Wired Networks

How to make CDP based IP phones fall in the voice vlan when connected to Aruba Mobility Switch?


How can I make my CDP based VOIP phone fall in correct vlan? 
Why doesn't Aruba reply with CDP messages when they are sent by the VOIP device?


This article applies to all Aruba mobility switches and code versions.


1.  Phone doesn't fall in the voice vlan when connected to Aruba Switch.
2. Works fine when connected to cisco switch.



While integrating VOIP into the IP network it is always a good practice to have a separate dedicated Vlan for VOIP. This provides it separation from outage occurring in use Vlan.

IP phones need to send out  L-2 datagrams apprising the switch to which they are connected to that they are a VOIP device and thus must be put in configured Voice Vlan. When the switch receives, it puts the phone in a voice vlan.

Switch will also start a timer. It will age out the VOIP phone unless it keeps receiving the datagram which advertize it's voice capability.

CDP is a proprietary protocol. Aruba can read it by Proprietary neighbor discovery switch in LLDP profile. However, it can't furnish a CDP datagram due to its proprietary nature. This can cause the problem as shown below:

1. Configure an LLDP profile:

#config t

#interface-profile lldp-profile polycom-lldp-profile
#lldp transmit
#lldp recieve
#med enable

This creates a new LLDP profile with transmit and receive of LLDP datagrams enabled. Proprietary neighbor discovery is enabled so that it can read CDP and other proprietary protocols.

We also enable LLDP MED for VOIP phone discovery. LLDP-MED (media endpoint devices) is an extension to LLDP to support interoperability between VoIP end-point devices and other networking end-devices.

2. We make a VOIP profile. This tells the switch to put the VOIP phone data in the VOICE Vlan.

#interface-profile voip-profile polycom-voip-profile
# voip-vlan 100

3. Apply the configured profiles to interface. Interface g 0/0/4 connects to a polycom phone while the other  interface connects to a cisco device.

#interface gigabitethernet 0/0/4
#lldp-profile polycom-lldp-profile
#voip-profile polycom-voip-profile

#interface gigabitethernet 0/1/0
#lldp-profile polycom-lldp-profile

#show interface-profile lldp-profile lldp-factory-initial

LLDP Profile "lldp-factory-initial"

Parameter                                                                          Value
-----------                                                                           ------
LLDP pdu transmit                                                               Enabled
LLDP protocol receive processing                                          Enabled
LLDP transmit interval (Secs)                                               30
LLDP transmit hold multiplier                                                1
LLDP-MED protocol                                                              Enabled
Control proprietary neighbor discovery                                  Enabled

After configuring the above, We connect the Polycom IP phone to the interface g 0/0/4. We also connect a Cisco device to port g 0/1/0. This Cisco device keeps sending the CDP datagrams continuously.Please note that if it is a POE powered IP phone, we must configure a POE profile on the interface also.

4. We type the following command to see the connected devices:

#show neighbor-devices

Neighbor Devices Information

Interface            Neighbor ID             Protocol           Remote intf                    Expiry-Time (Secs)
---------             -----------                ---------           -------------                    ---------------------
GE0/0/4             SEP0004f21dbb81    CDPv2             Port 1                             169
GE0/1/0             C4510R                   CDPv2             GigabitEthernet2/5          153

5. As per the output above, Aruba mobility switch detects the Polycom phone as a VOIP device as MED and proprietary discovery is enabled in the lldp profile. This will put the Polycom phone traffic in configured voice vlan.

We see that both the cisco device and polycom IP phone are listed  with their timeout values. This valuse will decrements by one every second. When this value reaches 0, the LLDP / CDP info is flushed out. This value is reset every time the Aruba recieves LLDP / CDP datagram.

Aruba cannot send CDP mesage due to its proprietary nature. Polycom phones send only 3-4 CDP messages hoping that the connected device is CDP capable. If it doesn't receive CDP messages, it assumes that the connected device is not CDP capable and stops sending CDP messages. This times out the Polycom phones from lldp neighbor table and soon they lose the connectivity to the voice vlan.

6. We check the status after some time:

#show neighbor-devices

Neighbor Devices Information

Interface              Neighbor ID                Protocol          Remote intf                Expiry-Time (Secs)
----------              -------------                ---------          -------------                ------------------
GE0/0/4               SEP0004f21dbb81        CDPv2            Port 1                       106
GE0/1/0               C4510R                       CDPv2            GigabitEthernet2/5    150

Later we see:

#show neighbor-devices

Neighbor Devices Information

Interface           Neighbor ID                 Protocol             Remote intf              Expiry-Time (Secs)
----------           -------------                  ---------            -------------               --------------------
GE0/0/4            SEP0004f21dbb81        CDPv2               Port 1                       30
GE0/1/0            C4510R                       CDPv2               GigabitEthernet2/5    145

7. Then after about a 100 seconds Polycom times out, but Cisco device is still there.

#show neighbor-devices

Neighbor Devices Information

Interface        Neighbor ID            Protocol           Remote intf                Expiry-Time (Secs)
----------        -------------            ---------           -------------                ------------------
GE0/1/0         C4510R                  CDPv2             GigabitEthernet2/5     145

When this happens, the Polycom device is no longer in voice vlan and loses it's connectivity to call server.

Root Cause:

1. CDP is a proprietary protocol. Aruba can read it but cannot generate it.
2. Some phones require CDP replies. These phones will not fall in correct vlan by CDP.



We can use oui/ mac based authentication to push the device in voice vlan.
We find that the Polycom phones start with following mac addresses:

- 00:04:F2
- 00:90:7A

1. Make an ACL that will permit all traffic which falls into the voip-phone-acl.

#ip access-list stateless voip-phone-acl any any any permit.

2. Put that ACL in voip-phone-role. Assign it voip vlan. Thus anyone falling into that role will have all traffic allowed and will  fall in the configured Voice vlan.

#user-role voip-phone-role access-list stateless phoneacl vlan 100

3. Make a UDR entry in a aaa profile for the polycom phones.

#aaa profile phone-profile user-derivation-rules udr-for-phone.

4. We configure the UDR so that it puts any machine which starts with that OUI into voip-phone-role

#aaa derivation-rules user udr-for-phone set role condition macaddr starts-with "00:04:f2"
#set-value voip-phone-role set role condition macaddr starts-with "00:90:7a" set-value ip-phone-role

5. Finally we untrust the port and apply the configured aaa profile to that port:

#interface gigabitethernet 0/0/4
#aaa-profile phone-profile
#no trusted port


To push a CDP based phone to its correct vlan, we need to use MAC based authentication which will push it to correct vlan based upon the OUI.

Version History
Revision #:
1 of 1
Last update:
‎06-01-2014 02:07 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.