How to configure VOIP vlan with tunnel node ports in MAS

Aruba Employee

This Article will help in configuring the VOIP vlan with tunnel node setup with MAS and controller. 

When the switch port is a tunneled-port, all traffic from IP phone and user traffic gets tunneled to the controller. So, LLDP-MED and voip-profile will not be active on that port. The traffic from both IP phone and user will be untagged. The roles assigned to the IP phone and data-user on the controller define the vlan which will be assigned to them.
On many occasions, network administrators would not want the IP phone to go through authentication. To achieve the desired effect : 
Apply a switching-profile on the tunneled-node port so that the port has untagged membership for data vlan. On the wired aaa profile, apply a user-derivation-rule so that phone traffic (matching the OUI)gets Voice vlan.

For instance, Let us have data vlan as 65 and VoIP vlan as 250. We want the data users to be authenticated via Captive portal and phone traffic to be in vlan 250 :
On S3500 :

interface-profile switching-profile "tn-profile"
   access-vlan 65
interface gigabitethernet "5/0/2"
   tunneled-node-profile "tn"
   switching-profile "tn-profile"
vlan 65
vlan 250

On Controller :

user-role TNInit
 vlan 65
 captive-portal "TNCP"
 access-list session logon-control
 access-list session captiveportal
 access-list session v6-logon-control
 access-list session captiveportal6
ip access-list session ACL_For_Phone
  any any any  permit
user-role TNPC
 access-list session ACL_For_Data
user-role TNPhone
 vlan 250
 access-list session ACL_For_Phone
aaa authentication captive-portal "TNCP"
   default-role "TNPC"
   server-group "TNGRP"
aaa server-group "TNGRP"
 auth-server internal
aaa derivation-rules user TNUDR
  set role condition macaddr starts-with "00:1b:54" set-value TNPhone
aaa profile "TNAAA"
   initial-role "TNInit"
   user-derivation-rules "TNUDR"
aaa authentication wired
   profile "TNAAA"
vlan 65
vlan 250

Version history
Revision #:
1 of 1
Last update:
‎04-09-2015 05:06 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: