Country/Region

★ How to connect a computer to an IP phone and then to a switch, and use different VLANs for different services?

2023-12-29 13:54:16 Published
  • 0 Followed
  • 0Collected ,3993Browsed
LinDongliang

Network Topology

PC--IP Phone --SW

Problem Description

How to connect a computer to an IP phone and then to a switch, and use different VLANs for different services?

Most of the time, the authentication of PCs and phones can be quite challenging and can be divided into many different scenarios.  

Process Analysis

For the computer, we have the following methods to implement VLAN assignment: 1. Configure PVID, 2. After Dot1x or MAC authentication, authorize VLAN through the RADIUS server.

For the IP phone, we have the following methods to implement VLAN assignment: 1. Configure PVID, 2. After Dot1x or MAC authentication, authorize VLAN through the RADIUS server, 3. The phone negotiates with the switch through LLDP.  

Solution

1. no any authentication and phone support lldp tlv-enable

#
interface GigabitEthernet1/0/xx
 port link-mode bridge
 port link-type hybrid
 port hybrid vlan 1 10 untagged                 #PC vlan#
 port hybrid vlan 24 tagged                        #Phone vlan#
 port hybrid pvid vlan 10                            # PC vlan#
 voice-vlan 24 enable                                 #Phone vlan#
 lldp tlv-enable med-tlv network-policy 24  #Phone vlan# SW will negotiate with phone to use vlan 24
 poe enable
 # 

2. 802.1x or mac-auth for pc 

#
interface GigabitEthernet1/0/xx

 port link-type trunk

 port trunk permit vlan all 

 port trunk pvid vlan 24                            #phone vlan#
 voice-vlan 24 enable                                 #Phone vlan#
 poe enable

 poe enable
 dot1x                                                       #radius server assign the authorization vlan
 undo dot1x handshake
 dot1x max-user 1
 undo dot1x multicast-trigger
 dot1x port-methord macbased
 dot1x mac-binding enable
 dot1x mac-binding XXXxXXXX
#  

3. 802.1x for pc and  mac-auth for pc 

#
interface GigabitEthernet1/0/xx
 port link-type trunk

 port trunk permit vlan all 
 voice-vlan 24 enable                                 #Phone vlan#
 poe enable
 dot1x                                                         #radius server assign the authorization vlan

mac-authentication                                    #radius server assign the authorization vlan

 undo dot1x handshake
 dot1x max-user 1
 undo dot1x multicast-trigger
 dot1x port-methord macbased
 dot1x mac-binding enable
 dot1x mac-binding XXXxXXXX
#  

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted