Voice setup on Meraki for Jive Voice (YeaLink)

SOLVED
ToryDavenport
Getting noticed

Voice setup on Meraki for Jive Voice (YeaLink)

Hi All,

I'm working with a customer to get wireless YeaLink phones to communicate to Jive Voice hosted PBX. The customer has several wired phones of this model on the LAN and they all work without an issue. There are 6 wireless phones on the wireless. The wireless phones were put on a guest SSID which uses Meraki DHCP with NAT over to the LAN IP space. I created a wireless SSID specifically for these devices. I configured the SSID to use bridge mode so that the devices can get IP addresses right off the LAN. 

These phones are recieving an IP address, but they are not getting SIP service, and when they did on the regular SSID, it was intermittent. 

I was told from the phone vendor to configure the following, my questions and remarks are in bold:

  1. NAT. Network Address Translation connections must be allowed keepalive requests to devices every 30 seconds.
    Can this be configured on Meraki? 
  2. QoS. Quality of Service (physical, logical, or class-of-service) must be applied to prioritize voice over other types of traffic in a converged network. 
    Done, see photos attached. 
    QoS MS.PNGTraffic Shaping Wireless.PNGTraffic_Shaping MX.PNG
  3. SIP. Session Initiation Protocol (UDP) connections must be allowed on ports 5060 and 5061.
    Done. See Attached .
    Layer3 rules MX.PNGWireless Layer 3 Rules.PNG

  4. SIP ALG. The SIP Application-Level Gateway, Transformations, and other SIP specific settings must be disabled or configured.
    I have found and was told that you cannot turn off SIP ALG, because Meraki does not use SIP ALG, is this correct?
  5. RTP. Real-time Transport Protocol (UDP) requests must be allowed on ports 10,000-65,536.
    Done.
  6. NTP. Network Time Protocol (UDP) traffic must be allowed over port 123.
    Done.
  7. HTTP. Hyper Text Transfer Protocol (TCP) traffic must be allowed over port 80.
    Done.

I was also told that I need to configure the following:
 

Jive Voice handsets must have unfiltered access to Jive’s network ranges. These IPv4 and IPv6 ranges are listed below and are also available in a automatically parsable (and updated) form here.
Description	Block	Netmask	Wildcard
Jive Block 1	199.36.248.0/22	255.255.252.0	0.0.3.255
Jive Block 2	199.87.120.0/22	255.255.252.0	0.0.3.255
Jive Block 3	162.250.60.0/22	255.255.252.0	0.0.3.255
Jive Block 4	208.34.80.0/21	255.255.248.0	0.0.7.255
Jive Block 5	208.34.96.0/20	255.255.240.0	0.0.15.255
Jive IPv6	2606:CB00::/32	—	—
Our recommendation is to create explicit rules that allow traffic to and from Jive’s IP blocks (LAN→ WAN and WAN→ LAN) and set high in priority — even if this is implicitly stated in another access rules down the list.

 

What would be the best way to accomplish this task? Would I need to use 1 to Many Nat for the IPs on the lan for the phones?

I appreciate any help and insight. 

Tory Davenport

1 ACCEPTED SOLUTION

I found a doc with some info on Jive that might be of use.

 

https://jive.com/resources/support_page/onboarding/network-readiness-2/quality-service-qos/

 

Now I don't have clients with Jive, but I do have clients with RingCentral on Meraki and using wireless and also using YeaLink phones.

 

Attached is the a working config we have used with RC and Meraki.

L3-rules.pngshaping-rules.png

 

 

View solution in original post

13 REPLIES 13
PhilipDAth
Kind of a big deal

If you are using bridge mode most of those settings don't apply.

 

Does the Wireless firewall allow local LAN traffic?

Wireless/Firewall & Traffic Shapping

1.PNG

Capture.PNGYes they are.

BrandonS
Kind of a big deal

You should not need to do any of that.  I have at least one customer I can think of using Jive with Meraki although their wireless is non-Meraki.  Are they using iPhone or Android?  I think you have more of a wireless or app issue to troubleshoot.

They are using YeaLink SIP-T46S physical phones. I ran a packet capture on the LAN and WAN. The SIP traffic is not leaving the WAN port, on the LAN capture I can see the phones trying to register, but they do not seem to have success. 

If you attach a notebook to the new SSID can it access the Internet?

Yes they do have internet access on that SSID.

I found a doc with some info on Jive that might be of use.

 

https://jive.com/resources/support_page/onboarding/network-readiness-2/quality-service-qos/

 

Now I don't have clients with Jive, but I do have clients with RingCentral on Meraki and using wireless and also using YeaLink phones.

 

Attached is the a working config we have used with RC and Meraki.

L3-rules.pngshaping-rules.png

 

 

BrandonS
Kind of a big deal

Do I understand correct that the desk phones work fine, but only the mobile apps don't?  And the mobiles are on an SSID bridged to the wired VLAN that the desk phones are on?

 

 

Hi @BrandonS , 

I have not implemented a voice VLAN on the network. The desk phones that are wired are working as required. I assume they are on the same LAN but for some reason I don't see them in the Meraki Dashboard. I've been told they are connected to that same LAN and they are functioning properly. They don't use the mobile app in this scenario, but they are (presumably) wall mounted phones that are operating on the wireless network only. The wireless for the Voice SSID is bridged mode through the AP's to the LAN DHCP pool configured on the MX. I've implemented rules for the appropriate ports recommended by the people who supplied the phones for this customer, however, I did not create the rules as the above solution recommended illustrates, pointing directly to the hosted PBX IP space ranges. I will test and update after morning. 

It looks like you need to collect some more data about how they are set up.  I think you can safely forget about any firewall and QoS configurations though.  If the desk phones are working then any other phones should work too.  I don't understand what wall mounted wireless phones you are referring to.  If you don't see their phones in the dashboard then they may be on another network you don't know about?  You might not see phones if they have never passed traffic through the MX, but even a small amount of usage should get them in your client list.  You might also see them in your DHCP lease list if the MX is serving DHCP.

 

 

@SoCalRacer THIS is exactly what I am looking. Unfortunately I'm also at the mercy of the customer to test configuration changes as I am working this one remote, so I cannot accept this as a solution until I've implemented and tested the solution. Thank you so much and I will update once the morning passes.

This, combined with a voice vlan has solved the problem. Thank you.

@SoCalRacer @ToryDavenport 

Hey, did you guys ever answer the part about SIP ALG?

It looks like the MX won't use ALG at all according to this link.

VoIP on Cisco Meraki: F.A.Q. and Troubleshooting Tips - Cisco Meraki

Also, how could you used DSCP 48 in the traffic shaping instead of 43 EF, which is there by default.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels