VoIP Auto-Discovery on Untrusted Ports in MAS
Introduction- ArubaOS provides support for VoIP Auto-discovery (also referred as CDP Fingerprinting) to discover the VoIP phones using neighbor discovery protocols (such as LLDP-MED and CDP) and assign Voice VLAN to the trafficoriginating from the phone.
You can configure VoIP either in static mode or auto-discover mode. By default, VoIP is configured in static mode. When VoIP operates in static mode, the phone is expected to know the Voice VLAN to be used and send the Voice traffic with the Voice VLAN tag. This is achieved, only if the Voice VLAN is configured statically on the phone or propagated to the phone using LLDP-MED.
In auto-discover mode, when LLDP-MED or CDP discovers a phone, the switch creates a rule to associate all the traffic originating from the phone to the Voice VLAN. Hence, the Voice VLAN need not be configured statically on the phone. The Voice VLAN can be tagged or untagged depending on the LLDP-MED configuration.
VoIP configured in auto-discover mode applies the Voice VLAN only to the first neighbor discovered in an interface.
If both LLDP-MED and CDP neighbors are discovered, the preference is always given to the first LLDP-MED neighbor even if a CDP neighbor is already associated.
Mobility Access Switch automatically discovers the Cisco Discovery Protocol (CDP) phones on an untrusted interface and assigns a VoIP VLAN to the phone.
Feature Notes- It is recommended to configure the UDR for the CDP phones that do not support LLDP or 802.1x authentication on an untrusted interface.
Configuration Steps- Complete the following steps to place a non-802.1x CDP phone in a VoIP VLAN by using a user derivation rule (UDR) to match device-type:
1. Create an LLDP profile.
(host) (config) #interface-profile lldp-profile ciscophones
(host) (LLDP Profile "ciscophones") #proprietary-neighbor-discovery
2. Create a VoIP profile.
(host) (config) #interface-profile voip-profile phone
(host) (VOIP profile "phone") #voip-vlan 100
3. Create a user-role and add thepreviously created VoIP profile to that role.
(host) (config-role) #user-role phonerole
(host) (config-role) #access-list stateless allowall-stateless
(host) (config-role) #voip-profile phone
4. Create a UDR and add the phone role.
(host) (config) #aaa derivation-rules user phoneudr
(host) (user-rule) #set role condition device-type equals "phone" set-value phonerole
5. Add the UDR to a AAA profile.
(host) (config) #aaa profile phone_client
(host) (AAA Profile "phone_client") #user-derivation-rules phoneudr
6. Attach the LLDP profile and AAA profile to a port.
(host) (config) #interface gigabitethernet 0/0/2
(host) (gigabitethernet "0/0/2") #lldp-profile ciscophones
(host) (gigabitethernet "0/0/2") #aaa-profile phone_client
Answer- Alternatively, you can define the UDR for a VLAN assignment using the following command:
(host) (config) #aaa derivation-rules user <rule-name>
(host) (user-rule) #set vlan condition device-type equals phone set-value <vlan-id> [position <priority> | description <descr>]
Verification- Verified and tested in 220.127.116.11 and 18.104.22.168 image version.