steve's (excellent) TEL document LAB 6: SA500 in front of a UC500.

Based on CCA 2.2 but it is still relevant and it works... used it to successfully put 2 UC 560's behind SA520W's.

Only problem I had was not "trusting" the IP address of my modem... (cannot understand why, but unless I put that address in the "trusted" section of the Advanced Tab of the SIP Trunking setup on the UC box, no inbound calls.)

0 Helpful

William Gucciard
Level 1
Level 1

‎07-20-2011 09:33 AM

Here is the link to the TEL doc Robert is refering to: (I agree...an excellent reference doc

https://supportforums.cisco.com/docs/DOC-9767

Basically follows option1 from my original post but using static routes to avoid messing with DHCP.  Great step by step instructions.

0 Helpful
Customers Also Viewed These Support Documents