Solved

Polycomm IP670 - VOIP VLAN - I can ping the phone from data VLAN - no router between 2 VLANs

Posted on 2012-03-16
9
419 Views
Last Modified: 2012-03-28
This might be a challenge

Scenario:

I have a PC and phone on 1 cable - 2 vlans

vlan1-data
vlan2-voice

PC connected to Phone. - 1 cable back to cisco switches 2960's layer2

users were stealing phones from meeting rooms :)
So I thought I would put a IP monitor on the phones from my PC?
There is no route between the 2 VLANS - So how was I to do this.?

As a rough chance i thought id put a secondary IP on the PC interface I use. This secondary IP being on the same subnet as the Phone VLAN. - to my surprise it worked - I can ping the phones - any phone not just my own.

I had a very experienced Cisco engineer (who setup network) - in - he looked at what id done and couldnt explain how I was able to ping the phones with what I had done - 2 vlans - no route between them. - Im hoping someone here will know the polycom ip670 phones and will explain that they somehow route or bridge the 2 vlans - or other explanation - anyone thanks
0
Comment
Question by:philb19
9 Comments
 

Author Comment

by:philb19
ID: 37729307
when I do a tracert to the phone IP from the PC - it goes straight there - no hop
0
 
LVL 11

Accepted Solution

by:
jfaubiontx earned 500 total points
ID: 37729418
The Polycom defaults to vlan 1. How are you setting the Polycom configuration? If you're using ftp or tftp make sure the phone hasn't saved a file of overrides. The Polycom will write this file to keep settings that have been changed manually in the phone. When the phone reboots this file is written to the config server. This file is reread after the config file. Two ways to defeat this. Either don't allow the config server to save the file or manually delete the file after it is written but before the phone can request it.
Another scenario we have seen, though not with the Polycom phones, we had some that had a bug in the firmware that did not allow the vlan to be changed. No matter that the phones said, they only responded on vlan 1. For that job we moved the data to vlan 5 and left the phones on the default vlAn.
0
 

Author Comment

by:philb19
ID: 37729517
thanks but i dont quite follow. the examples vlan id's i gave are just examples - here is the true vlans

vlan 101 - voice
then vlans for data are by floor

ie floor3 - vlan103

So what does the default vlan1 of the polycom have to do with the pc being able to ping the phones in my scenario?
sorry if ive mis-understood
0
 
LVL 2

Expert Comment

by:BDC-Net
ID: 37730835
If I understand you correctly, it looks like the interface your PC is connecting to is a layer 3 interface (it has two IP addresses)... Correct?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:philb19
ID: 37731740
Hi BDC_Net - the PC does have 2 address's - yes both static. - 1 on the data VLAN subnet
1 (the secondary) in the same subnet range as the phones - but in theory this shouldnt  mean the pc can ping the phones - due to the VLANs not having a router between them - that we know of that routes between the 2 - you want to segment these vlans for qos of voice - id think in any case - bit of a worry
0
 
LVL 1

Expert Comment

by:mikedaddy
ID: 37758121
In a normal situation where you have a person like a receptionist who needs to access the phone system for her console, you have these options:

1) A network card with VLAN capability. You could then issue a VLAN 101 ip address and VLAN 103 address the the computer and it would be able to access both.

2) Two network cards, physically connected to separate VLANs.

3) ip routing setup on your switch or router.

Since you're saying you have an aliased IP on your computer, and it likely is on VLAN 101. I would think that your phones aren't really on a separate VLAN from computers, and they are just numbered differently. I'm betting on that.
0
 

Author Comment

by:philb19
ID: 37759908
hi mikedaddy - i have it answered from another q's  - here is the explanation - it doesnt need to route between vlans as the trunk ports tag the frames - and the pc interface is vlan aware

Brilliant - thanks everyone for answers. glitjr nailed it. - some further explanation below:
ISL
Beyond its intended purpose of configuring trunk links between switches, ISL is often used in other ways. For example, it is possible to purchase network interface cards that support ISL. If a server were configured with an ISL-capable network card, it could be connected to an ISL port on a switch. This would allow a server to be made part of multiple VLANs simultaneously, the benefit being that hosts from different broadcast domains could then access the server without the need for their packets to be routed. While this may seem like a perfect solution, you need to remember than the server would now see all traffic from these VLANs, which could negatively impact performance.

A more common alternative use for ISL is to connect a Cisco router to a switch in order to facilitate the routing of traffic between VLANs. For example, if you wanted to route traffic between VLANs 1 and 99 in a non-ISL environment with one switch, you would need to connect the router to both a port on VLAN 1 and a port on VLAN 99, as shown below.
0
 

Author Comment

by:philb19
ID: 37759914
and here - is the accepted answer
route print from pc - said on-link

"On-link means that the IP addresses within that subnet are on the same subnet as this computer.  So it does not need to go through a router.

This indicates to me that VLAN tag'ing is enabled.  The computer has an IP address on both VLAN's so it can talk to the phones without going through a router."
0
 

Author Closing Comment

by:philb19
ID: 37775317
ta
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now