cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1613
Views
0
Helpful
3
Replies

VLAN tagging Digium

479130
Level 1
Level 1

Good evening all,

 

I have an issue with properly configuring VLAN tagging so being able to connect a computer to DATA VLAN from an non-cisco IP phone.

 

Goal is to have an IP phone connected to VOICE vlan and get DATA vlan to a host from it.

 

In this example I use Digium D40 IP phone, connected to interface GigabitEthernet1/0/19 on SWITCH1

 

And same Digium D40 IP phone connected to interface GigabitEthernet2/0/7 on SWITCH2

 

SWITCH 1 and SWITCH2 are stacks in different sites connected between and passing VLANs

 

Both sites have own:

DHCP and FW for SWITCH 1 is 172.16.1.1, 172.28.1.1, etc..

DHCP and FW for SWITCH 2 is 172.16.2.1, 172.28.2.1, etc..

 

 

Digium server is at SWITCH1 172.20.1.18

 

I made sure to have running LDP enabled globally with

Switch(config)# lldp run

 

To my understading when the IP Phone boots up, it associates itself to the data vlan, just like any host and

gets an IP in the vlan. Then it will communicate with the TFTP server (digium server)

to get the configuration file at which point it will realize that it should

be on the Voice VLAN and then change its vlan from the native vlan to voice

vlan (start tagging the packets). 

 

I got it half working:

 

I am successfully able to get a DHCP IP in DATA vlan in range 172.16.1.x with an IP phone on SWITCH1

 

While with an IP phone on SWITCH2, host gets an auto config address 169.x.x.x

I would expect it to get DHCP in DATA vlan in range 172.16.2.1

Both phones reach digium server and work perfecly for calls 

 

What am I missing?

My guess would be ip helper on SWITCH2 but it looks setup correctly to me

Could you point me in right direction?

 

Below running config from both switches, I have removed unnecessary bits.

 

 

Spoiler

 

SWITCH1

 

SWITCH1#show run

Building configuration...

 

Current configuration : 26138 bytes

!

! Last configuration change at 05:21:38 UTC Fri May 25 2018 by ###

!

version 15.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime

service timestamps log datetime

service password-encryption

service compress-config

!

hostname SWITCH1

!

boot-start-marker

boot-end-marker

!

!

vrf definition Mgmt-vrf

 !

 address-family ipv4

 exit-address-family

 !

 address-family ipv6

 exit-address-family

!

enable secret 5 ###

enable password 7 ###

!

username admin password 7 ###

no aaa new-model

switch 1 provision ws-c3850-24p

switch 2 provision ws-c3850-24p

!

!

no ip domain-lookup

ip domain-name ###

ip dhcp binding cleanup interval 10

ip dhcp excluded-address 172.16.3.1 172.16.3.12

ip dhcp excluded-address 172.28.3.1 172.28.3.12

ip dhcp excluded-address 172.20.3.1 172.20.3.12

ip dhcp excluded-address 172.30.3.1 172.30.3.12

!

!

!

qos queue-softmax-multiplier 100

!

errdisable recovery cause bpduguard

errdisable recovery interval 120

diagnostic bootup level minimal

archive

 path flash:/$SW

 write-memory

spanning-tree mode pvst

spanning-tree extend system-id

hw-switch switch 1 logging onboard message level 3

hw-switch switch 2 logging onboard message level 3

!

redundancy

 mode sso

!

lldp run

!

!

class-map match-any non-client-nrt-class

!

policy-map port_child_policy

 class non-client-nrt-class

  bandwidth remaining ratio 10

!

!

interface Port-channel1

!

interface GigabitEthernet0/0

 vrf forwarding Mgmt-vrf

 no ip address

 negotiation auto

!

interface GigabitEthernet1/0/1

 description ===> Digium Eth1 <===

 switchport access vlan 20

 switchport mode access

 switchport port-security maximum 10

 switchport port-security violation  restrict

 switchport port-security aging time 10

 switchport port-security aging type inactivity

 switchport port-security

 storm-control broadcast level 2.50 1.00

 spanning-tree portfast

 spanning-tree bpduguard enable

!

