Configuration Procedure; Dynamically Advertising Server-Assigned Vlans Through Lldp; Overview; Example For Using 802.1X To Authenticate Ip Phones - H3C S3600V2 SERIES Layer 2-Lan Switching Configuration Manual
Hide thumbs
Also See for S3600V2 SERIES:
- Installation, quick start (2 pages) ,
- Irf command reference (33 pages)
Table of Contents
Advertisement
To identify the voice VLAN advertised by LLDP, execute the display lldp local-information command, and
examine the MED information fields in the command output.
The LLDP packets that the device send to IP phones carry the priority information, but the CDP packets that
the device send to IP phones do not carry the priority information.
Configuration procedure
To configure LLDP to advertise a specific voice VLAN:
Step
1.
Enter system view.
2.
Enter interface view or port
group view.
3.
Configure LLDP to advertise a
specific voice VLAN.
Dynamically advertising server-assigned VLANs
through LLDP
Overview
Dynamic advertisement of server-assigned VLANs through LLDP must work with 802.1X or MAC
authentication, and is available only for LLDP-enabled IP phones. If 802.1X authentication is used, make
sure the IP phones also support 802.1X authentication.
To implement this function for an IP phone, perform the following configuration tasks:
Enable LLDP globally and on the port connected to the IP phone.
•
Configure 802.1X or MAC authentication to make sure the IP phone can pass security
•
authentication. For more information about 802.1X authentication, MAC authentication, and VLAN
assignment by servers, see Security Configuration Guide.
Configure VLAN authorization for the IP phone on the authentication server.
•
After the IP phone passes authentication, LLDP advertises the server-assigned VLAN in the LLDP-MED
Network Policy TLV to the IP phone. The IP phone will send its traffic tagged with the assigned VLAN. Also,
the port connected to the IP phone will be added to the server-assigned VLAN.
Example for using 802.1X to authenticate IP phones
As shown in
must support 802.1X). Configure the authentication server to assign an untagged VLAN to the host and
assign a tagged VLAN to the IP phone. After the host and the IP phone pass the authentication, the port
Figure
54, configure 802.1X on the device to authenticate the host and the IP phone (which
Command
system-view
•
Enter Layer 2 Ethernet interface
view:
interface interface-type
interface-number
•
Enter port group view:
port-group manual
port-group-name
lldp voice-vlan vlan-id
165
Remarks
N/A
Use one of the commands.
By default, LLDP advertises the
voice VLAN configured on the
port.
Advertisement
Table of Contents
