Wired Intelligent Edge

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

I got it corrected but the configuration seems not to be working.

This is what we did.

The rexpected result is to have a port configured in a way that can automatically set the correct vlan for devices after either 802.1x authentication ( PC ) or device profiling ( Ip Phones )

here is the configuration made on a single port, so far, to test it.

The 802.1x part is already working fine.

Now we're trying to use device profiling to have the IP phones set on the correct vlan

Below the configuration

aaa server-group radius "NPS" host 172.31.200.45
aaa server-group radius "NPS" host 172.31.210.15

aaa authentication web login radius server-group "NPS" local
aaa authentication web enable radius server-group "NPS" local
aaa authentication ssh login radius server-group "NPS" local
aaa authentication ssh enable radius server-group "NPS" local
aaa authentication port-access eap-radius server-group "NPS"
aaa authentication mac-based chap-radius server-group "NPS"
aaa port-access authenticator C18
aaa port-access authenticator C18 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based C18
aaa port-access mac-based C18 unauth-vid 203
aaa port-access C18 auth-order authenticator mac-based
aaa port-access C18 auth-priority authenticator mac-based

aaa port-access lldp-bypass C18

device-identity name "AlcatelPhone"
   lldp oui 788102 sub-type 1
   exit
device-identity name "AlcatelPhone2"
   lldp oui 00809f sub-type 1
   exit
device-profile name "IP-Phone"
   untagged-vlan 212
   cos 5
   allow-jumbo-frames
   exit
device-profile device-type "AlcatelPhone"
   associate "IP-Phone"
   enable
   exit

device-profile device-type "AlcatelPhone2"
   associate "IP-Phone"
   enable
   exit

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

Hi again,

I think you need to enable globally:
aaa port-access use-lldp-data

and maybe on interface level: poe-lldp-detect

/Jochem

I got it corrected but the configuration seems not to be working.

This is what we did.

The rexpected result is to have a port configured in a way that can automatically set the correct vlan for devices after either 802.1x authentication ( PC ) or device profiling ( Ip Phones )

here is the configuration made on a single port, so far, to test it.

The 802.1x part is already working fine.

Now we're trying to use device profiling to have the IP phones set on the correct vlan

Below the configuration

aaa server-group radius "NPS" host 172.31.200.45
aaa server-group radius "NPS" host 172.31.210.15

aaa authentication web login radius server-group "NPS" local
aaa authentication web enable radius server-group "NPS" local
aaa authentication ssh login radius server-group "NPS" local
aaa authentication ssh enable radius server-group "NPS" local
aaa authentication port-access eap-radius server-group "NPS"
aaa authentication mac-based chap-radius server-group "NPS"
aaa port-access authenticator C18
aaa port-access authenticator C18 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based C18
aaa port-access mac-based C18 unauth-vid 203
aaa port-access C18 auth-order authenticator mac-based
aaa port-access C18 auth-priority authenticator mac-based

aaa port-access lldp-bypass C18

device-identity name "AlcatelPhone"
   lldp oui 788102 sub-type 1
   exit
device-identity name "AlcatelPhone2"
   lldp oui 00809f sub-type 1
   exit
device-profile name "IP-Phone"
   untagged-vlan 212
   cos 5
   allow-jumbo-frames
   exit
device-profile device-type "AlcatelPhone"
   associate "IP-Phone"
   enable
   exit

device-profile device-type "AlcatelPhone2"
   associate "IP-Phone"
   enable
   exit

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

Hello

the strange thing is that now I don't see any mac-address when I connect the phone, and it doesn't work.

Hi again,

I think you need to enable globally:
aaa port-access use-lldp-data

and maybe on interface level: poe-lldp-detect

/Jochem

I got it corrected but the configuration seems not to be working.

This is what we did.

The rexpected result is to have a port configured in a way that can automatically set the correct vlan for devices after either 802.1x authentication ( PC ) or device profiling ( Ip Phones )

here is the configuration made on a single port, so far, to test it.

The 802.1x part is already working fine.

Now we're trying to use device profiling to have the IP phones set on the correct vlan

Below the configuration

aaa server-group radius "NPS" host 172.31.200.45
aaa server-group radius "NPS" host 172.31.210.15

aaa authentication web login radius server-group "NPS" local
aaa authentication web enable radius server-group "NPS" local
aaa authentication ssh login radius server-group "NPS" local
aaa authentication ssh enable radius server-group "NPS" local
aaa authentication port-access eap-radius server-group "NPS"
aaa authentication mac-based chap-radius server-group "NPS"
aaa port-access authenticator C18
aaa port-access authenticator C18 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based C18
aaa port-access mac-based C18 unauth-vid 203
aaa port-access C18 auth-order authenticator mac-based
aaa port-access C18 auth-priority authenticator mac-based

aaa port-access lldp-bypass C18

device-identity name "AlcatelPhone"
   lldp oui 788102 sub-type 1
   exit
device-identity name "AlcatelPhone2"
   lldp oui 00809f sub-type 1
   exit
device-profile name "IP-Phone"
   untagged-vlan 212
   cos 5
   allow-jumbo-frames
   exit
device-profile device-type "AlcatelPhone"
   associate "IP-Phone"
   enable
   exit

device-profile device-type "AlcatelPhone2"
   associate "IP-Phone"
   enable
   exit

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

Hello

the strange thing is that now I don't see any mac-address when I connect the phone, and it doesn't work.

Hi again,

I think you need to enable globally:
aaa port-access use-lldp-data

and maybe on interface level: poe-lldp-detect

/Jochem

I got it corrected but the configuration seems not to be working.

This is what we did.

The rexpected result is to have a port configured in a way that can automatically set the correct vlan for devices after either 802.1x authentication ( PC ) or device profiling ( Ip Phones )

here is the configuration made on a single port, so far, to test it.

The 802.1x part is already working fine.

Now we're trying to use device profiling to have the IP phones set on the correct vlan

Below the configuration

aaa server-group radius "NPS" host 172.31.200.45
aaa server-group radius "NPS" host 172.31.210.15

aaa authentication web login radius server-group "NPS" local
aaa authentication web enable radius server-group "NPS" local
aaa authentication ssh login radius server-group "NPS" local
aaa authentication ssh enable radius server-group "NPS" local
aaa authentication port-access eap-radius server-group "NPS"
aaa authentication mac-based chap-radius server-group "NPS"
aaa port-access authenticator C18
aaa port-access authenticator C18 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based C18
aaa port-access mac-based C18 unauth-vid 203
aaa port-access C18 auth-order authenticator mac-based
aaa port-access C18 auth-priority authenticator mac-based

aaa port-access lldp-bypass C18

device-identity name "AlcatelPhone"
   lldp oui 788102 sub-type 1
   exit
device-identity name "AlcatelPhone2"
   lldp oui 00809f sub-type 1
   exit
device-profile name "IP-Phone"
   untagged-vlan 212
   cos 5
   allow-jumbo-frames
   exit
device-profile device-type "AlcatelPhone"
   associate "IP-Phone"
   enable
   exit

device-profile device-type "AlcatelPhone2"
   associate "IP-Phone"
   enable
   exit

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

The problem with the mac-addres that suddenly wasn't showing anymore was due to the command

aaa port-access lldp-bypass c18

Instead I tried the following 

aaa port-access device-identity "AlcatelPhone2" bypass C18

but still doesn't work

Hello

the strange thing is that now I don't see any mac-address when I connect the phone, and it doesn't work.

Hi again,

I think you need to enable globally:
aaa port-access use-lldp-data

and maybe on interface level: poe-lldp-detect

/Jochem

I got it corrected but the configuration seems not to be working.

This is what we did.

The rexpected result is to have a port configured in a way that can automatically set the correct vlan for devices after either 802.1x authentication ( PC ) or device profiling ( Ip Phones )

here is the configuration made on a single port, so far, to test it.

The 802.1x part is already working fine.

Now we're trying to use device profiling to have the IP phones set on the correct vlan

Below the configuration

aaa server-group radius "NPS" host 172.31.200.45
aaa server-group radius "NPS" host 172.31.210.15

aaa authentication web login radius server-group "NPS" local
aaa authentication web enable radius server-group "NPS" local
aaa authentication ssh login radius server-group "NPS" local
aaa authentication ssh enable radius server-group "NPS" local
aaa authentication port-access eap-radius server-group "NPS"
aaa authentication mac-based chap-radius server-group "NPS"
aaa port-access authenticator C18
aaa port-access authenticator C18 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based C18
aaa port-access mac-based C18 unauth-vid 203
aaa port-access C18 auth-order authenticator mac-based
aaa port-access C18 auth-priority authenticator mac-based

aaa port-access lldp-bypass C18

device-identity name "AlcatelPhone"
   lldp oui 788102 sub-type 1
   exit
device-identity name "AlcatelPhone2"
   lldp oui 00809f sub-type 1
   exit
device-profile name "IP-Phone"
   untagged-vlan 212
   cos 5
   allow-jumbo-frames
   exit
device-profile device-type "AlcatelPhone"
   associate "IP-Phone"
   enable
   exit

device-profile device-type "AlcatelPhone2"
   associate "IP-Phone"
   enable
   exit

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks

then you need do a packet capture and verify if the phones are providing the correct lldp information.
if that's not matching your definition then it is no surprise.
Alternatively - you could have a look at "local mac auth" .....

Note: I did some longer time ago verify the device-identity in combination with Aruba-AP - that did work properly
Note2: hope you are using a recent firmware, there might be issues in older versions

The problem with the mac-addres that suddenly wasn't showing anymore was due to the command

aaa port-access lldp-bypass c18

Instead I tried the following 

aaa port-access device-identity "AlcatelPhone2" bypass C18

but still doesn't work

Hello

the strange thing is that now I don't see any mac-address when I connect the phone, and it doesn't work.

Hi again,

I think you need to enable globally:
aaa port-access use-lldp-data

and maybe on interface level: poe-lldp-detect

/Jochem

I got it corrected but the configuration seems not to be working.

This is what we did.

The rexpected result is to have a port configured in a way that can automatically set the correct vlan for devices after either 802.1x authentication ( PC ) or device profiling ( Ip Phones )

here is the configuration made on a single port, so far, to test it.

The 802.1x part is already working fine.

Now we're trying to use device profiling to have the IP phones set on the correct vlan

Below the configuration

aaa server-group radius "NPS" host 172.31.200.45
aaa server-group radius "NPS" host 172.31.210.15

aaa authentication web login radius server-group "NPS" local
aaa authentication web enable radius server-group "NPS" local
aaa authentication ssh login radius server-group "NPS" local
aaa authentication ssh enable radius server-group "NPS" local
aaa authentication port-access eap-radius server-group "NPS"
aaa authentication mac-based chap-radius server-group "NPS"
aaa port-access authenticator C18
aaa port-access authenticator C18 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based C18
aaa port-access mac-based C18 unauth-vid 203
aaa port-access C18 auth-order authenticator mac-based
aaa port-access C18 auth-priority authenticator mac-based

aaa port-access lldp-bypass C18

device-identity name "AlcatelPhone"
   lldp oui 788102 sub-type 1
   exit
device-identity name "AlcatelPhone2"
   lldp oui 00809f sub-type 1
   exit
device-profile name "IP-Phone"
   untagged-vlan 212
   cos 5
   allow-jumbo-frames
   exit
device-profile device-type "AlcatelPhone"
   associate "IP-Phone"
   enable
   exit

device-profile device-type "AlcatelPhone2"
   associate "IP-Phone"
   enable
   exit

Hi Stefano,

I guess it's just a typo in the document - pls. try "allow-jumbo-frames" with an additional dash.....
you can always verify commands by typing the "?" (or filtered using e.g. "a?" for possible commands starting with an "a")

/Jochem

I'm deploying a VOIP solution using a 5412R ZL2 running version  KB.16.11.0010.

Following the documentation found in the Document "VoIP Deployment on ArubaOS-Switch ArubaOS-Switch 16.06"
I followed these steps.

switch(config)# device-identity name "VoIP-Phone"
switch(identity-VoIP-Phone)# lldp oui 0012bb sub-type 1
switch(identity-VoIP-Phone)# exit

Next, create the device profile with settings to be applied to provisioned ports:
switch(config)# device-profile name "Phone-Profile"
switch(device-profile)# tagged-vlan 100
switch(device-profile)# untagged-vlan 110
switch(device-profile)# allow-jumbo frames

The problem is that the "allow-jumbo frames"  does not exists.

Has it been removed, I couldn't find an equivalent

The other question is about the following 

switch(config)# device-profile device-type "VoIP-Phone"
switch(device-VoIP-Phone)# associate "Phone-Profile"
switch(device-VoIP-Phone)# enable

Can I associate more than one Phone Device type to the "phone-profile" ?

thanks