Port Profile/Cisco Phone

LukeSkyWalker
Just browsing

Port Profile/Cisco Phone

I am deploying MR36H access points in a hotel application, and have had some issues arise in regards to the port profile options to run Cisco IP phones. I have tried a few different configurations on the switchport to get the phone to pull an IP within a specific subnet, but it keeps pulling an IP from the dedicated wireless subnet.

 

The only way I could get it to work correctly was to assign a tagged VLAN to the SSID, then place it in the port profile. It pulled the correct IP, however, there are 15 hotel floors, and each floor must have it's own dedicated voice VLAN for 911 purposes. This means I'm unable to create an SSID for each hotel floor, because it is attached to a casino with a large operating base of employees and network infrastructure. This means there are many SSIDs, both hidden and public, which doesn't leave me an option of creating an SSID for each hotel floor. 

 

Since I am only able to create a total of 15 SSIDs in the Meraki dashboard, is there any way for me to get the IP phones to pull an IP from a specific subnet other than the native VLAN, while avoiding creating a separate SSID for each floor? 

 

If it matters, the switches being used are not Meraki, they are older Cisco PoE+ switches. Other than the hotel, we are equipped with 9300 48p.

 

Also, not to be greedy, but we have so far deployed roughly 50 CW9166I WAPs in our public facing areas, most of them coming online with no issues, but we do have a few that are showing up as repeaters in the dashboard. Is there any insight into this issue? Google showed possible layer 1, but other than that, any suggestions?

9 Replies 9
Tony-Sydney-AU
Meraki Employee
Meraki Employee

Hi @LukeSkyWalker , thanks for posting your question here in the Community.

 

I suspect your switches have some particular VLAN configuration applied to their ports. It looks like you will need to review your switches VLAN design and think your Access Points VLAN accordingly.

 

As per MR36H datasheet, your MR36H features a "Pass-through port.
MR36H has a unique port which is called Pass-through port, which links directly the second port on the back in the first physical port on the bottom of the Access point. This ports works similar to an extension cord, meaning it will physically link the input of the back port to the output of the bottom first port. 
The pass-though port it is a physical extension of the lower back port."

 

So the ports are like a bridge and would belong to whatever VLAN is configured at the switch port, if the port is configured as an Access Port only.

 

As you know, AP Port Profile is a feature that allows the MR to extend the SSID to devices connected to the AP LAN Access Ports. Basically, AP port profiles map an SSID to a wired port on an Access Point.

 

I'm assuming you are connecting your IP-Phones to MR36H LAN ports 2 to 4, hence, your phones would get either a VLAN mismatch or a VLAN double tagging, depending on how the old Cisco switch port is configured.

 

Regarding the APs connected to Catalyst Switch entering repeater / bridge mode, this is typical behaviour when the AP management interface IP and VLAN don't match the switch port; in some cases, it's just a bad ethernet cabling issue (i.e.: Rx and/or TX pair is damaged but PoE pair is fine).

 

In summary, I highly recommend you check with your sales contact and have a discussion with a Network Architect. You need to review your current switch ports VLAN configurations and probably redesign your VLANs and WiFi SSID vlan association.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
LukeSkyWalker
Just browsing

Will the AP function as intended for WiFi purposes with both a pass-through connection for the phone, and a PoE connection for the AP? Or is it just one or the other? There is enough data in this application to provide 2 connections to the back of the APs.

PhilipDAth
Kind of a big deal
Kind of a big deal

Would it be possible to create a Meraki network per floor?  That you reduce the SSID configuraiton issue a lot for the MR36H.  Potentially you could put just the MR36H into these networks.

 

Another idea - could you make the native VLAN on the switch port the MR36 plugs into the VLAN that you use for the phones?

 

 

With regard to CW9166I - that often happens when they fail to get a DHCP IP address via their LAN port.

Tony-Sydney-AU
Meraki Employee
Meraki Employee

Hi @LukeSkyWalker , yes but it will also depend on the Switch PoE capability.

 

As per the MR36H datasheet (Power section), "Power consumption: 30W max (802.3at) or15W max (802.3af) - low power mode (Disables POE out functionality)".

 

So this means that if your switch is PoE+ (802.3at) your Phone can get energy from your MR36H. However, if your switch is PoE (802.3af) only then you will not be able to use the PoE port in your AP.

 

We advise you to read the MR36H datasheet carefully

 

The back of the APs have two ports but only one can be used as uplink connection to your switch; this is also the port where your AP gets energy from switch. The other port is a "jumper" to the LAN ports.

 

You can check it on the MR36H Installation guide.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Barrowcuda
Conversationalist

Greetings, I have deployed about 60 MR36H Access Points in a school setting. The client wants to connect Cisco IP Phone 8841 devices in each classroom via the PoE port on the Access Points. The problem is that while the phones receive power, they never obtain an IP address.

 

When the phones are directly connected to the same downstream Meraki MS225-48P switch, which is configured for Voice VLAN 269, they work correctly. The phones also work when connected to the passthrough port on the AP but this isn’t a viable option because it would require 60 additional drops to be ran. 

 

All phone services, including DHCP, routing, and SIP, are managed by the ISP, and traffic is tagged for VLAN 269. The phones are set to DHCP, but I’ve also tried using static IPs with the same result. It seems the phones aren't recognizing the AP as a switch, observing the packet captures. No LLDP/CDP or DHCP messages are being sent from the phone.

 

I’ve tried various configurations for the port profiles and SSID, different AP ports, tagged, untagged, and both with and without power adapters, etc. Also, when I connect a laptop or PC to the same port, I receive a valid IP address on VLAN 269 and can successfully ping the gateway.

 

Current Configuration:

  • AP Management VLAN: VLAN 10 (192.168.10.0/24)
  • AP Port Config: Trunk, Native VLAN 10, Allow All VLANs
  • AP Port 1: Assigned to Voice SSID (VLAN 269)

 

SSID Details:

  • Voice (Wired Only): Tagged VLAN 269, Bridged Mode, External DHCP
  • Network Wide Config: Wired clients behave as if connected to Voice VLAN

 

Are there any additional settings on the Meraki side that need to be configured for phones to work on AP Ports?

Tony-Sydney-AU
Meraki Employee
Meraki Employee

Hi @Barrowcuda ,

 

It looks like there's a VLAN double tagging issue if you configure your Network Wide Config as "Wired clients behave as if connected to Voice VLAN".

 

I suspect your AP is already bridging its own LAN port to SSID Voice which is bound to VLAN269. So when it sends packets from the phone, it will forward to trunk port and add VLAN269 tag as if it came from a truly wifi client.

 

What happens if you configure as "Have no access"?

 

Screenshot 2024-09-04 at 07.33.59.png

 

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Barrowcuda
Conversationalist

I was thinking the same thing, thanks for that confirmation. I made that change as a recommendation from a colleague. I changed it back to "Have no access" and rebooted the AP and I'm still having the same result.Screenshot 2024-09-03 at 20.18.27.pngScreenshot 2024-09-04 at 10.43.33.pngScreenshot 2024-09-04 at 10.50.47.png

Tony-Sydney-AU
Meraki Employee
Meraki Employee

Hi @Barrowcuda 

 

I believe you will benefit more from Meraki Network Support at this point.

 

Perhaps there is something We both are missing in your network topology.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Barrowcuda
Conversationalist

I'll get in touch with Meraki support, hopefully they can find the missing piece to the puzzle. Thank you Tony. 

 

I'll be sure to update the thread with the findings.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.