HPE Community
Switches, Hubs, and Modems
1752805 Members
5746 Online
108789 Solutions
New Discussion

VoIP handset deployment and automatic vlan assignment

 
Rod Hendricks
Advisor

‎11-09-2006 03:04 PM

‎11-09-2006 03:04 PM

VoIP handset deployment and automatic vlan assignment

Hi.

I am currently using a "tagged voice + untagged data" vlan setup for a voip installation.

This works well apart from the first bootup of the phone (snom 360). The phone at this stage does not have its template indicating that (in my case) vlan 144 is the voice vlan, and that the untagged vlan can be passed through the phone to the data connector on the phone (which plugs into your laptop etc).

So the first time the phone boots, it boots into the untagged vlan, meaning it needs routes into the voice vlan to retrieve its config, it consumes a dhcp address on a scope to which it does not belong etc etc.

Second boot, it has its template, and everything works the way it should.

My question - is there any methods to avoid these "deployment time" problems?

Cisco CDP works well here because it runs at layer 2, meaning the phone can drop into the right vlan at boot time.

I udnerstand there exists another similar protocol LLDP-MED - does anyone know if it will help with my dilemma and potentially have config example.

I also understand that 802.1x may be the better way to do this (better security), but I don't have all the resources I need to implement this yet.

I appreciate any responses!

Cheers,
R.
0 Kudos
1 REPLY 1
Matt Hobbs
Honored Contributor

‎11-09-2006 03:36 PM

‎11-09-2006 03:36 PM

Re: VoIP handset deployment and automatic vlan assignment

Me again. You're on the right path there Rod, LLDP-MED is the ideal way from what I've been led to believe. Looking up the snom phones they don't seem to support this though.

So with 802.1X you could set it up so that your RADIUS server authenticates the phone via it's mac-address and then returns the correct VLAN-ID back to the switch for the port to belong to.

Unless your regular clients were also going to use 802.1X authentication, then you may need to use the Open VLAN mode - which would allow those clients to still get access to the network without going through the 802.1X authentication process.

On a port, if a PC without 802.1X client plugged in, it would go into the Open VLAN - if a phone plugged in and it's mac-address was authenticated, it would go into the VLAN assigned by the RADIUS server, or the one specified as the authorised VLAN in your switch configuration.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.