azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eaae28c20175abbc144b2f033bd48e06ebd6f997
claudetools/clients/dataforth/session-logs/2026-05-04-lobby-phone-vlan-fix.md
Howard Enos b6eb59e8ed Session work 2026-05-04: Grabb Leap calendar fix, Dataforth lobby phone VLAN, IMC printer + VPN 
- Grabb & Durando: investigated and resolved Svetlana Larionova's Leap-to-M365 calendar OAuth consent issue (Graph-side report + session log). Syncro #32245.
- Dataforth: lobby phone (ext 201) was offline due to D1-Server-Room port 1 being on the wrong VLAN; reconfigured to VLAN 100, phone re-provisioned and registered. Session log + PROJECT_STATE update. Syncro #32246.
- Instrumental Music Center: Station 2 receipt printer reconnect + VPN install on Manda's machine. Syncro #32247.
- Memory: generalized the Syncro blank-contact rule (was Cascades-only) and added the labor-type rule (never use "Prepaid project labor") per Winter's 2026-05-04 corrections.
- Gitignored `.claude/tmp/` so per-session helper scripts don't sneak in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 13:51:59 -07:00

4.3 KiB
Raw Blame History

Dataforth — Lobby Phone Offline (VLAN/Switch Port Fix)

Date (UTC): 2026-05-04 Tech: Howard Enos Time onsite: 0.5 hours Syncro ticket: #32246 (109836123), invoice #67558 (1650188916)

User

  • User: Howard Enos (howard)
  • Machine: Howard-Home (driving the PBX remotely via Tailscale)
  • Role: tech

Summary

Lobby visitor phone (Cisco SPA502G, ext 201) had been offline — no dial tone, dialing extensions did nothing, displayed an incorrect date/time. Root cause: the lobby drop's switch port had been on the wrong VLAN, isolating the phone from the PBX. Fix was reconfiguring D1-Server-Room port 1 to VLAN 100. Phone immediately TFTP-pulled fresh provisioning and registered.

Diagnosis path

  1. Phone state: screen showed normal idle, but no dial tone. Dialing an extension just returned to home screen with no tone, ringback, or error. Wrong date/time on display — strong clue that the phone hadn't reached NTP for a while.
  2. PBX-side check (driven from Howard-Home over Tailscale via SSH to 192.168.100.2 with vault creds):
    • pjsip show endpoint 201Unavailable, no contact, AOR but no registration.
    • Zero traffic from the phone's last known IP 192.168.100.235 in the last 2 hours of TFTP/SIP logs.
    • PBX could not ping .235; ARP "who-has" requests went unanswered.
    • SIP secret in pjsip.auth.conf for ext 201 matched the secret in the per-MAC TFTP config spa58bfea1158b4.xml — so credentials were not the issue.
  3. VLAN test: Howard plugged his laptop into the same lobby wall jack. Laptop received 192.168.0.53 (Unifi UDM main LAN). Meanwhile, the phone — after a factory reset to clear cached state — landed on 192.168.1.235 via LLDP-MED voice tagging onto Unifi's default voice VLAN (192.168.1.0/24). Neither matches the production voice/PBX VLAN, which is 192.168.100.0/24.
  4. Cable trace: Howard followed the lobby drop back to the D1-Server-Room switch, port 1. That port was not configured for VLAN 100.

Network topology learned

Subnet Used for
192.168.0.0/24 Unifi main LAN (UDM is at 192.168.0.254)
192.168.1.0/24 Unifi default voice VLAN (LLDP-MED) — NOT used for production phones in this office
192.168.6.0/24 OpenVPN management range (per UDM config)
192.168.100.0/24 Production voice/PBX VLAN — PBX on .196 (and .2 aliased), all production phones
10.208.107.116/30 PBX ens224 secondary interface

Working office phones live on 192.168.100.x directly. The Unifi-default voice VLAN (192.168.1.x) is not wired to anything that can reach the PBX.

Fix

Reconfigured D1-Server-Room port 1 to VLAN 100. After replug:

  • Phone DHCP'd 192.168.100.235.
  • TFTP fetched /spa502G.cfg (12:29:40 PDT) and per-MAC /spa58bfea1158b4.xml (12:30:40 PDT).
  • SIP REGISTER → 401 Unauthorized → REGISTER (auth) → 200 OK at 12:31:42 PDT.
  • pjsip show endpoint 201In use, contact 201/sip:201@192.168.100.235:5060 Avail, RTT 22ms.
  • NTP sync brought date/time current.

Recommendation for Mike / Dataforth IT

  • Audit other Unifi-managed switch ports for voice drops to ensure they all stay tagged on VLAN 100. A port that reverts to defaults will silently isolate any phone plugged into it (untagged main LAN for laptops, LLDP-MED voice tag onto 192.168.1.x for phones — neither reaches the PBX). The wrong date/time is the canary; check that on phones that have been complained about.
  • D1-Server-Room port 1 should stay tagged on VLAN 100. If config drifts, the lobby phone goes silent again.

Tools / accounts touched

  • SSH to PBX (sangoma@192.168.100.2) via Tailscale + paramiko (vault creds).
  • No production config changes on the PBX itself (read-only diagnostics there).
  • Switch port config change: D1-Server-Room port 1 → VLAN 100 (changed from whatever it was before — not captured; assumed default Unifi profile).

Tools not touched

  • UDM controller (192.168.0.254) — has 2FA push enabled and was not accessed during this work. The switch port change was made by Howard via direct switch access.

Artifacts

  • TFTP config file confirmed correct: /tftpboot/spa58bfea1158b4.xml on PBX (mtime 2026-04-23 — was already current; no FreePBX-side change needed).
  • pjsip auth password matches XML password (md5 hash form 4b57418f0a921fbce9d1bee10b6084e5).
Reference in New Issue View Git Blame Copy Permalink