7 Replies Latest reply on Oct 27, 2017 1:14 PM by wav22

    Access & Voice VLAN

    wav22 New Member

      My setup:

      NetVanta 7100 with IP 706 phones.  Computer in question is plugged into PC port of IP 706 which is directly connected to NetVanta 7100.

       

      I'm simply trying to keep phones on the Voice VLAN (2) subnet while making sure any computers connected via PC port of a phone stay on the Data VLAN (1) subnet.  I believe that I've tried every variation of switchport command modes with no success.  In my experience with Cisco devices all you would have to set on the interface is "switchport access vlan 1" and "switchport voice vlan 2".  But no matter which switchport method I use I cannot get the phone and computer on separate VLAN's, each device will either end up on VLAN 1's subnet or VLAN 2's.  Interface 14 is the Phone/Computer combination I am working with right now.  See partial breakdown below:

       

      *****NetVanta is DHCP Server for both subnets, no other DHCP Server on network.

       

      ip dhcp database local

      !

      ip dhcp pool "Voice"

        network 10.10.21.0 255.255.255.0

        dns-server 10.10.21.1

        netbios-node-type h-node

        default-router 10.10.21.1

        tftp-server tftp://10.10.21.1

        ntp-server 10.10.21.1

        timezone-offset -5:00

        option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.21.1:/ADTRAN,FtpLogin=xxxxxxx,FtpPassword=xxxxxxx,Layer2Tagging=True,VlanID=2

      !

      ip dhcp pool "Data"

        network 10.10.11.0 255.255.255.0

        dns-server 12.127.17.71 12.127.16.67

        default-router 10.10.11.1

      !

      vlan 1

        name "Default"

      !

      vlan 2

        name "Voice"

      !

      interface eth 0/14

        spanning-tree edgeport

        no shutdown

        switchport voice vlan 2

      !

      interface vlan 1

        ip address  10.10.11.3  255.255.255.0

        ip access-policy Private

        ip crypto map VPN

        media-gateway ip primary

        no shutdown

      !

      interface vlan 2

        ip address  10.10.21.1  255.255.255.0

        ip access-policy Private

        ip crypto map VPN

        media-gateway ip primary

        no shutdown

        • Re: Access & Voice VLAN
          jayh Hall_of_Fame

          Try:

           

          !

          interface eth 0/14

            spanning-tree edgeport

            no shutdown

            switchport mode trunk

            switchport voice vlan 2

          !

           

          Make sure that LLDP is enabled in the switch, that will tell the phone to use VLAN 2 for voice and pass the native VLAN to the PC port.

            • Re: Access & Voice VLAN
              wav22 New Member

              No Joy.  I have tried this before did it again to be thorough.  This gives both phone and PC 10.10.11.x address.

               

              The NetVanta enables LLDP by default I believe.  All options are checked in the advertisements section of LLDP.

               

              Any other ideas?

                • Re: Access & Voice VLAN
                  jayh Hall_of_Fame

                  Check the phone configuration to verify that LLDP is active and the voice VLAN is selected by LLDP. Does the switch see the phone as an LLDP neighbor? If LLDP isn't supported on the phone set the voice VLAN in the phone configuration to 2.

                    • Re: Access & Voice VLAN
                      wav22 New Member

                      Does the Adtran IP706 have these settings?

                       

                      The 7100 doesn't seem to recognize any phone neighbors.  Its sees an Access Point and another switch, but no other neighbors.

                       

                      This doesnt make sense, everything is Adtran so why isnt this working natively without manually setting the phones VLAN?

                        • Re: Access & Voice VLAN
                          jayh Hall_of_Fame

                          Well, I looked at the IP706 manual here: https://portal.adtran.com/pub/Library/Reference_Guides/Default/ADTRAN%20IP%20700%20Series%20Admin%20Guide.pdf

                           

                          There's no mention of LLDP so presumably the phone doesn't support it. Page 26 shows the network settings from the phone's web interface. By default, VLAN tagging is off and (if enabled) it would use VLAN 400. And, it says that this can be configured from DHCP, the phone interface, or the web interface.

                           

                          I see that you have a DHCP option 157 with the proper information, but that string is in the Voice pool which is presented on the interface as tagged. Because the phone boots with the default untagged setting, it will try to boot using the untagged DHCP server which doesn't have the options. I would add this to the Data DHCP settings:

                           

                          ip dhcp pool "Data"

                          option 157 ascii Layer2Tagging=True,VlanID=2

                           

                          You probably don't need to put all of the FTP parameters here but if the phone doesn't pull FTP then you might. The idea is that at boot, the phone will pull the option 157 info from the default untagged DHCP pool, then switch to tagged VLAN 2 and re-initiate DHCP where it should pull the full new string with FTP data (and the same VLAN data).

                           

                          Give this a shot.

                           

                          Personal note: I don't know what Adtran was thinking. DHCP is a really dumb way to do this. If this indeed works and I suspect it will, it means that you're required to set a DHCP option on a scope, VLAN, and subnet that the phone will never use! Hopefully and presumably the data devices using native VLAN 1 and its DHCP server will simply ignore that option.

                           

                          DHCP is a Layer 3 protocol and in this case it is being used to set a Layer 2 parameter. That's backwards. The VLAN should be assigned before the phone even sends a DHCPDISCOVER packet. LLDP or Brand C's semi-proprietary CDP are much better suited. If you don't want to deal with the DHCP ugly hack, you can set tagging on and the VLAN from the web interface or the phone menu and then save it. Settings from the phone menu or web interface take precedence over DHCP. This of course requires touching every phone.

                           

                          It doesn't look like tagging or VLAN can be set from the configuration file which makes sense. In order to pull that file, the phone needs to already be on the right VLAN and have an IP address.

                           

                          EDIT: You'll need to keep the switch ports configured as trunks. Because the phones don't do LLDP, the switch won't know to enable the voice VLAN.