Freepbx + vlans + aastra phones not registering

DEVICE=eth0
BOOTPROTO=none
HWADDR=00:11:43:dd:ac:0c
IPV6INIT=no
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
UUID="46769527-8dc8-4b7e-8d88-2eb1a4f7762d"
USERCTL=no

;My Vlan 20 for voice traffic.
DEVICE=eth0.20
HWADDR=00:11:43:dd:ac:0c
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
TYPE=Ethernet
VLAN=yes
IPADDR=192.168.2.1
NETMASK=255.255.255.0
IPV6INIT=no
USERCTL=no

;Gateway is a router with dedicated internet. Used to connect to my iax trunk
DEVICE=eth1
BOOTPROTO=none
HWADDR=00:11:43:dd:ac:0d
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
UUID="346bf041-674d-4bf9-a57d-f0ed4d461326"
DNS1=192.168.1.1
IPV6INIT=no
USERCTL=no
IPADDR=192.168.1.103
NETMASK=255.255.255.0
GATEWAY=192.168.1.1

I have 1 switch layer 3 configured with vlan 20 for voip.
2 aastra phones both configured with vlan 20.
I can ping both phones from the freepbx (centos).
I can ping the phones and the freepbx from the switch.
The iax trunk to my provider shows up as registered on freepbx so my 192.168.1.1 gateway seems ok.

Phone 1: 192.168.2.100 GW 192.168.2.1 aastra 4801
Phone 2: 192.168.2.118 GW 192.168.2.1 aastra 9133i

Both phones cannot register.
Sip show peers :
Name/username Host Dyn Forcerport ACL Port Status Description
100 (Unspecified) D A 0 UNKNOWN
118 (Unspecified) D A 0 UNKNOWN
Am I doing something wrong?

Chris

[100]
deny=0.0.0.0/0.0.0.0
secret=222aaa
dtmfmode=rfc2833
canreinvite=yes
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
qualifyfreq=60
transport=udp
avpf=no
icesupport=no
encryption=no
callgroup=
pickupgroup=
dial=SIP/100
mailbox=100@device
permit=0.0.0.0/0.0.0.0
callerid=100 <100>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic

[root@localhost asterisk]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.20
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.20
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
[root@localhost asterisk]#

Just checking, If you have your server with vlan eth0.20 and your phones on the same vlan, make sure you are not untagging the vlan traffic on your switch ports, it just needs to be switched.

I have also defined my local nets and bindaddr.

;sip_general_additional.conf
accept_outofcall_messages=yes
auth_message_requests=no
outofcall_message_context=dpma_message_context
vmexten=*97
context=from-sip-external
callerid=Unknown
notifyringing=yes
notifyhold=yes
tos_sip=cs3
tos_audio=ef
tos_video=af41
alwaysauthreject=yes
useragent=FPBX-2.11.0(11.7.0)
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=siren14
allow=g726
allow=g729
allow=g723
callevents=no
bindport=5060
bindaddr=192.168.2.1
jbenable=no
registerattempts=0
maxexpiry=3600
minexpiry=60
defaultexpiry=120
registertimeout=20
notifyhold=yes
notifyringing=yes
allowguest=yes
g726nonstandard=no
videosupport=no
maxcallbitrate=384
canreinvite=nonat
rtpholdtimeout=300
rtpkeepalive=0
srvlookup=no
checkmwi=10
rtptimeout=30
nat=never
externip=xx.xx.xx.xx
localnet=192.168.2.0/255.255.255.0
localnet=192.168.1.0/255.255.255.0
~

;Physical Powerconnect 6248 setup
;port 6 - Asterisk-Freepbx (eth0.20) internal interface 192.168.2.1
;port 10 - aastra 480i 192.168.2.100
;port 9 - asstra 9133i 192.168.2.118

;powerconnect show run
Dell4#show run
!Current Configuration:
!System Description “PowerConnect 6248, 3.3.9.1, VxWorks 6.5”
!System Software Version 3.3.9.1
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 20,250
vlan routing 20 1
vlan routing 1 2
vlan association subnet 192.168.2.0 255.255.255.0 20
vlan association mac 0008.5D10.EDFC 20
exit
hostname "Dell4"
clock timezone -5 minutes 0
stack
member 1 2
exit
ip address 192.168.250.4 255.255.255.0
ip address vlan 250
ip routing

ip route 0.0.0.0 0.0.0.0 192.168.0.1
interface vlan 1
routing
ip address 192.168.0.235 255.255.255.0
exit
interface vlan 20
name "1Voip"
routing
ip address 192.168.2.4 255.255.255.0
exit
interface vlan 250
name "ManagementVlan"
exit
username “admin” password 3ac07daee9a0b98260ed816ffd800330 level 15 encrypted
username “chris” password 29421e3dbf61f1ed93f2f8594131f6b6 level 15 encrypted
username “administrator” password 3ac07daee9a0b98260ed816ffd800330 level 15 encrypted
voice vlan
classofservice ip-dscp-mapping 20 6
!
interface ethernet 1/g1
spanning-tree portfast

switchport mode general
exit
!
interface ethernet 1/g6
classofservice trust ip-dscp
switchport mode general
switchport general allowed vlan add 20 tagged
exit
!
interface ethernet 1/g9
classofservice trust ip-dscp
switchport mode general
switchport general allowed vlan add 20 tagged
exit
!
interface ethernet 1/g10
classofservice trust ip-dscp
switchport mode general
switchport general allowed vlan add 20 tagged
exit
!

interface ethernet 1/g22
spanning-tree portfast
exit
!
interface ethernet 1/g40
switchport mode general
switchport general allowed vlan add 20 tagged
exit

The Aastra phones were trying to register using an old ip address. I did a tcpdump and saw that they were trying to register with an old ip 192.168.2.100.sip > 192.168.0.101.sip:.
On the phones themselves you would not see this anywhere nor on the web interface. The only way to solve the issue was to do a complete factory reset on the phones. One of them I had to reset twice.

For anyone out there using previously configured Aastra phones make sure to completely wipe them and reconfigure them anytime you make a network change.

In case anyone needs it here is the usage
tcpdump -i your_interface src ip_of_your_phone -v {for verbose}
ex:
tcpdump -i eth0.20 src 192.168.2.118 -v

The Aastra will override any provisioning if there is a local setting that has been set, you can delete the “local” provisioning from the phone’s http gui