We have deployed a new phone system using wired Cisco 7941 phones and Wireless 7921G phones.
We have the wired phones running on a VLAN on top of our normal LAN.
We have HP switches which give priority to the VLAN traffic.
The wireless network has two SSID’s one for the PC’s and one for phones.
The AP’s have a bridge for each.
PC bridge from LAN to PC Wireless
Phone bridge from VLAN to Phone Wireless.

I can ping a wireless phone all day long with no dropouts.
When I try to make a call with a wireless phone after a few seconds the audio to the wireless handset cuts out.

If I do a packet capture in the AP router, listing to the VLAN interface I see packets going back and forth all the way through the conversation, but if I capture listening to the Wireless interface I see two way packets up to the point where the audio drops out and then just one way packets after that.

BTW, the above ping also stops working when a call gets underway.

Have you done any bypass troubleshootig yet to make sure the wireless phones work properly without the Mikrotik?

Should be testing that tomorrow on a Cisco Wireless AP. I’ll let you know.

Have now tried it on a few networks.
Our phone system provider tried it in their office on a Cisco and it works.
I tried it on my home Mikrotik, (no VLANS) and it drops out.
I tried it on my 3G CellPhone (Samsung Nexus S, Android Ice Cream) WiFi Hotspot and it works beautifully.

So it’s really looking like the Mikrotik is the common piece when it drops out.

Since my home setup is a little less complicated than work I tried to configure a different SSID just for the phone, so I could get rid of the Bridge between the wireless interface and my LAN.

I setup a separate IP subnet on the new wireless interface with a DHCP server and NAT rules to let it route directly out to the Internet bypassing my LAN.

The phone registers with the call manager OK but as soon as the call begins the audio drops out within a few seconds.
The person I am calling can hear me for the duration of the call and the call hangs up as soon as I press then end button,
I just can’t hear anything on the Cisco Wireless handset past the first few seconds.

Turn off the SIP Helper in Mikrotik.

IP → FIREWALL → SERVICE PORTS
DISABLE SIP

Please let us know the results after you do that.

No change.

You say that the pings stop working with the voice stops.

Do you have any filter rules in your firewall or bridge? If so, export them here.

I have also disabled the Bandwidth Test Server in case port 2000 conflicts with SCCP Skinny Protocol.

I’ve tried rules that log things, but right now no rules at all.
Pass through IP Firewall also turned off.

In the bridge anyway, I’ll get the IP firewall rules and export them.

Even if the voice cuts out, there is no reason the pings should stop working. How do you “fix” it? Do the pings start working at call termination? Do you have to reboot Mikrotik, phone, or unplug the network?

what Mikrotik hardware and version are you using?

[admin@BEVHOME] /ip firewall filter> export

apr/24/2012 06:31:47 by RouterOS 5.7

/ip firewall filter
add action=log chain=forward disabled=yes log-prefix=“BIt Torrent” p2p=all-p2p
add action=drop chain=input comment=“drop ssh brute forcers” disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
add action=drop chain=forward comment=“drop ssh brute downstream” disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=input comment=“drop ftp brute forcers” disabled=no dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content=“530 Login incorrect” disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=“530 Login incorrect” disabled=no protocol=tcp
add action=drop chain=input comment=“drop ssh brute forcers to local router addreess where src-address!=safe-ips” disabled=no dst-address-type=local dst-port=
22 protocol=tcp src-address-list=!safe-ips
add action=drop chain=forward comment=“drop ssh, rdp, webmin - to local server addreess where src-address!=safe-ips” disabled=no dst-address=10.2.47.0/24
dst-port=22,3389,10000,80,2812,1024 protocol=tcp src-address-list=!safe-ips
add action=add-src-to-address-list address-list=temp1 address-list-timeout=30s chain=input comment=“Knock on port 123 - add to temp1” disabled=no dst-port=
123 protocol=tcp
add action=add-src-to-address-list address-list=temp2 address-list-timeout=30s chain=input comment=“Knock on port 456 - add to temp2” disabled=no dst-port=456
protocol=tcp src-address-list=temp1
add action=add-src-to-address-list address-list=safe-ips address-list-timeout=1w chain=input comment=“Add to safe-ips list for 7 days - Port knocking access”
disabled=no dst-port=789 protocol=tcp src-address-list=temp2
[admin@BEVHOME] /ip firewall filter>

Is the Mikrotik the wireless access point for the wireless phones, or do you have a separate wireless access point?

If it is the Mikrotik that has wireless radio, look at the wireless hardware settings (HW Retries, quality, tx/rx power, etc)

What a great question, I just tried it and something amazing happened.

