Meraki

Community

Wifi Poly phones wont register with their cloud service through MX / MR APs

Solved
peat
Here to help
‎Apr 29 2025 3:37 AM
‎Apr 29 2025 3:37 AM

Wifi Poly phones wont register with their cloud service through MX / MR APs

We have had a customer have new Wifi Poly phones installed and the company installing the phones asked us to whitelist a load of IP ranges and urls inbound and outbound.

 

I was told the phones werent working inbound or outbound and they weren't registering with the cloud service.

 

I could see the phones had got DHCP ok.  On packet capture I could see the phones were having an issue with NTP and registering so in the security section I allowed those IPs in the trusted IPs section of threat protection and allowed the URLs in the AMP section of threat protection.

 

I did a packet capture again on the phone and the ntp and registering issue had gone so I assumed the phones would work now.  But Ive been told they still dont work.

 

What am I missing?   

 

One peculiar thing is if I look at the phone in the clients section, under policy it shows 1 rule for the layer 3 which is a wifi rule allowing the wifi to print to the lan printer but its not showing the other rules which is deny wifi from accessing the lan and the other which is outbound allow any.  

Could that be the cause of this issue?  Should that policy section for the client say 3 rules apply?

Labels:
0 Kudos
1 Accepted Solution
peat
Here to help
‎May 2 2025 2:52 AM
‎May 2 2025 2:52 AM

For info Meraki support has said the Fw isnt forwarding SIP traffic to the internet so I am to update the firmware.   I had assumed Meraki auto updated everything, that being one of the benefits but when I went into the firmware update section i could see there's updates to do including the MX 

View solution in original post

0 Kudos
18 Replies 18
RaphaelL
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 4:55 AM
‎Apr 29 2025 4:55 AM

Hi ,

 

In your pcap , do you see TLS issues ? Invalid certs / expired ?

 

 

0 Kudos
In response to RaphaelL
peat
Here to help
‎Apr 29 2025 9:20 AM
‎Apr 29 2025 9:20 AM

I cant see anything that suggests that to be honest.

0 Kudos
BenjaminEvans
Conversationalist
‎Apr 29 2025 5:42 AM
‎Apr 29 2025 5:42 AM

Nice work! Adjusting threat protection settings often solves tricky registration issues.

te
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 6:50 AM
‎Apr 29 2025 6:50 AM

Check it out: Help Center - Line Unregistered Error on Poly Phone

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
peat
Here to help
‎Apr 29 2025 9:20 AM
‎Apr 29 2025 9:20 AM

Thanks.  That doesnt seem to quite be the same issue.

0 Kudos
In response to peat
RaphaelL
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 4:44 PM
‎Apr 29 2025 4:44 PM

I'm mentioning this because ntp issues = time issues = tls issues. That might not be your case tho.

In response to peat
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 3:00 AM
‎Apr 30 2025 3:00 AM

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
peat
Here to help
‎Apr 30 2025 3:08 AM
‎Apr 30 2025 3:08 AM

Yeah thanks.  Already have done.  So hopefully they can spot something.

0 Kudos
michalc
Meraki Employee
Meraki Employee
‎Apr 29 2025 2:09 PM
‎Apr 29 2025 2:09 PM

Hi @peat ,

 

In your packet capture do you see the SIP register getting an OK from your PBX? 

Does the PBX settings need to be adjusted? In my previous role as a VoIP engineer we had a very strict firewall rules for our PBX where we only allowed the Public IP of the locations we managed. Rest was blocked.

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
In response to michalc
peat
Here to help
‎Apr 30 2025 1:40 AM
‎Apr 30 2025 1:40 AM

I dont think there is an OK from the pbx (if im reading the pcap correctly).   It looks like it tries to register several times and gets nowhere.

 

peat_1-1746002406336.png

 

0 Kudos
In response to peat
michalc
Meraki Employee
Meraki Employee
‎Apr 30 2025 6:21 AM
‎Apr 30 2025 6:21 AM

You are correct. This should be your main focus on further troubleshooting this issue. Phone not registered = no phone calls. 
Is that PCAP from AP or your firewall?

Is the SIP server information on the phone correct? Have you verified it with your PBX team?

I'd recommend to run another pcap on WAN interface of your firewall while the phone is attempting to register. Do you see SIP register egressing WAN interface? If so the issue is on your PBX side.

 

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 2:53 PM
‎Apr 29 2025 2:53 PM

Are you sure the phones aren't attaching to WiFi?

 

Do the phones need any special DHCP options?  If so, are you 100% sure they are added correctly?

 

If you do a packet capture of a phone, do you see two way traffic with whatever it is talking to?

In response to PhilipDAth
peat
Here to help
‎Apr 30 2025 1:39 AM
‎Apr 30 2025 1:39 AM

Hi Philip,

 

Phones look like they are attaching to wifi fine as they are getting a dhcp address in that wifi ssids subnet.

The phone company hasnt told me any setup is needed on the firewall side other than the whitelisting of ips and urls.   

On other cloud voip phones on other firewalls all ive needed to do is make sure the phone subnet has unrestricted internet out and thats it they all work fine. 

 

I had hoped this one would be the same but its my first time dealing with cloud voip and meraki so im a bit stumped as to what im looking for / at tbh.   I did a pcap on the phone and I dont think there is two way traffic.   It looks to me like its trying to register and getting nowhere but im not seeing the NTP mentioned like before I added the whitelisting stuff so that seems to be a step forward.

 

peat_0-1746002309815.png

 

0 Kudos
In response to peat
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 12:27 PM
‎Apr 30 2025 12:27 PM

Do you have any WiFi firwall rules configured?

 

The capture shows that the phones are able to make a DNS request, but get zero response to the SIP register command.  Either the packets are not leaving your network - or the issue is on the other end.

 

Do you see the same issue if you do a packet capture on your firewall on the Internet circuit?  Aka, do you see the packets leaving your site?

In response to PhilipDAth
peat
Here to help
‎May 1 2025 1:03 AM
‎May 1 2025 1:03 AM

Yeah.  From my OP

"

One peculiar thing is if I look at the phone in the clients section, under policy it shows 1 rule for the layer 3 which is a wifi rule allowing the wifi to print to the lan printer but its not showing the other rules which is deny wifi from accessing the lan and the other which is outbound allow any.  

Could that be the cause of this issue?  Should that policy section for the client say 3 rules apply?"

 

I did a pcap on the internet interface and then filtered on the ip of the phone and nothing showed.

0 Kudos
peat
Here to help
‎Apr 30 2025 2:20 AM
‎Apr 30 2025 2:20 AM

If its any help, I ran pcap again this morning when the customer was trying to call and this line appeared.  Ive had a google but it doesnt seem to bring up anything relevant

 

peat_0-1746004823283.png

 

0 Kudos
peat
Here to help
‎May 1 2025 1:15 AM
‎May 1 2025 1:15 AM

The phone company has said i need to let port 5060 inbound and outbound.   Outbound is surely fine as the outbound rule is inbound - outbound any any. 

But is this how to do a inbound rule for 5060?  Sorry I am new to Meraki (I use mainly cisco and sophos) so dont want to accidentally either let everyone in or disrupt the customer.

 

peat_0-1746087254375.png

 

0 Kudos
peat
Here to help
‎May 2 2025 2:52 AM
‎May 2 2025 2:52 AM

For info Meraki support has said the Fw isnt forwarding SIP traffic to the internet so I am to update the firmware.   I had assumed Meraki auto updated everything, that being one of the benefits but when I went into the firmware update section i could see there's updates to do including the MX 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.