ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Solved Elastix: phones lose registration

    IT Discussion
    freepbx elastix centos
    6
    46
    11.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse
      last edited by gjacobse

      Something that has been bothering me a bit is MAC addresses.

      While it is not a 'end all' tool, I used AngryIP to scan the vLAN .100 - .189 to find all the active IPs. I added MAC access resolution to the scan and when it was done, all 25 IPs had the same MAC address.

      I've logged into half of the phones and the phone GUI shows that they are different per phone.

      Doing an ARP -a give this:

      Interface: xxx.xx.5.111 --- 0xc
        Internet Address      Physical Address      Type
        xxx.xx.xx.100         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.101         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.102         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.103         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.104         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.105         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.106         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.107         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.108         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.109         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.110         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.111         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.112         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.113         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.114         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.115         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.116         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.117         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.118         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.119         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.120         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.121         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.122         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.123         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.124         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.125         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.126         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.127         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.128         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.129         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.130         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.131         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.132         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.133         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.134         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.135         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.136         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.137         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.138         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.139         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.140         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.141         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.142         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.143         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.144         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.145         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.146         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.147         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.148         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.149         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.150         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.151         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.152         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.153         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.154         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.155         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.156         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.157         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.158         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.159         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.160         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.161         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.162         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.163         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.164         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.165         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.166         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.167         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.168         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.169         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.170         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.171         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.172         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.173         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.174         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.175         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.176         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.177         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.178         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.179         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.180         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.181         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.182         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.183         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.184         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.185         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.186         00-01-e8-d7-ab-5f     dynamic
        xxx.xx.xx.187         00-01-e8-d7-ab-5f     dynamic
      
      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        Is there NAT involved in their VPN?

        Either that or some other routing problem.

        I bet that MAC is the router.

        If so randomize the SIP port on all the phones. Your problem will go away.

        1 Reply Last reply Reply Quote 1
        • JaredBuschJ
          JaredBusch
          last edited by JaredBusch

          @g.jacobse said:

          00-01-e8-d7-ab-5f

          A lookup shows that as Force10 Networks.?
          http://www.coffer.com/mac_find/?string=00-01-e8-d7-ab-5f

          gjacobseG 1 Reply Last reply Reply Quote 0
          • gjacobseG
            gjacobse @JaredBusch
            last edited by

            @JaredBusch said:

            @g.jacobse said:

            00-01-e8-d7-ab-5f

            A lookup shows that as Force10 Networks.?
            http://www.coffer.com/mac_find/?string=00-01-e8-d7-ab-5f

            Confirmed. Switch as the other end of the VPN.

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch
              last edited by

              @g.jacobse said:

              Confirmed. Switch as the other end of the VPN.

              Change the phones to use some port other than 5060 for the SIP registration.
              Make sure they are all different as you cannot reuse the same port behind a NAT and this issue is looking to me like that.

              coliverC 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by

                Well, that or make who ever runs the network figure out what is happening on their side.

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • coliverC
                  coliver @JaredBusch
                  last edited by

                  @JaredBusch said:

                  @g.jacobse said:

                  Confirmed. Switch as the other end of the VPN.

                  Change the phones to use some port other than 5060 for the SIP registration.
                  Make sure they are all different as you cannot reuse the same port behind a NAT and this issue is looking to me like that.

                  Would the usage of a STUN server solve this issue?

                  scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @JaredBusch
                    last edited by

                    @JaredBusch said:

                    Well, that or make who ever runs the network figure out what is happening on their side.

                    That is proving difficult.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @coliver
                      last edited by

                      @coliver said:

                      Would the usage of a STUN server solve this issue?

                      Should not be any NAT.

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @coliver
                        last edited by

                        @coliver said:

                        @JaredBusch said:

                        @g.jacobse said:

                        Confirmed. Switch as the other end of the VPN.

                        Change the phones to use some port other than 5060 for the SIP registration.
                        Make sure they are all different as you cannot reuse the same port behind a NAT and this issue is looking to me like that.

                        Would the usage of a STUN server solve this issue?

                        Yes, but you would have to set one up internally as they obviously have everything inside the VPN.

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @scottalanmiller
                          last edited by

                          @scottalanmiller said:

                          @coliver said:

                          Would the usage of a STUN server solve this issue?

                          Should not be any NAT.

                          Should not be any NAT, but it sure is acting like it if everything is reporting the same MAC.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            Yeah, that is very fishy.

                            1 Reply Last reply Reply Quote 0
                            • gjacobseG
                              gjacobse
                              last edited by

                              Statement I was given regarding the MACs

                              ...as an aside, this has nothing to do with the, or any, firewall.  This is normal layer2/layer3 handoff in any network...
                              
                              1 Reply Last reply Reply Quote 0
                              • NetworkNerdN
                                NetworkNerd
                                last edited by

                                To give background here, the Fortigate has a Juniper L3 switch connected to it. Supposedly the config on that guy has not changed, but I don't think we really know.

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @JaredBusch
                                  last edited by Dashrender

                                  @JaredBusch said:

                                  @scottalanmiller said:

                                  @coliver said:

                                  Would the usage of a STUN server solve this issue?

                                  Should not be any NAT.

                                  Should not be any NAT, but it sure is acting like it if everything is reporting the same MAC.

                                  Is that right? Wouldn't you always loose the originating MAC if you go through a router of any kind? i.e. a VPN?

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    Is that right? Wouldn't you always loose the originating MAC if you go through a router of any kind? i.e. a VPN?

                                    It depends on the VPN. It can easily bridge at either Level 2 or Level 3. One will let everything pass through, the other would show the MAC form the bridge. Either way, as long as there is no NAT, it should not interfere. That is true.

                                    Just the description of the problem fits more to a NAT scenario.

                                    1 Reply Last reply Reply Quote 0
                                    • gjacobseG
                                      gjacobse
                                      last edited by

                                      Speaking with a 3rd party network tech who is one site. We have three phones aren't connecting - turns out that one of the POE ports was bad...

                                      One is bad,.. more is likely. replace the switch!

                                      1 Reply Last reply Reply Quote 1
                                      • gjacobseG
                                        gjacobse
                                        last edited by

                                        Looks like more than one port is bad as far as POE goes.

                                        got down to it being either the phone itself or the port, but ports were 'testing' okay. Defaulted the three phones that were missing and they now have IP addresses where we can get to them and program them.

                                        Sad news is that during all this,.. they broke the VPN and we can't get in.

                                        Interestingly on that note, they have a Fortigate 60D at that site. they can't update the firmware to do the testing they need. Hmm.. Firmware update failed... make you wonder.

                                        Glad to see we didn't lose three phones though. Losing a port on the Juniper is bad enough (just the POE side it seems)... but still.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Wow, on a high end Juniper switch? That's more bad ports on a single Juniper than I've seen first hand on decades of use of Netgear!

                                          1 Reply Last reply Reply Quote 0
                                          • 1
                                          • 2
                                          • 3
                                          • 2 / 3
                                          • First post
                                            Last post