Announcement

Collapse
No announcement yet.

Sonicwall IP Helper

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sonicwall IP Helper

    Hello all.

    I have site A (main) and B satellite office with IPsec VPN tunnel (Sonicwalls).

    At this time, everything is working great for the phones on both sites and I was using options 128, 129 and 130 in the DHCP server (Windows). I am trying to setup two VLANs for data and voice and have Windows DHCP server still give IP addresses. The Mitel 5000 phone system is at the site A.

    I am trying to figure out how to do this starting on site B since it’s only one phone there.

    Diagram site B:

    Windows server 2008 R2 – 192.168.127.9

    DHCP server with two scopes ---

    Main scope 192.168.127.0 with options 03,06,15 and 43 for Mitel Phones with value id:ipphone.mitel.com;sw_tftp=192.168.123.7;call_sr v=192.168.123.7;vlan=10;l2p=6;dscp=56

    second scope 192.168.10.0 with 03,06,15, and 43 with value id:ipphone.mitel.com;sw_tftp=192.168.123.7;call_sr v=192.168.123.7

    Switch – SG200-26P – 192.168.127.5

    Default VLAN – all ports are trunk and untagged

    VLAN10 – all ports are Trunk and untagged except port 1 and 2 tagged for the phones.

    Router – Sonicwall TZ600 192.168.127.1

    Setup IP Helper and created IP Helper policy to forward from X9 (network interface) to (DHCP server) 192.168.127.9

    I plug in the phone to port 1 on the switch and a computer to the phone. The computer gets it’s IP address just fine from scope 192.168.127.0 but the phone boots up and go to DHCP recovery and gets the VLAN ID (10) and then it releases to get the new IP and then it gets stuck on DHCP Discovery Option 43:43 for almost couple minutes and then it says DHCP timed out and then tries again and again with no success.

    I tried everything that I could think of and no luck.

    Finally, I decided to capture the packets on Sonicwall for ports 67 and 68 and see what happens, and then this is what I found (two messages)

    The first -

    DROPPED, Drop Code: 198(DHCP server, Ingress interface is same as egress interface.), Module Id: 19(ipHelper), (Ref.Id: _440_krjFjerTgnc{VqUgtxgt) 0:0)

    With the following Hex Dump:

    ffffffff ffff0800 0f776df1 08004500 01541000 00004011 *[email protected]*

    699ac0a8 7f01c0a8 7f090043 00430140 bc200101 0601327e *[email protected] ....2~*

    e7df007c 80000000 00000000 00000000 0000c0a8 7f010800 *...|....................*

    0f776df1 00000000 00000000 00000000 00000000 00000000 *.wm.....................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00006382 53633501 013d0701 *..............c.Sc5..=..*

    08000f77 6df1371a 0103060c 2a2c3336 3a3b4278 81808283 *...wm.7.....*,36:;Bx....*

    84858687 e08a7d2b b2b33c12 69707068 6f6e652e 6d697465 *......}+....ipphone.mite*

    6c2e636f 6d007c05 00000403 00390205 dcff *l.com.|......9.... *

    The second -

    DROPPED, Drop Code: 130(Broadcast traffic not handled.), Module Id: 25(network), (Ref.Id: _8078_jcpfngDtqcfecuvRcemgv) 0:0)

    With the following Hex Dump:

    ffffffff ffff0025 64f91333 08004500 019a0b07 00008011 *.......%d..3..E.........*

    ee9ac0a8 7f09ffff ffff0043 00440186 e2ae0201 0600327e *...........C.D........2~*

    e7df0000 00000000 0000c0a8 7f33c0a8 7f090000 00000800 *.............3..........*

    0f776df1 00000000 00000000 00000000 00000000 00000000 *.wm.....................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00000000 00000000 00000000 *........................*

    00000000 00000000 00000000 00006382 53633501 020104ff *..............c.Sc5.....*

    ffff003a 04000546 003b0400 093a8033 04000a8c 003604c0 *...:...F.;...:.3.....6..*

    a87f0903 04c0a87f 010608c0 a87f09c0 a87b092b 5a2b5869 *.................{.+Z+Xi*

    643a6970 70686f6e 652e6d69 74656c2e 636f6d3b 73775f74 *d:ipphone.mitel.com;sw_t*

    6674703d 3139322e 3136382e 3132332e 373b6361 6c6c5f73 *ftp=192.168.123.7;call_s*

    72763d31 39322e31 36382e31 32332e37 3b766c61 6e3d3130 *rv=192.168.123.7;vlan=10*

    3b6c3270 3d363b64 7363703d 353600ff *;l2p=6;dscp=56.. *

    I tried to search on the web and couldn’t find anything, even Dell just list the error message with the code but don’t tell you the solution.

    Please, if anyone can tell me what I am doing wrong..

    Let me know if I missed any information or you need any more…

  • #2
    Where does your phone get its IP address from?? Is the DHCP server local or remote to the phone?

    Is your SonicWALL appliance aware that you have created another VLAN behind it?

    How are your sites connected?

    Comment


    • #3
      The phone gets it from the site B DHCP Server.
      The DHCP server is local.
      On Sonicwall, IP helper is enabled and a policy in place to tell it where the DHCP server is.
      The sites are connected via IPsec VPN tunnel.

      Comment


      • #4
        There is something wrong with your VLAN configuration then.

        If you connect a laptop to the VLAN do you get an IP address in the range?

        Any time i setup VLAN's that require a DHCP server locally then i configure the switch to assign the IP helper address.

        From what i can see your network looks like this

        SITEA-----SonicWALLVPN-----SITEB----SWITCH-----VLAN0-----DHCP
        -----VLAN10

        So essentially you need to tell your switch to send ip helper requests to the DHCP server on VLAN0 (PrimaryVLAN)

        Maybe have a look here https://supportforums.cisco.com/disc...lper-sg-200-26

        Comment


        • #5
          The sonicwall is the DHCP helper and routes the DHCP requests to the DHCP server located on site B and not site A
          the computer is connected to the phone and it does get the right IP address (from main scope and not the voice scope).
          It just the phone gets stuck on DHCP Discovery Option 43:43.
          The switch is L2 and can't do DHCP relay.

          Comment


          • #6
            So where is the VLAN created??

            Comment

            Working...
            X