02-11-2020 12:03 AM
Dears,
IN switch interface level I disable cdp for security practice. after that my IP phone get data vlan IP address, then I set manually Voice vlan in IP phone in admin vlan id option, it took voice vlan IP,
Now this activity I can’t perform for 500 + users, so need a solution to fix the issue,
I tried lldp -med also I face same, looking for experts response.
Thanks.
Solved! Go to Solution.
02-11-2020 12:41 AM
02-11-2020 12:41 AM
02-11-2020 02:39 AM
02-16-2020 12:59 AM
Tell us more about device information and code running in it.
have you set the port in trunk mode ?
02-16-2020 03:05 AM
02-16-2020 05:10 AM
what is the interface config ? post below output :
show vlan
show run Int gi0/5
02-16-2020 09:30 PM
Sh vlan
15 Data-SW3 active Gi0/2, Gi0/5, Gi0/7, Gi0/8
Gi0/10, Gi0/11, Gi0/13, Gi0/14
Gi0/15, Gi0/17, Gi0/18, Gi0/20
Gi0/21, Gi0/22, Gi0/24
16 Voice-SW3 active Gi0/2, Gi0/3, Gi0/21, Gi0/6
SW3#show run Int gi0/5
Building configuration...
Current configuration : 185 bytes
!
interface GigabitEthernet0/5
switchport access vlan 15
switchport mode access
switchport voice vlan 16
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end
02-16-2020 10:50 PM - edited 02-16-2020 10:51 PM
To verify I understood the issue correctly - you faced no issue configuring the first phone. You just wish avoid manual configurations of voice vlan id for thousands phones and CDP and LLDP is not acceptable for you. Am I true ?
02-16-2020 11:34 PM
02-17-2020 12:29 AM
@sjd2020 wrote:
- Absolutely Right Dan Lukes, How could i do this for 500 + users its not acceptable.
What CDP security vulnerability are you trying to avoid?
02-17-2020 12:52 AM
02-17-2020 02:45 AM - edited 02-17-2020 02:47 AM
Someone is overreacting. Did anyone attempted to read (and understand) the Security Advisory?
What is the model of the switch we are talking about?
Judging from the output, I know what switch this is but I want to hear it.
02-17-2020 02:02 AM - edited 02-17-2020 02:07 AM
You are in Small Business area and you mentioned no models of phone we are speaking of, thus I assumed SMB product line - e.g. SPA3xx or SPA5xx. I have no experience with 7900 - my advice may or may not apply to them.
Virgin phone starts in data vlan asking network configuration from DHCP.
Configure DHCP server (the one running in data vlan) to respond with IP address and option 150 (tftp server with phone configuration) OR option 160 (https url with phone configuration). The configuration is static file/configuration (neither per-phone configuration nor dynamic configuration generated on the fly by script is necessary). You can place it on a TFTP/HTTP server accessible from data vlan. Configuration contains no sensitive information, so it need not to be secured. It configures just VLAN ID(following example assimes it's 123):
<flat-profile><VLAN_ID ua="na">123</VLAN_ID>
</flat-profile>
New configuration causes phone reboot - but phone have vlan id configured now, so it starts into voice vlan. It will fetch IP address and configuration as usual.
02-17-2020 10:13 PM
Hello Mr Dan lukes,
What you want to say in short your not using Cisco, virigin and you configure as a Data vlan and for voice option 150 or 160 tftp or https for ip phones, and phones reboot and work properly with 123 vlan id,
ok here i need some details what is your voice vlan id and data vlan id ... that i want to know?
looking for your response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide