VOIP: Extension to Extension calls drop within 30 seconds

Solved
AustinAndre
Conversationalist

VOIP: Extension to Extension calls drop within 30 seconds

I have a rather odd issue occurring and can't seem to figure out the source and ultimately the resolution.

Current environment:

  • MX84 + (2) MS220 stacked
  • WAN1 broadband ISP & WAN2 Fiber ISP
  • Multiple VLANs (1) Data & (3) Voice
  • Switch Settings > QoS = configured for voice and allows ANY protocol
  • Switch ports (serving desktop/physical phones) - Set to ACCESS and the Voice VLAN specified
  • Traffic Shaping rule - Set to NOT change the DSCP tag & priority (High)
  • Traffic Shaping Flow Preferences - Any protocol/port from the Voice VLAN set to use WAN2 as the preferred uplink
  • Firewall policy - allow ANY protocol/port from the Voice VLAN to Hosted PBX subnets ANY port

 

Results: Internal to external calls, no problem. External into internal calls, no problem. Calling from internal extension to internal extension, including an external call to the receptionist and her attempt to verify an internal person is in the office yields the call be dropped within 30 seconds. I can recreate it without issue. Packet captures show the local device sending SIP requests and registrations and no response from the VOIP provider. I have been on with the VOIP provider and they are not seeing the responses coming back from the internal phone.

 

Interesting test results: This morning, I change the port configuration on 2 phones from ACCESS to TRUNK, thereby using the same VLAN (1) for voice and data. We have done internal to internal calls without issue and also external to internal. However, I have NOT configured any firewall policies to allow traffic on VLAN1 to and from the Hosted VOIP network. I would assume I am going to encounter QoS issues, but have no added 10 phones to this configuration and no complaints yet.

While still somewhat a novice with Meraki, there are some questions I have to hopefully help me figure out the resolution:

  1. Am I wrong about the initial configuration and that it should work?
  2. What should I look for to help either/both Cisco or the Hosted VOIP provider help me?
  3. With no explicit firewall policies for traffic between us and the VOIP provider, why is this traffic from external calls being allowed through (really a novice at voice traffic maybe)?
  4. Am I missing something in the configuration?

What additional info can I provide to help dig into this? Thanks in advance...

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

>Both WAN1 and WAN2

 

Are you by chance using load balancing?  If so, that will cause you an issue.  You'll need to establish a flow perference for the VoIP provider to use just one of the WAN circuits unless it fails.  I would be tempted to do this based on the public IP address (aka the destination address) being used by the VoIP provider in case the phones are using a different VLAN than you are expecting.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

Does the MX84 have an IP address directly on its WAN interface, or is it sitting behind another router doing NAT?

 

It sounds to me like a firmware issue with the phones ...

AustinAndre
Conversationalist

Yes. Both WAN1 and WAN2 of the MX84 has their own IP address. Both ISP devices are in passthrough mode.

 

Firmware on the phones? Note, I have two sets of physical phones operating differently as of my test. 8 or so phones on the same VLAN (1) with no explicit policies, QoS, etc - they are seemingly working fine. The rest of the organization, about 20+, on the voice VLAN and have issues calling extension to extension (unless they are calling one of the 8 extension mentioned above).

 

I did inquire to the VOIP provider about firmware updates as well, but seems to be up-to-date...

NOTE: Phones are a mixture of Yealink T58s & Cisco SPA504G

PhilipDAth
Kind of a big deal
Kind of a big deal

>Both WAN1 and WAN2

 

Are you by chance using load balancing?  If so, that will cause you an issue.  You'll need to establish a flow perference for the VoIP provider to use just one of the WAN circuits unless it fails.  I would be tempted to do this based on the public IP address (aka the destination address) being used by the VoIP provider in case the phones are using a different VLAN than you are expecting.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

AustinAndre
Conversationalist

Thx @PhilipDAth ... I do have loadbalancing disabled. However, I currently have the Flow Preference of the voice VLAN set to ANY destination. I will change that to the specific public IP addresses of the VOIP provider.

 

I did or have verified that the traffic is using the WAN2 interface during these issues.

AustinAndre
Conversationalist

In the event of someone else experiencing the same or similar issue, I am going to test the current change suggested by @PhilipDAth for a couple of days. However, immediately after changing the Flow Preferences for the voice VLAN to have the specific IP address in the destination (requires multiple entries for my provider), the users that remained connected to the voice VLAN are able to do extension to extension calls with no issue.

 

More specifics about the environment and provider:

  1. Hosted PBX provider = Jive
  2. Their underlying PBX system = Asterisk
  3. Phones in the environment = Yealink T58 & Cisco SPA504G

Change made to the security appliance:

  • Security & SD-WAN > Configure > SD-WAN & Traffic Shaping > Flow preferences changed from ANY destination to specific IP addresses of the VOIP provider
    • Flow preferences do NOT allow multiple IP addresses w/CIDR notation entries, so you will need to enter each IP address w/CIDR per line
Richard_W
A model citizen

I too am running JIVE, but have some random call quality issues. I would love to see what you final set up is, if at all possible.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.