Hello everyone,
I want to thank everyone in advance for their help. We recently had Allworx VOIP phones installed in our facility. We were on one subnet before but after the VOIP install the installer put us on a few VLANs but I am sure it is not configured correctly. Some computers can use the Call Assistant software while others cannot. Some can ping certain devices and others cannot. So here is
the setup. As close to what I have now as possible.
I am using the Packet Tracer from Cisco to learn as much as possible but the items in that program are all cisco, of course. What I am having issues with is being able to ping the switches (are the 1638P switches or are they classified as routers?) Anyway, I can ping across the switches from one side to the other. BTW, this is one office, we expanded our billing office to an adjacent area. They are the switch on the right. I can ping 192.168.5.250 which is the main switch in our server room. But I cannot ping the 192.168.5.250 switch which is the switch I have to pass through to ping the 192.168.5.251 switch. I get the "Destination unreachable" when I ping. The other item that troubles me is why the Allworx installer put his Allworx box on a separate VLAN? He put t on VLAN 170 while all the phones are on VLAN 150. So the first issue is how do I setup the 192.168.5.251 switch to be able to ping it? Later on after I get to know a lot more about how to configure vlans I would like to segment out our different groups here. Billing, medical staff, spa staff, wireless users (they are already walled off from the guest network). I want to do this for security sake. I have a road to hoe here so if anyone is interested in helping me just let me know what more info you need and I will supply it. Thanks again for your help.
--Brian
My apologies all,
Have been extremely busy and yes, this issue was taken care of after submitting a ticket with Windstream Phone support. They put in a data IP address that I used to forward on to the phone network. We used that as the default gateway address instead of one of the Adtran switch/router that was the original default gateway. Once we did that all was fine after a reboot of the Allworx box. Thanks again everyone for your input. I appreciated all who gave their input.
--Brian
It sounds like the 192.168.5.251 was added and not all the routing is defined in that switch. The 1638 P switch is a layer 3 switch which is routing too. It sounds like your missing a static route. Not sure what IP your pinging from but guessing it is in the 192.168.5.0 subnet. would need to see the configurations on the 1638 switches to see what is really going on As far st the Allworx router I don't see how that is even working unless they sub netted the 172.16.5.0. network into two different networks.
feats123,
Thanks for your reply. I have taken some screenshots and hope this is helpful.
First few are running config from the main switch the 192.168.5.250 that has ip routing turned on with connected routes shown below:
As you can see our default gateway is 192.168.5.254 which is a Meraki MX80 appliance. The Addressing is shown below, (maybe I need to setup VLANs on the Meraki to match VLANs on the switches?)
Running Config File for the main Adtran switch of 192.168.5.250 shown below:
The strange thing is from a computer (my network is all on a 192.168.5.0/24 network while all VOIP is on the 172.16.5.0/24 network) (Also, my mistake in my original post was that the AllWorx VOIP box is on a seperate VLAN was not true, All VOIP appliances are on the 150 VLAN). The strange thing is I can ping both switches at 192.168.5.250 and 251 and the gateway at 254, of course and ping 172.16.5.250, 251 and the Allworx box at 172.16.5.254 successfully but another computer attached to the same switch a few ports over on the switch with exact same configuration can only ping the switch they are NOT connected to (192.168.5.251) nor can it ping the Allworx box at 172.16.5.254. It can however ping both switches using the 172.16.5.250 and 251 addresses.
Another oddity I think is ping 192.168.5.254, the default gateway from any computer connected to the 192.168.5.250 switch is the below:
Hopefully from this info you can begin to figure out a good direction to head. Let me know any other info that may be of use to you. Thanks again.
--Brian
Brian Did you look at the Default Gateways of the PCs? The GW should be set to the main 1638P Adtran that is connected to the Firewall which should be 192.168.5.250 and not to the 192.168.5.254. Also your GIG 0/47 IAD Uplink is running at half Duplex and not Full causing errors. Cant tell to what device that is hook to.
feats123,
This is what I did this morning. I put the .250 appliance as the default gateway instead of the Meraki Firewall (also is the DHCP server). When I did that and put a few hosts using that .250 as the default gateway (dg) I could not get out to the internet. I was able to use the .250 address for the dg for the other switch (the .251 switch). But I still had to leave the dg for the hosts as the 254 Meraki otherwise I could not get out to the internet.
The appliance hooked to the 47 port is an Adtran 908e appliance that only does 10/100. For some reason the GUI does not show any errors unlike the CLI interface does. I would prolly put more trust in the CLI interface result than the GUI though. I'll look into that more if we start having dropped calls but thus far the calls have been excellent in quality. No known dropped called either, some cell phones have dropped but that is not unusual for around NW Arkansas area.
I have put in the IP helper address for the phones on VLAN 150 to get to the Meraki static LAN route quicker and it seems to have helped as the phones boot up very quickly now. I am just absolutely baffled as to why some computers can ping the Allworx box on 172.16.5.254 and others cannot. Same network config, same switch (.250) but different ping results, different tracert results. I flushed the arp cache on all those hosts and cleared the DNS cache. On many machines I can ping the switch that it is not directly connected to but not the one that it is connected to. Some will ping the all the addresses (like my old computer before I just moved offices) it will ping everything and the switches can ping it. Hmmm... just now thought of something... the common denominator seems to be 64 bit computers are the ones that are having issues. All my 32 bit computers are fine. Yup... that has to be it. But now what is the fix? I'll investigate this more tomorrow morning when I go back into work. I just tried this remotely on another 32 bit desktop connected to .250 and I can ping everything. Unbelievable. I have about 6 32bit desktops most are fax servers, datamining server, our DC is 32 bit, 2 of the billing computers are 32 bit, etc and those all work just fine. (the billing computers cannot ping 192.168.5.251, the switch they are attached to but they can ping everything else, the 172.16.5.250, 251 and 254 and the 192.168.5.250 and the dg at 254 of course. We have basically the exact same setup in Tulsa, OK that we just opened only they are 2 24 port Adtran switches/routers. They are all 64 bit computers that I built myself and they all work with no issue, I believe. I know many do but not sure if all do. And of course, the only computers I am concerned about are the ones attached to the 9204G Allworx gig phones.
I'll double check all of this tomorrow, I am feeling like I am coming down with the flu lately so I may be slowed down a little. Thanks for all your help. It is great to be able to bounce this stuff off someone who doesn't charge me $140/hr. lol.
Thanks again,
Edit: The DC is a 32 bit ws2k3 and it pings all just fine. No issue what so ever. It has the dg set at 192.168.5.250 and the that 250 switch has the dg set as .254 I will go in later today and try a few others like this. I am still befuddled by why some can ping that switch and some cannot.
My desktop that is on that switch is just fine also. But I do believe their may be 1 or two 32 bit machines that are not which would negate my theory. Again, I will go in later and verify my theory.
--Brian
Well I hope you don't get the Flu bug. Looking at you Adtran config on the route table why is there a static route to 172.16.5.0/24 next hop 172.16.5.254? Isn’t that router directly connected to the Voice VLAN 150 in the subnet 172.16.5.0/24 in the .250 router? In which case there would be no reason to have that static route. It might be causing some of your issues. The DG should be 192.168.5.250 is that what you put in on your PCs. Your route table in the .250 router shows that all unknown IP’s would be sent to 192.16.5.254 and it will be set to the Internet from your firewall.
If both of the pc's you have labeled as 192.168.5.41 and 192.168.5.40 are able to ping 192.168.5.250 and everything else connected to that switch it would sound like it is only tagging it as VLAN 150. Those PCs connected to the phones are ending up on the same VLAN once it hits the switch and traverses across the trunkports. It seems like you are missing a route from the switch on the left back to the switch on the right and that would explain why those PCs are unable to ping the 192.168.5.251 switch. If you can post the config for the switch on the right we may be able to help. One idea that you could try would be to plug those PC's directly into the switch and not into the extra port on the phone so they can be on the data VLAN.
Does Allworx recommend a dhcp option, or options, to be configured on your DHCP server and on the router (or L3 switches in your case)?
A DHCP option statement should eliminate the need for static routes, allow for centralized management of different voice and data networks, and let you keep the server on a different network than the PCs and phones.
The dhcp option command works like a pointer so that anything on VLAN 150 points to the VoIP server. Once the phones hit the VoIP server, the server tells the phones how and where to communicate. Ask your Allworx implementer for this information if it is required. This second section of this article may help: TFTP and DHCP - Phone System Tech Support
Assuming the DC is doing AD, DNS & DHCP, did someone enter the new network scopes for VLANs 160 and 170? Are they correct? Is there a Scope Option for the Allworx IP phones?
If the server has a scope option, try adding the scope to your switches. The server does not have to be on the same VLAN as the IP phones. That address needs to be entered in the option line below:
configure terminal
ip dhcp pool "VoIP"
network 172.16.5.0 255.255.255.0 [this is the dhcp range of your IP phones]
option 66 ascii MCIPADD=172.16.5.254,MCPORT=1719,HTTPSRVR=172.16.5.254 [this is the dhcp option and IP address of your VoIP server}
Thanks everyone,
I appreciate your input. I am slowed down as of late due to illness. I'll try and put some info up by Sunday as I hope to try your suggestions and see what happens while we have some down time at work that morning.
Work stays open 7 days a week and we are busy as can be so not a whole lot of convenient time to make changes especially when I am unsure half the time if it will make it better or worse. The Allworx installer is a joke. I thought I knew little to nothing... he has no business installing phones on networks. He told me that for a company our size he would never use a Domain Controller... really. (we have 50 employees, about 40 desktops, 15 laptops and 2 locations 100 miles apart) Anyway, I could go on about this guy but that is nether here nor there. It is what it is. We fall back to Windstream (IPSimple) support after 30 days from time of install so we have about two weeks left with the installers' company support... which is a joke. Also, I do not have access to the Allworx appliance, they changed their username and pswd before they left. I am supposed to get limited admin rights to it soon.
1. Take out the 172.16.5.254 static route off the adtran switches, Have the .251 DG be the .250 switch and then make the .250 switch DG be the .254 Meraki Firewall.
2. Set some hosts up (some on either side of each switch) and set their DG to .250
3. I'll plug a few hosts in direct (no phone in btw) to the switch on the .251 side and see if I can ping the .251 switch.
4. Ill post up my results and also post up the config of the .251 switch. I just don't feel up to it tonight.
FYI, for petertransitguy, the DC is doing AD and DNS but the Meraki MX80 is doing DHCP and using option 66 Text to point the phones to the Allworx appliance to get their cfg. The ip helper address points the phones to the Meraki and it seems to work rather well. The phones boot up quickly.
Let me know if there is anything else you may want me to try on Sunday morning. The next full down day we have will not be for quite a while.
Thanks again everyone,
--Brian
Will12,
I tried the setup like you suggested. Took the phone out of the setup and sure enough I can ping everything I need to ping. Soon as I put phone back in the equation back to not being able to ping the nearest switch. I also connected the .251 switch directly into the Meraki MX80 as it has 3-4 ports to plug in various pieces of hardware. It did not help as expected. It sounds to me like the frames are not being encapsulated. I am grasping at straws here. I'll post the config of the .251 switch here in a few mins in a seperate post.
feats123,
I took the static routes off both switches and there seems to be no effect either way so I left them out. I played with the .251 connection by plugging it directly into the Meraki MX80 and the port that plugs into the .251 is not on the trunk port. It works the same either way. It seems the 160 VLAN is getting over to the 150 VLAN before it gets to the first switch. That switch sees it as a 192 address and "pushes" it back over to the 192 network but not before it can ping it. (I know my knowledge here at the base level is god awful... just putting out there my thoughts.)
I am thinking the VLANs are not being "encapsulated"?? What are your thoughts? Do the VLANs need to be encapsulated?
I'll post config of .251 here in a little while.
--Brian
If you have more than one ethernet jack where you have your phones located at I would suggest you plug your PC into it. I say this because it does not seem that those phones are able to tag the second port with your data VLAN. It looks like it is just a regular switch port so if you plug your PC into your phone they will end up on the same VLAN as your telephones. If you don't mind that happening then you can keep it that way but if it were me I would not want data traffic on the same VLAN as your voice traffic.
I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi
My apologies all,
Have been extremely busy and yes, this issue was taken care of after submitting a ticket with Windstream Phone support. They put in a data IP address that I used to forward on to the phone network. We used that as the default gateway address instead of one of the Adtran switch/router that was the original default gateway. Once we did that all was fine after a reboot of the Allworx box. Thanks again everyone for your input. I appreciated all who gave their input.
--Brian