Wired Networks

How to configure VOIP vlan with tunnel node ports in MAS

This Article will help in configuring the VOIP vlan with tunnel node setup with MAS and controller. 

When the switch port is a tunneled-port, all traffic from IP phone and user traffic gets tunneled to the controller. So, LLDP-MED and voip-profile will not be active on that port. The traffic from both IP phone and user will be untagged. The roles assigned to the IP phone and data-user on the controller define the vlan which will be assigned to them.
  
On many occasions, network administrators would not want the IP phone to go through authentication. To achieve the desired effect : 
Apply a switching-profile on the tunneled-node port so that the port has untagged membership for data vlan. On the wired aaa profile, apply a user-derivation-rule so that phone traffic (matching the OUI)gets Voice vlan.

For instance, Let us have data vlan as 65 and VoIP vlan as 250. We want the data users to be authenticated via Captive portal and phone traffic to be in vlan 250 :
 
On S3500 :

interface-profile switching-profile "tn-profile"
   access-vlan 65
interface gigabitethernet "5/0/2"
   tunneled-node-profile "tn"
   switching-profile "tn-profile"
!
vlan 65
!
vlan 250
!

On Controller :

user-role TNInit
 vlan 65
 captive-portal "TNCP"
 access-list session logon-control
 access-list session captiveportal
 access-list session v6-logon-control
 access-list session captiveportal6
!
ip access-list session ACL_For_Phone
  any any any  permit
!
user-role TNPC
 access-list session ACL_For_Data
!
user-role TNPhone
 vlan 250
 access-list session ACL_For_Phone
!
aaa authentication captive-portal "TNCP"
   default-role "TNPC"
   server-group "TNGRP"
!
aaa server-group "TNGRP"
 auth-server internal
!
aaa derivation-rules user TNUDR
  set role condition macaddr starts-with "00:1b:54" set-value TNPhone
!
aaa profile "TNAAA"
   initial-role "TNInit"
   user-derivation-rules "TNUDR"
!
aaa authentication wired
   profile "TNAAA"
!
vlan 65
!
vlan 250
!

Version history
Revision #:
1 of 1
Last update:
‎04-09-2015 05:06 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.