Hello,
I am did the following on my of the DHCP Scope I created and it links to our TFTP server for Cisco Phone
Currently on the phone it picks up the DHCP and TFTP Server but on the firewall
config system dhcp server
edit 3
set forticlient-on-net-status disable
set default-gateway 10.15.x.x
set netmask 255.255.255.0
set interface "port36"
config ip-range
edit 1
set start-ip 10.15.x.x
set end-ip 10.15.x.x
next
end
set timezone-option default
set option1 150 'IP HEX OF MY '
set dns-server1 X.X.X.X
set dns-server2 X.X.X.X
set netmask X.X.X.X
next
end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you saying "a firewall", in addition to Cisco Phones, is in the same DHCP scope as a client and supposed to pull TFTP server IP via Option 150? I thought Option 150 was Cisco proprietary. All of other devices I know use Option 66 instead.
Toshi - Basically what happen is a created a Voice DHCP for the Cisco 7960G
It will get the DHCP IP but cannot find the TFTP Server - I have to add the Option 150 for the phone to pickup a TFTP Server
So have anyone setup a Fortigate that talks back to Call Manager for the Cisco phone to register ? I know it works if I add the TFTP address manually on the phone - but what happens If i am setting up a office with a Cisco Switch..
Currently right now the firewall log is saying the SCCP is timing out
Any help would be greatly appreciated
Did you convert the IP address from the dotted-decimal notation to a binary value before converting it to HEX? That's a common mistake I found even some config discussions on the internet. Cisco phones expect binary IP address instead of ASCII format of dotted decimal notation. We had the same problem when we started deploying FG60D to our Cisco phone customers.
yep that is how i got that number we on the same page LOL
Can you show me some of your sample config for your if possible...
Below is what I put on our internal wiki to deploy. We use vlan2 for "voice" interface. It's working.
config system dhcp server
.
.
edit 2
set default-gateway x.x.x.0
set netmask 255.255.255.0
set interface "voice"
config ip-range
edit 1
set start-ip x.x.x.1
set end-ip x.x.x.249
next
end
set option1 150 '45aabf06' <--Note1
set option2 66 '45aabf06'
set dns-server1 69.28.97.4 <--Note2
set dns-server2 69.28.104.5 <--Note2
next
end
Note1: '45aabf06' is a binary value of the IP address "69.170.191.6".
Note2: To be able to configure DNS server IPs, you need to configure "set dns-service specify" first.
Hello Toshi - so basically when i give the Cisco 7960G a Voice DHCP - the TFTP on the physical phone will never register with the Cisco TFTP Server
So I found on a forum to convert the TFTP IP to Hex Address so I added this line
set option1 150 'IP HEX OF MY '
Now the phone boots up and picks up the TFTP but I have another issue where SCCP is being block even though it is enable. Firewall Log keeps saying it times out ...
That is why I am curious if anyone have gotten the Cisco phone to register back with CUCM ...
Also have anyone verify if the POE ports on the 140D can power on a Cisco phone? I know Airtight you can..
still timing out - did you have to specify anything in service? and firewall ?
My in and out basically is very basic that can talk to everything on the network....
The Advance DHCP has the list TFTP any suggestion ?
Routing, etc i need to do and i assume your dhcp is from the fortinet device itself ? I still need to figure out how to DHCP using our DC for DHCP Scope (the relay I tried does not seem to work)...
DHCP service doesn't require any policy. If you configure it as shown the exact info should go out through the interface. If you have doubt, you can set up a mirror port(SPAN) and hook up a laptop to sniff the DHCP handshake packets.
I would also recommend you compare this with any Cisco router's DHCP if you have any. My guess is the cisco phones don't work even with a Cisco router. Beyond that you probably you need to ask at Cisco's forum or somewhere.
One last question Toshi - did you have to do any static rout to your CUCM Call Manager ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.