Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N4000 Series

771

772

773

774

775

776

777

778

779

780

VLANs 771

Some VoIP phones contain full support for IEEE 802.1X. For each VoIP

device to authenticate independently of the data device, configure the port in

general mode, add the Voice VLAN to the port and configure the port to use

MAC-based authentication. With MAC-based authentication, voice packets

are identified by the MAC address of the phone. The RADIUS server must be

configured to enable Voice VLAN by sending the vendor proprietary VSA

device-traffic-class=voice in the RADIUS Access-Accept message. Use the no

switchport voice vlan override-authentication command to allow the VoIP

device access to the Voice VLAN using 802.1X. A Voice VLAN identified in

the RADIUS Access-Accept is ignored by the switch. Only the Voice VLAN

configured on the switch is used for VoIP devices.

Authentication of a VoIP device via 802.1X is supported on ports configured

in general or access mode. If Voice VLAN is enabled and configured on a port,

and a device is configured to authenticate via RADIUS, and the RADIUS

server identifies the device as an IP phone, the device is allowed access to the

Voice VLAN. If the port is configured in access mode using 802.1X auto

authentication, only a single device may authenticate into the Voice VLAN.

Access mode ports do not support 802.1X MAC-based authentication. In

general mode, multiple devices may authenticate into the Voice VLAN

independently.

When 802.1X authenticates a device onto the Voice VLAN using MAC-based

authentication, the device is also allowed access over the data VLAN for thirty

seconds after authentication. This allows the device to learn the Voice VLAN

ID via non-standard mechanisms such as HTTP or TFTP.

Many VoIP phone receive their VLAN information from LLDP-MED or CDP.

The switch transmits and receives LLDP and CDP on Voice VLAN-enabled

ports, regardless of the 802.1X port authentication state. The switch can

automatically direct the VoIP traffic to the Voice VLAN without manual

configuration of the phone. Configure the port in access or general mode, add

the Voice VLAN to the port and configure the port to use 802.1X auto mode

(port-based authentication) and override authentication for the Voice VLAN.

The first data device will be authenticated using 802.1X and the voice devices

have access to the Voice VLAN regardless of authentication state. The phone

must tag the packets with the Voice VLAN sent via LLDP-MED/CDP when

the port is configured in access mode.

The switch identifies the device as a VoIP phone by one of the following

protocols: