Wireless Access

 View Only
  • 1.  LLDP-MED sends voice VLAN of 0

    Posted Jul 26, 2013 02:22 PM

    Hello,

     

    I'm trying to use LLDP-MED to attach a Cisco 7911 VoIP phone to port ENET2 on a RAP-3WNP talking to an M3 running 6.2.1.2.  However, the AP doesn't seem to be sending the voice VLAN to the phone.

     

    I have LLDP-MED and the AP configured as follows:

     

    ap-group "cs-rap3_raps"

     enet2-port-profile "phone_wiredport"

     ...

    !

    ap wired-port-profile "phone_wiredport"
     wired-ap-profile "phone_wiredap"
     enet-link-profile "poe_enet"
     lldp-profile "phone_lldp"
     no rap-backup
     aaa-profile "NoAuthAAAProfile"

    !

    ap wired-ap-profile "phone_wiredap"
     wired-ap-enable
     trusted
     switchport mode trunk
     switchport trunk allowed vlan 2812

    !

    ap enet-link-profile "poe_enet"
     poe

    !

     

    ap lldp profile "phone_lldp"
     lldp-med-tlvs capabilities network-policy power inventory
     lldp-med-network-policy-profile "phone_lldpmed"

    !

     

    ap lldp med-network-policy-profile "phone_lldpmed"
     vlan 2812
     tagged

    The phone is appearing when I do 'show ap lldp neighbor ...' and is identified as a phone with capability 'P' but it's not picking up the voice VLAN (checking under Settings -> Network -> Operational VLAN Id).

     

    At one point, it was picking up a VLAN ID of "0" overriding an administratively-set VLAN in the phone, but that's stopped happening with my fiddling.

     

    I've tried advertising the DSCP/CoS values, adding and removing a signalling LLDP-MED profile and various other things (like adding another VLAN trunk native to see if it didn't like there wasn't a native VLAN on the port).  However, none worked.

     

    Is there anything obvious missing, before I start trying to sniff traffic between the two?



  • 2.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jul 26, 2013 02:33 PM

     

    Is E2 configure as a trunk ?



  • 3.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jul 26, 2013 02:36 PM

    I am not sure if that is a supported configuration.  I would open a TAC case for tracking purposes and to verify.

     

    Alternatively, you can always set the port as untrusted and then use a user derivation rule based on MAC OUI or DHCP fingerprint to place the phone into a role where the VLAN would be applied.



  • 4.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jul 29, 2013 08:05 AM

    ENET2 is configured with the wired port profile:

     

    ap-group "cs-rap3_raps"
     enet1-port-profile "shutdown"
     enet2-port-profile "phone_wiredport"

    Which part isn't supported?  Is it not having a native VLAN on the same port?

     

    Fundamentally, I assume having a phone on a trunk port with a tagged voice VLAN and using LLDP-MED to advertise it should be (that's the whole point of it!).

     

    I'm not mad on using OUI or fingerprinting as that's something which I'll need to keep reviewing to check it's working - we use LLDP-MED everywhere else.



  • 5.  RE: LLDP-MED sends voice VLAN of 0

    Posted Nov 09, 2013 10:13 AM

    Hi Bob,

     

    I'm working on the exact same issue. Did you get LLDP to work with the Cisco phones?

     

    Also, were you able to plug a laptop into the phone and authenticate correctly?

     

    Thanks!

     

    -Mike



  • 6.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jun 18, 2014 06:40 AM

    Hi all,

     

    I've an Alcatel-Lucent IP phone connected to the PoE port E2 of a RAP-3WNP and have it configured the way, that it should get the vlan ID through LLDP-MED. However, it doesn't work (the phone only connects untagged). Is this kind of setup even supported with the RAP3 or is it limited to the Aruba Mobility Switches? It's a kind of strange to me, that you can configure everything in the LLDP-MED network policy but nothing happens at all.

     

    BTW: LLDP-Med is working fine with an Alcatel-Lucent LAN Switch.

     

    Thank you for all your feedback in advance,


    Stefan



  • 7.  RE: LLDP-MED sends voice VLAN of 0



  • 8.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jun 18, 2014 08:09 AM

    Hi Colin

     

    Thank you for your fast reply.

     

    I did the configuration through the webGUI but yes, it should be that way:

     

    !
    ap-group "ap_grp_rap_test"
       [..]
       enet1-port-profile "rap_4082pvid_rest_tagged_lldp"
       enet2-port-profile "rap_4082pvid_rest_tagged_lldp"
       [..]
    !
    !
    ap wired-port-profile "rap_4082pvid_rest_tagged_lldp"
       wired-ap-profile "rap_4082pvid_rest_tagged"
       lldp-profile "alu_voip_lldp_med"
       aaa-profile "default"
    !
    !
    ap lldp med-network-policy-profile "alu_voip_lldp_med"
       vlan 4084
       tagged
       l2-priority 5
       dscp 46
    !

    Vlan 4084 is the voice vlan.

    So generally it should work with the RAP3?

     

    Thanks,

    Stefan



  • 9.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jun 19, 2014 03:12 PM

    Hello,

     

    Did you get this to work on the RAP. I am having a simliar issue trying get a VoIP phone to use LLDP on a RAP's wired port. Keeps using the native VLAN. I have tried setting it as both an access and a trunk port. Not sure what I am missing.



  • 10.  RE: LLDP-MED sends voice VLAN of 0

    Posted Jun 20, 2014 07:14 AM

    Hi,

     

    Unfortunately not. I have exactly the same behavior.

     

    Cheers,


    Stefan



  • 11.  RE: LLDP-MED sends voice VLAN of 0
    Best Answer

    Posted Jul 18, 2014 10:15 PM

    Hello,

     

    I worked with TAC on this and it appears to be a limiation of the ealier RAPs. I have a RAP5WN and a RAP3. It would not work on the RAP5WN, but worked on the RAP3. The TAC engineer suspected this was the issue, but could not confirm whether or not LLDP was supported on the older RAP models.

     

    Having said that I did see strange behavior. I am doing this with a Shoretel phone so I am not sure if it's from the Shoretel side or the Aruba side. What would happen is if I rebooted the phone after it successfully booted up and was placed in the correct VLAN via LLDP, the LLDP assigment would not work the second time it booted. If I waited for a few minutes then it would. May be a timer somewhere I don't know about. While this may not be a major issue for a technical person, if this happened to a non-technical user I could see it being an issue since more often than not they are not patient enought to wait it out.

     

    One other thing, specific to Shoretel. Shoretel uses either DHCP option 066 or 156 to assign an FTP server for the phones to pull their config from. If you are using LLDP with Shoretel you have to use option 066. For some reason option 156 conflicts with LLDP. I belive it's because option 156 can include settings for VLAN assignment. Even when you do not specific a VLAN assignment with option 156 it will overwirte the LLDP VLAN assigment and put the phone into the native VLAN.

     

    Here is my config. The AAA profile just sets the initial role to authenticated, making it a trusted port should accomplish the same..

     

    ap wired-ap-profile "RAP-Wired-LLDP"
       wired-ap-enable
       switchport mode trunk
       switchport access vlan 10
       switchport trunk native vlan 10

    ap lldp med-network-policy-profile "default"
    !
    ap lldp med-network-policy-profile "LLDP-Voice"
       vlan 30
       tagged
       l2-priority 5
       dscp 46

    ap lldp profile "default"
    !                                                
    ap lldp profile "RAP-LLDP"
       optional-tlvs
       dot3-tlvs
       lldp-med-tlvs capabilities network-policy
       lldp-med-network-policy-profile "LLDP-Voice"