Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Voice VLAN question for 2610-24-PWR

SOLVED
Go to solution
MGaccess
Frequent Advisor

Voice VLAN question for 2610-24-PWR

Hi, I have the following setup:

VLAN 1 (data) 192.168.1.0
VLAN 2 (voice) 192.168.2.0
Firewall/Gateway: 192.168.1.245 (watchguard firewall) plugged in to switch port 21

The phones can successfully retrieve an IP address on the 2.0 network from the second DHCP server via the ip helper-address.

For some reason the phones can't reach the public internet. I don't know what I am doing wrong.

Full config attached. Thoughts? Thanks!
11 REPLIES
Shadow13
Respected Contributor

Re: Voice VLAN question for 2610-24-PWR

enable ip routing by issuing the command:
#ip routing

on the switch
cenk sasmaztin
Honored Contributor

Re: Voice VLAN question for 2610-24-PWR

enable ip routing on switch

and you must write static route command on your firewall (to switch )

ip route 192.168.0.0 255.255.0.0 192.168.1.253
cenk

MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

I issued the "ip routing" command as you suggested but still didn't resolve the issue (although I'm sure we are one step closer)

Cent, I'm not great with firewalls and routing so please forgive my ignorance. Are you saying this route....

ip route 192.168.0.0 255.255.0.0 192.168.1.253

...needs to be on the firewall and NOT the switch? Could you explain?

Also, is port 21 (gateway) tagged appropriately? Thank you!!!
MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Sorry Cenk, I did a typo on your name above.
cenk sasmaztin
Honored Contributor
Solution

Re: Voice VLAN question for 2610-24-PWR

hi

fristly
ip routing command on switch for routing between vlan's and routing between firewall to switch or switch to firewall

if you want ip helper command and internet connection vlan user be required ip routing command.

secondly
you must be use static routing switch to firewall and firewall to switch

you write already static route command on switch but you don't write static route command on your firewall

running for static routing two router learn destination network address for manually with static routing command
you have two router frist router your switch and second router your firewall

therefore you must be write ip routing command on firewall (to switch )
cenk

MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Thanks Cenk. I will try to find where to add the route to the firewall. It is just a small 30 users x20e. The only area in the web console that looks similar is this (see attached). I will try it tomorrow.
MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Cenk, sorry for the delay. As you suggested, I added a route to the trusted interface on the firewall (see attached), but the devices on the 192.168.2.0 network still cannot access the internet, but I believe it is DNS related.

If I put a PC on the ..2.0 network with the following static IP config, I can ping an external IP such as 69.63.187.19 (facebook), but can't resolve it by name.

IP address = 192.168.2.x
Mask = 255.255.255.0
Gateway = 192.168.1.254
DNS Server = 192.168.2.245

The DNS/DHCP server has two NICs. One NIC services the 1.0 requests (port 19 on switch), and the other services the 2.0 net requests (port 22 on switch)

What am I doing wrong? Below is the switch config again:

------ %< ---------

hostname "2610-24-PWR"
interface 19
name "VM Network"
speed-duplex 100-full
exit
interface 21
name "Firewall-GW"
exit
interface 22
name "DHCP-Voice"
speed-duplex 100-full
exit
ip default-gateway 192.168.1.254
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "Default_Data"
untagged 1-21,25-28
ip address 192.168.1.253 255.255.255.0
no untagged 22-24
exit
vlan 2
name "Voice"
untagged 22-24
ip address 192.168.2.253 255.255.255.0
ip helper-address 192.168.2.245
tagged 1-21
voice
exit
ip route 0.0.0.0 0.0.0.0 192.168.1.254
power pre-std-detect
password manager
MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Anyone? Thanks
Shadow13
Respected Contributor

Re: Voice VLAN question for 2610-24-PWR

you can use only 1 nic to serve both vlans by adding a helper address under one them

for ex: the 1st vlan will be in the same subnet as the servers subnet and the other vlan will have an ip helper address under it pointing to the ip address of the server that is in the other vlan.

MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

First, the PC example I posted above is a bad example because the PC traffic was not being tagged for VLAN 2 like the voice traffic is. The phones still cannont access internet gateway.

@Shadow13, The strategy for the 2nd NIC was for handing IP addresses to the phones from a different scope/subnet. Can one NIC service both DHCP scopes?
raul zulueta
Occasional Visitor

Re: Voice VLAN question for 2610-24-PWR

I am a first time user of the 2610-24-pwr switch and I am experiencing similar issues. I have vlan 61 with ip address of 192.168.61.250 and the firewall has an ip address of 192.168.61.254. port 26 is connected to the firewall switch segment. I cannot ping the firewall. That means I also cannot get out to the internet. This switch will carru data vlan 61 and voice vlan 60 through the default route. Am I missing some line of configuraiton to make this work?