TP-Link T2600G-28MPS: work with PoE, LLDP and Voice VLAN
About six months ago, we published an example of building a Wi-Fi network based on our wireless equipment: access points and a controller. Today we will tell in detail about the T2600G-28MPS Layer 2+ switch, which can be used to build wired network segments that provide video surveillance systems, distributed wireless networks, IP telephony, and simply perform packet switching.
We do not set ourselves the goal of providing a complete description of all the capabilities of the T2600G-28MPS model, instead we will focus on those features that directly support the work of supported wireless networks and IP telephony.
Providing power to the terminal equipment is not the easiest task solved by network engineers. Of course, you can use external power supplies that come bundled with most models of access points, IP cameras and telephones. However, this solution is not scalable, and it is difficult to attribute it to a convenient one: a large number of additional units and wires, increased network deployment time, deterioration of the appearance of the premises, inability to centrally manage power, inability to guarantee quality of power, and so on. Instead, an increasing number of network administrators are turning their attention to PoE technology, which allows them to immediately solve all the problems listed.
')
TP-Link T2600G-28MPS has an increased energy budget (up to 384 watts). To date, two IEEE standards are commonly used that describe the operation of the technology: 802.3af-2003 and 802.3at-2009. The first of these predetermines the maximum power available equal to 15.4 watts. The maximum power provided by the second is 30 watts. Simple arithmetic shows that the switch in question allows you to simultaneously provide power to 802.3af consumers connected to all ports of the device. When connecting more powerful consumers (with support for the 802.3at standard) at the same time to provide all end devices with the maximum allowable power, it should be noted that not all 802.3at devices constantly require 25.5 watts of electricity for their work. Such consumption would rather be an exception, or it may take a relatively short period of time. In addition, the switch has settings that allow resolving the situation in the energy budget deficit mode. Let's see what a network administrator can manage.
All settings related to PoE technology are collected in the same-name menu group of the web interface. Using the “PoE Config” option, the administrator can specify the maximum power consumed by the switch to power PoE clients, view and change the current state of the ports, set the interface priority and the class of the connected device, select the time interval and the PoE profile.
From the screenshot above, it can be seen that some devices are connected to ports 20 and 22, currently consuming 3.6 watts of electricity each (current is 69 mA and voltage is 53.1 V), which corresponds to the fourth class PoE. Let's not make intrigue of these powered devices - these are our access points of the model CAP1200 .
The “PoE Profile” tab of the same menu item allows you to create energy profiles, which greatly simplifies the configuration of the switch when connecting typical consumers.
Administrators who prefer to work with the command line will also be able to control the power supply using PoE using the power command group.
Very often, company executives try to reduce electricity bills, which the accounts department has to pay monthly. The “Time-Range” item of the same menu group can help them with this. Using this item, the administrator can create a schedule in accordance with which the consumers will be powered. For example, at night and on weekends, the number of employees present at their workplaces is usually much less than in the so-called business hours. The reduction in the number of users leads to a reduction in the load on the network infrastructure, and the access points will be almost idle. Automatic shutdown of some of them practically will not affect the level of the service provided, since wireless users will be automatically redistributed between the remaining enabled access points. On Monday morning, the backup equipment will again be automatically switched on as scheduled, thus preparing everything necessary for returning to the office of our network administrator's colleagues. The process of switching on several access points will be regularly processed by the wireless controller, the frequencies and radiation powers will be redistributed so as to provide the best coverage throughout.
Sometimes PoE devices are installed on sensitive sites, where it is strictly forbidden to spend time outside office hours. In this case, it will be possible to keep even more money off the drain by cutting off the IP phones of some of the employees.
The power supply schedule is managed using the “Time-Range” item.
Calculate how much you could save for the New Year holidays already this year! And we still have a great weekend ahead of May.
Link Layer Discovery Protocol (IEEE 802.1ab) is a protocol that allows you to detect neighboring devices, as well as inform your neighbors of certain information about yourself.
The basic LLDP protocol settings on the T2600G-28MPS switch are gathered in the “Basic Config” item of the “LLDP” group of the web interface menu. Here you can configure the operation of the protocol globally for the entire switch, and for each wired interface individually.
You can display and send information for each of the interfaces using the “Device Info” item of the same group. We connected the interface number 20 to the switch of another vendor to show an example of information that can be viewed about equipment from other manufacturers.
Of course, third-party network devices also correctly process the information received from our switches.
Statistics on received and sent LLDP messages are presented in the “Device Statistics” section.
