Meraki

ToryDavenport · ‎May 28 2019

Hi All,

I'm working with a customer to get wireless YeaLink phones to communicate to Jive Voice hosted PBX. The customer has several wired phones of this model on the LAN and they all work without an issue. There are 6 wireless phones on the wireless. The wireless phones were put on a guest SSID which uses Meraki DHCP with NAT over to the LAN IP space. I created a wireless SSID specifically for these devices. I configured the SSID to use bridge mode so that the devices can get IP addresses right off the LAN.

These phones are recieving an IP address, but they are not getting SIP service, and when they did on the regular SSID, it was intermittent.

I was told from the phone vendor to configure the following, my questions and remarks are in bold:

NAT. Network Address Translation connections must be allowed keepalive requests to devices every 30 seconds.
Can this be configured on Meraki?
QoS. Quality of Service (physical, logical, or class-of-service) must be applied to prioritize voice over other types of traffic in a converged network.
Done, see photos attached.
SIP. Session Initiation Protocol (UDP) connections must be allowed on ports 5060 and 5061.
Done. See Attached .
SIP ALG. The SIP Application-Level Gateway, Transformations, and other SIP specific settings must be disabled or configured.
I have found and was told that you cannot turn off SIP ALG, because Meraki does not use SIP ALG, is this correct?
RTP. Real-time Transport Protocol (UDP) requests must be allowed on ports 10,000-65,536.
Done.
NTP. Network Time Protocol (UDP) traffic must be allowed over port 123.
Done.
HTTP. Hyper Text Transfer Protocol (TCP) traffic must be allowed over port 80.
Done.

I was also told that I need to configure the following:

Jive Voice handsets must have unfiltered access to Jive’s network ranges. These IPv4 and IPv6 ranges are listed below and are also available in a automatically parsable (and updated) form here.
Description	Block	Netmask	Wildcard
Jive Block 1	199.36.248.0/22	255.255.252.0	0.0.3.255
Jive Block 2	199.87.120.0/22	255.255.252.0	0.0.3.255
Jive Block 3	162.250.60.0/22	255.255.252.0	0.0.3.255
Jive Block 4	208.34.80.0/21	255.255.248.0	0.0.7.255
Jive Block 5	208.34.96.0/20	255.255.240.0	0.0.15.255
Jive IPv6	2606:CB00::/32	—	—
Our recommendation is to create explicit rules that allow traffic to and from Jive’s IP blocks (LAN→ WAN and WAN→ LAN) and set high in priority — even if this is implicitly stated in another access rules down the list.

What would be the best way to accomplish this task? Would I need to use 1 to Many Nat for the IPs on the lan for the phones?

I appreciate any help and insight.

Tory Davenport

SoCalRacer · ‎May 28 2019

I found a doc with some info on Jive that might be of use.

https://jive.com/resources/support_page/onboarding/network-readiness-2/quality-service-qos/

Now I don't have clients with Jive, but I do have clients with RingCentral on Meraki and using wireless and also using YeaLink phones.

Attached is the a working config we have used with RC and Meraki.

View solution in original post

PhilipDAth · ‎May 28 2019

If you are using bridge mode most of those settings don't apply.

Does the Wireless firewall allow local LAN traffic?

Wireless/Firewall & Traffic Shapping

ToryDavenport · ‎May 28 2019

Yes they are.

BrandonS · ‎May 28 2019

You should not need to do any of that. I have at least one customer I can think of using Jive with Meraki although their wireless is non-Meraki. Are they using iPhone or Android? I think you have more of a wireless or app issue to troubleshoot.

- Ex community all-star (⌐⊙_⊙)

ToryDavenport · ‎May 28 2019

They are using YeaLink SIP-T46S physical phones. I ran a packet capture on the LAN and WAN. The SIP traffic is not leaving the WAN port, on the LAN capture I can see the phones trying to register, but they do not seem to have success.

PhilipDAth · ‎May 28 2019

If you attach a notebook to the new SSID can it access the Internet?

ToryDavenport · ‎May 28 2019

Yes they do have internet access on that SSID.

SoCalRacer · ‎May 28 2019

I found a doc with some info on Jive that might be of use.

https://jive.com/resources/support_page/onboarding/network-readiness-2/quality-service-qos/

Now I don't have clients with Jive, but I do have clients with RingCentral on Meraki and using wireless and also using YeaLink phones.

Attached is the a working config we have used with RC and Meraki.

BrandonS · ‎May 28 2019

Do I understand correct that the desk phones work fine, but only the mobile apps don't? And the mobiles are on an SSID bridged to the wired VLAN that the desk phones are on?

- Ex community all-star (⌐⊙_⊙)

ToryDavenport · ‎May 28 2019

Hi @BrandonS ,

I have not implemented a voice VLAN on the network. The desk phones that are wired are working as required. I assume they are on the same LAN but for some reason I don't see them in the Meraki Dashboard. I've been told they are connected to that same LAN and they are functioning properly. They don't use the mobile app in this scenario, but they are (presumably) wall mounted phones that are operating on the wireless network only. The wireless for the Voice SSID is bridged mode through the AP's to the LAN DHCP pool configured on the MX. I've implemented rules for the appropriate ports recommended by the people who supplied the phones for this customer, however, I did not create the rules as the above solution recommended illustrates, pointing directly to the hosted PBX IP space ranges. I will test and update after morning.

BrandonS · ‎May 29 2019

It looks like you need to collect some more data about how they are set up. I think you can safely forget about any firewall and QoS configurations though. If the desk phones are working then any other phones should work too. I don't understand what wall mounted wireless phones you are referring to. If you don't see their phones in the dashboard then they may be on another network you don't know about? You might not see phones if they have never passed traffic through the MX, but even a small amount of usage should get them in your client list. You might also see them in your DHCP lease list if the MX is serving DHCP.

- Ex community all-star (⌐⊙_⊙)

ToryDavenport · ‎May 28 2019

@SoCalRacer THIS is exactly what I am looking. Unfortunately I'm also at the mercy of the customer to test configuration changes as I am working this one remote, so I cannot accept this as a solution until I've implemented and tested the solution. Thank you so much and I will update once the morning passes.

ToryDavenport · ‎Jun 4 2019

This, combined with a voice vlan has solved the problem. Thank you.

CharlesIsWorkin · ‎Mar 3 2021

@SoCalRacer @ToryDavenport

Hey, did you guys ever answer the part about SIP ALG?

It looks like the MX won't use ALG at all according to this link.

VoIP on Cisco Meraki: F.A.Q. and Troubleshooting Tips - Cisco Meraki

Also, how could you used DSCP 48 in the traffic shaping instead of 43 EF, which is there by default.

Meraki

Community

Voice setup on Meraki for Jive Voice (YeaLink)

Voice setup on Meraki for Jive Voice (YeaLink)