64 bytes from 192.168.139.254: icmp_seq=28 ttl=63 time=534 ms
64 bytes from 192.168.139.254: icmp_seq=29 ttl=63 time=556 ms
64 bytes from 192.168.139.254: icmp_seq=30 ttl=63 time=576 ms
64 bytes from 192.168.139.254: icmp_seq=31 ttl=63 time=571 ms
64 bytes from 192.168.139.254: icmp_seq=32 ttl=63 time=590 ms
64 bytes from 192.168.139.254: icmp_seq=33 ttl=63 time=610 ms
64 bytes from 192.168.139.254: icmp_seq=34 ttl=63 time=630 ms
64 bytes from 192.168.139.254: icmp_seq=35 ttl=63 time=657 ms
64 bytes from 192.168.139.254: icmp_seq=36 ttl=63 time=662 ms
64 bytes from 192.168.139.254: icmp_seq=37 ttl=63 time=4.34 ms
64 bytes from 192.168.139.254: icmp_seq=38 ttl=63 time=5.52 ms
64 bytes from 192.168.139.254: icmp_seq=39 ttl=63 time=16655 ms
64 bytes from 192.168.139.254: icmp_seq=40 ttl=63 time=15658 ms
64 bytes from 192.168.139.254: icmp_seq=41 ttl=63 time=14661 ms
64 bytes from 192.168.139.254: icmp_seq=42 ttl=63 time=13664 ms
64 bytes from 192.168.139.254: icmp_seq=43 ttl=63 time=12664 ms
64 bytes from 192.168.139.254: icmp_seq=44 ttl=63 time=11666 ms
64 bytes from 192.168.139.254: icmp_seq=45 ttl=63 time=10667 ms
64 bytes from 192.168.139.254: icmp_seq=47 ttl=63 time=8670 ms
64 bytes from 192.168.139.254: icmp_seq=49 ttl=63 time=6671 ms
64 bytes from 192.168.139.254: icmp_seq=50 ttl=63 time=5673 ms
64 bytes from 192.168.139.254: icmp_seq=51 ttl=63 time=4686 ms
64 bytes from 192.168.139.254: icmp_seq=52 ttl=63 time=3686 ms
64 bytes from 192.168.139.254: icmp_seq=53 ttl=63 time=2687 ms
64 bytes from 192.168.139.254: icmp_seq=54 ttl=63 time=1694 ms
64 bytes from 192.168.139.254: icmp_seq=55 ttl=63 time=695 ms
64 bytes from 192.168.139.254: icmp_seq=56 ttl=63 time=4.35 ms
64 bytes from 192.168.139.254: icmp_seq=57 ttl=63 time=4.17 ms
64 bytes from 192.168.139.254: icmp_seq=58 ttl=63 time=501 ms
64 bytes from 192.168.139.254: icmp_seq=59 ttl=63 time=524 ms
64 bytes from 192.168.139.254: icmp_seq=60 ttl=63 time=547 ms
64 bytes from 192.168.139.254: icmp_seq=61 ttl=63 time=570 ms
64 bytes from 192.168.139.254: icmp_seq=62 ttl=63 time=618 ms
^C
— 192.168.139.254 ping statistics —
62 packets transmitted, 60 received, 3% packet loss, time 61977ms
rtt min/avg/max/mdev = 4.170/2508.759/16655.251/4408.761 ms, pipe 17

The call was answered during ping sequence 38, and lasted for 16 seconds. As soon as I pressed the end key, all the pings came through

I have RouterOS 5.7 on RB751U-2HnD at home.
At work the same router for the AP’s and I was using 5.5 when I first noticed the problem and I upgraded one to 5.7.
At work we also have a RB750 which is the gateway between our LAN, VLAN and WAN

I have looked at this and tried to change anything I though might have any effect.

Try connecting a laptop to wireless, same speed as phones, and do a bit of internet surfing and see if you can get the mikrotik to lockup. This really sounds like a mikrotik hardware problem at this point.

One last thing to try is upgrade to 5.15 and then upgrade the routerboard firmware to the newest as well.

/interface wireless security-profiles
set default authentication-types=wpa2-psk group-ciphers=aes-ccm group-key-update=5m interim-update=0s management-protection=disabled
management-protection-key=“” mode=dynamic-keys name=default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no
radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none
static-algo-3=none static-key-0=“” static-key-1=“” static-key-2=“” static-key-3=“” static-sta-private-algo=none static-sta-private-key=“”
static-transmit-key=key-0 supplicant-identity=Q1702 tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=
somthingsimple wpa2-pre-shared-key=somethingsimple
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 antenna-mode=ant-a area=“” arp=enabled band=2ghz-b/g basic-rates-a/g=6Mbps basic-rates-b=
1Mbps bridge-mode=enabled channel-width=20mhz compression=no country=no_country_set default-ap-tx-limit=0 default-authentication=yes
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=no disconnect-timeout=3s distance=dynamic frame-lifetime=
0 frequency=2462 frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192
ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any ht-rxchains=0 ht-supported-mcs=“mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-
6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23” ht-txchains=0
hw-fragmentation-threshold=disabled hw-protection-mode=none hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=00:0C:42:D4:A7:FC
max-station-count=2007 mode=ap-bridge mtu=1500 name=wlan1 noise-floor-threshold=default nv2-cell-radius=30 nv2-noise-floor-offset=default
nv2-preshared-key=“” nv2-qos=default nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=000C42D4A7FC rate-selection=legacy rate-set=default
scan-list=default security-profile=default ssid=beveridge station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled wireless-protocol=
802.11 wmm-support=disabled
add area=“” arp=enabled bridge-mode=enabled default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 default-forwarding=yes
disable-running-check=no disabled=no hide-ssid=no l2mtu=2290 mac-address=02:0C:42:D4:A7:FC master-interface=wlan1 max-station-count=2007 mtu=1500 name=
wlan2 proprietary-extensions=post-2.9.25 security-profile=default ssid=bever update-stats-interval=disabled wds-cost-range=0 wds-default-bridge=none
wds-default-cost=0 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers=“1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:17,HT20
-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,HT40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-7:17”
set wlan2
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=3200 framer-policy=none
set “(unknown)”
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=
no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no
streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no

Just tried the same Handset at another site.
This site has a Billion BiPAC 7404VGO Wireless ADSL Modem Router with active VoIP Ports.

The phone works just fine here, without a Mikrotik.

Did you try upgrading os+fw?