!

interface GigabitEthernet1/0/19

 switchport access vlan 16

 switchport trunk allowed vlan 16,20

 switchport mode trunk

 switchport voice vlan 20

 switchport port-security maximum 10

 switchport port-security violation  restrict

 switchport port-security aging time 10

 switchport port-security aging type inactivity

 switchport port-security

 storm-control broadcast level 2.50 1.00

 spanning-tree portfast

 spanning-tree bpduguard enable

!

!

interface TenGigabitEthernet1/1/1

 switchport trunk allowed vlan 1,20,28,40,316,320,328,330,402

 switchport mode trunk

!

interface TenGigabitEthernet1/1/4

 description Fibre1 S-Surf

 switchport trunk allowed vlan 16,20,28,30,40,316,320,328,330

 switchport mode trunk

 channel-group 1 mode auto

!

interface TenGigabitEthernet2/1/4

 description Fibre2 S-Surf

 switchport trunk allowed vlan 16,20,28,30,40,316,320,328,330,402

 switchport mode trunk

 channel-group 1 mode auto

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 description Sapphire Internet

 no ip address

!

interface Vlan16

 description S-Data

 no ip address

!

interface Vlan20

 description S-Voice

 no ip address

!

interface Vlan28

 description S-Mgmt

 ip address 172.28.1.11 255.255.255.0

!

interface Vlan30

 description S-Guest

 no ip address

!        

interface Vlan40

 description S-CCTV

 no ip address

!

interface Vlan228

 ip address 172.28.2.4 255.255.255.0

!

interface Vlan311

 description Internal-DMZ

 no ip address

 shutdown

!

interface Vlan316

 description S Data

 ip address 172.16.3.1 255.255.255.0

!

interface Vlan320

 description Surf Voice

 ip address 172.20.3.1 255.255.255.0

!

interface Vlan328

 description Surf SrvMgt

 ip address 172.28.3.1 255.255.255.0

!

interface Vlan330

 description Surf Guest

 ip address 172.30.3.1 255.255.255.0

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip route 0.0.0.0 0.0.0.0 172.28.1.1

!

!

kron occurrence weekly at 21:00 Fri recurring

 policy-list backup

!

kron policy-list backup

 cli copy running-config scp://###

!

!

 

!

wsma agent exec

 profile httplistener

 profile httpslistener

!

wsma agent config

 profile httplistener

 profile httpslistener

!

wsma agent filesys

 profile httplistener

 profile httpslistener

!

wsma agent notify

 profile httplistener

 profile httpslistener

!

!

wsma profile listener httplistener

 transport http

!

wsma profile listener httpslistener

 transport https

!

ap group default-group

end


SWITCH2#show run

Building configuration...

 

Current configuration : 30274 bytes

!

! Last configuration change at 10:14:24 UTC Fri May 25 2018 by ###

!

version 15.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime

service timestamps log datetime

service password-encryption

service compress-config

!

hostname SWITCH2

!

boot-start-marker

boot-end-marker

!

!

vrf definition Mgmt-vrf

 !

 address-family ipv4

 exit-address-family

 !

 address-family ipv6

 exit-address-family

!

logging console emergencies

enable secret 5 ###

enable password 7 ###

!

username admin privilege 10 password 7 ###

aaa new-model

!

!

aaa authentication login default local enable

!

!

aaa session-id common

switch 1 provision ws-c3850-24p

switch 2 provision ws-c3850-24p

switch 3 provision ws-c3850-24p

!

!

!

!

!

!

ip domain-name ###

!

!

qos wireless-default-untrust

qos queue-softmax-multiplier 100

!

!

write-memory

spanning-tree mode pvst

spanning-tree extend system-id

hw-switch switch 1 logging onboard message level 3

hw-switch switch 2 logging onboard message level 3

hw-switch switch 3 logging onboard message level 3

!

redundancy

 mode sso

!

lldp run

!

!

class-map match-any non-client-nrt-class

!

policy-map port_child_policy

 class non-client-nrt-class

  bandwidth remaining ratio 10

!

!

interface Port-channel1

!

interface GigabitEthernet0/0

 vrf forwarding Mgmt-vrf

 no ip address

 negotiation auto

!

!

interface GigabitEthernet2/0/7

 description ===> office 2 <===

 switchport access vlan 162

 switchport trunk native vlan 162

 switchport trunk allowed vlan 20,162

 switchport mode trunk

 switchport voice vlan 20

 switchport port-security maximum 10

 switchport port-security violation  restrict

 switchport port-security aging time 10

 switchport port-security aging type inactivity

 switchport port-security

 storm-control broadcast level 2.50 1.00

 spanning-tree portfast

 spanning-tree bpduguard enable

!

