Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 6
Registered: ‎04-19-2012

Voice Vlan not woking through Firewall (Cyber Roam) - ICX 6450 & ICX 6430 stack

hi All,

Im new here in this forum and also not an expert on Brocade switches and router. I need assitance if any expect can help me out here troubleshoot with me and assit me resolving this issue.

I have this client setup with 6x ICX 6430 in stack with a ICX 6450 router acting as a Core. The setup has both Data (Vlan-1 ) and Voice (Vlan-2) working fine on my initial setup with much assistance till this weekend when client introduced a Firewall in their network.

 

I had both Vlan (Vlan 1 & 2 ) with different IP scope working fine off from the client dhcp server. with all the client network devices patched and run on the 6450 as the core and the user both data and voice on vlans running on the 6x 6430 stack.

 

Data IP scope is 192.168.1.0/24. Voice IP scope is: 10.10.1.0/24

 

They introduced the Firewall device(Cyber-roam) which now sitting between their Cisco router(gateway) and the 6450 and now only the Data Vlan-1 is working and the Voice Vlan is not working meaning;
I can ping the PBX/VoIP server 10.10.1.2 inside the dhcp server, but the IP phones cannot find their path to the PBX ftp for the phone configuration & profile and back to the dhcp server to resolve their IP from its scope.

 

I have not done any configuration on the dhcp scopes or the Router ICX 6450 since the issue occur.

 

My original configuration is show below. Do i need to re-configure and adjust most of the configuration or just add a configuration to resolve my issue.

 

Please Help :smileyhappy:

 

 

My Configuration on the ICX6450 below: ( I can show my stacks config if you want me to.)

router-1#show run
Current configuration:
!
ver 08.0.01aT313
!
stack unit 1
module 1 icx6450-24-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
!
global-stp
!
!
lag "rtstack-1" dynamic id 1
ports ethernet 1/1/1 ethernet 1/1/10 ethernet 1/1/20
primary-port 1/1/1
deploy
port-name stack-1-e1/1/1 ethernet 1/1/1
port-name stack-1-e2/1/1 ethernet 1/1/10
port-name stack-1-e3/1/1 ethernet 1/1/20
!
lag "rtstack-2" dynamic id 2
ports ethernet 1/1/2 ethernet 1/1/11 ethernet 1/1/21
primary-port 1/1/2
deploy
port-name stack-2-e1/1/1 ethernet 1/1/2
port-name stack-2-e2/1/1 ethernet 1/1/11
port-name stack-2-e3/1/1 ethernet 1/1/21
!
!
vlan 1 by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/6 ethe 1/1/10 to 1/1/11 ethe
1/1/14 ethe 1/1/20 to 1/1/21
untagged ethe 1/1/3 to 1/1/5 ethe 1/1/7 to 1/1/9 ethe 1/1/12 to
1/1/13
router-interface ve 1
spanning-tree 802-1w
webauth
enable
!
vlan 2 by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/6 ethe 1/1/10 to 1/1/11 ethe
1/1/14 ethe 1/1/20 to 1/1/21
untagged ethe 1/1/15 to 1/1/19 ethe 1/1/22 to 1/1/24
router-interface ve 2
spanning-tree 802-1w
!
vlan 10 name test by port
!
vlan 1024 name DEFAULT-VLAN by port
spanning-tree 802-1w
!
!
!
!
boot sys fl pri
default-vlan-id 1024
enable password-display
enable super-user-password 8 $1$.hYN6jEo$XtczlZ/nh/3Yc6qg0hKCy.
hostname router-1
ip dhcp-client disable
no ip dhcp-client auto-update enable
ip dhcp-server server-identifier 10.10.1.1
!
ip dhcp-server pool vlan-data
dhcp-default-router 192.168.1.254
dns-server 192.168.1.1
domain-name datavlan.local
excluded-address 192.168.1.1 192.168.1.50
excluded-address 192.168.1.200 192.168.1.254
lease 0 0 5
network 192.168.1.0 255.255.255.0
deploy
!
!
ip dhcp-server pool vlan-voice
dns-server 10.10.1.1
domain-name voicevlan.local
excluded-address 10.10.1.1 10.10.1.50
excluded-address 10.10.1.200 10.10.1.254
lease 0 0 5
network 10.10.1.0 255.255.255.0
deploy
!
ip default-network 192.168.1.0/24
ip dns server-address 192.168.1.2
ip route 0.0.0.0/0 192.168.1.1
!
cdp run
fdp run
snmp-server community 2 $U2kyXj1k ro 88
snmp-server community 2 $aCIzaWswXXFVOQ== rw 89
snmp-server contact rgodfrey@CONXIONS.COM.PG
snmp-server location ConXions
!
!
hitless-failover enable
!
!
!
!
!
!
!
interface ethernet 1/1/1
port-name stack-1-e1/1/1
!
interface ethernet 1/1/2
port-name stack-2-e1/1/1
!
interface ethernet 1/1/3
port-name Router-Cisco
!
interface ethernet 1/1/4
port-name Server-Domain
!
interface ethernet 1/1/5
port-name Server-Exchange
!
interface ethernet 1/1/6
port-name Firewall-Barracuda
!
interface ethernet 1/1/7
port-name Wireless-1
!
interface ethernet 1/1/8
port-name Wireless-2
!
interface ethernet 1/1/9
port-name Server-Printer
!
interface ethernet 1/1/14
port-name Server-VoIP
dual-mode 2
!
interface ethernet 1/2/2
speed-duplex 1000-full-master
!
interface ethernet 1/2/4
speed-duplex 1000-full-master
!
interface ve 1
!
interface ve 2
!
!
!
access-list 88 permit any
!
access-list 89 permit any
!
!
!
lldp run
!
!
!
!
end
router-1#

 

Occasional Contributor
Posts: 15
Registered: ‎06-27-2014

Re: Voice Vlan not woking through Firewall (Cyber Roam) - ICX 6450 & ICX 6430 stack

[ Edited ]

Hello,

 

I had similar problems with IP Phones. They were not able to connect to the "Call Server" or IP EPABX Server to receive the settings. The IP Phones in my case was Avaya.

 

It turned out that there were two issues: -

 

1. DHCP relay by Brocade Switches, over LACP.

2. Certain parameters to be passed by DHCP Server in DHCP Offer Packets.

 

In the first issue, when access switches are running in LACP  across multiple core switches, then there is some issue with DHCP. Data packets pass properly, but Voice Packets don't. After doing Wireshark, we figured out that from the DORA process, the "A" part was not doing it's work.

 

After we upgraded the switch firmware to 08030b (which is the latest), that part got resolved. So, I would suggest you to do that.

 

As for the second part, since it was Avaya phones, we configured the DHCP Server to pass parameters called "Option 242" which included information on Call Server IP, etc. Doing that resolved the issue.

 

Since you have not mentioned which phones you have, I guess there could be a little difference in the configuration as per the particular brand. You will need to check with them.

 

Let me know, if those steps work or not. I really didn't read much of your configuration though.

 

 

Regards.

 

New Contributor
Posts: 2
Registered: ‎08-20-2015

Re: Voice Vlan not woking through Firewall (Cyber Roam) - ICX 6450 & ICX 6430 stack

I am new with Brocade switches but it is my understanding that you need to use "dual-mode" configuration per port to allow different VLANs running in the same port.This is to allow tagged and untagged traffic without making the port a trunk port.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook