Mitel Forums - The Unofficial Source

Mitel Forums => Mitel MiVoice Business/MCD/3300 => Topic started by: MartinM on May 15, 2014, 06:57:02 PM

Title: Interminent DHCP issues
Post by: MartinM on May 15, 2014, 06:57:02 PM
Good morning everyone,

I have been trying to resolve this issue for quite a while, but coming up blank. Hoping that someone else might have come across this this problem before.

Setup:
Cisco 2960 switches, connected to Palo Alto firewall, with the Mitel 3300 controller on MCA 4.0.1.11-1. The Cisco switches have 2 sub-interfaces set up on the uplink to the Palo Alto, one for users LAN the other for the voice LAN. I have IP-helper set up on the Cisco (one for each VLAN) talking to MS DHCP server.

The issue we seeing is this:
- Plugin in a new (or old) handset, the boot can take anywhere from 1 minute so couple of days. The same phone will sometimes pick up all DHCP traffic within seconds, at other times will sit there for days before assigning address. We had some phones that taken a week. Sometimes un-plugging and re-plugging the phones speeds the DHCP up, other times now so much.
- Looks like the initial DHCP requests (via users LAN) are always working, the phone then changes to the correct VLAN (1001) - I can see on the screen it picks up the VLAN etc. settings, then it sometimes sits there at DHCP: Discovery
- Let me stress that the same phone will sometimes take 1 minute to boot other times hours or days.

The Cisco DHCP logs shows:
269175: May 15 22:54:50.234: DHCPD: Reload workspace interface Vlan10 tableid 0.
269176: May 15 22:54:50.234: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269177: May 15 22:54:50.234: DHCPD: client's VPN is .
269178: May 15 22:54:50.234: DHCPD: forwarding BOOTREPLY to client f0de.f195.3ce                                                                                                             8.
269179: May 15 22:54:50.234: DHCPD: no option 125
269180: May 15 22:54:50.234: DHCPD: broadcasting BOOTREPLY to client f0de.f195.3                                                                                                             ce8.
269181: May 15 22:54:54.597: DHCPD: Reload workspace interface Vlan10 tableid 0.
269182: May 15 22:54:54.597: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269183: May 15 22:54:54.597: DHCPD: client's VPN is .
269184: May 15 22:54:54.597: DHCPD: Finding a relay for client 01d4.bed9.7903.c4 on interface Vlan10.
269185: May 15 22:54:54.597: DHCPD: Looking up binding using address 10.61.10.254
269186: May 15 22:54:54.597: DHCPD: setting giaddr to 10.61.10.254.
269187: May 15 22:54:54.597: DHCPD: BOOTREQUEST from 01d4.bed9.7903.c4 forwarded to 192.168.0.2.
269188: May 15 22:55:09.608: DHCPD: Reload workspace interface Vlan10 tableid 0.
269189: May 15 22:55:09.608: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269190: May 15 22:55:09.608: DHCPD: client's VPN is .
269191: May 15 22:55:09.608: DHCPD: Finding a relay for client 01f0.def1.5a20.fc on interface Vlan10.
269192: May 15 22:55:09.608: DHCPD: Looking up binding using address 10.61.10.254
269193: May 15 22:55:09.613: DHCPD: setting giaddr to 10.61.10.254.
269194: May 15 22:55:09.613: DHCPD: BOOTREQUEST from 01f0.def1.5a20.fc forwarded to 192.168.0.2.
269195: May 15 22:55:09.755: DHCPD: Reload workspace interface Vlan10 tableid 0.
269196: May 15 22:55:09.755: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269197: May 15 22:55:09.755: DHCPD: client's VPN is .
269198: May 15 22:55:09.755: DHCPD: forwarding BOOTREPLY to client f0de.f15a.20fc.
269199: May 15 22:55:09.755: DHCPD: no option 125
269200: May 15 22:55:09.755: DHCPD: broadcasting BOOTREPLY to client f0de.f15a.20fc.
269201: May 15 22:55:16.843: DHCPD: Reload workspace interface Vlan10 tableid 0.
269202: May 15 22:55:16.843: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269203: May 15 22:55:16.843: DHCPD: client's VPN is .
269204: May 15 22:55:16.843: DHCPD: Finding a relay for client 01f0.def1.953d.23 on interface Vlan10.
269205: May 15 22:55:16.843: DHCPD: Looking up binding using address 10.61.10.254
269206: May 15 22:55:16.843: DHCPD: setting giaddr to 10.61.10.254.
269207: May 15 22:55:16.843: DHCPD: BOOTREQUEST from 01f0.def1.953d.23 forwarded to 192.168.0.2.
269208: May 15 22:55:17.467: DHCPD: Reload workspace interface Vlan1001 tableid 0.
269209: May 15 22:55:17.467: DHCPD: tableid for 10.61.20.254 on Vlan1001 is 0
269210: May 15 22:55:17.467: DHCPD: client's VPN is .
269211: May 15 22:55:17.467: DHCPD: using received relay info.
269212: May 15 22:55:17.467: DHCPD: Looking up binding using address 10.61.20.254
269213: May 15 22:55:17.467: DHCPD: setting giaddr to 10.61.20.254.
269214: May 15 22:55:17.467: DHCPD: BOOTREQUEST from 0108.000f.7450.bc forwarded to 192.168.0.2.
269215: May 15 22:55:17.866: DHCPD: Reload workspace interface Vlan1001 tableid 0.
269216: May 15 22:55:17.866: DHCPD: tableid for 10.61.20.254 on Vlan1001 is 0
269217: May 15 22:55:17.866: DHCPD: client's VPN is .
269218: May 15 22:55:17.866: DHCPD: using received relay info.
269219: May 15 22:55:17.866: DHCPD: Looking up binding using address 10.61.20.254
269220: May 15 22:55:17.866: DHCPD: setting giaddr to 10.61.20.254.
269221: May 15 22:55:17.866: DHCPD: BOOTREQUEST from 0108.000f.3768.aa forwarded to 192.168.0.2.
269222: May 15 22:55:24.393: DHCPD: Reload workspace interface Vlan10 tableid 0.
269223: May 15 22:55:24.393: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269224: May 15 22:55:24.393: DHCPD: client's VPN is .
269225: May 15 22:55:24.393: DHCPD: Finding a relay for client 015c.f9dd.de88.d9 on interface Vlan10.
269226: May 15 22:55:24.393: DHCPD: Looking up binding using address 10.61.10.254
269227: May 15 22:55:24.393: DHCPD: setting giaddr to 10.61.10.254.
269228: May 15 22:55:24.393: DHCPD: BOOTREQUEST from 015c.f9dd.de88.d9 forwarded to 192.168.0.2.
269229: May 15 22:55:24.566: DHCPD: Reload workspace interface Vlan10 tableid 0.
L10_Users#
269230: May 15 22:55:24.566: DHCPD: tableid for 10.61.10.254 on Vlan10 is 0
269231: May 15 22:55:24.566: DHCPD: client's VPN is .
269232: May 15 22:55:24.566: DHCPD: forwarding BOOTREPLY to client 5cf9.ddde.88d9.
269233: May 15 22:55:24.566: DHCPD: no option 125
269234: May 15 22:55:24.566: DHCPD: broadcasting BOOTREPLY to client 5cf9.ddde.88d9.
269235: May 15 22:55:25.468: DHCPD: Reload workspace interface Vlan1001 tableid 0.
269236: May 15 22:55:25.468: DHCPD: tableid for 10.61.20.254 on Vlan1001 is 0
269237: May 15 22:55:25.468: DHCPD: client's VPN is .
269238: May 15 22:55:25.468: DHCPD: using received relay info.
269239: May 15 22:55:25.468: DHCPD: Looking up binding using address 10.61.20.254
269240: May 15 22:55:25.468: DHCPD: setting giaddr to 10.61.20.254.
269241: May 15 22:55:25.468: DHCPD: BOOTREQUEST from 0108.000f.7450.bc forwarded to 192.168.0.2.

Any suggestions would be greatly appreciated
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 15, 2014, 07:19:41 PM
Make sure your switchports connecting to terminal devices are set for portfast. 
Title: Re: Interminent DHCP issues
Post by: MartinM on May 15, 2014, 08:04:57 PM
Thanks for that suggestion, dont think that actually helped. besides, it it was portfast issue, wouldn't that fix it self after the port comes up anyway and the DHCP is retried?

Commands ran:
interface gi 3/0/20
spanning-tree portfast

Rebooted the phone, issue persists.

Here is the port config:

interface GigabitEthernet3/0/20
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast

Thanks again

M.
Title: Re: Interminent DHCP issues
Post by: martyn on May 15, 2014, 08:25:22 PM
It is rendered redundant, but you don't need the "switchport trunk native vlan 31" entry, as the interface is set as an access port
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 15, 2014, 08:32:13 PM
If the port is an access port on 10, how is it carrying tagged 1001 packets?  Doesn't it need to be a trunk port with 10 set as native and 10 & 1001 allowed?
Title: Re: Interminent DHCP issues
Post by: MartinM on May 15, 2014, 08:48:23 PM
Quote
It is rendered redundant, but you don't need the "switchport trunk native vlan 31" entry, as the interface is set as an access port

Yes, this is redundant but shouldn't affect anything - removed it just in case - issue persists

Quote
If the port is an access port on 10, how is it carrying tagged 1001 packets?  Doesn't it need to be a trunk port with 10 set as native and 10 & 1001 allowed?

Apparently not as 130 phones are in use on daily basis. This strange issue is only with reboots and even then it seems to fix itself as discussed originally. For example, this morning testing, rebooted the phone maybe 15 times. In 10 cases it boots up within a minute, 3 times boots after 5-10 mins, 2 cases didn't boot until I rebooted it.
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 15, 2014, 09:00:26 PM
I guess I'd statically set the VLAN ID and see what happens.  You don't seem to think much of my thoughts.  Good luck.
Title: Re: Interminent DHCP issues
Post by: MartinM on May 15, 2014, 09:35:11 PM
Quote
I guess I'd statically set the VLAN ID and see what happens. 

I am not sure what you mean with this?

Quote
You don't seem to think much of my thoughts.  Good luck.

I am not sure how you came to that conclusion. In fact, I am appreciative of any input that anyone might have. But at the same time, I would like to discuss any suggested changes or options, not just blindly follow random suggestions.

I have checked the portfast option you have suggested. I have considered the second request, but if there was a config issue with the VLANS then no phones would work - correct?

Anyway, thanks for the help so far, it was appreciated.

See ya
Title: Re: Interminent DHCP issues
Post by: sarond on May 15, 2014, 10:37:43 PM
Are you installing 53xxe phones?

There was an issue with the gigabit phones and cisco switches that caused me problems.
The problem was with the CDP/LLDP negotiation.
As suggested by 127.0.0.1 set the VLAN ID statically to 1001 and it will not negotiate to reach the Voice VLAN. It should then get DHCP from the correct scope and work.

This was fixed in a SP of MCD 6.0 but your MCD is a bit old. Maybe an upgrade to MCD 4.0 SP4 has the firmware fix?
Title: Re: Interminent DHCP issues
Post by: MartinM on May 15, 2014, 11:40:18 PM
Quote
Are you installing 53xxe phones?

There was an issue with the gigabit phones and cisco switches that caused me problems.
The problem was with the CDP/LLDP negotiation.
As suggested by 127.0.0.1 set the VLAN ID statically to 1001 and it will not negotiate to reach the Voice VLAN. It should then get DHCP from the correct scope and work.

This was fixed in a SP of MCD 6.0 but your MCD is a bit old. Maybe an upgrade to MCD 4.0 SP4 has the firmware fix?

Thanks for that! Appreciated. Yes, we are running the 5340e and 5340 phones with gigabit base.
The static VLAN is not helping unfortunately, but if this is a known bug, we might be forced to upgrade MCA to 6.0.

Thanks for all the suggestions from everyone, if anyone has any further suggestion please feel free to let me know.
Title: Re: Interminent DHCP issues
Post by: sarond on May 16, 2014, 12:00:59 AM
Maybe these will help.

Code: [Select]
MN00349609 - Phones do not respond to EAP version 3
REPORTED IN SW LOAD - 10.0 UR3
SYMPTOMS
The site has recently either added a newer Cisco layer 2 switch or has updated the Cisco firmware to 12.2.53SE2 The EAP version in the request is Version 3 - The Mitel phones simply don’t respond to the request

WORKAROUND = Downgrade the Cisco switches

Code: [Select]
MN00380686 - 5330/5340 sets don't respond to DHCP when using Cisco p broadcast-address command
REPORTED IN SW LOAD - 11.0.0.65_2
SYMPTOMS
5330/5340 sets not acknowledging a DHCP offer when it is sent directly to the destination VLAN via Cisco command “IP broadcast-address xxx.xxx.xxx.xxx”
Phones would only ack when the broadcast destination is 255.255.255.255
WORKAROUND =Remove ip broadcast-address 10.22.11.255

Code: [Select]
MN00385618 - Gig Stand failing after upgrading to MCD 4.2 SP1
REPORTED IN SW LOAD - 10.1.2.13
  SYMPTOMS
Gig stands fail to come up after upgrading to MCD 4.2 SP1 on some 5330 sets. 

WORKAROUND  = Disable LLDP on Cisco L2 switches
Title: Re: Interminent DHCP issues
Post by: MartinM on May 16, 2014, 12:36:03 AM
Thanks! Where did you get those from? I have been trying tom find this kind of info but didn't come across anything like it

#1 - dont think this applies to me
- Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(2)SE4,
- BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE SOFTWARE (fc1)

#2 - Not sure if I have this configured, dont see IP broadcast-address setting set up anywhere. The DHCPD seems to do a direct forward as well as broadcast?
 DHCPD: forwarding BOOTREPLY to client f0de.f187.4bdb.
 DHCPD: broadcasting BOOTREPLY to client f0de.f187.4bdb.

#3 - Don't think my switch has LLDP enabled. When I try to run "show running-config lldp" the lldp option is not available?

Thanks again, keep them comming :)

M.
Title: Re: Interminent DHCP issues
Post by: sarond on May 16, 2014, 05:40:35 AM
If you have access to Mitel Online then search for '3300 KPI Fixed List' in the knowledge base.
This is where I got the info.

Can you post your switch port settings again now that you have removed access port type.
I agree with the others, the port should not be set to 'access' as this would normally stop/ignore tagged packets.
If the phone boots and then releases and renews into Vlan 1001 with a VLAN option in your DHCP then it will tag for that VLAN, if you switch port doesn't allow it then it will hang. If setting the VLAN statically in the phone doesn't work then I think there is an issue with the network/switch config.

Can you post your option 125.
Title: Re: Interminent DHCP issues
Post by: ralph on May 16, 2014, 08:03:57 AM
I once had a similar issue.
I put a Wireshark trace on the phone and found that the phone got it's initial IP address on the native vlan, read the options, switched to the voice vlan and issued another DHCP request.  The DHCP on the voice vlan was issued from the 3300.  This was normal operation but what I saw that wasn't normal was that after the second DHCP request both the DHCP server on the native VLAN and the 3300 responded to it.   Since the server on the native vlan responded faster than the 3300 the phone took that IP address.  So the phone got an IP address for the data vlan but was trying to talk on the voice vlan.

We finally traced the issue to the server on the data vlan was connected to a dataswitch port that had both vlans assigned to it.   Changing the dataswitch port to be in Access Mode for the data vlan resolved the problem.

Ralph
Title: Re: Interminent DHCP issues
Post by: MartinM on May 19, 2014, 09:11:09 PM
If you have access to Mitel Online then search for '3300 KPI Fixed List' in the knowledge base.
This is where I got the info.
Thanks for that, will check it out.
Quote
Can you post your switch port settings again now that you have removed access port type.
I agree with the others, the port should not be set to 'access' as this would normally stop/ignore tagged packets.
If the phone boots and then releases and renews into Vlan 1001 with a VLAN option in your DHCP then it will tag for that VLAN, if you switch port doesn't allow it then it will hang. If setting the VLAN statically in the phone doesn't work then I think there is an issue with the network/switch config.
The user/Phone switch:
Code: [Select]
!
!
aaa session-id common
clock timezone UTC 10 0
clock summer-time UTC recurring last Sun Oct 2:00 last Sun Mar 3:00
switch 1 provision ws-c2960s-24ts-l
switch 2 provision ws-c2960s-48fps-l
switch 3 provision ws-c2960s-48fps-l
!
!
ip dhcp snooping information option allow-untrusted
no ip dhcp snooping information option
vtp mode transparent
!
mls qos map policed-dscp  24 26 46 to 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-605065600
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-605065600
 revocation-check none
 rsakeypair TP-self-signed-605065600
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 10
 name L10Users
!
vlan 31
 name SwitchMGMT
!
vlan 1001
 name Mitel
!
!
class-map match-all AutoQoS-VoIP-RTP-Trust
  match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
  match ip dscp cs3  af31
!
policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
   set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
   set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
interface GigabitEthernet2/0/1
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/2
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/3
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/4
 switchport access vlan 10
 switchport trunk native vlan 31
switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/5
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/6
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/7
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/8
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/9
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/10
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/11
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/12
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/13
 switchport access vlan 10
switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/14
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/15
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/16
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/17
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/18
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/19
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/20
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/21
 switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet2/0/22
switchport access vlan 10
 switchport trunk native vlan 31
 switchport voice vlan 1001
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
queue-set 2
 priority-queue out
 mls qos trust device cisco-phone
mls qos trust cos
 macro description cisco-phone | cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 10.61.10.254 255.255.255.0
 ip helper-address 192.168.0.2
!
interface Vlan31
 no ip address
!
interface Vlan1001
 ip address 10.61.20.254 255.255.255.0
 ip helper-address 192.168.0.2
!
ip default-gateway 10.61.10.1
ip http server
ip http secure-server
!
!
snmp-server community public RO
snmp-server location Melbourne
snmp-server contact technical@pacifichydro.com.au
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps license
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps cluster
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps energywise
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps power-ethernet group 2
snmp-server enable traps power-ethernet group 3
snmp-server enable traps power-ethernet police
snmp-server enable traps cpu threshold
snmp-server enable traps rep
snmp-server enable traps ipsla
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps stackwise
snmp-server enable traps errdisable
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
!
!
!
!
line con 0
 password pachydro
line vty 0 4
 password pachydro
 length 0
line vty 5 15
 password pachydro
 length 0
!
ntp server 192.168.0.2 prefer
mac address-table aging-time 0 vlan 1
end
Port 2/0/22 was the one I was making changes on
On the server switch, where the Mitel controller is sitting on, the port config for the Mitel is:
Code: [Select]
!
interface GigabitEthernet2/0/4
 switchport access vlan 1001
 switchport mode access
Quote
Can you post your option 125.
It is:
id:ipphone.mitel.com;sw_tftp=192.168.102.2;call_srv=192.168.102.2;vlan=1001;l2p=6;dscp=56
Thanks again, appreciate all the help
Title: Re: Interminent DHCP issues
Post by: MartinM on May 19, 2014, 09:16:29 PM
I once had a similar issue.
I put a Wireshark trace on the phone and found that the phone got it's initial IP address on the native vlan, read the options, switched to the voice vlan and issued another DHCP request.  The DHCP on the voice vlan was issued from the 3300.  This was normal operation but what I saw that wasn't normal was that after the second DHCP request both the DHCP server on the native VLAN and the 3300 responded to it.   Since the server on the native vlan responded faster than the 3300 the phone took that IP address.  So the phone got an IP address for the data vlan but was trying to talk on the voice vlan.

We finally traced the issue to the server on the data vlan was connected to a dataswitch port that had both vlans assigned to it.   Changing the dataswitch port to be in Access Mode for the data vlan resolved the problem.

Ralph

Thanks for that info Ralph.

That is strange behaviour but you might be on the right track. I have set the DHCP delay on the voice scopes to 1000ms and the issue seems to be much better now. Still happens once every 5-6 tries but not as often as before.

The uplink for the servers on our blade centre is tagged as this, there is no Voice VLAN tag on the port. Not sure if I will be able to change the uplink as it supplies traffic to the whole vSphere and all the required data paths.

Code: [Select]

!
interface GigabitEthernet1/0/9
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport mode trunk


Thanks again

M.
Title: Re: Interminent DHCP issues
Post by: jrg0852 on May 20, 2014, 08:12:47 AM
You can also disable CDP for one phone and see if it makes a difference.
Title: Re: Interminent DHCP issues
Post by: ralph on May 20, 2014, 09:35:58 AM
This may be the problem:

Quote
switchport trunk native vlan 10
 switchport mode trunk

I'm not a CNA but that doesn't look right to me.
It would be an easy after hours test to check it.

Ralph
Title: Re: Interminent DHCP issues
Post by: martyn on May 20, 2014, 06:33:43 PM
This may be the problem:

Quote
switchport trunk native vlan 10
 switchport mode trunk

I'm not a CNA but that doesn't look right to me.
It would be an easy after hours test to check it.

Ralph
That part will be ok, but it will nullify the switchport access vlan command.

Are the links to the blade centre a port channel/etherchannel/LAG/LACP? If so, what is the Port Channel config, and does every single port that is a member of that Port Channel have identical config? If there is one that doesn't then that could explain some strangeness.
If you do a show int trunk, they should all match up as well across the Port Channel and the member interfaces.

Is DHCP being done on a physical controller, or on a server on the blade centre (either windows or a vMCD)?

Also btw, your dscp marking should be 46 not 56 on your option 125.
Title: Re: Interminent DHCP issues
Post by: MartinM on May 20, 2014, 07:19:01 PM
You can also disable CDP for one phone and see if it makes a difference.

Already tried this and it didnt seem to make any difference :(

Thanks though
Title: Re: Interminent DHCP issues
Post by: MartinM on May 20, 2014, 07:34:54 PM

That part will be ok, but it will nullify the switchport access vlan command.

Are the links to the blade centre a port channel/etherchannel/LAG/LACP? If so, what is the Port Channel config, and does every single port that is a member of that Port Channel have identical config? If there is one that doesn't then that could explain some strangeness.

I am sorry, I am not sure what you mean by this? I am not fully CNA qualified, could you please aleborate?

Quote
If you do a show int trunk, they should all match up as well across the Port Channel and the member interfaces.

This is what shows on the 2 switches when the command is run
Code: [Select]
User/Phone switch:
show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi3/0/1     on               802.1q         trunking      31

Port        Vlans allowed on trunk
Gi3/0/1     1-4094

Port        Vlans allowed and active in management domain
Gi3/0/1     1,10,31,1001

Port        Vlans in spanning tree forwarding state and not pruned
Gi3/0/1     1,10,31,1001

Server switch:

Server_Switch#show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/1     on               802.1q         trunking      10
Gi1/0/9     on               802.1q         trunking      10
Gi2/0/9     on               802.1q         trunking      10

Port        Vlans allowed on trunk
Gi1/0/1     1-4094
Gi1/0/9     1-4094
Gi2/0/9     1-4094

Port        Vlans allowed and active in management domain
Gi1/0/1     1,10,31,104,1001,1100-1101,1111,2000
Gi1/0/9     1,10,31,104,1001,1100-1101,1111,2000
Gi2/0/9     1,10,31,104,1001,1100-1101,1111,2000

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/1     1,10,31,104,1001,1100-1101,1111,2000
Gi1/0/9     1,10,31,104,1001,1100-1101,1111,2000
Gi2/0/9     1,10,31,104,1001,1100-1101,1111,2000

Quote
Is DHCP being done on a physical controller, or on a server on the blade centre (either windows or a vMCD)?

It is done via Windows Server 2008 R2 Virtual Machine on VMware 5.5

Quote
Also btw, your dscp marking should be 46 not 56 on your option 125.

Thank you, what does the difference mean please?

Thanks again for the help.

M.
Title: Re: Interminent DHCP issues
Post by: martyn on May 20, 2014, 10:54:21 PM
DSCP is the QoS marking for the RTP stream during a phone call. The RTP stream should be marked as 46/EF/ToS 5, and the signalling should be set to DSCP 26.

If you have the RTP set to be 56, then this makes it ToS 6, which is usually used for routing protocols, and network control information.

So if for instance you have voice traffic going over a WAN between sites, and your provider is expecting to be seeing RTP marked with a value of 46, and you are marking it as 56, then they will not be giving it the priority over the other forms of traffic it needs as it wont be matching what they are expecting.

Do you have a drawing of how the network looks, as I am guessing from your info above on the trunk information that there is more than one switch involved here.
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 20, 2014, 11:51:45 PM

For the phone interface you could use either
Code: [Select]
switchport mode access
switchport access vlan 10
switchport voice vlan 1001
or
Code: [Select]
switchport mode trunk
switchport trunk native vlan 10
switchport voice vlan 1001
switchport trunk allowed vlan 10,1001


The latter is a little older method but it's the one I've seen more of.  The former only works on newer IOS releases. 


If this still doesn't help you'll need to dig deeper.  As a test, put a DHCP server in an access port for 1001 on the same switch as the phone.  No dhcp-helper needed, no trunking to other switches.  Break this down to the bare minimum.  You can do all of this w/o affecting production if you restrict the temp local dhcp server with an appropriate reservation to your test phone MAC.  It might still hit your production dhcp server but it sounds like that's the whole issue.
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 12:11:46 AM
DSCP is the QoS marking for the RTP stream during a phone call. The RTP stream should be marked as 46/EF/ToS 5, and the signalling should be set to DSCP 26.

If you have the RTP set to be 56, then this makes it ToS 6, which is usually used for routing protocols, and network control information.

So if for instance you have voice traffic going over a WAN between sites, and your provider is expecting to be seeing RTP marked with a value of 46, and you are marking it as 56, then they will not be giving it the priority over the other forms of traffic it needs as it wont be matching what they are expecting.