Perhaps one of the main applications of the LLDP protocol in networks is the use of its LLDP-MED (Media Endpoint Discovery) extension, through which the service information is exchanged with voice terminal equipment. Of course, the “voice,” as before, is encapsulated in RTP; Signaling traditionally uses one of two protocols: SIP or H.323. So what is LLDP-MED for? This extension can significantly reduce the cost of configuring IP phones and voice gateways. Typically, a separate virtual network (VLAN) is created to transfer voice data to the switches. For what? The reasons are usually two: the need for security and the desire to prioritize voice traffic.
Naturally, it would be possible to simply place all the ports of the switches to which the IP phones are connected in this virtual network, however, network administrators often have to deal with a shortage of network interfaces on the switching equipment. A strongly simplified example of connecting IP phones to the network with a sufficient number of free interfaces on the switch is presented below.
The problem of shortage of L2-ports on the switches on campuses is often solved by serially connecting the user's computer to a special port on the phone. The IP phone itself has an integrated Ethernet switch with three ports: one internal and two external (for connecting to network equipment and a user's PC). Since data from two virtual networks are transmitted simultaneously between the phone and the network switch (user data in access-vlan and voice data in voice-vlan), it is necessary to perform frame tagging, for example, using 802.1q. Such tagging is a typical solution and does not cause difficulties for network administrators. However, in order for it to be performed correctly, the phone itself must be configured in a certain way - the corresponding values ​​of virtual network identifiers - VID (VLAN Identifier) ​​- must be spelled out.
And this is how EVERY phone should be configured. The process is not fast, agree. The LLDP-MED extension is used to solve this routine task, allowing the switch to notify the IP phone of the virtual network numbers used.
To configure the LLDP-MED extension, you need to refer to the menu item of the same name.
Traditionally, each port can be configured individually.
Using the Local Info tab, you can view the information sent by the switch towards the connected equipment.
If the neighboring device supports LLDP-MED, then information about it will be displayed in the “Neighbor Info” tab.
Of course, the LLDP protocol parameters can be controlled using the command line.
It would seem that on this setting can be completed. However, we would like to show a little more detail on how the phone and the switch interact with each other. We will explain with the example of our test model - Avaya IP Deskphone 9620L. In order not to simplify your life, we will consider the situation of a shortage of network interfaces on the switches, that is, when the user's PC is connected via a telephone. We created two virtual networks (VLAN 2 - voice, VLAN3 - data), configured the corresponding virtual SVI interfaces (VLAN 2 - 192.168.2.1/24, VLAN 3 - 192.168.3.1/24) and configured two pools for the DHCP server.
Immediately upon connecting such a phone, the switch detects a PoE powered device (PD - Powered Device) and energizes the port, which allows the IP phone to turn on and start downloading. As can be seen from the screenshot below, the phone is not hungry at all (according to the manufacturer, this model can consume up to 5.3 watts in the worst case). In principle, the maximum power consumption of almost all Avaya IP phones does not exceed 7 watts. Other vendors have a similar situation. Therefore, TP-Link T2600G-28MPS with a supply of power will provide 24 IP phones.
But back to the LLDP. The switch saw a neighbor by this protocol. At first glance, the output presented on this page looks a bit strange - two entries about only one telephone set. Let's try to figure out why this is happening.
We see that the phone tells the switch two different Chassis IDs. In fact, this is the IP address received by the phone from the DHCP server, that is, the phone requests one address from each pool. However, the DHCP server displays only one address that was issued towards the phone.
At this stage, everything seems completely confusing and incomprehensible. But the otgadka is extremely simple. One has only to consider the procedure for the coordination of parameters for the LLDP protocol between the telephone and the switch.
When the phone has been powered and is being loaded for the first time, it still does not know which virtual networks are being used, that is, there is still no information on which VID tags to mark frames with. At this point, the IP phone sends untagged frames. These frames fall into the virtual network defined by the PVID field on the Port Config tab of the 802.1Q VLAN item in the VLAN group of the menu.
That is why in the bridge table of the switch an entry appears about the MAC address of the telephone for the virtual network, which we planned to use to transmit user data.
At this point, the phone uses the DHCP protocol to obtain the IP address and other network parameters. In parallel with this process, LLDP messages (including LLDP-MED) are exchanged, as a result of which the phone recognizes the virtual network number into which it should place its own frames.
Having found out the number of the correct virtual network, the IP phone releases the address previously obtained via DHCP and repeats the same process, but already tagging its own frames, which results in obtaining an IP address and other network information already in the new virtual network. That is why we see only one DHCP-leased address. Well, the entry in the bridge table will “hang out” until its lifetime has expired (the “Aging time” option, the “Dynamic Address” tab of the “MAC Address” item in the “Switching” group of the web interface menu). To confirm our words, we decided to bring a small piece of the dump containing the described actions.
The dump was removed using the port mirroring function. Unfortunately, not all service frames can be transmitted using this option.
In conclusion, I would like to note that there are several ways to specify the IP address of the station or voice gateway / server. If you do not consider the static indication of the address in the settings of the telephone itself and a variety of proprietary solutions, there are not so many options. These include, for example, a very obvious way to transfer this setting (along with a ton of other parameters) by using a configuration file that can be downloaded by the phone via TFTP / FTP / HTTP / HTTPS protocols. A slightly less obvious way is to use a variety of DHCP options. For example, Avaya IP phones use option No. 176 to specify the address of the device that performs the functions of the H323 Gatekeeper. With a head plunge into the world of the DHCP protocol, you can use the following article ( http://foxnetwork.ru/index.php/component/content/article/207-dhcp.html ). In addition to the above methods of informing the phone about the gateway address, you can use another one - the LLDP protocol. To date, our switches can not yet boast the support of the last two possibilities.
Are there any other ways to simplify the lives of network administrators who connect users' computers and phones to campus networks? The answer to this question is positive. Details in the next section.
In modern networks, the belonging of a frame to one or another virtual network is determined either on the basis of the interface through which this frame was received by the switch (port-based VLAN), or on the basis of the 802.1q protocol tag (tag-based VLAN). There are several other ways to determine whether a frame belongs to a virtual network, for example, based on the sender's MAC address. The Ethernet MAC address is 48 bits long and consists of two equal parts, the first of which contains an OUI - Organizationally Unique Identifier, assigned by the IEEE centrally to each network equipment manufacturer. Based on the OUI value in the sender's address, the frame can be assigned by the switch to the voice virtual network. Let's go through the whole process of setting up a voice virtual network based on OUI from beginning to end. For the sake of fairness, it is worth noting that our switches can determine the belonging to a virtual network based on the device’s MAC address not only for IP phones. The corresponding setting is available in the “MAC VLAN” item of the “VLAN” group of the menu.
So, you should start by managing the OUI values, on the basis of which frames will fall into the voice virtual network. This is done using the "OUI Config" tab of the same menu item.
Then you need to create a virtual network for voice traffic, if for some reason it has not yet been created. You can perform this procedure using the “802.1Q VLAN” item in the “VLAN” group of the web interface menu. You should not add any switch interfaces to this virtual network at this stage.
After the usual virtual network has been created, it is necessary to indicate that we plan to use it for the transmission of voice traffic. Only one voice virtual network can be created on our switches. The corresponding setting is available in the “Global Config” tab of the “Voice VLAN” item of the “QOS” group.
The final touch is setting up physical interfaces using the Port Config tab.
Not to mention the possibility of the inclusion of additional protection through the option "Security Mode". When this feature is enabled, the switch will not pass frames to the voice virtual network, the sender of which is not in the list of configured OUIs.
Of course, we could not ignore the lovers of console access.
At this point, we will probably finish with a discussion of the details of the functioning of the voice virtual network in TP-Link switches using the example of the T2600G-28MPS model.
Using the example of the TP-Link T2600G-28MPS L2 + switch, we looked at useful options that make life easier for the network administrator by simplifying the implementation of some routine procedures. So, for example, centralized power management provides rich opportunities for monitoring energy efficiency, allowing for a number of optimization measures. And this is not to mention the increase in the quality of the power supply to the terminal equipment.
Have you created a new department? Expanded staff? Hired many new employees at once? And everyone needs phones, and ports on the switches are sorely lacking? Using the DHCP and LLDP protocols, as well as the Voice VLAN option, will allow the network administrator not to feel much of a difference between connecting one new employee or a hundred, without wasting switch ports for nothing.
Allow yourself another reminder - save the config after each significant change made. The process, of course, is not automatic, but it will save a lot of time and effort after the next “oops”.
We do not set ourselves the goal of providing a complete description of all the capabilities of the T2600G-28MPS model, instead we will focus on those features that directly support the work of supported wireless networks and IP telephony.
Setup and work with Power over Ethernet
Providing power to the terminal equipment is not the easiest task solved by network engineers. Of course, you can use external power supplies that come bundled with most models of access points, IP cameras and telephones. However, this solution is not scalable, and it is difficult to attribute it to a convenient one: a large number of additional units and wires, increased network deployment time, deterioration of the appearance of the premises, inability to centrally manage power, inability to guarantee quality of power, and so on. Instead, an increasing number of network administrators are turning their attention to PoE technology, which allows them to immediately solve all the problems listed.
