Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N3000 Series

751

752

753

754

755

756

757

758

759

760

VLANs 753

Some VoIP phones contain full support for IEEE 802.1X. For each VoIP

device to authenticate independently of the data device, configure the port in

access or general mode, add the Voice VLAN to the port and configure the

port to use multi-domain or multi-domain-multi-host authentication. With

both types of authentication, voice packets are identified by the MAC address

of the phone. The RADIUS server must be configured to enable Voice VLAN

by sending the vendor proprietary VSA device-traffic-class=voice in the

RADIUS Access-Accept message. Use the no switchport voice vlan override-

authentication command to allow the VoIP device access to the Voice VLAN

using 802.1X. A Voice VLAN identified in the RADIUS Access-Accept is

ignored by the switch. Only the Voice VLAN configured on the switch is used

for VoIP devices.

Authentication of a VoIP device via 802.1X is supported on ports configured

in general or access mode. If Voice VLAN is enabled and configured on a port,

and a device is configured to authenticate via RADIUS, and the RADIUS

server identifies the device as an IP phone, the device is allowed access to the

Voice VLAN. If the port is configured in access mode using 802.1X auto

authentication, only a single device may authenticate into the Voice VLAN.

When 802.1X authenticates a device onto the Voice VLAN, the device is also

allowed access over the data VLAN for thirty seconds after authentication.

This allows the device to learn the Voice VLAN ID via non-standard

mechanisms such as HTTP or TFTP.

Many VoIP phone receive their VLAN information from LLDP-MED or CDP.

The switch transmits and receives LLDP and CDP on Voice VLAN-enabled

ports, regardless of the 802.1X port authentication state. The switch can

automatically direct the VoIP traffic to the Voice VLAN without manual

configuration of the phone. Configure the port in access or general mode, add

the Voice VLAN to the port and configure the port to use 802.1X auto mode

(port-based authentication) and override authentication for the Voice VLAN.

The first data device will be authenticated using 802.1X and the voice devices

have access to the Voice VLAN regardless of authentication state. The phone

must tag the packets with the Voice VLAN sent via LLDP-MED/CDP when

the port is configured in access mode.

The switch identifies the device as a VoIP phone by one of the following

protocols:

• Cisco Discovery Protocol (CDP) or Industry Standard Discovery Protocol

(ISDP) for Cisco VoIP phones