Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  VOIP going to its own vlan? Vlan Classification

    Posted 08-10-2015 07:26

    Greetings everyone,

     

    I have a question for those who are much more experienced with such things. My extensive networking background is with another vendor that just had different terminology and technology than the norm I am afraid. Or perhaps I just don't understand it well enough? Anyway ...

     

    Is there a known way to have vlan classification in Junos? or perhaps 802.1v? I have tried finding something for Junos and I am having serious diffuculty finding anything.

     

    All I want to do is have the switch autodetect VOIP (or perhaps LLDP neighbor type?) and have it put into its own vlan. Is this possible? I have been reading alot about lldp and lldp-med and even 802.1x but I feel I am getting further from what I want and expect. 

     

    Am I destined to hard configure vlans for VOIP, or is there a way to do it automatically? Any tips would be invaluable to me, so thank you!

     

    Model: ex4300-48p
JUNOS EX Software Suite [13.2X51-D36.1]

root# run show lldp neighbors
Local Interface Parent Interface Chassis Id Port info System Name
ge-0/0/0 - 0.0.0.0 1 Polycom SoundPoint IP 331

     edit: I guess I'm looking for something similar to Propriatary Cisco VTP. Everyone points to MSTP, which sounds great only that is only for trunk ports not access ports. It sounds like (as of now) Juniper just does not support something like this.



  • 2.  RE: VOIP going to its own vlan? Vlan Classification
    Best Answer

    Posted 08-11-2015 07:09

    hate to double post but if anyone is looking for the answer I found it.

     

    Basically its using 802.1x and authenticating using the switch. Here is a snippet of code that I use to do it.

     

        dot1x {
        authenticator {
            static {
                00:04:f2:00:00:00/24 {
                    vlan-assignment 20;
                }
            }
        }
    }

    can't get much simpler than that. If the MAC begins with 00:04:f2 it goes into vlan 20. Done



  • 3.  RE: VOIP going to its own vlan? Vlan Classification

    Posted 08-11-2015 11:40

    Thanks for sharing that.  Do you have any other configuration that goes with this?  Often there is a computer hanging off the IP phone which has a data VLAN passthrough.  Keeping the phone on 1 VLAN and the computer on a data VLAN.



  • 4.  RE: VOIP going to its own vlan? Vlan Classification

    Posted 08-12-2015 10:37

    I guess it would work perfect if I needed both phone and data in the same line. My company is pretty adamant about keeping them seperate and doesn't like the idea of both vlans on one port. I'm unsure if there is anything I can do about it, however.

     

    Here is the full config, my most recent is just to test the phones. Its cut up pretty simple, really. So in this small example I have two phones connected to both ports 10 and 14 .. port 47 is a trunk that has all the vlans.

     

        ge-0/0/10 {
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members default;
                }
                storm-control default;
            }
        }
    }
 
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members default;
                }
                storm-control default;
            }
        }
    }
    ge-0/0/47 {
            unit 0 {
               family ethernet-switching {
               interface-mode trunk;
               vlan {
                    members all;
               }
               storm-control default;
               }
             }
        }
    irb {
        unit 0 {
            family inet {
                address 192.168.10.50/24;
            }
        }
    }

forwarding-options {
    storm-control-profiles default {
        all;
    }
}
protocols {
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
    igmp-snooping {
        vlan default;
    }
    dot1x {
        authenticator {
            static {
                00:04:f2:00:00:00/24 {
                    vlan-assignment 20;
                }
            }
            interface {
                ge-0/0/10.0 {
                    supplicant multiple;
                }
                ge-0/0/14.0 {
                    supplicant multiple;
                }
            }
        }
    }
    rstp {
        interface ge-0/0/10;
        interface ge-0/0/14;
        interface ge-0/0/47;
    }
}
vlans {
    data {
        vlan-id 10;
    }
    default {
        vlan-id 1;
        l3-interface irb.0;
    }
    voice {
        vlan-id 20;
    }
}
poe {
    interface all;
}

    after a few minutes of the phones booting up, they appear in vlan 20 as expected. They now appear in both "default" and "voice" as seen below. I really wish I could just get it to appear in "voice" only.

     

    root# run show vlans

Routing instance        VLAN name             Tag          Interfaces
default-switch          data                  10
                                                             ge-0/0/47.0*
default-switch          default               1
                                                             ge-0/0/0.0*
                                                             ge-0/0/10.0* (shouldn't be here)
                                                             ge-0/0/14.0* (shouldn't be here)
                                                             ge-0/0/47.0*
default-switch          voice                 20
                                                             ge-0/0/10.0*
                                                             ge-0/0/14.0*
                                                             ge-0/0/47.0*