09-14-2012 07:02 AM
Our phone system is VOIP, running from VLAN 9. Each port on our switches is tagged for VLAN 9 so even if the port's VLAN is 2 or 3, the phone's can still access VLAN 9.
I'm having trouble getting our phones to work with the AP-93h model. It has wired ports on the bottom but even since the port that the AP is plugged into has to be tagged on our management VLAN, it can't be tagged for VLAN 9. Is there any way to tag VLAN 9 for the port we're using on the controller?
09-18-2012 10:42 AM
you should be able to have multiple tagged vlans going down to the AP.
You can then change the wired AP profile - you'll need switchport mode to be "trunk" and make sure 9 is a "trunk mode allowed VLANs" - defualt is to allow all tags. leaving native vlan as 1 - should just allow untagged traffic through the port to whatever the native/untagged vlan is for the uplink switch port
To make this work a few things are required:
If the 93 is a campus AP and not a RAP - you'll need make sure cpsec is enabled
The AP system profile has a "Session ACL" that limits what traffic is allowed on the AP's uplink - by default its very limited ie only what the AP needs to talk to the controller and setup tunnels
You can't set the wired port mode to "trusted" so you need to make a aaa-profile to allow your voip phone traffic - and the phone's ip will need to be able to be valid users on the controller.
on your question about the controller - I suppose you could have the port's "forward mode" set to tunnel - switch port would still be trunk - vlan9 would need to hit your controller.... ie all phone traffic would then be tunneled through your controller. In my setup I wanted to avoid sending any non wifi traffic through the controller so I have not experimented with that option.