cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Contributor

media-gateway for VLAN interface

Jump to solution

We are trying to send the outbound SIP traffic out the vlan3 interface so it stays within the private VOIP network. The SIP traffic is routing properly, but we can't get the RTP to source from the IP on the vlan 3 interface. We have tried setting up a loopback interface and using it for the media-gateway ip, but everything we try still won't source as the 172.16.16.10 address. How can this be done?

Here is the config for the interfaces involved.

interface eth 0/0

  description WAN

  ip address 68.65.123.10 255.255.255.0

  ip access-policy Public

  no shutdown

!

interface gigabit-eth 0/2

  no shutdown

  switchport access vlan 3

!

interface vlan 3

  description SIP WAN

  ip address 172.16.16.10 255.255.255.0

  ip access-policy SIP_Private

  media-gateway ip primary

  no shutdown

!

ip route 0.0.0.0 0.0.0.0 68.65.123.1

ip route 172.17.0.0 255.255.255.0 172.16.16.1

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: media-gateway for VLAN interface

Jump to solution

The phones are in VLAN 2, which has the Private policy-class applied.  Try adding a NAT statement overloading to vlan 3 above the catch all NAT out eth 0/0.

Thanks,

Matt

View solution in original post

0 Kudos
7 Replies
Honored Contributor
Honored Contributor

Re: media-gateway for VLAN interface

Jump to solution

If you aren't traversing a NAT, the RTP will typically just route to the origin of the RTP and pass through the Adtran device as would any other layer 3 IP routed flow.

If you are traversing a NAT, make sure that you also have the media-gateway ip defined on the outside of the NAT which should fix the problem.

New Contributor

Re: media-gateway for VLAN interface

Jump to solution

The phone network (vlan2) is NAT'ing out the "sip WAN" vlan 3 interface. The problem is the rtp is reporting the source address as the eth0/0 interface address and not the vlan 3 interface address.

Also and all interfaces that are doing SIP need a media-gateway set or it will fail altogether.

interface vlan 1

  description Customer LAN

  ip address 10.10.10.1 255.255.255.0

  ip access-policy Private

  media-gateway ip primary

  no shutdown

!

interface vlan 2

  description VOIP Phones

  ip address 10.10.20.1 255.255.255.0

  ip access-policy Private

  media-gateway ip primary

  no shutdown

!

interface vlan 3

  description SIP WAN

  ip address 172.16.16.10 255.255.255.0

  ip access-policy SIP_Private

  media-gateway ip primary

  no shutdown

!

Honored Contributor
Honored Contributor

Re: media-gateway for VLAN interface

Jump to solution

Do you have the appropriate NAT rules in place between the Private and SIP_Private policy-classes?

Also, both of these are RFC1918 IP ranges, could there be double-NAT going on?  If so, you will likely want to avoid doing this if at all possible.

New Contributor

Re: media-gateway for VLAN interface

Jump to solution

The NAT is working as it should. The vlan 2 network is NAT overloading to the vlan 3 address. The problem is ONLY with the SIP RTP. I can't get it to source from the vlan 3 interface. So what ends up happening is the SIP RTP si sent to the SIP server living at 172.17.0.5; it sees the RTP coming from 68.65.123.10 so it sends the packets back to that address which isn't what we want. It needs to souce from 172.16.16.10 so the RTP can route back to it properly.

Honored Contributor
Honored Contributor

Re: media-gateway for VLAN interface

Jump to solution

How is the eth 0/0 WAN interface involved? You don't have a media-gateway ip primary statement applied to that interface.  Based on your interface descriptions you've got VoIP phones on interface VLAN 2, 10.10.20.0/24 and a SIP WAN on VLAN 3, 172.16.16.0/24.  In your last posting you reference a SIP server on 172.17.0.5 which isn't directly connected.  What's the route to that network?

Could you possibly post a config with sensitive information redacted?  Also the results of:

  • show ip route
  • show ip policy-sessions

with a voice call up.

New Contributor

Re: media-gateway for VLAN interface

Jump to solution

Here is a diagram of how everything is setup.

nv7100.jpg

Also here is the output of those commands

Gateway of last resort is 68.65.123.1 eth 0/0

S    0.0.0.0/0 [1/1/0] via 68.65.123.1, eth 0/0

C    10.10.10.0/24 is directly connected, vlan 1

C    10.10.20.0/24 is directly connected, vlan 2

C    68.65.123.0/24 is directly connected, eth 0/0

C    172.16.16.0/24 is directly connected, vlan 3

S    172.17.0.0/24 [1/1/0] via 172.16.16.1, vlan 3

Src Vrf (if not default), Src policy class:

Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class

  Src IP Address  Src Port Dest IP Address Dst Port NAT IP Address    NAT Port

  --------------- -------- --------------- -------- ----------------- --------

Policy class "Private":

udp (53) -> self

  10.10.20.2      5060     10.10.20.1      5060

udp (45) -> SIP_Private

  10.10.20.2      3000     172.17.0.6      51064    s 68.65.123.10   50000

udp (38) -> SIP_Private

  10.10.20.2      3001     172.17.0.6      51065    s 68.65.123.10   50001

Policy class "self":

udp (53) -> SIP_Private

  172.16.16.9     5060     172.17.0.5      5060

ip access-list standard NAT

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended InterVLAN

  remark Voice / Data VLAN Traffic

  permit ip 10.10.10.0 0.0.0.255  10.10.20.0 0.0.0.255

!

ip access-list extended self

  remark Traffic to Netvanta

  permit ip any  any     log

!

ip access-list extended tsc-sip-acl

  permit ip 172.17.0.0 0.0.0.15  any

  permit ip 172.17.0.16 0.0.0.15  any

  permit ip 172.17.0.32 0.0.0.15  any

!

ip access-list extended web-acl-7

  remark 1toMany

  permit ip 10.10.20.0 0.0.0.255  any     log

!

ip access-list extended web-acl-8

  remark Traffic to Netvanta

  permit ip any  any     log

!

!

!

!

ip policy-class Private

  allow list self self

  allow list InterVLAN stateless

  nat source list NAT interface eth 0/0 overload

!

ip policy-class Public

  allow list tsc-mgt-acl self

  allow list tsc-sip-acl self

!

ip policy-class SIP_Private

  allow list web-acl-8

  nat source list web-acl-7 interface vlan 3 overload

!

!

!

ip route 0.0.0.0 0.0.0.0 68.65.105.1

ip route 172.17.0.0 255.255.255.0 172.16.16.1

!

Anonymous
Not applicable

Re: media-gateway for VLAN interface

Jump to solution

The phones are in VLAN 2, which has the Private policy-class applied.  Try adding a NAT statement overloading to vlan 3 above the catch all NAT out eth 0/0.

Thanks,

Matt

View solution in original post

0 Kudos