Do you have a drawing of how the network looks, as I am guessing from your info above on the trunk information that there is more than one switch involved here.

Thanks, I will change the RTP value as suggested.

As for the diag, we have very complex environment, but to summarise, 2 user switches (one for each level) connected to our core firewall. The Core switch that the Mitel and the DHCP are both connected to is also connected to the Core firewall. So the handset goes to the user switch, then firewall, then core switch then Mitel controller
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 12:15:11 AM

For the phone interface you could use either
Code: [Select]
switchport mode access
switchport access vlan 10
switchport voice vlan 1001
or
Code: [Select]
switchport mode trunk
switchport trunk native vlan 10
switchport voice vlan 1001
switchport trunk allowed vlan 10,1001

Thanks I will try and see if this makes any difference

Quote
If this still doesn't help you'll need to dig deeper.  As a test, put a DHCP server in an access port for 1001 on the same switch as the phone.  No dhcp-helper needed, no trunking to other switches.  Break this down to the bare minimum.  You can do all of this w/o affecting production if you restrict the temp local dhcp server with an appropriate reservation to your test phone MAC.  It might still hit your production dhcp server but it sounds like that's the whole issue.

Yes, I have thought of this, but due to the complexity of the environment, this is not as easy as it seems.
I have however considered moving the Voice VLAN scope to the Cisco switch instead of the WinServer DHCP. Do you think this could potentially help? Anyone else have experience with this? The 2 user switches voice vlans already draw on 2 different DHCP scopes anyway, so this would be an issue?

Thanks again

M.
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 21, 2014, 12:20:31 AM
Try everything you can.  Usually you need to change to option 43 when serving from Cisco routers, not sure about switches.  Attaching a wireshark filtered on bootp would be good.  Why multiple scopes?


Sent from my iPad using Tapatalk
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 12:28:30 AM
Try everything you can.  Usually you need to change to option 43 when serving from Cisco routers, not sure about switches.  Attaching a wireshark filtered on bootp would be good.  Why multiple scopes?


Sent from my iPad using Tapatalk

I can set up port mirror and capture the bootp messages if you can read those. They are pretty confusing to me. I will post those when I get a chance

As for why the different scopes - to accommodate different floors with lot of users.

Thanks for the help

M.
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 21, 2014, 12:30:28 AM
Different floors in the same voice vlan, right?  So you have one scope with two pools or two separate scopes with one pool each? 


Sent from my iPad using Tapatalk
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 12:53:11 AM
2 scopes with one pool each
Title: Re: Interminent DHCP issues
Post by: ralph on May 21, 2014, 08:21:10 AM
One thing I guess I forgot to ask.
Are you using the same DHCP server for both vlans or is the 3300 handling the voice vlan?


Ralph
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 21, 2014, 10:20:09 AM

2 scopes with one pool each
If the lease ranges overlap you can run into DHCP offer issues where scope B will offer an in-use address already leased by scope A, or vice-versa.  If this is occurring, then when the phone receives the offer it will immediately ARP for the address to see if another device owns it.  Actually, this happens every time an offer is received, but it should never receive a reply to this ARP request in a clean network.  If it does, then it declines the offer and broadcasts another DHCP discovery packet.  Since the offering scope did not lease it successfully, it re-offers the same address.  Rinse and repeat.  The wireshark capture will reveal this.
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 06:11:53 PM
One thing I guess I forgot to ask.
Are you using the same DHCP server for both vlans or is the 3300 handling the voice vlan?


Ralph

One DHCP server handling all the scopes. Should I think about moving the voice scope to the controller instead?
Title: Re: Interminent DHCP issues
Post by: martyn on May 21, 2014, 06:27:43 PM
Shifting DHCP to a different spot could resolve the problem, but ultimately it is just masking the issue, which will just rear its head later on, usually at a much more inconvenient time!
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 06:57:13 PM
Yes, that is true. But I am at the end of my wit with this one. :(
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 21, 2014, 07:11:46 PM

2 scopes with one pool each
  • How many subnet mask bits are you using?  /24?  Something else?
  • What do the scopes look like?  Maybe a screen shot of your scopes expanded?
    Scope A
    --lease range = w.w.w.w thru x.x.x.x
    Scope B
    --lease range = y.y.y.y thru z.z.z.z
  • Previously you mentioned 130 phones.  Are there more?
  • You confirmed a single VLAN for all voice devices and that it extends between floors.  This makes makes a single broadcast domain and each scope would be reachable by either floor.  One DHCP server would be fine.
If the lease ranges overlap you can run into DHCP offer issues where scope B will offer an in-use address already leased by scope A, or vice-versa.  If this is occurring, then when the phone receives the offer it will immediately ARP for the address to see if another device owns it.  Actually, this happens every time an offer is received, but it should never receive a reply to this ARP request in a clean network.  If it does, then it declines the offer and broadcasts another DHCP discovery packet.  Since the offering scope did not lease it successfully, it re-offers the same address.  Rinse and repeat.  The wireshark capture will reveal this.


