pedropenduko

Capture the packet coming into the set, if you have lots of packets coming into the set ( caused by DoS) then your IP set is subject to DoS. If not, what's the interval of the re-registration time. What messages did you get from your TPS?What type of set do you have i200X? Do you have the latest set firmware

Fletch

There are a few things that can make the set deregister and reboot.

First let's look at the set side. It has a Watchdog timer that starts a 200 and counts down to zero. When it reaches zero, the phone reboots. The TPS comes in about every 100 seconds or so and resets this timer to 200 to prevent the reboot.

So capture the packets at the phone and make sure you are seeing the watchdog timer reset come in every 100 seconds or so. (Get the Wireshark Decoder plug-in for Nortel phones here by searching on Wireshark and UNIStim)

Second thing on the phone side is that if a key is pressed the phone sends a message to the TPS and is looking for an ACK to come back to show the command was received. IF no ACK is received, then the phone tries 10 more times in rapid succession (once every 400 ms.) If there is no ACK back from the TPS, the phone assumes the TPS is gone and tries to establish a new session based on the Retry settings in the phone.

Now the TPS side, everytime the watchdog reset is sent out to the phone the TPS is also looking for an ACK. Same rule applies, if no ACK is received, then the TPS tries 10 more times in rapid succession (once every 400 ms.) If there is still no ACK back from the phone, the TPS assumes the phone is gone and kills the session and deregisters the phone.

Now in addition to the watchdog, there are display and time updates that get sent to the phone every 30 seconds or so. These also have to be ACK'd, or the TPS says 'see ya!'.

One additional thing is any update to the keys or display, like a multiple appearance DN ringing, or a DWC key update. All of these messages must be ACK's back to the TPS, or the set is de-registered.

In order to properly trouble shoot this you are going to have to set up 2 monitor points on your network (where the 'X' are):

[TPS(SS)] ---X---[Data Switch] ---LAN---[Data Switch]---X---[Phone]

Only by doing this will you be able to see what was sent, and what was recieved. This will point you in the right direction. Once you isolate the message being dropped, you can look at the port in use, make sure the Firewalls are passing traffic on that TCP/IP Port, etc.

Good luck!

__________________
Fletch

For more on Nortel E911 Solutions on the web:
http://nortel.com/e911