!

interface GigabitEthernet3/0/2

 description ===> leased line Eth1 <===

 switchport trunk allowed vlan 16,20,28,40,162,282,302,311,402

 switchport mode trunk

 storm-control broadcast level 2.50 1.00

 spanning-tree portfast

!

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 description Sapphire Internet

 no ip address

!

interface Vlan16

 description S-Data

 no ip address

!

interface Vlan20

 description S-Voice

 no ip address

!

interface Vlan28

 description S-Mgmt

 no ip address

!

interface Vlan30

 description S-Guest

 no ip address

!

interface Vlan40

 description S-CCTV

 no ip address

!

interface Vlan202

 description L-Voice

 no ip address

!

interface Vlan282

 description L-Mgmt

 ip address 172.28.2.10 255.255.255.0

 ip helper-address 172.28.2.9

!

interface Vlan302

 description L-Guest

 no ip address

 ip helper-address 172.30.2.9

!

interface Vlan311

 description Intenal-DMZ

 no ip address

!

interface Vlan332

 no ip address

 ip helper-address 192.168.10.251

!

interface Vlan402

 description L-CCTV

 no ip address

!        

ip forward-protocol nd

no ip http server

ip http authentication local

ip http secure-server

ip route 0.0.0.0 0.0.0.0 172.28.2.1

ip ssh rsa keypair-name ssh

ip ssh version 2

!

!

!

access-list 28 permit 172.28.2.0 0.0.0.255

!

!

banner motd ^C

 

###

 

^C

!

line con 0

 exec-timeout 0 0

 privilege level 15

 password 7 ###

 stopbits 1

line aux 0

 no exec

 transport output none

 stopbits 1

line vty 0 4

 privilege level 0

 password 7 ###

 transport preferred ssh

 transport input ssh

 transport output ssh

line vty 5 15

!

wsma agent exec

 profile httplistener

 profile httpslistener

!

wsma agent config

 profile httplistener

 profile httpslistener

!

wsma agent filesys

 profile httplistener

 profile httpslistener

!

wsma agent notify

 profile httplistener

 profile httpslistener

!

!

wsma profile listener httplistener

 transport http

!

wsma profile listener httpslistener

 transport https

!

ap group default-group

end

 

  

I know LLDP is working as

Show lldp will output a list of connected IP phones on both SWITCH1 and SWITCH2

 

3 Replies 3

Hello,

 

my first thought is to disable cdp (no cdp enable) on the ports where the Digium phones are connected. Cisco IP phones use CDP, Digium don't as dar as I recall...

 

Can you post the config of one of the switchports ?

Sure Georg,

 

phones are respectively connected to:

SWITCH1

!

interface GigabitEthernet1/0/19

 switchport access vlan 16

 switchport trunk allowed vlan 16,20

 switchport mode trunk

 switchport voice vlan 20

 switchport port-security maximum 10

 switchport port-security violation  restrict

 switchport port-security aging time 10

 switchport port-security aging type inactivity

 switchport port-security

 storm-control broadcast level 2.50 1.00

 spanning-tree portfast

 spanning-tree bpduguard enable

!

 

SWITCH2

!

interface GigabitEthernet2/0/7

 description ===> office 2 <===

 switchport access vlan 162

 switchport trunk native vlan 162

 switchport trunk allowed vlan 20,162

 switchport mode trunk

 switchport voice vlan 20

 switchport port-security maximum 10

 switchport port-security violation  restrict

 switchport port-security aging time 10

 switchport port-security aging type inactivity

 switchport port-security

 storm-control broadcast level 2.50 1.00

 spanning-tree portfast

 spanning-tree bpduguard enable

!

 

I highlight, everything works as expected with phone and host connected to SWITCH1, problem is on SWITCH2, IP phones doesn't pass DHCP to host, it end with autoconfig IP

 

thanks

 

Hello,

 

on Switch 2. the native Vlan is 162, on Switch 1, it is the default, Vlan 1.

 

Try and remove the 'switchport trunk native vlan 162' from the ports on switch 2.

 

--> no switchport trunk native vlan 162

Review Cisco Networking for a $25 gift card