Views

Difference between revisions of "VLAN ID Discovery over DHCP"

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Jump to: navigation, search
(General: Included a chapter on Reason for Voice VLANs)
(General: Added a chapter on Voice VLAN Design)
Line 18: Line 18:
 
Even if Broadcast confinement is not such a pressing issue any more, customers have got used to the concept of separate Voice VLANs.
 
Even if Broadcast confinement is not such a pressing issue any more, customers have got used to the concept of separate Voice VLANs.
  
 +
=== Voice VLAN Design ===
 +
 +
In order to minimize Spanning Tree issues, the same design rules usualy applied to data VLANs also applies to Voice VLANs:
 +
Keep VLANs localized and use redundant Layer 2 paths only, if there is a good reason for this.
 +
 +
As an example, here a picture with two possible VLAN designs:
 +
 +
[[Image:Voice_VLAN_Design.jpg]]
 +
 +
It is not recommended to extend the Voice VLAN over large networks. Large Layer 2 topologies and the Spanning Tree Protocol needed in such an environment in order to block redundant paths, is prone to errors and those are a challenge to troubleshoot. Also note, that a Spanning Tree problem often leads to the whole network to be down and network equipment is not accessible for troubleshooting any more.
 +
 +
A good design avoids Layer 2 redundant paths. In a pure Layer 3 design like above, run Spanning Tree only as a measure to minimize the impact of erroneous cabling.
  
  

Revision as of 16:43, 30 March 2007

With the introduction of the feature VLAN ID Discovery the following changes have to be made, if you want to use this feature on DHCP.

General

Reason for having a Voice VLAN

There are several potential advantages to place VoIP equipment in other VLAN than the data equipment:

  • Broadcast confinement? Yes! Early VoIP equipment implementations had been very sensitive to CPU power needed to process received broadcasts. On the other side, data equipment has sent many broadcast, so it was a good idea to place VoIP equipment in an other broadcast domain.

Note, that VoIP equipment has been improved a lot since then.

  • Quality of Service? Not really! There are two aspects of using Voice VLANs with respect to QoS:
    • 802.1Q VLAN tags have a three bit field defined in IEEE 802.1p, the VoIP equipment can use to indicate the priority of sent frames. See Quality of Service. However, the same can be accomplished when using 802.1Q VLAN tags with VLAN ID = 0, which is mapped to the port VLAN ID at the next-hop adjacent Layer 2 switch. Note, that modern network equipment is capable to use Layer 3 information instead in order to classify the priority of packets.
    • Network equipment could also use the value of the VLAN ID in order to classify packets. However, a classification based on the 802.1p CoS value or even better based on the DSCP-value is preferred over this method.
  • Security? Not really! Security is improved only marginally through the extra effort an introder has to find out the Voice VLAN of a port and to connect to the VLAN. Improved packet filter mechanisms might be an argument, though.

Even if Broadcast confinement is not such a pressing issue any more, customers have got used to the concept of separate Voice VLANs.

Voice VLAN Design

In order to minimize Spanning Tree issues, the same design rules usualy applied to data VLANs also applies to Voice VLANs:

Keep VLANs localized and use redundant Layer 2 paths only, if there is a good reason for this.

As an example, here a picture with two possible VLAN designs:

Voice VLAN Design.jpg

It is not recommended to extend the Voice VLAN over large networks. Large Layer 2 topologies and the Spanning Tree Protocol needed in such an environment in order to block redundant paths, is prone to errors and those are a challenge to troubleshoot. Also note, that a Spanning Tree problem often leads to the whole network to be down and network equipment is not accessible for troubleshooting any more.

A good design avoids Layer 2 redundant paths. In a pure Layer 3 design like above, run Spanning Tree only as a measure to minimize the impact of erroneous cabling.


VLAN ID Discovery is not available when using static IP address configuration, also when setting VLAN Discovery to DHCP the phone will use the manual configured VLAN ID. The DHCP process takes longer time when DHCP Discovery is set to DHCP at the phone.

VLAN ID Discovery works this way:

  1. First the Application sends out a DHCP Discover message to find out if there is a DHCP server available.
  2. If the DHCP server sends a DHCP Offer back with the Option 43 Vendor specific options in a special format the phone will accept the Offer, sends back the DHCP Request and saves the VLAN ID provided by the DHCP server in the Vendor specific options.
  3. After the DHCP server has send the ACK message to the phone, the phone will release the leased IP address and start a new DHCP Discover cycle with using the now known VLAN ID tagging. For this process the vendor specific option is not needed.

After this process is done the phone will start normal.

Example configuration

  • Untagged Subnet is 192.1.22.0 and tagged (with VLAN ID 20) it is 10.1.22.0.
  • The optiPoint 420 should get the VLAN ID 20 via VLAN Discovery.

Please make sure that the untagged packets of the first DHCP Discover cycle reach the DHCP server that provides the vendor specific options for the optiPoint. Most likely you will have to use Relay Agents/DHCP Helper.

The options for the 192.1.22.0 subnet have to contain the option 43.

The data format of the option 43 is following:

  • Option Code for the first encapsulated option: 01 (always)
  • Length of the first data field: 0A (always 10 Byte)
  • Encapsulated data for option code 1: 53 69 65 6D 65 6E 73 00 00 00 (always Siemens plus 3 Fill bytes)
  • Option Code for the second encapsulated option: 02 (always)
  • Length of the first data field: 04 (always 4 Bytes)
  • Encapsulated data for option code 2 (VLAN ID): 00 00 00 14 (Example for VLAN ID 20)
  • Ending with 5 Padding Bytes and the end option: 00 00 00 00 00 FF (always)

If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.

File:dhcp-option43.gif
Values for option 43 using a German Windows 2000 DHCP server, as described in the configuration example.