cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
wav22
New Contributor

Access & Voice VLAN

Jump to solution

My setup:

NetVanta 7100 with IP 706 phones.  Computer in question is plugged into PC port of IP 706 which is directly connected to NetVanta 7100.

I'm simply trying to keep phones on the Voice VLAN (2) subnet while making sure any computers connected via PC port of a phone stay on the Data VLAN (1) subnet.  I believe that I've tried every variation of switchport command modes with no success.  In my experience with Cisco devices all you would have to set on the interface is "switchport access vlan 1" and "switchport voice vlan 2".  But no matter which switchport method I use I cannot get the phone and computer on separate VLAN's, each device will either end up on VLAN 1's subnet or VLAN 2's.  Interface 14 is the Phone/Computer combination I am working with right now.  See partial breakdown below:

*****NetVanta is DHCP Server for both subnets, no other DHCP Server on network.

ip dhcp database local

!

ip dhcp pool "Voice"

  network 10.10.21.0 255.255.255.0

  dns-server 10.10.21.1

  netbios-node-type h-node

  default-router 10.10.21.1

  tftp-server tftp://10.10.21.1

  ntp-server 10.10.21.1

  timezone-offset -5:00

  option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.21.1:/ADTRAN,FtpLogin=xxxxxxx,FtpPassword=xxxxxxx,Layer2Tagging=True,VlanID=2

!

ip dhcp pool "Data"

  network 10.10.11.0 255.255.255.0

  dns-server 12.127.17.71 12.127.16.67

  default-router 10.10.11.1

!

vlan 1

  name "Default"

!

vlan 2

  name "Voice"

!

interface eth 0/14

  spanning-tree edgeport

  no shutdown

  switchport voice vlan 2

!

interface vlan 1

  ip address  10.10.11.3  255.255.255.0

  ip access-policy Private

  ip crypto map VPN

  media-gateway ip primary

  no shutdown

!

interface vlan 2

  ip address  10.10.21.1  255.255.255.0

  ip access-policy Private

  ip crypto map VPN

  media-gateway ip primary

  no shutdown

0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: Access & Voice VLAN

Jump to solution

Well, I looked at the IP706 manual here: https://portal.adtran.com/pub/Library/Reference_Guides/Default/ADTRAN%20IP%20700%20Series%20Admin%20...

There's no mention of LLDP so presumably the phone doesn't support it. Page 26 shows the network settings from the phone's web interface. By default, VLAN tagging is off and (if enabled) it would use VLAN 400. And, it says that this can be configured from DHCP, the phone interface, or the web interface.

I see that you have a DHCP option 157 with the proper information, but that string is in the Voice pool which is presented on the interface as tagged. Because the phone boots with the default untagged setting, it will try to boot using the untagged DHCP server which doesn't have the options. I would add this to the Data DHCP settings:

ip dhcp pool "Data"

option 157 ascii Layer2Tagging=True,VlanID=2

You probably don't need to put all of the FTP parameters here but if the phone doesn't pull FTP then you might. The idea is that at boot, the phone will pull the option 157 info from the default untagged DHCP pool, then switch to tagged VLAN 2 and re-initiate DHCP where it should pull the full new string with FTP data (and the same VLAN data).

Give this a shot.

Personal note: I don't know what Adtran was thinking. DHCP is a really dumb way to do this. If this indeed works and I suspect it will, it means that you're required to set a DHCP option on a scope, VLAN, and subnet that the phone will never use! Hopefully and presumably the data devices using native VLAN 1 and its DHCP server will simply ignore that option.

DHCP is a Layer 3 protocol and in this case it is being used to set a Layer 2 parameter. That's backwards. The VLAN should be assigned before the phone even sends a DHCPDISCOVER packet. LLDP or Brand C's semi-proprietary CDP are much better suited. If you don't want to deal with the DHCP ugly hack, you can set tagging on and the VLAN from the web interface or the phone menu and then save it. Settings from the phone menu or web interface take precedence over DHCP. This of course requires touching every phone.

It doesn't look like tagging or VLAN can be set from the configuration file which makes sense. In order to pull that file, the phone needs to already be on the right VLAN and have an IP address.

