Avaya Ip Phone Inter Working With Cisco L2 Switches Configuration Guide

2015-06-01

: Avaya Avaya-Ip-Phone-Inter-Working-With-Cisco-L2-Switches-Configuration-Guide-736690 avaya-ip-phone-inter-working-with-cisco-l2-switches-configuration-guide-736690 avaya pdf

Open the PDF directly: View PDF PDF.
Page Count: 31

Technical
Config
uration
Guide
Nortel IP Phone Inter-Working with Cisco L2 Switches
Nov 10th, 2008
Issue: 1.1
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
1
Copyright © 2007-2008 Nortel Networks
All rights reserved. March 2008
The information in this document is subject to change without notice. The statements,
configurations, technical data, and recommendations in this document are believed to be
accurate and reliable, but are presented without express or implied warranty. Users must take
full responsibility for their applications of any products specified in this document. The
information in this document is proprietary to Nortel Networks Inc.
The software described in this document is furnished under a license agreement and may be
used only in accordance with the terms of that license.
Trademarks
Nortel, the Nortel logo, the Globemark, Unified Networks, and BayStack are trademarks of Nortel
Networks.
Cisco, Cisco IOS, Cisco Systems are trademarks of Cisco Systems.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporate.
All other Trademarks are the property of their respective owners.
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
2
TABLE OF CONTENTS
INTRODUCTION ............................................................................................................................. 3
BASIC CONFIGURATION NOTES ................................................................................................. 4
HARDWARE AND SOFTWARE VERSIONS ................................................................................. 4
VOIP FEATURES. ........................................................................................................................... 5
INTEGRATION NOTES AND LIMITATIONS .................................................................................. 6
NETWORK TOPOLOGY ................................................................................................................. 7
POE 802.3AF POWER OVER ETHERNET OVERVIEW AND CONFIGURATION ....................... 7
PORT LINK SPEED 802.3AB CONFIGURATION ........................................................................ 13
VLAN AND QOS 802.1Q/P VOICE AND DATA ........................................................................... 14
QOS 802.1Q/P QUALITY OF SERVICE ....................................................................................... 16
DHCP DYNAMIC HOST CONFIGURATION PROTOCOL ........................................................... 21
EAPOL 802.1X (EXTENSIBLE AUTHENTICATION PROTOCOL OVER LAN) .......................... 22
LLDP 802.1AB (LINK LAYER DISCOVERY PROTOCOL) ......................................................... 25
STP 802.1W (SPANNING TREE PROTOCOL) ............................................................................ 28
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
3
Introduction
The purpose of this document is to detail the steps and configuration necessary for Cisco L2
devices to interoperate with Nortel IP Phones.
This document doesn’t include every possible combination of hardware, software, Protocol or
feature testing scenarios.
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
4
Basic Configuration Notes
The table below is based on configuration shown in the diagram on page 7, the focus of this TCG
is how to configure Cisco Cat 3750 L2 switch to interop with Nortel IP set.
1) All configurations and testing was done with IPv4
2) Command Line Interface (CLI) was used for configuration. Cisco devices support web based
configuration with limitations.
3) Configurations recommended to use with Nortel IP Phone are in bold.
4) It is assumed that you know how to configure a Nortel IP Phone, DHCP and RADIUS Server.
options.
Hardware and Software Versions
Nortel
Cisco LAN Infrastructure
Quantity Hardware Software Version
1 Cisco 3750 L2 Switch 12.2(37)SE
Other Data Applications
Quantity Hardware Software Version
1 DHCP Server Microsoft Windows 2003 SP2
1 Cisco ACS (RADIUS) Cisco ACS 3.3
Quantity Hardware Software Version
1 Nortel (CS 1000) Communication server 1000 (CPPM) 5.50J
1 Signaling Servers (CPPM) 5.50.12
1 (SPS) SIP proxy Server HP DL320 5.50.12
2 Nortel IP Phone 1140E 0625C4D
1 Nortel Call Server Patch(s) Deplist
1 Signaling Server Patch(s)
Deplist
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
5
VoIP Features.
Power over Ethernet (PoE) 802.3af
Link, Duplex, Auto-negotiate, 1000MB, 100MB, 10MB
Virtual Local Area Networking (VLAN) tagging 802.1Q
Quality of Service (QoS) 802.1Q/p
Dynamic Host Configuration Protocol (DHCP)
Extensible Authentication Protocol (EAP) 802.1x
Link Layer Discovery Protocol (LLDP) 802.1ab
Spanning Tree Protocol (STP) 802.1w
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
6
Integration Notes and Limitations
This TCG covers standalone Nortel IP Phone sets and how they can be deployed on various
Cisco switches. It will cover features on Cisco switches related to VoIP with configuration
examples. In this guide the Nortel IP Phone 1140E is configured to use both Data and Voice
VLANs.
The focus of this guide is to configure Cisco switch to interoperate with Nortel IP Phones. It is
assumed that you know how to configure the Nortel IP Phone, DHCP server and a RADIUS
Server.
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
7
Network Topology
PoE 802.3af Power over Ethernet Overview and Configuration
Power over Ethernet (PoE) is defined by IEEE 802.3af to deliver up to 12.95 watts over structured
cabling. The Power-over-Ethernet (PoE) technology provides electrical power via standard Cat-5
Ethernet cables, thereby eliminating the need for wall adapters or other external power sources
for equipment connected in an Ethernet network. The two major components in a PoE system are
the power sourcing equipment (PSE) that provides the power, and the powered device (PD), that
receives and uses this power.
On a Cisco Catalyst 3750 24-port PoE switch, each PoE port provides up to 15.4 W of power. On
a 48-port PoE switch, any 24 of the 48 PoE ports provide 15.4 W of power, or any combination of
ports provide an average of 7.7 W of power at the same time, up to a maximum switch power
output of 370 W.
In our setup (PSE) Power Sourcing Equipment is the Cisco 3750 L2 switch and (PD) Power
Device is the Nortel IP Phone 1140E(s).
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
8
IEEE 802.3af PSE and Powered Device Power Classifications
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
9
PoE Cisco Switch Configuration
The Cisco Catalyst 3750-24PS and 3750-48PS support 370 Watts of inline power, and should
support class 3 PDs (15.4 Watts) on 24 ports or 7.7 Watts on 48 ports. By default, the power
mode of a port is set to auto. Use the command show power inline to check the inline power
configuration and status. Please see example at the bottom of the page.
There are three modes of PoE configuration on Cisco Cat 3750 Switch.
1) Auto (Default, recommended with Nortel IP phones)
The switch automatically detects if the connected device requires power. If the switch
discovers a powered device connected to the port it grants power.
2) Static
The switch pre-allocates power to the port and guarantees that power will be available for
the port even when no powered device is connected, the switch allocates the port
configured maximum wattage. Any powered device that uses less than or equal to the
maximum wattage is guaranteed to be powered when it is connected to the static port.
However if the powered-device IEEE class is greater than the maximum wattage, the
switch does not supply power to it.
3) (Never) Off
The switch disables powered-device detection and never powers the PoE port. Use this
mode only when you want to make sure power is never applied to a PoE-capable port.
Use the following commands to configure the port for desired PoE.
From the CLI enter enable mode:-
configure terminal
interface interface-id (for 3750 interface-ID = Gi1/0/1)
power inline auto (This is the preferred configuration for Nortel IP Phones)
power inline auto max <4000-15400> milli-watts (To limit the power in auto mode)
power inline static (To turn on power to the port even if there is no PoE device detected)
power inline static max <4000-15400> milli-watts (To limit the power in static mode)
power inline never (To turn off power to the port)
power inline consumption <4000-15400> milli-watts (To set the amount of power consumption)
Use the following CLI command to see PoE port configurations.
Clab_3750#sh power inline
Module Available Used Remaining
(Watts) (Watts) (Watts)
------ --------- -------- ---------
1 370.0 114.8 255.2
Interface Admin (Watts) Power Class Max
Oper Device
--------- ------ ---------- ------- ------------------- ----- ----
Gi1/0/1 auto on 15.4 Ieee PD 3 15.4 (Cisco reports class 3 device for 1140E)
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
10
Gi1/0/2 static on 15.4 Ieee PD n/a 15.4
Gi1/0/3 off off 0.0 n/a n/a 15.4
Issue with Oversubscription of Power
Both flavours of Cisco Cat 3750, the 24 and 48 port versions support 370 watts of inline power. If
you are using Cat 3750 with 48 ports and all the ports are populated with Nortel Class 3 phones
like 1140E and configured for “power inline auto” then you will Over-subscribe Power and likely
damage the switch.
The Cisco 3750 switch allows The Power Inline Consumption command to configure the actual
power requirements of the powered device. The end user can override the powered device
classification setting. Even though the Nortel IP Phone 1140E is a class 3 device its actual power
consumption in worse case scenario is 10.5 watts. In order to restrict max power of 10500 milli-
watts or 10.5 watts to each port use the following global configuration command.
Config t
power inline consumption default 10500
The switch supports 370 watts of total power to all 48 ports or 7.7 watts per port (370 / 48 =
7.7watts). To calculate how many Nortel IP Phones can the switch support. (Please use the chart
below as a guide line for Nortel IP Phone Power consumption) For Nortel IP Phone 1140E 370 /
10.5 = 35.
A Cat 3750 48 port switch can support 35 Nortel IP Phones that consume maximum of 10.5 watts
of power.
Use the following command to verify the settings.
sh power inline
Interface Admin Oper Power Device Class Max
Gi1/0/1 auto on 10.5 Ieee PD 3 15.4
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
11
Table below displays the average power consumed for each Nortel IP Phone set.
Model PEC Description
Power
budget
(802.3af)
PowerDraw
Typical
(watts)
PowerDraw
Max (watts) Notes
Nortel IP Phone 2000 Series
2001
NTDU90AC70E6 IP Phone 2001 (Charc/Bez)
Icon Keys w/o PS (RoHS) Class 2 3.2 4.2
NTDU90BC70E6 IP Phone 2001 (Charc/Bez)
Eng Text Keys w/o PS (RoHS) Class 2 3.2 4.2
2002
NTDU91AC70E6 IP Phone 2002 (Charc/Bez)
Icon Keys w/o PS (RoHS) Class 2 3.2 4.8
NTDU91BC70E6 IP Phone 2002 (Charc/Bez)
Eng Text Keys w/o PS (RoHS) Class 2 3.2 4.8
2004
NTDU92AC70E6 IP Phone 2004 (Charc/Bez)
Icon Keys w/o PS (RoHS) Class 2 3.2 4.8
NTDU92BC70E6 IP Phone 2004 (Charc/Bez)
Eng Text Keys w/o PS (RoHS) Class 2 3.2 4.8
2007 NTDU96AC70E6 IP Phone 2007 (Charc/Bez)
w/o PS (RoHS) Class 3 8.0 13.0
2033
NTEX11AA70E6
IP Audio Conference Phone
2033 Package (ROHS) -
Phone, with PoE Module,
without Extension Microphones Class 3 8.5 10.5
NTEX11BA70E6
IP Audio Conference Phone
2033 Package (ROHS) -
Phone with PoE module, with
2 Extension Microphones Class 3 8.5 10.5
NTEX11EA70E6
IP Audio Conference Phone
2033 Package (ROHS) -
Phone with PoE Module,
Universal Power Supply.
[Please order NTTK power
cord separately] Class 3 8.5 10.5
NTEX11FA70E6
IP Audio Conference Phone
2033 Package (ROHS) -
Phone with PoE module,
Universal Power Supply with 2
Extension Microphones-
[Please order NNTK power
cord separately] Class 3 8.5 10.5
Nortel IP Phone 1100 Series
1110
NTYS02AAE6 IP Phone 1110 with Icon
keycaps without power supply Class 2 2.8 5.89
NTYS02BAE6
IP Phone 1110 with English
Text keycaps without power
supply Class 2 2.8 5.89
1120E
NTYS03ACE6
IP Phone 1120E - Graphite
with icon keycaps, no power
supply (RoHS)
Class 3 6.0 / 8.0 8.0 / 10.5
first number
10/100 -
second
number
10/100/1000
NTYS03BCE6
IP Phone 1120E with English
Text keycaps without power
supply Class 3 6.0 / 8.0 8.0 / 10.5
first number
10/100 -
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
12
second
number
10/100/1000
1140E
NTYS05ACE6
IP Phone 1140E - Graphite
with icon keycaps, no power
supply (RoHS)
Class 3 6.0 / 8.0 8.0 / 10.5
first number
10/100 -
second
number
10/100/1000
NTYS05BCE6
IP Phone 1140E - Graphite
with Eng keycaps, no power
supply (RoHS)
Class 3 6.0 / 8.0 8.0 / 10.5
first number
10/100 -
second
number
10/100/1000
1150E
NTYS06AAE6
IP Phone 1150E Graphite with
Icon keycaps, without power
supply (RoHS)
Class 3 5.0 / 7.2 6.8 / 9.6
first number
10/100 -
second
number
10/100/1000
NTYS06BAE6
IP Phone 1150E Graphite with
English Text keycaps, without
power supply (RoHS)
Class 3 5.0 / 7.2 6.8 / 9.6
first number
10/100 -
second
number
10/100/1000
Nortel IP Phone 1200 Series
1210
NTYS18AA70E6 IP Phone 1210 Charcoal with
Icon Keys Class 2 3.2 4.6
NTYS18BA70E6 IP Phone 1210 Charcoal with
English Text Keys Class 2 3.2 4.6
1220
NTYS19AA70E6 IP Phone 1220 Charcoal with
Icon Keys Class 2 3.2 4.6
NTYS19BA70E6 IP Phone 1220 Charcoal with
English Text Keys Class 2 3.2 4.6
1230
NTYS20AA70E6 IP Phone 1230 Charcoal with
Icon Keys Class 2 3.2 4.6
NTYS20BA70E6 IP Phone 1230 Charcoal with
English Text Keys Class 2 3.2 4.6
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
13
Port Link Speed 802.3ab Configuration
The IEEE 802.3ab auto-negotiation protocol manages the switch settings for speed and duplex.
The Nortel IP phones are capable of:-
1) Auto-negotiate (Recommended settings)
2) 10 MB half/full duplex
3) 100 MB half/full duplex
Let both ports Nortel IP phone and Cisco L2 auto-negotiate both speed and duplex, the devices
will connect using the optimal speed. The other option is to manually set the speed and duplex
parameters for the ports on both ends of the connection. This may be desired in certain
scenarios where auto-negotiations fail but is not recommended.
Use the following CLI command to configure link speed for the port..
configure terminal
interface interface-id (for 3750 interface-ID = Gi1/0/1)
Speed 10 (Force 10 Mbps operation)
Speed 100 (Force 100 Mbps operation)
Speed 1000 (Force 1000 Mbps operation)
Speed auto (Enable auto-negotiation, Recommended settings for Nortel IP Phones)
duplex auto (Enable AUTO duplex, Recommended settings for Nortel IP Phones)
duplex full (Force full duplex operation)
duplex half (Force half-duplex operation)
Use the following CLI command to see the port speed settings on Cisco 3750 switch. In the
example below the switch port Gi1/0/1 is configured for auto-negotiate and the Nortel IP phone
1140E is also configured for auto-negotiate.
Please note the settings in bold below, it connected at the optimal speed of 1000MB and full
duplex.
a-full means auto-negotiate full duplex, a-1000 means auto-negotiate connected at 1000MB.
Clab_3750#sh int gi1/0/1 status
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 110 a-full a-1000 10/100/1000BaseTX
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
14
VLAN and QoS 802.1Q/p Voice and Data
A VLAN is a switched network that is logically segmented. Any switch port can belong to any
VLAN (Voice, Data or both). Cisco Catalyst 3750 ports should be configured as access ports.
The Nortel 1140E IP Phone will use the VOICE VLAN for voice traffic and the PC attached to the
Nortel IP Phone 1140E data port will use the access VLAN for data traffic. (Please see topology
on page 7) The voice VLAN feature enables Cisco 3750 access ports to support two VLANs
(access/native and voice) without turning on 802.1Q trunking.
Since the introduction of IP Telephony from Nortel, the design recommendation has been to
segregate the voice traffic from the data traffic using VLANs. There are several advantages to
separating this traffic at the edge of the network:
Simplifies the implementation of QoS for the IP Telephony phonesets. The network
administrator can simply enable QoS on a VLAN level all traffic on the voice VLAN
is prioritized over all the other VLANs.
Isolating the voice traffic provides a level of security for the IP Telephony. Any
broadcast or multicast storms that affect the data VLANs will not propagate to the
voice VLANs and therefore will not adversely affect the voice traffic.
Creating separate voice VLANs allows the network administrator to create simple
traffic filters that will not allow non-voice traffic on those VLANs for example, if a
user plugged their workstation into the voice VLAN, they would not be able to get
anywhere in the network.
Troubleshooting application level or network level problems is simplified by isolating
traffic flows into different VLANs. Understanding that no “normal” data traffic is
traversing the voice VLANs eliminates a variable in the troubleshooting process.
Use the following CLI command to configure port VLANs for both voice and data..
configure terminal
interface interface-id (for 3750 interface-ID = Gi1/0/1)
switchport mode access (Set trunking mode to ACCESS unconditionally)
switchport access vlan 10 (VLAN when this port is in access mode, this is data VLAN)
switchport voice vlan 20 (VLAN for voice traffic, this is for Nortel IP Phone)
Use the following CLI command to see the port VLAN settings on Cisco 3750 switch. In the
example below the switch port Gi1/0/1 is configured for Data VLAN 10 and voice VLAN 20.
Show config (For port 1/0/1 that we use for testing Nortel IP Phone)
interface GigabitEthernet1/0/1
switchport access vlan 10 (This is the default VLAN or data VLAN)
switchport mode access (Ths port is set for access mode)
switchport voice vlan 20 (This is the Voice VLAN)
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
15
The 1140E Nortel IP phone is configured to use both Voice and Data VLANs. Please see the
following menu driven options.
Voice VLAN:
No VLAN
DHCP (This is the preferred method, DHCP server to provision VLAN ID)
Enter VLAN ID (Manually enter VLAN ID if no DHCP server)
Data VLAN:
No VLAN
Enter VLAN ID (Enter the VLAN ID if tagging is required)
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
16
QoS 802.1Q/p Quality of Service
Sound quality of an IP phone call can deteriorate if its traffic does not recive proper QoS
treatment by the network. It is critical to the success of an IPT deployment that quality of service
(QoS) either based on IEEE 802.1P class of service (CoS) or DSCP is implemented. QoS uses
classification and scheduling to send network traffic from the switch in a predictable manner. The
Nortel 1140E IP Phone is a configurable device and can be configured to forward traffic with
either an 802.1P or DSCP QoS marking. You can configure the edge switch to either trust or
remark the QoS settings assigned by an IP Phone.
By default, Nortel’s IP phones will mark traffic with 802.1p bit set to 6 and the DiffServ value set to
Explicit Forwarding (EF) 46 for Voice Traffic and 40 for Signalling Traffic.
The simplest approach is to construct your network QoS such that there are only 3 levels of traffic
priorities. One priority is for VoIP media (bearer) traffic. The second priority is for VoIP signaling
traffic. The third priority is for best-effort IP data traffic.
The following markings will be used for Voice, Signaling and Data Traffic.
Traffic Type Traffic Classification DSCP Value
Voice Media Expedited Forwarding 46
Voice Signaling Class Selector 40
Data Traffic Best Effort 0
Use separate VLANs for Voice and Data. Use VLAN 10 for Data traffic - PC connected to the IP
Phone. Use VLAN 20 for Voice traffic. Voice traffic is tagged according to 802.1Q encapsulation
rules. Data traffic is unincapsulated and LAN switch places Data into access VLAN.
Please Note:
The implementation of QoS on a converged infrastructure varies greatly from network to network.
There is no one correct solution or simple cookbook for deploying QoS. It is best to understand
the overall network and the applications that are deemed critical in order to design a QoS
strategy. The following examples are intended as a guideline for the implementation of QoS on a
Cisco edge switch with Nortel IP Phone.
There are four general steps to configure QoS.
1) Classification of Traffic
2) Create Policy
3) Marking traffic
4) Queuing of both Ingress and Egress ports
In the Cisco Catalyst 3750 Switch, you can classify the frames either based on the incoming
CoS/DSCP values or based on the ACL.
The configuration based on the incoming CoS/DSCP value is achieved in three different ways:
Port based configuration using the mls qos interface based commands
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
17
MQC based configuration using class−map and policy−map
VLAN based configuration
Port based Configuration
Config terminal (Enter global configuration mode)
mls qos (Enable QoS globally)
mls qos map cos-dscp 0 8 16 40 32 46 48 56 (Define ingress CoS-to-DSCP mappings)
Intrerface level
interface GigabitEthernet1/0/1 (Specify the physical port)
switchport access vlan 10 (Native VLAN)
switchport mode access (Set the port to access mode)
switchport voice vlan20 (Voice VLAN)
priority-queue out (Enable the egress exepedite queue)
mls qos trust dscp (Trust IP Phone DSCP Values)
spanning-tree portfast (For Nortel IP Phones)
The Nortel IP Phone marks the voice payload with CoS 6 and DSCP EF when it sends the traffic
to the switch. When the traffic enters the switch port Gi 1/0/1 (in our example), the switch trusts
the CoS value. Then, the switch derives the DSCP value 48 for the CoS value 6 from the
CoS−DSCP default table. Please see the output below.
Clab_3750#sh mls qos maps cos-dscp
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 26 34 46 48 56
We need to map CoS value of 6 to DSCP value of 0x2E or 46 (Explicit Forwarding) for Nortel IP
Phone.
Config terminal Enter global configuration mode.
mls qos map cos-dscp 0 8 16 24 32 40 46 56 (DSCP 40 for Signaling 46 for Voice and 0 for Data)
Please note that CoS mapping is changed, CoS of 6 maps to DSCP value of 46.
Clab_3750#sh mls qos maps cos-dscp
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 26 34 40 46 56
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
18
(MQC) Mudular QoS CLI (Policy Based)
MQC can be used to classify and mark the incoming packets and can be used instead of port
specific configuration. You can also mark the incoming packets with the policy−map.
The requirements of this configuration are as follows assuming you have Voice and Data VLANs
configured with a PC on PC port.
Trust the DSCP values of the IP phone traffic.
Mark DSCP value of the PC application.
Untrust all other traffic from the PC.
First classify the Nortel IP phone traffic the Nortel IP phone belongs to voice VLAN 20 and has an
IP address in the 10.10.132.1 subnet. Second classify the PC traffic according to your
requirements. The PC on the Nortel IP Phone is placed in subnet 10.10.133.1. ACL can be used
to restrict PC access based upon source and destination IP address and UDP/TCP ports.
In our setup we will use any source or destination address from the PC but will restrict access to
TCP port 23 for a telnet session only.
Create (ACL) Access Control List for both Voice and Data Traffic
ip access−list extended voice−traffic (Create Access list for Voice traffic)
permit ip 10.10.132.0 0.0.0.255 any (Create filter, allow all VoIP traffic)
ip access−list extended data−traffic (Create Access list for Data traffic)
permit tcp any any eq 23 (Create filter, allow only Telnet traffic for data)
Create Class Map for both Voice and Data
class−map voice (Create a class map and call it voice)
match access−group name voice−traffic (Apply ACL of voice-traffic)
class−map data (Create a class map and call it data)
match access−group name data-traffic (Apply ACL of data-traffic)
Create Policy
policy−map voice−policy (Create a policy map and call it voice-policy)
class voice (Class is voice from class mapping above)
trust dscp (All voice traffic DSCP will be trusted)
class data (Class is data from class mapping above)
set dscp af13 (af13 maps to CoS 1 data low priority)
Apply Policy to Interface
interface gigabitEthernet 1/0/1 (Select the interface to apply the above policy)
switchport access vlan 10 (Default VLAN or data VLAN)
switchport mode access (This port is set for access mode)
switchport voice vlan 20 (This is the Voice VLAN)
spanning−tree portfast (Sets the port for fast STP convergence)
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
19
service−policy input voice−policy (Apply created QoS policy “voice-policy”)
Enabling VLAN-Based QoS on Physical Ports
Please use the policy map “voice-policy” created above and apply to the VLAN in question.
