Difference between revisions of "VLAN ID Discovery over DHCP"
The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Line 77: | Line 77: | ||
− | + | == Example configuration for Vendor Classes == | |
* In this Example VLAN 200 (0xc8) is set | * In this Example VLAN 200 (0xc8) is set | ||
* The "OptiPoint" vendor class with option 2 for VLAN does only worh with OptiPoint 410/420 | * The "OptiPoint" vendor class with option 2 for VLAN does only worh with OptiPoint 410/420 | ||
* To set this for OpenStage devices use the "OptiIpPhone" vendor class 2 for VLAN | * To set this for OpenStage devices use the "OptiIpPhone" vendor class 2 for VLAN | ||
− | * Option must set as Byte Array with 4 bytes | + | * Option must set as Byte Array with 4 bytes '''00 00 00 c8''' (Example for VLAN ID 200) |
[[Image:Vendorclass-DHCP-Option2.jpg|left|thumb|300px|Values for Vendor Classes using a German Windows 2003 R2 DHCP server, as described in the configuration example.]] | [[Image:Vendorclass-DHCP-Option2.jpg|left|thumb|300px|Values for Vendor Classes using a German Windows 2003 R2 DHCP server, as described in the configuration example.]] |
Revision as of 20:08, 21 October 2008
With the introduction of the feature VLAN ID Discovery the following changes have to be made, if you want to use this feature on DHCP.
Contents
General
Reason for having a Voice VLAN
There are several potential advantages to place VoIP equipment in other VLAN than the data equipment:
- Broadcast confinement? Yes! Early VoIP equipment implementations had been very sensitive to CPU power needed to process received broadcasts. On the other side, data equipment has sent many broadcast, so it was a good idea to place VoIP equipment in an other broadcast domain.
Note, that VoIP equipment has been improved a lot since then.
- Quality of Service? Not really! There are two aspects of using Voice VLANs with respect to QoS:
- 802.1Q VLAN tags have a three bit field defined in IEEE 802.1p, the VoIP equipment can use to indicate the priority of sent frames. See Quality of Service. However, the same can be accomplished when using 802.1Q VLAN tags with VLAN ID = 0, which is mapped to the port VLAN ID at the next-hop adjacent Layer 2 switch. Note, that modern network equipment is capable to use Layer 3 information instead in order to classify the priority of packets.
- Network equipment could also use the value of the VLAN ID in order to classify packets. However, a classification based on the 802.1p CoS value or even better based on the DSCP-value is preferred over this method.
- Security? Not really! Security is improved only marginally through the extra effort an intruder has to find out the Voice VLAN of a port and to connect to the VLAN. Improved packet filter mechanisms might be an argument, though.
Even if Broadcast confinement is not such a pressing issue any more, customers have got used to the concept of separate Voice VLANs.
Voice VLAN Design
In order to minimize Spanning Tree issues, the same design rules usualy applied to data VLANs also applies to Voice VLANs: |
As an example, here a picture with two possible VLAN designs:
It is not recommended to extend the Voice VLAN over large networks. Large Layer 2 topologies and the Spanning Tree Protocol needed in such an environment in order to block redundant paths, is prone to errors and those are a challenge to troubleshoot. Also note, that a Spanning Tree problem often leads to the whole network to be down and network equipment is not accessible for troubleshooting any more.
A good design avoids Layer 2 redundant paths. In a pure Layer 3 design like above, run Spanning Tree only as a measure to minimize the impact of erroneous cabling.
Note, that DHCP-based Voice VLAN Discovery relies on an unambigous mapping between Data Subnet and Voice VLAN. With a VLAN design like shown below, this rule is fulfilled (it is also fulfilled, if you use the same Voice VLAN for two or three Data VLANs, but this most probably will break the design rule, not to extend VLANs over large networks).
Recommended Voice VLAN Design: Voice VLAN topology matches the data VLAN topology.
VLAN Discovery
The feature VLAN ID Discovery allows optiPoint phones to automatically determine the Voice VLAN using DHCP. This is accomplished by the standard DHCP Option 43, Vendor Specific Info. After the Voice VLAN ID is acquired, the phone will then use 802.1Q tagging to connect to this VLAN. Siemens optiPoint phones use DHCP by default to determine the Voice VLAN. This way, a phone set to the factory default settings should start up on the network with a DHCP delivered IP address and with the correctly configured Voice VLAN automatically straight out of the box. Because VLAN ID Discovery requires DHCP, it is not available when using a static IP address configuration on the phone. When an optiPoint phone has been configured to use DHCP for VLAN Discovery (the default setting), the following process occurs:
- First the Application sends out a DHCP Discover message to find out if there is a DHCP server available.
- If the DHCP server sends a DHCP Offer back with the Option 43 Vendor Specific Options in a special format, the phone will accept the Offer, send back the DHCP Request, and save the VLAN ID provided by the DHCP server in the Vendor Specific Options.
- After the DHCP server has send the ACK message to the phone, the phone will release the leased IP address and start a new DHCP Discover cycle using the now known Voice
VLAN ID tagging. (In the second DHCP Discover cycle the vendor specific option is not needed any more: the DHCP server should configure option 43 Voice VLAN information only in the data VLAN scope, but not in the Voice VLAN Scope.)
After this process the phone will send all frames with a 802.1Q VLAN tag with the VLAN ID learned from the process above and will attempt to contact the HiPath Gateway.
Phone Settings
- Use dynamic IP address assignment via DHCP (mandatory!).
- Set VLAN Discovery method to DHCP
Example configuration for Option 43
- Untagged Subnet is 192.1.22.0 and tagged (with VLAN ID 20) it is 10.1.22.0.
- The optiPoint 420 should get the VLAN ID 20 via VLAN Discovery.
Please make sure that the untagged packets of the first DHCP Discover cycle reach the DHCP server that provides the vendor specific options for the optiPoint. Most likely you will have to use Relay Agents/DHCP Helper.
The options for the 192.1.22.0 subnet have to contain the option 43.
The data format of the option 43 is following:
- Option Code for the first encapsulated option: 01 (always)
- Length of the first data field: 0A (always 10 Byte)
- Encapsulated data for option code 1: 53 69 65 6D 65 6E 73 00 00 00 (always Siemens plus 3 Fill bytes)
- Option Code for the second encapsulated option: 02 (always)
- Length of the first data field: 04 (always 4 Bytes)
- Encapsulated data for option code 2 (VLAN ID): 00 00 00 14 (Example for VLAN ID 20)
- Ending with 5 Padding Bytes and the end option: 00 00 00 00 00 FF (always)
If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.
Example configuration for Vendor Classes
- In this Example VLAN 200 (0xc8) is set
- The "OptiPoint" vendor class with option 2 for VLAN does only worh with OptiPoint 410/420
- To set this for OpenStage devices use the "OptiIpPhone" vendor class 2 for VLAN
- Option must set as Byte Array with 4 bytes 00 00 00 c8 (Example for VLAN ID 200)