Views

Difference between revisions of "VLAN ID Discovery over DHCP"

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Jump to: navigation, search
(Example configuration for Vendor Classes)
(Example configuration for Option 43)
Line 77: Line 77:
 
If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.
 
If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.
  
[[Image:dhcp-option43.gif|300px|Values for option 43 using a German Windows 2000 DHCP server, as described in the configuration example.]]
+
[[Image:dhcp-option43.gif|||300px|Values for option 43 using a German Windows 2000 DHCP server, as described in the configuration example.]]
  
 
=== Example configuration for Vendor Classes ===
 
=== Example configuration for Vendor Classes ===

Revision as of 20:38, 21 October 2008

With the introduction of the feature VLAN ID Discovery the following changes have to be made, if you want to use this feature on DHCP.

General

Reason for having a Voice VLAN

There are several potential advantages to place VoIP equipment in other VLAN than the data equipment:

  • Broadcast confinement? Yes! Early VoIP equipment implementations had been very sensitive to CPU power needed to process received broadcasts. On the other side, data equipment has sent many broadcast, so it was a good idea to place VoIP equipment in an other broadcast domain.

Note, that VoIP equipment has been improved a lot since then.

  • Quality of Service? Not really! There are two aspects of using Voice VLANs with respect to QoS:
    • 802.1Q VLAN tags have a three bit field defined in IEEE 802.1p, the VoIP equipment can use to indicate the priority of sent frames. See Quality of Service. However, the same can be accomplished when using 802.1Q VLAN tags with VLAN ID = 0, which is mapped to the port VLAN ID at the next-hop adjacent Layer 2 switch. Note, that modern network equipment is capable to use Layer 3 information instead in order to classify the priority of packets.
    • Network equipment could also use the value of the VLAN ID in order to classify packets. However, a classification based on the 802.1p CoS value or even better based on the DSCP-value is preferred over this method.
  • Security? Not really! Security is improved only marginally through the extra effort an intruder has to find out the Voice VLAN of a port and to connect to the VLAN. Improved packet filter mechanisms might be an argument, though.

Even if Broadcast confinement is not such a pressing issue any more, customers have got used to the concept of separate Voice VLANs.

Voice VLAN Design

In order to minimize Spanning Tree issues, the same design rules usualy applied to data VLANs also applies to Voice VLANs:
Keep VLANs localized and use redundant Layer 2 paths only, if there is a good reason for this.

As an example, here a picture with two possible VLAN designs:

Voice VLAN Design.jpg

It is not recommended to extend the Voice VLAN over large networks. Large Layer 2 topologies and the Spanning Tree Protocol needed in such an environment in order to block redundant paths, is prone to errors and those are a challenge to troubleshoot. Also note, that a Spanning Tree problem often leads to the whole network to be down and network equipment is not accessible for troubleshooting any more.

A good design avoids Layer 2 redundant paths. In a pure Layer 3 design like above, run Spanning Tree only as a measure to minimize the impact of erroneous cabling.

Note, that DHCP-based Voice VLAN Discovery relies on an unambigous mapping between Data Subnet and Voice VLAN. With a VLAN design like shown below, this rule is fulfilled (it is also fulfilled, if you use the same Voice VLAN for two or three Data VLANs, but this most probably will break the design rule, not to extend VLANs over large networks).

Associated Voice VLAN Design.jpg

Recommended Voice VLAN Design: Voice VLAN topology matches the data VLAN topology.

VLAN Discovery

The feature VLAN ID Discovery allows optiPoint phones to automatically determine the Voice VLAN using DHCP. This is accomplished by the standard DHCP Option 43, Vendor Specific Info. After the Voice VLAN ID is acquired, the phone will then use 802.1Q tagging to connect to this VLAN. Siemens optiPoint phones use DHCP by default to determine the Voice VLAN. This way, a phone set to the factory default settings should start up on the network with a DHCP delivered IP address and with the correctly configured Voice VLAN automatically straight out of the box. Because VLAN ID Discovery requires DHCP, it is not available when using a static IP address configuration on the phone. When an optiPoint phone has been configured to use DHCP for VLAN Discovery (the default setting), the following process occurs:

  1. First the Application sends out a DHCP Discover message to find out if there is a DHCP server available.
  2. If the DHCP server sends a DHCP Offer back with the Option 43 Vendor Specific Options in a special format, the phone will accept the Offer, send back the DHCP Request, and save the VLAN ID provided by the DHCP server in the Vendor Specific Options.
  3. After the DHCP server has send the ACK message to the phone, the phone will release the leased IP address and start a new DHCP Discover cycle using the now known Voice

VLAN ID tagging. (In the second DHCP Discover cycle the vendor specific option is not needed any more: the DHCP server should configure option 43 Voice VLAN information only in the data VLAN scope, but not in the Voice VLAN Scope.)

After this process the phone will send all frames with a 802.1Q VLAN tag with the VLAN ID learned from the process above and will attempt to contact the HiPath Gateway.

Phone Settings

  • Use dynamic IP address assignment via DHCP (mandatory!).
  • Set VLAN Discovery method to DHCP


Example configuration

Example configuration for Option 43

  • Untagged Subnet is 192.1.22.0 and tagged (with VLAN ID 20) it is 10.1.22.0.
  • The optiPoint 420 should get the VLAN ID 20 via VLAN Discovery.

Please make sure that the untagged packets of the first DHCP Discover cycle reach the DHCP server that provides the vendor specific options for the optiPoint. Most likely you will have to use Relay Agents/DHCP Helper.

The options for the 192.1.22.0 subnet have to contain the option 43.

The data format of the option 43 is following:

  • Option Code for the first encapsulated option: 01 (always)
  • Length of the first data field: 0A (always 10 Byte)
  • Encapsulated data for option code 1: 53 69 65 6D 65 6E 73 00 00 00 (always Siemens plus 3 Fill bytes)
  • Option Code for the second encapsulated option: 02 (always)
  • Length of the first data field: 04 (always 4 Bytes)
  • Encapsulated data for option code 2 (VLAN ID): 00 00 00 14 (Example for VLAN ID 20)
  • Ending with 5 Padding Bytes and the end option: 00 00 00 00 00 FF (always)

If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.

Values for option 43 using a German Windows 2000 DHCP server, as described in the configuration example.

Example configuration for Vendor Classes

Untagged Subnet is 172.16.133.0 and tagged (with VLAN ID 200) it is 192.168.133.0.

The optiPoint 420 should get the VLAN ID 200 via VLAN Discovery. Please make sure that the untagged packets of the first DHCP Discover cycle reach the DHCP server that provides the vendor specific options for the optiPoint. Most likely you will have to use Relay Agents/DHCP Helper.

The options for the 172.16.133.0 subnet have to contain

  • vendor class OptiPoint option 1 & 2 for OptiPoint 410/420
  • vendor class OptiIpPhone option 1 & 2 for OpenStage

The data format of the vendor classes is following:

  • Option Code 01: String Siemens
  • Option Code 02: ByteArray 4 Bytes: 00 00 00 c8 (Example for VLAN ID 200)

If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.

For DLS Use the options for the 192.168.133.0 tagged VLAN subnet have to contain

  • vendor class OptiIpPhone option 1 & 3 for OpenStage
  • Option Code 01: String Siemens
  • Option Code 03: String sdlp://172.16.180.211:18443 (DLS IP Address)

It must be possibel to connect from the VLAN 200 to the DLS Server.


Values for Vendor Classes using a German Windows 2003 R2 DHCP server, as described in the configuration example.
Values for Vendor Classes using a German Windows 2003 R2 DHCP server, as described in the configuration example.