Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Polycomm IP670 - VOIP VLAN - I can ping the phone from data VLAN - no router between 2 VLANs

Posted on 2012-03-16
Medium Priority
Last Modified: 2012-03-28
This might be a challenge


I have a PC and phone on 1 cable - 2 vlans


PC connected to Phone. - 1 cable back to cisco switches 2960's layer2

users were stealing phones from meeting rooms :)
So I thought I would put a IP monitor on the phones from my PC?
There is no route between the 2 VLANS - So how was I to do this.?

As a rough chance i thought id put a secondary IP on the PC interface I use. This secondary IP being on the same subnet as the Phone VLAN. - to my surprise it worked - I can ping the phones - any phone not just my own.

I had a very experienced Cisco engineer (who setup network) - in - he looked at what id done and couldnt explain how I was able to ping the phones with what I had done - 2 vlans - no route between them. - Im hoping someone here will know the polycom ip670 phones and will explain that they somehow route or bridge the 2 vlans - or other explanation - anyone thanks
Question by:philb19
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 37729307
when I do a tracert to the phone IP from the PC - it goes straight there - no hop
LVL 11

Accepted Solution

jfaubiontx earned 2000 total points
ID: 37729418
The Polycom defaults to vlan 1. How are you setting the Polycom configuration? If you're using ftp or tftp make sure the phone hasn't saved a file of overrides. The Polycom will write this file to keep settings that have been changed manually in the phone. When the phone reboots this file is written to the config server. This file is reread after the config file. Two ways to defeat this. Either don't allow the config server to save the file or manually delete the file after it is written but before the phone can request it.
Another scenario we have seen, though not with the Polycom phones, we had some that had a bug in the firmware that did not allow the vlan to be changed. No matter that the phones said, they only responded on vlan 1. For that job we moved the data to vlan 5 and left the phones on the default vlAn.

Author Comment

ID: 37729517
thanks but i dont quite follow. the examples vlan id's i gave are just examples - here is the true vlans

vlan 101 - voice
then vlans for data are by floor

ie floor3 - vlan103

So what does the default vlan1 of the polycom have to do with the pc being able to ping the phones in my scenario?
sorry if ive mis-understood
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Expert Comment

ID: 37730835
If I understand you correctly, it looks like the interface your PC is connecting to is a layer 3 interface (it has two IP addresses)... Correct?

Author Comment

ID: 37731740
Hi BDC_Net - the PC does have 2 address's - yes both static. - 1 on the data VLAN subnet
1 (the secondary) in the same subnet range as the phones - but in theory this shouldnt  mean the pc can ping the phones - due to the VLANs not having a router between them - that we know of that routes between the 2 - you want to segment these vlans for qos of voice - id think in any case - bit of a worry

Expert Comment

ID: 37758121
In a normal situation where you have a person like a receptionist who needs to access the phone system for her console, you have these options:

1) A network card with VLAN capability. You could then issue a VLAN 101 ip address and VLAN 103 address the the computer and it would be able to access both.

2) Two network cards, physically connected to separate VLANs.

3) ip routing setup on your switch or router.

Since you're saying you have an aliased IP on your computer, and it likely is on VLAN 101. I would think that your phones aren't really on a separate VLAN from computers, and they are just numbered differently. I'm betting on that.

Author Comment

ID: 37759908
hi mikedaddy - i have it answered from another q's  - here is the explanation - it doesnt need to route between vlans as the trunk ports tag the frames - and the pc interface is vlan aware

Brilliant - thanks everyone for answers. glitjr nailed it. - some further explanation below:
Beyond its intended purpose of configuring trunk links between switches, ISL is often used in other ways. For example, it is possible to purchase network interface cards that support ISL. If a server were configured with an ISL-capable network card, it could be connected to an ISL port on a switch. This would allow a server to be made part of multiple VLANs simultaneously, the benefit being that hosts from different broadcast domains could then access the server without the need for their packets to be routed. While this may seem like a perfect solution, you need to remember than the server would now see all traffic from these VLANs, which could negatively impact performance.

A more common alternative use for ISL is to connect a Cisco router to a switch in order to facilitate the routing of traffic between VLANs. For example, if you wanted to route traffic between VLANs 1 and 99 in a non-ISL environment with one switch, you would need to connect the router to both a port on VLAN 1 and a port on VLAN 99, as shown below.

Author Comment

ID: 37759914
and here - is the accepted answer
route print from pc - said on-link

"On-link means that the IP addresses within that subnet are on the same subnet as this computer.  So it does not need to go through a router.

This indicates to me that VLAN tag'ing is enabled.  The computer has an IP address on both VLAN's so it can talk to the phones without going through a router."

Author Closing Comment

ID: 37775317

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question