Switches, Hubs, and Modems
1748285 Members
3821 Online
108761 Solutions
New Discussion юеВ

Re: Voice VLAN question for 2610-24-PWR

 
SOLVED
Go to solution
MGaccess
Frequent Advisor

Voice VLAN question for 2610-24-PWR

Hi, I have the following setup:

VLAN 1 (data) 192.168.1.0
VLAN 2 (voice) 192.168.2.0
Firewall/Gateway: 192.168.1.245 (watchguard firewall) plugged in to switch port 21

The phones can successfully retrieve an IP address on the 2.0 network from the second DHCP server via the ip helper-address.

For some reason the phones can't reach the public internet. I don't know what I am doing wrong.

Full config attached. Thoughts? Thanks!
11 REPLIES 11
Shadow13
Respected Contributor

Re: Voice VLAN question for 2610-24-PWR

enable ip routing by issuing the command:
#ip routing

on the switch
cenk sasmaztin
Honored Contributor

Re: Voice VLAN question for 2610-24-PWR

enable ip routing on switch

and you must write static route command on your firewall (to switch )

ip route 192.168.0.0 255.255.0.0 192.168.1.253
cenk

MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

I issued the "ip routing" command as you suggested but still didn't resolve the issue (although I'm sure we are one step closer)

Cent, I'm not great with firewalls and routing so please forgive my ignorance. Are you saying this route....

ip route 192.168.0.0 255.255.0.0 192.168.1.253

...needs to be on the firewall and NOT the switch? Could you explain?

Also, is port 21 (gateway) tagged appropriately? Thank you!!!
MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Sorry Cenk, I did a typo on your name above.
cenk sasmaztin
Honored Contributor
Solution

Re: Voice VLAN question for 2610-24-PWR

hi

fristly
ip routing command on switch for routing between vlan's and routing between firewall to switch or switch to firewall

if you want ip helper command and internet connection vlan user be required ip routing command.

secondly
you must be use static routing switch to firewall and firewall to switch

you write already static route command on switch but you don't write static route command on your firewall

running for static routing two router learn destination network address for manually with static routing command
you have two router frist router your switch and second router your firewall

therefore you must be write ip routing command on firewall (to switch )
cenk

MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Thanks Cenk. I will try to find where to add the route to the firewall. It is just a small 30 users x20e. The only area in the web console that looks similar is this (see attached). I will try it tomorrow.
MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Cenk, sorry for the delay. As you suggested, I added a route to the trusted interface on the firewall (see attached), but the devices on the 192.168.2.0 network still cannot access the internet, but I believe it is DNS related.

If I put a PC on the ..2.0 network with the following static IP config, I can ping an external IP such as 69.63.187.19 (facebook), but can't resolve it by name.

IP address = 192.168.2.x
Mask = 255.255.255.0
Gateway = 192.168.1.254
DNS Server = 192.168.2.245

The DNS/DHCP server has two NICs. One NIC services the 1.0 requests (port 19 on switch), and the other services the 2.0 net requests (port 22 on switch)

What am I doing wrong? Below is the switch config again:

------ %< ---------

hostname "2610-24-PWR"
interface 19
name "VM Network"
speed-duplex 100-full
exit
interface 21
name "Firewall-GW"
exit
interface 22
name "DHCP-Voice"
speed-duplex 100-full
exit
ip default-gateway 192.168.1.254
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "Default_Data"
untagged 1-21,25-28
ip address 192.168.1.253 255.255.255.0
no untagged 22-24
exit
vlan 2
name "Voice"
untagged 22-24
ip address 192.168.2.253 255.255.255.0
ip helper-address 192.168.2.245
tagged 1-21
voice
exit
ip route 0.0.0.0 0.0.0.0 192.168.1.254
power pre-std-detect
password manager
MGaccess
Frequent Advisor

Re: Voice VLAN question for 2610-24-PWR

Anyone? Thanks
Shadow13
Respected Contributor

Re: Voice VLAN question for 2610-24-PWR

you can use only 1 nic to serve both vlans by adding a helper address under one them

for ex: the 1st vlan will be in the same subnet as the servers subnet and the other vlan will have an ip helper address under it pointing to the ip address of the server that is in the other vlan.