EDIT: You'll need to keep the switch ports configured as trunks. Because the phones don't do LLDP, the switch won't know to enable the voice VLAN.

View solution in original post

0 Kudos
7 Replies
jayh
Honored Contributor
Honored Contributor

Re: Access & Voice VLAN

Jump to solution

Try:

!

interface eth 0/14

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport voice vlan 2

!

Make sure that LLDP is enabled in the switch, that will tell the phone to use VLAN 2 for voice and pass the native VLAN to the PC port.

wav22
New Contributor

Re: Access & Voice VLAN

Jump to solution

No Joy.  I have tried this before did it again to be thorough.  This gives both phone and PC 10.10.11.x address.

The NetVanta enables LLDP by default I believe.  All options are checked in the advertisements section of LLDP.

Any other ideas?

jayh
Honored Contributor
Honored Contributor

Re: Access & Voice VLAN

Jump to solution

Check the phone configuration to verify that LLDP is active and the voice VLAN is selected by LLDP. Does the switch see the phone as an LLDP neighbor? If LLDP isn't supported on the phone set the voice VLAN in the phone configuration to 2.

wav22
New Contributor

Re: Access & Voice VLAN

Jump to solution

Does the Adtran IP706 have these settings?

The 7100 doesn't seem to recognize any phone neighbors.  Its sees an Access Point and another switch, but no other neighbors.

This doesnt make sense, everything is Adtran so why isnt this working natively without manually setting the phones VLAN?

jayh
Honored Contributor
Honored Contributor

Re: Access & Voice VLAN

Jump to solution

Well, I looked at the IP706 manual here: https://portal.adtran.com/pub/Library/Reference_Guides/Default/ADTRAN%20IP%20700%20Series%20Admin%20...

There's no mention of LLDP so presumably the phone doesn't support it. Page 26 shows the network settings from the phone's web interface. By default, VLAN tagging is off and (if enabled) it would use VLAN 400. And, it says that this can be configured from DHCP, the phone interface, or the web interface.

I see that you have a DHCP option 157 with the proper information, but that string is in the Voice pool which is presented on the interface as tagged. Because the phone boots with the default untagged setting, it will try to boot using the untagged DHCP server which doesn't have the options. I would add this to the Data DHCP settings:

ip dhcp pool "Data"

option 157 ascii Layer2Tagging=True,VlanID=2

You probably don't need to put all of the FTP parameters here but if the phone doesn't pull FTP then you might. The idea is that at boot, the phone will pull the option 157 info from the default untagged DHCP pool, then switch to tagged VLAN 2 and re-initiate DHCP where it should pull the full new string with FTP data (and the same VLAN data).

Give this a shot.

Personal note: I don't know what Adtran was thinking. DHCP is a really dumb way to do this. If this indeed works and I suspect it will, it means that you're required to set a DHCP option on a scope, VLAN, and subnet that the phone will never use! Hopefully and presumably the data devices using native VLAN 1 and its DHCP server will simply ignore that option.

DHCP is a Layer 3 protocol and in this case it is being used to set a Layer 2 parameter. That's backwards. The VLAN should be assigned before the phone even sends a DHCPDISCOVER packet. LLDP or Brand C's semi-proprietary CDP are much better suited. If you don't want to deal with the DHCP ugly hack, you can set tagging on and the VLAN from the web interface or the phone menu and then save it. Settings from the phone menu or web interface take precedence over DHCP. This of course requires touching every phone.

It doesn't look like tagging or VLAN can be set from the configuration file which makes sense. In order to pull that file, the phone needs to already be on the right VLAN and have an IP address.

EDIT: You'll need to keep the switch ports configured as trunks. Because the phones don't do LLDP, the switch won't know to enable the voice VLAN.

0 Kudos
wav22
New Contributor

Re: Access & Voice VLAN

Jump to solution

Sorry for the delay.  I will try adding the option 157 to the Data DHCP pool tonight and let you know.

This does seem backwards but I hope it works.

Thanks

wav22
New Contributor

Re: Access & Voice VLAN

Jump to solution

Still can't believe it but that worked!  Thanks for your help jayh.