^^^^^^^
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 10:03:47 PM

   
  • How many subnet mask bits are you using?  /24?  Something else?


Both scopes are /24

Quote
   
  • What do the scopes look like?  Maybe a screen shot of your scopes expanded?

Scope A
--lease range = 10.61.20.0 -> 20-250
Scope B
--lease range = 10.61.21.0 -> 20-250

Quote
   
  • Previously you mentioned 130 phones.  Are there more?

Currently there is a big growth within the company and we expect doubling of users within a year.

Quote
   
  • You confirmed a single VLAN for all voice devices and that it extends between floors.  This makes makes a single broadcast domain and each scope would be reachable by either floor.  One DHCP server would be fine.

The are separate broadcast domains, different switches separated by a firewall

Quote
If the lease ranges overlap you can run into DHCP offer issues where scope B will offer an in-use address already leased by scope A, or vice-versa.  If this is occurring, then when the phone receives the offer it will immediately ARP for the address to see if another device owns it.  Actually, this happens every time an offer is received, but it should never receive a reply to this ARP request in a clean network.  If it does, then it declines the offer and broadcasts another DHCP discovery packet.  Since the offering scope did not lease it successfully, it re-offers the same address.  Rinse and repeat.  The wireshark capture will reveal this.

The scopes do not overlap :(

Still looking into doing the wire shark, just a little busy with other stuff. Should have this by tomorrow


Thanks again
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 21, 2014, 11:02:18 PM
The two subnets do have different VLAN ID's, right?  1001 and 100_?
Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 11:03:35 PM
No same VLAN id. They VLAN ID gets stripped at the firewall and gets passed on only as normal IP traffic
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 21, 2014, 11:15:24 PM
OK, I haven't seen a diagram yet, so here's Visio 0.1....  Is this close?  If so, where is your layer 3 happening?  In the firewall?

phone1---{sw1.vlan1001}---{fw}---{sw2.vlan1001}---phone2
         { 10.61.20.0 }    |     { 10.61.21.0 }
                           |
                          DHCP.192.168.0.2
                           |
                           |_scopeA.10.61.20.0
                           |_scopeB.10.61.21.0

Title: Re: Interminent DHCP issues
Post by: MartinM on May 21, 2014, 11:24:51 PM
OK, I haven't seen a diagram yet, so here's Visio 0.1....  Is this close?  If so, where is your layer 3 happening?  In the firewall?

phone1---{sw1.vlan1001}---{fw}---{sw2.vlan1001}---phone2
         { 10.61.20.0 }    |     { 10.61.21.0 }
                           |
                          DHCP.192.168.0.2
                           |
                           |_scopeA.10.61.20.0
                           |_scopeB.10.61.21.0

Nice diagram! :)

Yes, that is correct, and the routing is done on the firewall.
Title: Re: Interminent DHCP issues
Post by: 127.0.0.1 on May 22, 2014, 12:53:26 AM
A few unsolicited thoughts here.  Switch where you can, route where you must.  Do you really need to route between floors?  Flattening the voice subnets into a larger broadcast domain (drop a mask bit or two) and then just straight trunking between floors would actually be more efficient.  Layer 2 is always faster than layer 3.  It's science.

Is the controller in the .20 or .21 subnet?  Can you just kill the helper and turn on DHCP in the controller for a minute and just get a test?  Per RFC, DHCP only refreshes at T1 and T2, which are 1/2 and 7/8 of the way through a lease duration.  I doubt it will cause any interruption if you bang this out quickly.


Sent from my iPad using Tapatalk
Title: Re: Interminent DHCP issues
Post by: MartinM on May 22, 2014, 01:31:00 AM
The route between floor is unfortunately required. The floors needs to be separated due to the way the physical wiring is set up.

The controller is on another subnet once again, this one is 192.168.102.0/24. So if I use it for DHCP, the ip-helper will still be required. Only thing I can think of is using the switches for the VOICE LAN DHCP.