1

Inherited a system that has likely not been properly maintained for about 10 years. Add to this that the firewall had to be replaced because the original one was not accessible because the former admin forgot the credentials.

Then the ancient Windows 2003 DHCP server was decommissioned because the RAID kept failing and the device is so old that it appeared safest to decommission it and put a newer device in its place.

As the new IT admin, I am still in the process of discovery of all the pieces and how they fit together. I believe I have all the devices identified at this point and have access to all devices that are relevant to my problem.

Device list:

  • Mitel 5220 IP POE phones
  • switch room:
    • 2 Dell PowerConnect 3448P POE switches
  • server room:
    • 1 Dell PowerConnect 2748 switch unmanaged mode
    • Sonicwall TZ215
    • Mitel 3300 DHCP server

The default VLAN subnet is 10.1.30.0/24. Vlan 40 for IP phones subnet is 10.1.20.0/24.

The Mitel 3300 is running DHCP (10.1.20.0/24) as is the Sonicwall (10.1.30.0/24).

The 3448Ps are reachable on 10.1.30.5 and 10.1.30.6 for administration.

The Sonicwall is connected to the Dell PowerConnect 2748 switch, which is connected to port 1 of the 10.1.30.5 3448P. Mitel 3300 is connected to port 1 of 10.1.30.6 3448P.

On the 3448Ps, ports VLAN membership is set up as follows:

  • port 1 on 10.1.30.5 3448P is default VLAN only, untagged (2748 switch, unmanaged connected).
  • port 2 on 10.1.30.5 3448P is VLAN 40 only, untagged (nothing connected).
  • all other ports are untagged for default vlan and tagged for vlan 40, trunked

The old Windows 2003 DHCP server had a DHCP option set up as follows:

  • 001 Mitel Vendor Class
  • Default User Class
  • id:ipphone.mitel.com;sw_tftp=10.1.20.2,call_srv=10.1.20.2;vlan=40

I don't know how to replicate that on the Sonicwall DHCP server - and I not sure that matters as the phones are not having any issues. They obtain their DHCP info quickly and without fail (unless I disconnect the Mitel 3300, obviously).

Even if I connect a Mitel phone to the 2748 (via POE) injector and disconnect the 3448P switches and the rest of the network and connect the TZ215 and Mitel 3300 directly to the 2748, the phones are OK. Even tried with an unmanaged Netgear switch in place of the 2748 and the phones are OK with the 2 DHCP servers - they always get a 10.1.20.x IP without a problem.

The issue is that the default VLAN devices, i.e. anything but the Mitel phones, are getting 10.1.20.x IP addresses from the Mitel 3300. Not all the time, but often enough for it to be a problem. Or they fail to get an address from either DHCP server.

It appears that if I restart the "dumb" switch in between the SonicWall TZ 215 and the 3448Ps, things work well for a while. Less than an hour, then it gets progressively worse.

What is the right approach here? Is this a VLAN issue? Is there any way to tell the Mitel to not respond to requests from things that don't have the Mitel MAC prefix?

Should the phones be getting a 10.1.30.x IP and then be redirected to the Mitel?

Should I be running 10.1.20.0/24 from the SonicWall?

Obviously, I am in great need of pointers...

Thanks to anyone willing to assist.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
zentech
  • 45
  • 1
  • 5
  • Most voice solutions do have a mechanism for only responding to their own MAC addresses, either by firewall filter or just a DHCP server configuration. It sounds like your two VLANs are bridged together somewhere, though. – SpacemanSpiff Jan 22 '13 at 04:23
  • The ideal situation would be to be able to plug a computer into the phone's "switch" port and it get the default VLAN address. Primary concern is where to look for further troubleshooting... The mitel device? The firewall? The switches? – zentech Jan 22 '13 at 05:30
  • Shouldn't the Mitel be plugged into a VLAN40 untagged port, only? – SpacemanSpiff Jan 22 '13 at 05:33
  • tried that and the phones stopped working... I have to try it again to confirm. – zentech Jan 22 '13 at 10:33
  • Then the phones are not properly discovering the voice VLAN. You need to make sure both LLDP and LLDP-MED are running on the Dell PoE switches. The phones should be using that to know they need to send tagged traffic. If not, the phone may need to be set to use VLAN40 forced. Are you connecting PC's on the other end of the phone too? – SpacemanSpiff Jan 22 '13 at 14:25

2 Answers2

1

The switches you're connecting the phones to do not support voice VLAN discovery.

Therefore, the phones are booting up and after not receiving the voice VLAN tag from the switch rebooting again and sending untagged traffic. This is why things work when your Mitel PBX is connected to an untagged port.

So:

1) Your phone port configurations are fine, you'll have to tell the phone manually to use tag 40.

2) Your Mitel switch MUST be on an untagged VLAN40 port.

EDIT: Optionally... if you're not daisy chaining PC's off these phones, why not just set all the phones and the PBX to untagged VLAN40 ports?

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
  • In a perfect world, we would be connecting computers to the back of the phones. I had to act fast as production hit this morning so I was up at 4am and physically segregated the two networks. Now phones have their own switches (the Dells) and computers have their own (unmanaged Netgears for now). As soon as I have an opportunity to take the whole shebang down again I will test this out (this weekend hopefully). – zentech Jan 22 '13 at 16:46
  • So, if I understand correctly, each phone has to be manually programmed to use VLAN tag 40? Is there a way to do this in bulk? Perhaps through the Mitel 3300 interface? – zentech Jan 22 '13 at 16:49
  • You might be able to, but if you can dedicate switches to them, why bother? – SpacemanSpiff Jan 22 '13 at 16:50
  • point there - I would like to solve the original problem if for no other reason. or at least know where the original problem was rooted. however, it may be most cost effective to focus my efforts into a network upgrade instead as all these devices are ancient and 100 base-t. – zentech Jan 22 '13 at 19:30
  • I guess what would be useful is a way to verify the Mitel phones' configuration. Anyone know how to do this? I guess I could try Mitel forums... – zentech Jan 22 '13 at 20:40
0

Yes you can set the mitel to ignore all requets except from phones. In the DHCP scope set Client's class ID must match name: TRUE Set the name of the scope to: ipphone.mitel.com

Kevin
  • 1