Difference between revisions of "VLAN ID Discovery over DHCP"
The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Line 1: | Line 1: | ||
− | {{Breadcrumb|0|0}} | + | {{Breadcrumb|0|0|{{dev-en}}|optiPoint}} |
With the introduction of the feature '''VLAN ID Discovery''' the following changes have to be made, if you want to use this feature on [[DHCP]]. | With the introduction of the feature '''VLAN ID Discovery''' the following changes have to be made, if you want to use this feature on [[DHCP]]. |
Revision as of 08:42, 11 August 2011
With the introduction of the feature VLAN ID Discovery the following changes have to be made, if you want to use this feature on DHCP.
Contents
General
Reason for having a Voice VLAN
There are several potential advantages to place VoIP equipment in other VLAN than the data equipment:
- Broadcast confinement? Yes! Early VoIP equipment implementations had been very sensitive to CPU power needed to process received broadcasts. On the other side, data equipment has sent many broadcast, so it was a good idea to place VoIP equipment in an other broadcast domain.
Note, that VoIP equipment has been improved a lot since then.
- Quality of Service? Not really! There are two aspects of using Voice VLANs with respect to QoS:
- 802.1Q VLAN tags have a three bit field defined in IEEE 802.1p, the VoIP equipment can use to indicate the priority of sent frames. See Quality of Service. However, the same can be accomplished when using 802.1Q VLAN tags with VLAN ID = 0, which is mapped to the port VLAN ID at the next-hop adjacent Layer 2 switch. Note, that modern network equipment is capable to use Layer 3 information instead in order to classify the priority of packets.
- Network equipment could also use the value of the VLAN ID in order to classify packets. However, a classification based on the 802.1p CoS value or even better based on the DSCP-value is preferred over this method.
- Security? Not really! Security is improved only marginally through the extra effort an intruder has to find out the Voice VLAN of a port and to connect to the VLAN. Improved packet filter mechanisms might be an argument, though.
Even if Broadcast confinement is not such a pressing issue any more, customers have got used to the concept of separate Voice VLANs.
Voice VLAN Design
In order to minimize Spanning Tree issues, the same design rules usualy applied to data VLANs also applies to Voice VLANs: |
As an example, here a picture with two possible VLAN designs:
It is not recommended to extend the Voice VLAN over large networks. Large Layer 2 topologies and the Spanning Tree Protocol needed in such an environment in order to block redundant paths, is prone to errors and those are a challenge to troubleshoot. Also note, that a Spanning Tree problem often leads to the whole network to be down and network equipment is not accessible for troubleshooting any more.
A good design avoids Layer 2 redundant paths. In a pure Layer 3 design like above, run Spanning Tree only as a measure to minimize the impact of erroneous cabling.
Note, that DHCP-based Voice VLAN Discovery relies on an unambigous mapping between Data Subnet and Voice VLAN. With a VLAN design like shown below, this rule is fulfilled (it is also fulfilled, if you use the same Voice VLAN for two or three Data VLANs, but this most probably will break the design rule, not to extend VLANs over large networks).
Recommended Voice VLAN Design: Voice VLAN topology matches the data VLAN topology.
VLAN Discovery
The feature VLAN ID Discovery allows optiPoint and OpenStage phones to automatically determine the Voice VLAN ID using DHCP. This is accomplished by the standard DHCP Option 43, Vendor Specific Info.
After the Voice VLAN ID is acquired, the phone will then use 802.1Q tagging to connect to this VLAN. Siemens optiPoint phones use DHCP by default to determine the Voice VLAN. This way, a phone set to the factory default settings should start up on the network with a DHCP delivered IP address and with the correctly configured Voice VLAN automatically straight out of the box.
Because VLAN ID Discovery requires DHCP, it is not available when using a static IP address configuration on the phone. When an optiPoint phone has been configured to use DHCP for VLAN Discovery (the default setting), the following process occurs:
- First the Application sends out a DHCP Discover message to find out if there is a DHCP server available.
- If the DHCP server sends a DHCP Offer back with the Option 43 Vendor Specific Options in a special format, the phone will accept the Offer, send back the DHCP Request, and save the VLAN ID provided by the DHCP server in the Vendor Specific Options.
- After the DHCP server has send the ACK message to the phone, the phone will release the leased IP address and start a new DHCP Discover cycle using the now known Voice VLAN ID tagging. (In the second DHCP Discover cycle the vendor specific option is not needed any more: the DHCP server should configure option 43 Voice VLAN information only in the data VLAN scope, but not in the Voice VLAN Scope.)
After this process the phone will send all frames with a 802.1Q VLAN tag with the VLAN ID learned from the process above and will attempt to contact the HiPath Gateway.
Phone Settings
- Use dynamic IP address assignment via DHCP (mandatory!).
- Set VLAN Discovery method to DHCP
DHCP Option 43 tags
When IP phone is booting, it first obtains an IP address from Native VLAN via DHCP! Data VLAN is often used as Data VLAN that is also used by customer's computing device. Afterwards, IP phone reboots again with values given by vendor specific DHCP option (Otion 43). Option 43 gives you the ability to transmit configuration data to phine during phone's boot sequence. Often customer's phones are using a separate Voice VLAN for signaling and voice stream.
DHCP vendor specific option 43 specifies Voice VLAN ID and URL of DLS server. Siemens IP phones will recognize vendor specific options only, if vendor string (here: "Siemens") matches correctly. All values are given in hexadecimal numbering format. Here is a detailed description of all DHCP option 43 bytes:
Tag Len Content (Example) 01 0a 5369656d656e73000000 02 04 00000065 03 1a 73646c703a2f2f39332E3132322E3131342E39363a3138343433 ff
There are three Tags, each with an explicit length value. List if tags is delimited by a ending ff
- Tag 01 specifies the vendor (here: Siemens)
- Tag: 01; Length: 0a; Value: Siemens; Three fill bytes 000000 (Hex)
- Tag 02 specifies VLAN ID of Voice VLAN (here: 101)
- Tag: 02; Length: 04; Value: 65 (Hex)
- Tag 03 specifies IP address of DLS-Server (here: 93.122.114.96:18443)
- Tag: 03; Length: 1a; Value: sdlp://93.122.114.96:18443 (Hex)
- End of record
- End: ff (Hex)
Use Tag 04 instead of Tag 03 if URL of DLS is given by name (DNS).[1]
Example configuration
Example configuration of an Cisco Switch
The following example is for a L3 Cisco Switch where Data and Voice VLANs are terminated. Assumptions:
- Data VLAN ID: 0 (native VLAN)
- Voice VLAN ID: 101 (hex 65)
- DLS URL: sdlp://93.122.114.96:18443
! ip dhcp pool de-msr-Data network 192.168.37.0 255.255.255.224 default-router 192.168.37.1 option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0065.031a.7364.6c70.3a2f.2f39.332e.3132.322e.3131.342e.3936.3a31.3834.3433.ff ! ip dhcp pool de-msr-Voice network 192.168.37.64 255.255.255.224 default-router 192.168.37.65 !
Example configuration for Option 43
- Untagged Subnet is 192.1.22.0 and tagged (with VLAN ID 20) it is 10.1.22.0.
- The optiPoint 420 should get the VLAN ID 20 via VLAN Discovery.
Please make sure that the untagged packets of the first DHCP Discover cycle reach the DHCP server that provides the vendor specific options for the optiPoint. Most likely you will have to use Relay Agents/DHCP Helper.
The options for the 192.1.22.0 subnet have to contain the option 43.
The data format of the option 43 is following:
- Option Code for the first encapsulated option: 01 (always)
- Length of the first data field: 0A (always 10 Byte)
- Encapsulated data for option code 1: 53 69 65 6D 65 6E 73 00 00 00 (always Siemens plus 3 Fill bytes)
- Option Code for the second encapsulated option: 02 (always)
- Length of the first data field: 04 (always 4 Bytes)
- Encapsulated data for option code 2 (VLAN ID): 00 00 00 14 (Example for VLAN ID 20)
- Ending with 5 Padding Bytes and the end option: 00 00 00 00 00 FF (always)
If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.
Example configuration for Vendor Classes
Untagged Subnet is 172.16.133.0 and tagged (with VLAN ID 200) it is 192.168.133.0.
The optiPoint 420 should get the VLAN ID 200 via VLAN Discovery. Please make sure that the untagged packets of the first DHCP Discover cycle reach the DHCP server that provides the vendor specific options for the optiPoint. Most likely you will have to use Relay Agents/DHCP Helper.
The options for the 172.16.133.0 subnet have to contain
- vendor class OptiPoint (ASCII Value OptiPoint) with option 1 & 2 for OptiPoint 410/420
- vendor class OptiIpPhone (ASCII Value OptiIpPhone) with option 1 & 2 for OpenStage
The data format of the vendor classes is following:
- Option Code 01: String Siemens
- Option Code 02: ByteArray 4 Bytes: 00 00 00 c8 (Example for VLAN ID 200)
If this data format for option 43 is not matching or not send by the DHCP server the phone will start with the manual configured VLAN ID, if Layer 2 QoS is enabled. If Layer 2 QoS is not enabled the phone will start without using a VLAN ID.
For DLS Use the options for the 192.168.133.0 tagged VLAN subnet have to contain
- vendor class OptiIpPhone option 1 & 3 for OpenStage
- Option Code 01: String Siemens
- Option Code 03: String sdlp://172.16.180.211:18443 (DLS IP Address)
It must be possible to connect from the VLAN 200 to the DLS Server.
Additional Screenshots on english Windows Server 2003 R2 with VLAN ID 504:
References
- ↑ See Deployment Service, Administration Manual