')
TP-Link T2600G-28MPS has an increased energy budget (up to 384 watts). To date, two IEEE standards are commonly used that describe the operation of the technology: 802.3af-2003 and 802.3at-2009. The first of these predetermines the maximum power available equal to 15.4 watts. The maximum power provided by the second is 30 watts. Simple arithmetic shows that the switch in question allows you to simultaneously provide power to 802.3af consumers connected to all ports of the device. When connecting more powerful consumers (with support for the 802.3at standard) at the same time to provide all end devices with the maximum allowable power, it should be noted that not all 802.3at devices constantly require 25.5 watts of electricity for their work. Such consumption would rather be an exception, or it may take a relatively short period of time. In addition, the switch has settings that allow resolving the situation in the energy budget deficit mode. Let's see what a network administrator can manage.
All settings related to PoE technology are collected in the same-name menu group of the web interface. Using the “PoE Config” option, the administrator can specify the maximum power consumed by the switch to power PoE clients, view and change the current state of the ports, set the interface priority and the class of the connected device, select the time interval and the PoE profile.
From the screenshot above, it can be seen that some devices are connected to ports 20 and 22, currently consuming 3.6 watts of electricity each (current is 69 mA and voltage is 53.1 V), which corresponds to the fourth class PoE. Let's not make intrigue of these powered devices - these are our access points of the model CAP1200 .
The “PoE Profile” tab of the same menu item allows you to create energy profiles, which greatly simplifies the configuration of the switch when connecting typical consumers.
Administrators who prefer to work with the command line will also be able to control the power supply using PoE using the power command group.
T2600G-28MPS(config)#show power inline configuration interface Interface PoE-Status PoE-Prio Power-Limit(w) Time-Range PoE-Profile ---------- ---------- -------- -------------- ---------------- ---------------- Gi1/0/1 Enable Low Class4 No Limit None Gi1/0/2 Enable Low Class4 No Limit None Gi1/0/3 Enable Low Class4 No Limit None Gi1/0/4 Enable Low Class4 No Limit None Gi1/0/5 Enable Low Class4 No Limit None Gi1/0/6 Enable Low Class4 No Limit None Gi1/0/7 Enable Low Class4 No Limit None Gi1/0/8 Enable Low Class4 No Limit None Gi1/0/9 Enable Low Class4 No Limit None Gi1/0/10 Enable Low Class4 No Limit None Gi1/0/11 Enable Low Class4 No Limit None Gi1/0/12 Enable Low Class4 No Limit None Gi1/0/13 Enable Low Class4 No Limit None Gi1/0/14 Enable Low Class4 No Limit None Gi1/0/15 Enable Low Class4 No Limit None Gi1/0/16 Enable Low Class4 No Limit None Gi1/0/17 Enable Low Class4 No Limit None Gi1/0/18 Enable Low Class4 No Limit None Gi1/0/19 Enable Low Class4 No Limit None Gi1/0/20 Enable Low Class4 No Limit None Gi1/0/21 Enable Low Class4 No Limit None Gi1/0/22 Enable Low Class4 No Limit None Gi1/0/23 Enable Low Class4 No Limit None Gi1/0/24 Enable Low Class4 No Limit None T2600G-28MPS(config)#show power inline in T2600G-28MPS(config)#show power inline information information T2600G-28MPS(config)#show power inline information interface interface T2600G-28MPS(config)#show power inline information interface Interface Power(w) Current(mA) Voltage(v) PD-Class Power-Status ---------- -------- ----------- ---------- -------- ---------------- Gi1/0/1 0.0 0 0.0 N/A OFF Gi1/0/2 0.0 0 0.0 N/A OFF Gi1/0/3 0.0 0 0.0 N/A OFF Gi1/0/4 0.0 0 0.0 N/A OFF Gi1/0/5 0.0 0 0.0 N/A OFF Gi1/0/6 0.0 0 0.0 N/A OFF Gi1/0/7 0.0 0 0.0 N/A OFF Gi1/0/8 0.0 0 0.0 N/A OFF Gi1/0/9 0.0 0 0.0 N/A OFF Gi1/0/10 0.0 0 0.0 N/A OFF Gi1/0/11 0.0 0 0.0 N/A OFF Gi1/0/12 0.0 0 0.0 N/A OFF Gi1/0/13 0.0 0 0.0 N/A OFF Gi1/0/14 0.0 0 0.0 N/A OFF Gi1/0/15 0.0 0 0.0 N/A OFF Gi1/0/16 0.0 0 0.0 N/A OFF Gi1/0/17 0.0 0 0.0 N/A OFF Gi1/0/18 0.0 0 0.0 N/A OFF Gi1/0/19 0.0 0 0.0 N/A OFF Gi1/0/20 3.6 69 53.1 Class4 ON Gi1/0/21 0.0 0 0.0 N/A OFF Gi1/0/22 3.6 69 52.8 Class 4 ON Gi1/0/23 0.0 0 0.0 N/A OFF Gi1/0/24 0.0 0 0.0 N/A OFF T2600G-28MPS(config)#show power holiday - Display holiday configuration inline - Display power inline configuration profile - Display power inline profile configuration time-range - Display time segment configuration T2600G-28MPS(config)#show power inline inline T2600G-28MPS(config)#show power inline configuration - Display power inline configuration information - Display power inline information <cr> T2600G-28MPS(config)#power holiday - Add or delete a holiday inline - Power Inline Configuration profile - Add or delete a profile time-range - Define the time range entries T2600G-28MPS(config)#power inline inline T2600G-28MPS(config)#power inline consumption - Set the global power limit T2600G-28MPS(config)#power profile profile T2600G-28MPS(config)#power profile <WORD> - Profile name, the length is 1-16 Very often, company executives try to reduce electricity bills, which the accounts department has to pay monthly. The “Time-Range” item of the same menu group can help them with this. Using this item, the administrator can create a schedule in accordance with which the consumers will be powered. For example, at night and on weekends, the number of employees present at their workplaces is usually much less than in the so-called business hours. The reduction in the number of users leads to a reduction in the load on the network infrastructure, and the access points will be almost idle. Automatic shutdown of some of them practically will not affect the level of the service provided, since wireless users will be automatically redistributed between the remaining enabled access points. On Monday morning, the backup equipment will again be automatically switched on as scheduled, thus preparing everything necessary for returning to the office of our network administrator's colleagues. The process of switching on several access points will be regularly processed by the wireless controller, the frequencies and radiation powers will be redistributed so as to provide the best coverage throughout.
Sometimes PoE devices are installed on sensitive sites, where it is strictly forbidden to spend time outside office hours. In this case, it will be possible to keep even more money off the drain by cutting off the IP phones of some of the employees.
The power supply schedule is managed using the “Time-Range” item.
Calculate how much you could save for the New Year holidays already this year! And we still have a great weekend ahead of May.
LLDP
Link Layer Discovery Protocol (IEEE 802.1ab) is a protocol that allows you to detect neighboring devices, as well as inform your neighbors of certain information about yourself.
The basic LLDP protocol settings on the T2600G-28MPS switch are gathered in the “Basic Config” item of the “LLDP” group of the web interface menu. Here you can configure the operation of the protocol globally for the entire switch, and for each wired interface individually.
You can display and send information for each of the interfaces using the “Device Info” item of the same group. We connected the interface number 20 to the switch of another vendor to show an example of information that can be viewed about equipment from other manufacturers.
Of course, third-party network devices also correctly process the information received from our switches.
switch#sho lldp ne de ------------------------------------------------ Local Intf: Gi1/0/3 Chassis id: 704f.578f.49c7 Port id: GigabitEthernet1/0/20 Port Description: GigabitEthernet1/0/20 Interface System Name: T2600G-28MPS System Description: JetStream 24-Port Gigabit L2 Managed PoE+ Switch with 4 SFP Slots Time remaining: 93 seconds System Capabilities: B,R Enabled Capabilities: B,R Management Addresses: IP: 192.168.0.1 Auto Negotiation - supported, enabled Physical media capabilities: 1000baseT(FD) 1000baseT(HD) 1000baseX(FD) 1000baseX(HD) Symm Pause(FD) Asym Pause(FD) 100base-TX(FD) 100base-TX(HD) 10base-T(FD) 10base-T(HD) Other/unknown Media Attachment Unit type: 30 Vlan ID: 1 Total entries displayed: 1 Statistics on received and sent LLDP messages are presented in the “Device Statistics” section.
Perhaps one of the main applications of the LLDP protocol in networks is the use of its LLDP-MED (Media Endpoint Discovery) extension, through which the service information is exchanged with voice terminal equipment. Of course, the “voice,” as before, is encapsulated in RTP; Signaling traditionally uses one of two protocols: SIP or H.323. So what is LLDP-MED for? This extension can significantly reduce the cost of configuring IP phones and voice gateways. Typically, a separate virtual network (VLAN) is created to transfer voice data to the switches. For what? The reasons are usually two: the need for security and the desire to prioritize voice traffic.
Naturally, it would be possible to simply place all the ports of the switches to which the IP phones are connected in this virtual network, however, network administrators often have to deal with a shortage of network interfaces on the switching equipment. A strongly simplified example of connecting IP phones to the network with a sufficient number of free interfaces on the switch is presented below.
The problem of shortage of L2-ports on the switches on campuses is often solved by serially connecting the user's computer to a special port on the phone. The IP phone itself has an integrated Ethernet switch with three ports: one internal and two external (for connecting to network equipment and a user's PC). Since data from two virtual networks are transmitted simultaneously between the phone and the network switch (user data in access-vlan and voice data in voice-vlan), it is necessary to perform frame tagging, for example, using 802.1q. Such tagging is a typical solution and does not cause difficulties for network administrators. However, in order for it to be performed correctly, the phone itself must be configured in a certain way - the corresponding values ​​of virtual network identifiers - VID (VLAN Identifier) ​​- must be spelled out.
And this is how EVERY phone should be configured. The process is not fast, agree. The LLDP-MED extension is used to solve this routine task, allowing the switch to notify the IP phone of the virtual network numbers used.
To configure the LLDP-MED extension, you need to refer to the menu item of the same name.
Traditionally, each port can be configured individually.
Using the Local Info tab, you can view the information sent by the switch towards the connected equipment.
If the neighboring device supports LLDP-MED, then information about it will be displayed in the “Neighbor Info” tab.
Of course, the LLDP protocol parameters can be controlled using the command line.
T2600G-28MPS(config)#sho lld LLDP Status: Enabled LLDP Forward Message: Enabled Tx Interval: 30 seconds TTL Multiplier: 4 Tx Delay: 2 seconds Initialization Delay: 2 seconds Trap Notification Interval: 5 seconds Fast-packet Count: 3 LLDP-MED Fast Start Repeat Count: 4 T2600G-28MPS(config)#sho lld neighbor-information interface LLDP Neighbor Information: gigabitEthernet 1/0/20: Neighbor index 1: Chassis type: MAC address Chassis ID: 9C:57:AD:B0:34:80 Port ID type: Interface name Port ID: Gi1/0/3 Port description: GigabitEthernet1/0/3 TTL: 120 System name: switch System description: Cisco IOS Software, C3560CX Soft ware (C3560CX-UNIVERSALK9-M), Ve rsion 15.2(6)E, RELEASE SOFTWARE (fc4) Technical Support: http://www.ci sco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Sat 05-Aug-17 13:21 by prod_rel_team System capabilities supported: Bridge Router System capabilities enabled: Bridge Router Management address type: ipv4 Management address: 192.168.1.10 Management address interface type: System Port Number Management address interface ID: 1 Management address OID: 0 Port VLAN ID(PVID): 1 Port and protocol VLAN ID(PPVID): Port and protocol VLAN supported: Port and protocol VLAN enabled: Protocol identity: Auto-negotiation supported: Yes Auto-negotiation enabled: Yes OperMau: speed(1000)/duplex(Full) Link aggregation supported: Link aggregation enabled: Aggregation port ID: Power port class: PSE power supported: PSE power enabled: PSE pairs control ability: Maximum frame size: T2600G-28MPS(config)#lldp forward_message - Enable/Disable LLDP message forwarding when LLDP Global state is Disable. hold-multiplier - Configure LLDP TTL multiplier med-fast-count - Configure LLDP-MED fast mechanism repeat count timer - Configure LLDP timer <cr> T2600G-28MPS(config)#lldp med-fast-count med-fast-count T2600G-28MPS(config)#lldp med-fast-count <1-10> - Fast mechanism repeat count number It would seem that on this setting can be completed. However, we would like to show a little more detail on how the phone and the switch interact with each other. We will explain with the example of our test model - Avaya IP Deskphone 9620L. In order not to simplify your life, we will consider the situation of a shortage of network interfaces on the switches, that is, when the user's PC is connected via a telephone. We created two virtual networks (VLAN 2 - voice, VLAN3 - data), configured the corresponding virtual SVI interfaces (VLAN 2 - 192.168.2.1/24, VLAN 3 - 192.168.3.1/24) and configured two pools for the DHCP server.
Immediately upon connecting such a phone, the switch detects a PoE powered device (PD - Powered Device) and energizes the port, which allows the IP phone to turn on and start downloading. As can be seen from the screenshot below, the phone is not hungry at all (according to the manufacturer, this model can consume up to 5.3 watts in the worst case). In principle, the maximum power consumption of almost all Avaya IP phones does not exceed 7 watts. Other vendors have a similar situation. Therefore, TP-Link T2600G-28MPS with a supply of power will provide 24 IP phones.
But back to the LLDP. The switch saw a neighbor by this protocol. At first glance, the output presented on this page looks a bit strange - two entries about only one telephone set. Let's try to figure out why this is happening.
We see that the phone tells the switch two different Chassis IDs. In fact, this is the IP address received by the phone from the DHCP server, that is, the phone requests one address from each pool. However, the DHCP server displays only one address that was issued towards the phone.
At this stage, everything seems completely confusing and incomprehensible. But the otgadka is extremely simple. One has only to consider the procedure for the coordination of parameters for the LLDP protocol between the telephone and the switch.
When the phone has been powered and is being loaded for the first time, it still does not know which virtual networks are being used, that is, there is still no information on which VID tags to mark frames with. At this point, the IP phone sends untagged frames. These frames fall into the virtual network defined by the PVID field on the Port Config tab of the 802.1Q VLAN item in the VLAN group of the menu.
That is why in the bridge table of the switch an entry appears about the MAC address of the telephone for the virtual network, which we planned to use to transmit user data.
At this point, the phone uses the DHCP protocol to obtain the IP address and other network parameters. In parallel with this process, LLDP messages (including LLDP-MED) are exchanged, as a result of which the phone recognizes the virtual network number into which it should place its own frames.
Having found out the number of the correct virtual network, the IP phone releases the address previously obtained via DHCP and repeats the same process, but already tagging its own frames, which results in obtaining an IP address and other network information already in the new virtual network. That is why we see only one DHCP-leased address. Well, the entry in the bridge table will “hang out” until its lifetime has expired (the “Aging time” option, the “Dynamic Address” tab of the “MAC Address” item in the “Switching” group of the web interface menu). To confirm our words, we decided to bring a small piece of the dump containing the described actions.
The dump was removed using the port mirroring function. Unfortunately, not all service frames can be transmitted using this option.
In conclusion, I would like to note that there are several ways to specify the IP address of the station or voice gateway / server. If you do not consider the static indication of the address in the settings of the telephone itself and a variety of proprietary solutions, there are not so many options. These include, for example, a very obvious way to transfer this setting (along with a ton of other parameters) by using a configuration file that can be downloaded by the phone via TFTP / FTP / HTTP / HTTPS protocols. A slightly less obvious way is to use a variety of DHCP options. For example, Avaya IP phones use option No. 176 to specify the address of the device that performs the functions of the H323 Gatekeeper. With a head plunge into the world of the DHCP protocol, you can use the following article ( http://foxnetwork.ru/index.php/component/content/article/207-dhcp.html ). In addition to the above methods of informing the phone about the gateway address, you can use another one - the LLDP protocol. To date, our switches can not yet boast the support of the last two possibilities.
Are there any other ways to simplify the lives of network administrators who connect users' computers and phones to campus networks? The answer to this question is positive. Details in the next section.
Voice VLAN
In modern networks, the belonging of a frame to one or another virtual network is determined either on the basis of the interface through which this frame was received by the switch (port-based VLAN), or on the basis of the 802.1q protocol tag (tag-based VLAN). There are several other ways to determine whether a frame belongs to a virtual network, for example, based on the sender's MAC address. The Ethernet MAC address is 48 bits long and consists of two equal parts, the first of which contains an OUI - Organizationally Unique Identifier, assigned by the IEEE centrally to each network equipment manufacturer. Based on the OUI value in the sender's address, the frame can be assigned by the switch to the voice virtual network. Let's go through the whole process of setting up a voice virtual network based on OUI from beginning to end. For the sake of fairness, it is worth noting that our switches can determine the belonging to a virtual network based on the device’s MAC address not only for IP phones. The corresponding setting is available in the “MAC VLAN” item of the “VLAN” group of the menu.
So, you should start by managing the OUI values, on the basis of which frames will fall into the voice virtual network. This is done using the "OUI Config" tab of the same menu item.
Then you need to create a virtual network for voice traffic, if for some reason it has not yet been created. You can perform this procedure using the “802.1Q VLAN” item in the “VLAN” group of the web interface menu. You should not add any switch interfaces to this virtual network at this stage.
After the usual virtual network has been created, it is necessary to indicate that we plan to use it for the transmission of voice traffic. Only one voice virtual network can be created on our switches. The corresponding setting is available in the “Global Config” tab of the “Voice VLAN” item of the “QOS” group.
The final touch is setting up physical interfaces using the Port Config tab.
Not to mention the possibility of the inclusion of additional protection through the option "Security Mode". When this feature is enabled, the switch will not pass frames to the voice virtual network, the sender of which is not in the list of configured OUIs.
Of course, we could not ignore the lovers of console access.
T2600G-28MPS#sho vla VLAN Name Status Ports ----- -------------------- --------- ---------------------------------------- 1 System-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28 2 voice active Primary Secondary Type Ports ------- --------- ------------------ ---------------------------------------- T2600G-28MPS#sho voice vlan oui - Display voice VLAN OUI configuration switchport - Display voice VLAN configuration of switchport <cr> T2600G-28MPS#sho voice vlan Voice VLAN status: Enabled VLAN ID: 2 Aging Time: 1440 Voice Priority: 6 T2600G-28MPS#sho voice vlan switchport switchport T2600G-28MPS#sho voice vlan switchport Port Auto-mode Security State LAG ------ ------------ ------------ ------------ ------ Gi1/0/1 Auto Disabled Inactive N/A Gi1/0/2 Auto Disabled Inactive N/A Gi1/0/3 Auto Disabled Inactive N/A Gi1/0/4 Auto Disabled Inactive N/A Gi1/0/5 Auto Disabled Inactive N/A Gi1/0/6 Auto Disabled Inactive N/A Gi1/0/7 Auto Disabled Inactive N/A Gi1/0/8 Auto Disabled Inactive N/A Gi1/0/9 Auto Disabled Inactive N/A Gi1/0/10 Auto Disabled Inactive N/A Gi1/0/11 Auto Disabled Inactive N/A Gi1/0/12 Auto Disabled Inactive N/A Gi1/0/13 Auto Disabled Inactive N/A Gi1/0/14 Auto Disabled Inactive N/A Gi1/0/15 Auto Disabled Inactive N/A Gi1/0/16 Auto Disabled Inactive N/A Gi1/0/17 Auto Disabled Inactive N/A Gi1/0/18 Auto Disabled Inactive N/A Gi1/0/19 Auto Disabled Inactive N/A Gi1/0/20 Auto Disabled Inactive N/A Gi1/0/21 Auto Disabled Inactive N/A Gi1/0/22 Auto Disabled Inactive N/A Gi1/0/23 Auto Disabled Inactive N/A Gi1/0/24 Auto Disabled Inactive N/A Gi1/0/25 Auto Disabled Inactive N/A Gi1/0/26 Auto Disabled Inactive N/A Gi1/0/27 Auto Disabled Inactive N/A Gi1/0/28 Auto Disabled Inactive N/A T2600G-28MPS#sho voice vlan oui Index OUI-MAC OUI-Mask Description ------- ------------------- ------------------- -------------------- 1 00:01:e3:00:00:00 ff:ff:ff:00:00:00 Siemens Phone 2 00:03:6b:00:00:00 ff:ff:ff:00:00:00 Cisco Phone 3 00:04:0d:00:00:00 ff:ff:ff:00:00:00 Avaya Phone 4 00:60:b9:00:00:00 ff:ff:ff:00:00:00 Philips Phone 5 00:d0:1e:00:00:00 ff:ff:ff:00:00:00 Pingtel Phone 6 00:e0:75:00:00:00 ff:ff:ff:00:00:00 PolyCom Phone 7 00:e0:bb:00:00:00 ff:ff:ff:00:00:00 3Com Phone T2600G-28MPS#conf T2600G-28MPS(config)#voice vlan <2-4094> - Specify 802.1Q VLAN ID aging - Configure voice VLAN aging time mac-address - Configure OUI address priority - Configure voice VLAN flow priority T2600G-28MPS(config)#voice vlan At this point, we will probably finish with a discussion of the details of the functioning of the voice virtual network in TP-Link switches using the example of the T2600G-28MPS model.
Summing up
Using the example of the TP-Link T2600G-28MPS L2 + switch, we looked at useful options that make life easier for the network administrator by simplifying the implementation of some routine procedures. So, for example, centralized power management provides rich opportunities for monitoring energy efficiency, allowing for a number of optimization measures. And this is not to mention the increase in the quality of the power supply to the terminal equipment.
Have you created a new department? Expanded staff? Hired many new employees at once? And everyone needs phones, and ports on the switches are sorely lacking? Using the DHCP and LLDP protocols, as well as the Voice VLAN option, will allow the network administrator not to feel much of a difference between connecting one new employee or a hundred, without wasting switch ports for nothing.
Allow yourself another reminder - save the config after each significant change made. The process, of course, is not automatic, but it will save a lot of time and effort after the next “oops”.
Source: https://habr.com/ru/post/351614/
All Articles