Configure terminal (Enter configuration mode)
interface Vlan20 (Select the VLAN interface to apply QoS policy)
service-policy input voice-policy (Apply the voice-policy to this port)
interface GigabitEthernet1/0/1 (Specify the physical port)
mls qos vlan-based (Enable VLAN-based QoS on the port)
Next step is congestion management and avoidance, the steps are queuing, dropping and
Scheduling of packets. Cisco Cat 3750 Switch has two ingress queues, after the traffic is
classified and marked with QoS labels, you can assign the traffic into two different queues based
on the QoS labels. Weighted tail drop (WTD) is used to manage the queue lengths and to provide
drop precedence for different traffic classifications.
Packets that are marked with CoS of 6 which map to DSCP of 46 (default for Nortel IP Phone)
are placed in queue 2. Queue 2 is the priority queue by default.
Cisco default queue settings and configuration
show mls qos input-queue
Queue : 1 2
----------------------------------------------
buffers : 90 10
bandwidth : 4 4
priority : 0 10
threshold1: 100 100
threshold2: 100 100
Queue 2 is the priority queue the SRR services the priority queue for its configured weight which
is 10%. Then, SRR shares the remaining bandwidth with both queues and services them as
specified by the configured weights. queue 1 and queue 2 are serviced at the rate of 45% each,
90 percent divided by two is 45 percent.
Cisco IOS allocates default space to queue 1 and queue 2, you can change buffer allocation
using the following CLI.
mls qos srr−queue input buffers 70 30
show mls qos input-queue
Queue : 1 2
----------------------------------------------
buffers : 70 30
bandwidth : 4 4
priority : 0 10
threshold1: 100 100
threshold2: 100 100
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
20
Now the SRR will service priority queue with weight of 30 and the remaining 70 percent will be
shared by queue 1 and queue 2 that is 35 percent each.
Cisco Qos bandwidth settings and configuration
Use the following command to change the bandwidth allocation to each queue. In our setup lets
assume our bandwidth is 1GB
mls qos srr−queue input bandwidth 90 10
mls qos srr−queue input priority−queue 2 bandwidth 30
show mls qos input-queue
Queue : 1 2
----------------------------------------------
buffers : 70 30
bandwidth : 90 10
priority : 0 30
threshold1: 100 100
threshold2: 100 100
By default, queue 2 is the priority queue and 10% of total bandwidth is allocated to this queue.
Out of total bandwidth of 1000MB SRR will service 30% of 10000MB to queue 2 first which is
300MB. The remaining 700MB bandwidth is shared by queue 1 and queue 2. According to our
configuration, queue 1 is serviced 70% of 700MB and queue 2 is again serviced 10% of 700MB.
This 700MB bandwidth is serviced by SRR in shared mode.
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
21
DHCP Dynamic Host Configuration Protocol
The following configuration example covers setting up Cisco Cat 3750 to support both voice and
data VLANs. With one DHCP server providing IP Addresses to multiple subnets the L3 device
has to be configured to forward DHCP requests from the clients to the DHCP server. In our setup
we have two VLANs, Voice and Data. The DHCP server resides on the Data VLAN but can serve
clients on Voice VLAN if the router is configured to forward DHCP requests.
From command line interface go to enable mode.
configure terminal (Switch to configuration mode)
interface Vlan20 (This is Voice VLAN with Nortel IP Clients)
ip address 10.10.132.1 255.255.255.224 (IP address of the Cisco interface)
ip helper-address 10.10.133.35 (This is the IP address of the DHCP server)
In the above setup the DHCP server IP address is 10.10.133.35 which is on Data VLAN. The
clients are on Voice VLAN 10.10.132.1. Cisco router will forward all DHCP requests from Nortel
IP clients on Voice VLAN to the DHCP server if IP helper-address is used.
Note:
The above example applies to all the interfaces on the Cisco L2/L3 switch with Nortel IP
clients configured for partial or full DHCP.
VLAN interface with DHCP server on the same VLAN do not need any helper address.
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
22
EAPoL 802.1x (Extensible Authentication Protocol over LAN)
Extensible Authentication Protocol over LAN is a port-based network access control protocol.
EAPoL provides a method for performing authentication at the edge of the network in order to
obtain network access based on the IEEE 802.1X standard. 802.1X specifies a protocol used
between devices (EAP Supplicants) that desire access to the network and devices providing
access to the network (EAP Authenticator).
Cisco L2 controls the physical access to the network based on the authentication status of the
client. The Cat 3750 acts as an intermediary (proxy) between the client and the authentication
server, requesting identity information from the client, verifying that information with the
authentication server, and relaying a response to the client.
Nortel IP Phones on Unistim 3 and latter support three EAP types
EAP-MD5
EAP-PEAP
EAP-TLS
Please note that Cisco Cat 3750 is transparent to EAP types, the configuration for all three is the
same on the switch. The client (Supplicant) and the Radius Server (Authentication Server) should
be configured accordingly. No special configuration is required on the Switch (Authenticator)
unless other wise noted.
In our setup:-
EAP Supplicant = Nortel IP Phone
EAP Authenticator = Cisco Cat 3750 L2 switch
EAP Authentication Server = RADIUS server (This can be Cisco ACS or FreeRADIUS)
The Nortel IP Phone should be configured for :-
Enabled 802.1x (EAP) (check box)
Device ID = nortel_set (ID you configure on RADIUS server)
Password = 12345 (password string also configure on RADIUS server)
Configuring the port for 802.1x Authentication on Cisco Cat 3750
configure terminal
aaa new-model (Enable AAA)
dot1x system-auth-control (Enable 802.1x authentication globally on the switch)
interface interface-id (Specify the interface to configure for AAA, e.g. Gi1/0/1)
dot1x port-control auto (802.1x authentication enabled on the port)
Configuring Cat 3750 switch to use RADIUS Server for authentication
Config t
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
23
host 10.10.133.36 auth-port 1812 key secret_value
Note:
Host IP is the IP address of RADIUS Server
Auth-port is the UDP authentication port configured on RADIUS server
Key is the password configured on the RADIUS server for clients authentication
Configuring Periodic Re-Authentication
You can enable periodic 802.1x client re-authentication and specify how often it occurs. If you do
not specify a time period before enabling re-authentication, the number of seconds between
re-authentication attempts is 3600.
configure terminal
dot1x reauthentication
dot1x timeout reauth-period “seconds” (seconds = 1 to 65535)
The minimum re-authentication period when EAP-MD5 and EAP-PEAP are enabled is 10
seconds. When EAP-TLS is enabled, the minimum re-authentication period is 20 seconds.
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for 60 seconds which is
the default and then tries again, The dot1x timeout quiet-period controls the idle period. You can
provide a faster response time to the user by entering a smaller number than the default.
configure terminal
interface GigabitEthernet1/0/1
dot1x timeout quiet-period seconds
Changing the Switch-to-Client Retransmission Time
The client responds to the EAP request from the switch with an EAP response. If the switch does
not receive this response, it waits for 30 seconds and then resends the frame.
configure terminal
interface GigabitEthernet1/0/1
dot1x timeout tx-period “seconds” (seconds = 15 to 65535, defaults is 30)
Configuring the Host Mode
To allow multiple hosts (clients) on an 802.1x-authorized port that has the dot1x port-control
interface configured for auto. If you have a PC using the PC port on Nortel IP phone please use
the following configuration to configure the port for multi host mode.
configure terminal
interface GigabitEthernet1/0/1
dot1x host-mode multi-host
Configuring a Guest VLAN
Clients that are not 802.1x-capable can use guest VLAN when the server does not receive a
response to its EAP request. Clients that are 802.1x-capable but fail authentication are not
granted access to the network. The switch supports guest VLANs in both single-host or multiple-
hosts mode.
configure terminal
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
24
interface GigabitEthernet1/0/1
dot1x guest-vlan vlan-id
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
25
LLDP 802.1ab (Link Layer Discovery Protocol)
IEEE 802.1AB LLDP is a Layer 2 neighbor discovery protocol. It defines a standard method for
Ethernet network devices such as switches, routers and IP Phones to advertise information about
themselves to other nodes on the network and store the information they discover.
This section describes how to configure the Link Layer Discovery Protocol (LLDP) and LLDP
Media Endpoint Discovery (LLDP-MED) on the Cisco Cat 3750 switch.
The Nortel IP Phone can be set up for ether LLDP VLAN Name or LLDP-MED Network
Policy but not both.
The Nortel IP Phone can be configured for :-
Enabled 802.1ab (LLDP) (check box to enable LLDP)
VoiceVLAN:
LLDP VLAN Name (Cisco switch do not support VLAN Name)
or
LLDP MED (This is the preferred option)
DataVLAN:
No VLAN (Use this option if you have PC on PC port)
LLDP VLAN Name (Cisco switch do not support VLAN Name)
Enter VLAN ID (Enter the VLAN ID if tagging is required)
The Nortel IP Phone will transmit following LLDP messages:-
Chassis ID
Port ID
Time To Live
End of LLDPPDU
Port Description
System Description
System Capabilities
Port VLAN ID
Port And Protocol VLAN ID
VLAN Name
Protocol Identity
MAC/PHY Configuration Status
Power Via MDI
Link Aggregation
Maximum Frame Size
LLDP-MED Capabilities
Network Policy
Extended Power-via MDI
Inventory Firmware Revision
Inventory Manufacturer Name
Inventory Model Name
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
26
The Nortel IP Phone is capable of receiving the following LLDP messages but not all are
transmitted by Cisco switch:-
Chassis ID
Port ID
Time To Live
End of LLDPPDU
System Capabilities
VLAN Name (voice and data VLAN configuration)
MAC/PHY Configuration Status (link mismatch detection)
LLDP-MED Capabilities
Network Policy (voice VLAN and QoS configuration)
Location Identification (store in the phone and forward to the server)
Cisco Cat 3750 default LLDP settings are as follows, Dafaults are used to interop with Nortel sets
unless other wise noted.
LLDP global state Enabled
LLDP holdtime (before discarding) 120 seconds
LLDP timer (packet update frequency) 30 seconds
LLDP reinitialization delay 2 seconds
LLDP tlv-select Enabled to send and receive all TLVs.
LLDP interface state Enabled
LLDP receive Enabled
LLDP transmit Enabled
LLDP med-tlv-select Enabled to send all LLDP-MED TLVs
Please note:
LLDP can be enabled or disabled globally and at an Interface level.
configure terminal
lldp run (To enable LLDP globally)
no lldp run (To disable LLDP globally)
interface GigabitEthernet1/0/1 (To configure LLDP at interface level)
lldp transmit (LLDP packets are send on this interface)
lldp receive (LLDP packets are received on this interface)
no lldp transmit (No LLDP packets are send on this interface)
no lldp receive (No LLDP packets are received on this interface)
Use the show lldp command to verify LLDP settings.
Clab_3750#sh lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
27
Clab_3750#sh lldp int GigabitEthernet1/0/1
GigabitEthernet1/0/1:
Tx: enabled
Rx: enabled
Tx state: IDLE
Rx state: WAIT FOR FRAME
Please Note: The preferred method to assign VLANs to Nortel IP Phones is LLDP if available.
The Network policy TLV allows both network connectivity devices and endpoints to advertise
VLAN configurations and associated Layer 2 and Layer 3 attributes for the specific application on
that port. The switch can notify a phone of the VLAN number that it should use. The phone can
connect into any switch, obtain its VLAN number, and then start communicating.
By default all LLDP TLVs are enabled.
You can enable the TLVs globally or at an interface level.
Config t (Enter Configuration mode)
interface GigabitEthernet1/0/1 (For interface level configuration)
lldp med-tlv-select (For LLDP TLV selection, see 4 choices below)
inventory-management (LLDP MED Inventory Management)
location (LLDP MED Location TLV)
network-policy (LLDP MED Network Policy TLV)
power-management (LLDP MED Power Management TLV)
lldp med-tlv-select network-policy (To assign VLAN via LLDP)
lldp med-tlv-select power-management (Allows Switch and PD to exchange PoE information)
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
28
STP 802.1w (Spanning Tree Protocol)
Since Nortel IP Phone has two open ports one for the network and the other PC port there is
always a chance of connecting both the ports to the Cisco switch and creating a loop. If a loop is
detected the last port on the switch that caused the loop will go in blocking mode.
Please Note: No configuration is available on Nortel IP phone for STP.
This section describes how to configure the Spanning Tree Protocol on Catalyst 3750 switch. The
switch uses the following Spanning Tree Protocols
PVST+ (Based on the IEEE 802.1D standard and Cisco proprietary extensions, Dafault)
rapid-PVST+ (Based on the IEEE 802.1w standard same as above but rapid convergence)
MSTP (Multiple Spanning Tree Protocol, runs on top of PVST+ or rapid-PVST+)
Configuring the switch for spanning tree Mode
configure terminal
Spanning-tree mode (Three options available below)
mst (Multiple spanning tree mode)
pvst (Per-Vlan spanning tree mode also the default)
rapid-pvst (Per-Vlan rapid spanning tree mode, preferred)
Please use Port Fast on interface connected to Nortel IP Phone to allow immediately connect to
the network rather than waiting for the spanning tree to converge. Interface with Port Fast
enabled goes through the normal cycle of spanning-tree status when the switch is restarted the
purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to
Converge. Port Fast will immediately bring an interface configured as an access or trunk port to
the forwarding state from a blocking state, bypassing the listening and learning states.
Configuring the switch for spanning tree port fast
configure terminal
spanning-tree port fast (Moves all the ports directly to the spanning-tree forwarding state)
Or at interface level if you do not want all the ports in port fast state
interface GigabitEthernet1/0/1
Spanning-tree port fast (Moves the port directly to the spanning-tree forwarding state)
Use the show spanning-tree command to check STP settings.
Clab_3750#show spanning-tree
VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 32809
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
29
Address 0018.1928.f500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32809 (priority 32768 sys-id-ext 41)
Address 0018.1928.f500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 4 128.4 P2p Edge
Nortel VoIP Clients on Cisco L2 devices Configuration Guide August 2008
______________________________________________________________________________________________________
30
****************************************************END*****************************************************
The information in this document is subject to change without notice. The statements,
configurations, technical data, and recommendations in this document are believed to be
accurate and reliable, but are presented without express or implied warranty. Users must take full
responsibility for their applications of any products specified in this document. The information in
this document is proprietary to Nortel Networks. Nortel, the Nortel logo and the Globemark are
trademarks of Nortel Networks.

Navigation menu