Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall Reboot = Phone reboot??

    We are having an issue where if our firewall is having troubles or if it reboots that our phone calls get dropped. The phones say "No service" while this happens. Usually, a reboot of the firewall fixes it, but why are our phones routing thru the firewall to the shoretel switches? During these issues the call manager has no problems. For some reason only the hardware phones have problems. The server, switches, PRIs, and call manager all seem to be unaffected (as they should) during a firewall reboot. We have tried upgrading the firmware on our switches and we even purchased a brand new firewall with no changes. Our config is below. I'm out of ideas.

    Phones are all getting their network config via DHCP. We have IP115 and IP230 phones. Both models are affected. Our internet subnet is 192.168.0.0/22 which includes 192.168.0.1 to 192.168.3.255. Our phones are all being given .3 IP addresses by MAC reservations on our Win2k3 DHCP server.

    192.168.0.47 is our server
    192.168.0.21-24 are our shoretel switches
    DHCP options:
    3 Router 192.168.0.254
    4 Time Server 192.168.0.30
    6 DNS Servers 192.168.0.30, 192.168.0.31
    42 NTP Servers 192.168.0.30
    155 IP Phone Boot Server 192.168.0.47
    156 IP Boot Server ftpservers=192.168.0.47,country=1 language=1

    All phones boot correctly finding the FTP server, Time server and MGC.

    Network physical config:
    Firewall (inside interface) --> Primary Gbit switch --> Workstation Switches --> shoretel server, shoretel switches, phones, computers

    It is kind of a tree design so going back to the Primary Gbit switch --> fiber to other floor's workstation switches --> phones, computers

    None of the connections have to go back thru the firewall. Most of them will go back thru the Primary Gbit switch and from there should be routed to the shoretel switches. Also, all of our computers "daisy chain" thru the phones internal switch.

    Any ideas?

  • #2
    is 192.168.0.254 your firewall?

    are the switches and server assigned ip info statically or dhcp? if static, what are their ips/mask?

    Comment


    • #3
      192.168.0.254 is the firewall

      The phones are DHCP.

      The switches and servers are static. Mask: 255.255.252.0 and Gateway: 192.168.0.254.

      Comment


      • #4
        I would unplug your firewall from your gigabit switch and see if the phones lose connection. If they do, I would guess that somehow , you are routing all of your traffic through your firewall inadvertently. If the phones maintain connection when the firewall is unplugged, I have no idea what your problem could be.

        Do both external and internal phone calls get disconnected?

        Comment


        • #5
          Also, unless you gbit switch is a router, the traffic needs to be local to make it to the server. Otherwise, they have to go through a router of some kind. The more I think about it, I would guess that you have an incorrect subnet somewhere that is causing your .3 traffic to route instead of staying local.

          Comment


          • #6
            Originally posted by vester View Post
            Also, unless you gbit switch is a router, the traffic needs to be local to make it to the server. Otherwise, they have to go through a router of some kind. The more I think about it, I would guess that you have an incorrect subnet somewhere that is causing your .3 traffic to route instead of staying local.
            that's what i was getting at. seems to me there's a /24 mask on the switches or phones that is sending them to their default gateway, the firewall, and it is then tracking those sessions.

            Comment


            • #7
              I fixed it. The switches were using old subnet masks. I swear I changed it, but I must not have. Everything is working now. Thanks.

              Comment


              • #8
                haha! so the statically configured switches were /24 and the dhcp phones were /22 yeah?

                traffic was going from the phone direct to the switch but when the switch replied it wasn't on the same network (based on its misconfigured mask) so instead of arp'ing the phone directly it sent the reply to its default gateway, the firewall.

                must have been quite a load on the firewall to track all those sessions.

                good work sleuthing it out!

                matt

                Comment

                Working...
                X