Controller Based WLANs

Why are Cisco VoIP phones unable pass voice traffic?

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.x.

Issue

After Cisco VoIP phones connect to the wireless network, the phones get an IP address but are unable to pass voice traffic. In the data path session table, RTCP traffic has been blocked by the controller from the Cisco phone.

Reason

Skinny Client Control Protocol (SCCP) is a proprietary Cisco protocol that is used between Cisco CallManager and Cisco VoIP phones.

For a VOIP solution, clients in the LAN use the SCCP to establish the call connection between the client and the CallManager where TCP-based communication is used. When the client initiates the connection, if it retransmits the ACK packet, the controller interprets this as a replay attack and it blocks the packet. The controller does not open the necessary firewall (UDP) ports for SCCP ALG, which is necessary for the audio traffic. So the RTP and RTCP packets get dropped and the client cannot pass the audio traffic.

Workaround

In the global firewall, if "prohibit RST replay attack" and "deny inter user bridging" is disabled, the client can pass the audio traffic. Otherwise, UDP ports 16000 to 34000 can be opened manually for the Cisco phones (ACL defined for the client). RTP and RTCP will use ports in this range.

Solution

The issue of denying retransmitted TCP ACK packets is fixed in ArubaOS 3.4.

Version history
Revision #:
1 of 1
Last update:
‎07-05-2014 03:34 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.