[All About Switches] Example of Connecting an S Series Switch to an IP Phone Usi

Created Sep 24, 2015 15:15:33Latest reply Aug 24, 2016 03:50:53 4456 1 2 0
 

1.1 Overview of ACL and MQC

An Access Control List (ACL) consists of one or multiple rules. The device processes packets matching ACL rules in different manners.

Modular QoS Command-Line Interface (MQC) allows the device to classify traffic of a certain type so that the switch can provide the same service for packets of the same type and differentiated services for packets of different types.

The switch identifies voice packets using ACL or MQC, and then adds the voice VLAN to voice packets and increases the 802.1p priority of voice packets.

1.2 Applicable Version and Model

Methods of connecting a switch to an IP phone through a traffic policy are as follows:

IP Phone Access Implementation

Version and Model

Advantage

IP Phone Model

ACL

Modular switches and

S6700 and S5700 (except SI and LI series)

1.    The configuration is simple.

2.    The switch can directly add voice VLAN IDs to voice packets and change the 802.1p priority of packets.

3.    An interface can forward both voice and data flows.

Voice VLAN cannot be configured through any protocol.

Traffic policy

Modular switches

1.    The configuration is complex.

2.    The switch can directly add voice VLAN IDs to voice packets and change the 802.1p priority of packets.

3.    An interface can forward both voice and data flows.

Voice VLAN cannot be configured through any protocol.

Simplified ACL-based traffic policy

Fixed switches

1.    The configuration is simple.

2.    The switch can change the 802.1p priority of voice packets, but cannot add voice VLAN IDs to voice packets.

3.    The switch can add the voice VLAN ID specified by the PVID of an interface to data flows and the interface can forward only voice flows.

Voice VLAN cannot be configured through any protocol.

 

In this document, V200R006C00 is used as an example. The version differences will be described in this section .

1.3 Connecting a Switch to an IP Phone Through ACL

1.3.1 Networking Requirements

Voice data flows of HSI, VoIP, and IPTV services are transmitted on a network. Users require high quality of the VoIP service; therefore, voice data flows must be transmitted with a high priority. If a voice device does not support DHCP or LLDP, you can configure a traffic policy on the switch. Then the switch assigns the VLAN ID to the voice device.

As shown in the following figure, the IP phone does not support DHCP or LLDP, so the switch cannot assign a voice VLAN to the IP phone and the IP phone sends untagged voice packets. To ensure high quality of the VoIP service, the switch defines an ACL rule based on the MAC address of the IP phone to identify voice packets and changes the 802.1p priority of voice packets to 5.

 

1.3.2 Data Plan

VLAN plan: Voice flows (VoIP) are transmitted in VLAN 300 and data flows (HIS and IPTV) are transmitted in VLAN 500.

1.3.3 Configuration Roadmap

The configuration roadmap is as follows:

l   Create VLANs for voice and data flows.

l   Define an ACL rule matching the source MAC address to identify voice flows.

l   Add voice VLAN to packets matching the ACL rule and change the 802.1p priority of packets.

1.3.4 Procedure

   Step 1      Create VLANs for voice and data flows on the switch.

<HUAWEI> system-view

[HUAWEI] vlan batch 300 500

 

   Step 2      Configure the link type of an interface and PVID. Add the interface to a voice VLAN.

[HUAWEI] interface gigabitethernet 1/0/1

[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid  // Configure the link type of a switch interface connected to an IP phone as hybrid so that the interface can forward voice and data flows.

[HUAWEI-GigabitEthernet1/0/1] port hybrid pvid vlan 500  //Configure the default VLAN ID as 500. Then GE0/0/1 adds VLAN 500 to received packets so that packets are forwarded in VLAN 500.

[HUAWEI-GigabitEthernet1/0/1] port hybrid untagged vlan 500  //The switch is configured to remove VLAN 500 from packets sent by GE1/0/1 so that downlink devices receive untagged packets.

 

   Step 3      Define an ACL rule matching the source MAC address to identify voice flows.

[HUAWEI] acl 4000  //The ACL rule matching the source MAC address is a Layer 2 ACL rule. The Layer 2 ACL number ranges from 4000 to 4999.

[HUAWEI-acl-L2-4000] rule permit source-mac 00e0-bb00-1234 ffff-ff00-0000  //The ACL rule allows packets with the source MAC address of 00e0-bbXX-XXXX to pass.

[HUAWEI-acl-L2-4000] quit

 

   Step 4      Apply the ACL rule on the interface to add voice VLAN to voice packets and change the 802.1p priority of packets.

[HUAWEI] interface gigabitethernet 1/0/1

[HUAWEI-GigabitEthernet1/0/1] port add-tag acl 4000 vlan 300 remark-8021p 5  //Configure the device to add a voice VLAN to received packets matching the ACL rule and change the 802.1p priority of packets.

[HUAWEI-GigabitEthernet1/0/1] port hybrid untagged vlan 300  //Add GE1/0/1 to VLAN 300 in untagged mode so that GE0/0/1 removes VLAN 300 from voice packets.

[HUAWEI-GigabitEthernet1/0/1] quit

 

   Step 5      Configure the uplink interface to transparently transmit voice flows and data flows.

[HUAWEI] interface gigabitethernet 1/0/2

[HUAWEI-GigabitEthernet1/0/2] port link-type trunk  //Configure the link type of the interface as trunk so that the interface can transparently transmit VLAN packets.

[HUAWEI-GigabitEthernet1/0/2] port trunk allow-pass vlan 300 500

[HUAWEI-GigabitEthernet0/0/2] quit

 

   Step 6      Verify the configuration.

l   Run the display acl 4000 command to check whether the ACL configuration is correct.

[HUAWEI] display acl 4000

L2 ACL 4000, 1 rule                                                            

Acl's step is 5                                                                

 rule 5 permit source-mac 00e0-bb00-0000 ffff-ff00-0000                             

 

l   The VoIP service is normal. Check the MAC address entry of the IP phone. The VLAN ID in the MAC address entry is 300.

[HUAWEI] display mac-address 00e0-bb00-1234

-------------------------------------------------------------------------------

MAC Address    VLAN/VSI   Learned-From     Type      

-------------------------------------------------------------------------------

00e0-bb00-1234 300/-        GE1/0/1          dynamic    

                                                                                

-------------------------------------------------------------------------------

Total items displayed = 1                                                                

 

 

1.3.5 Configuration Files

#

sysname HUAWEI

#

vlan batch 300 500

#

acl number 4000

 rule 5 permit source-mac 00e0-bb00-0000 ffff-ff00-0000

#

interface GigabitEthernet1/0/1

port link-type hybrid

  port hybrid pvid vlan 500

port hybrid untagged vlan 300 500

port add-tag acl 4000 vlan 300 remark-8021p 5

#

interface GigabitEthernet1/0/2

port link-type trunk

  port trunk allow-pass vlan 300 500

#

return

 

1.3.6 Summary

This example is only applicable to the following models of fixed switches: S6700, 5700EI, S5700HI, S5710EI, S5720EI, S5710HI, and S5720HI.

1.4 Connecting a Switch to an IP Phone Through a Traffic Policy

1.4.1 Networking Requirements

Voice data flows of HSI, VoIP, and IPTV services are transmitted on a network. Users require high quality of the VoIP service; therefore, voice data flows must be transmitted with a high priority. If a voice device does not support DHCP or LLDP, you can configure a traffic policy on the switch. Then the switch assigns the VLAN ID to the voice device.

As shown in the following figure, the IP phone does not support DHCP or LLDP, so the switch cannot assign a voice VLAN to the IP phone and the IP phone sends untagged voice packets. To ensure high quality of the VoIP service, the switch defines an ACL rule based on the MAC address of the IP phone to identify voice packets and changes the 802.1p priority of voice packets to 5.

1.4.2 Data Plan

VLAN plan: Voice flows (VoIP) are transmitted in VLAN 300 and data flows (HIS and IPTV) are transmitted in VLAN 500.

1.4.3 Configuration Roadmap

The configuration roadmap is as follows:

l   Create VLANs for voice and data flows.

l   Define traffic classifier, traffic behavior and traffic policy rules to identify voice flows.

l   Apply the traffic policy on an interface to add voice VLAN and change the 802.1p priority.

1.4.4 Procedure

   Step 1      Create VLANs for voice and data flows on the switch.

<HUAWEI> system-view

[HUAWEI] vlan batch 300 500

 

   Step 2      Configure the link type of an interface and PVID. Add the interface to a voice VLAN.

[HUAWEI] interface gigabitethernet 1/0/1

[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid  // Configure the link type of a switch interface connected to an IP phone as hybrid so that the interface can forward voice and data flows.

[HUAWEI-GigabitEthernet1/0/1] port hybrid pvid vlan 500  //Configure the default VLAN ID as 500. Then GE0/0/1 adds VLAN 500 to received packets so that packets are forwarded in VLAN 500.

[HUAWEI-GigabitEthernet1/0/1] port hybrid untagged vlan 500  //The switch is configured to remove VLAN 500 from packets sent by GE0/0/1so that downlink devices receive untagged packets.

 

   Step 3      Define an ACL rule matching the source MAC address to identify voice flows.

1.    Configure a traffic classifier.

[HUAWEI] traffic classifier phone_access  //Configure a traffic classifier named phone_access.

[HUAWEI-classifier-phone_access] if-match source-mac 00e0-bb00-1234 mac-address-mask ffff-ff00-0000   //Define a rule to match packets with the source MAC address of 00e0-bbXX-XXXX.

[HUAWEI-classifier-phone_access] quit

2.    Configure a traffic behavior.

[HUAWEI] traffic behavior phone_access  //Configure a traffic behavior named phone_access.

[HUAWEI-behavior-phone_access] remark 8021p 5  //Configure the switch to change the 802.1p priority of packets matching the traffic classifier to 5.

[HUAWEI-behavior-phone_access] nest top-most vlan-id 300  //Configure the switch to add VLAN 300 to packets matching the traffic classifier.

[HUAWEI-behavior-phone_access] quit

3.    Configure a traffic policy.

[HUAWEI] traffic policy phone_access   //Configure a traffic policy named phone_access.

[HUAWEI-trafficpolicy-phone_access] classifier phone_access behavior phone_access   //Associate the traffic classifier phone_access with the traffic behavior phone_access.

[HUAWEI-trafficpolicy-phone_access] quit

4.    Apply the traffic policy.

[HUAWEI] interface gigabitethernet 1/0/1

[HUAWEI-GigabitEthernet1/0/1] traffic-policy phone_access inbound   //Apply the traffic policy in the inbound direction of GE1/0/1. That is, the switch adds VLAN 300 to received packets with the source MAC address of 00e0-bbXX-XXXX and changes the 802.1p priority of packets to 5.

[HUAWEI-GigabitEthernet1/0/1] quit

 

   Step 4      Configure the uplink interface to transparently transmit voice flows and data flows.

[HUAWEI] interface gigabitethernet 1/0/2

[HUAWEI-GigabitEthernet1/0/2] port link-type trunk  //Configure the link type of the interface as trunk so that the interface can transparently transmit VLAN packets.

[HUAWEI-GigabitEthernet1/0/2] port trunk allow-pass vlan 300 500

[HUAWEI-GigabitEthernet1/0/2] quit

 

   Step 5      Verify the configuration.

l   Run the display traffic classifier user-defined command to check whether the configuration of the traffic classifier is correct.

[HUAWEI] display traffic classifier user-defined

  User Defined Classifier Information:

   Classifier: phone_access

    Precedence: 5

    Operator: OR

    Rule(s) : if-match source-mac 00e0-bb00-0000 mac-address-mask ffff-ff00-0000

 

Total classifier number is 1

 

l   Run the display traffic behavior user-defined command to check whether the configuration of the traffic behavior is correct.

[HUAWEI] display traffic behavior user-defined

  User Defined Behavior Information:

    Behavior: phone_access

      Permit

      Remark:

        Remark 8021p 5

      Nest:

        Nest top-most vlanid 300

 

Total behavior number is 1

 

l   Run the display traffic-policy applied-record command to check whether the traffic policy has been correctly applied.

[HUAWEI] display traffic-policy applied-record

#

-------------------------------------------------

  Policy Name:   phone_access

  Policy Index:  0

     Classifier:phone_access     Behavior:phone_access

-------------------------------------------------

 *interface GigabitEthernet1/0/1

    traffic-policy phone_access inbound

      slot 1    :  success

-------------------------------------------------

  Policy total applied times: 1.

#

l   The VoIP service is normal. Check the MAC address entry of the IP phone. The VLAN ID in the MAC address entry is 300.

[HUAWEI] display mac-address 00e0-bb00-1234

-------------------------------------------------------------------------------

MAC Address    VLAN/VSI   Learned-From     Type

-------------------------------------------------------------------------------

00e0-bb00-1234 300/-        GE0/0/1          dynamic

                                                                               

-------------------------------------------------------------------------------

Total items displayed = 1

1.4.5 Configuration Files

#

sysname HUAWEI

#

vlan batch 300 500

#

traffic classifier phone_access operator or precedence 5

 if-match source-mac 00e0-bb00-0000 mac-address-mask ffff-ff00-0000

#

traffic behavior phone_access

 permit

 remark 8021p 5

 nest top-most vlan-id 300

# 

traffic policy phone_access match-order config

 classifier phone_access behavior phone_access

#

interface GigabitEthernet1/0/1

port link-type hybrid

  port hybrid pvid vlan 500

port hybrid untagged vlan 300 500

traffic-policy phone_access inbound

#

interface GigabitEthernet1/0/2

port link-type trunk

  port trunk allow-pass vlan 300 500

#

return

 

1.4.6 Summary

NA.

1.5 Connecting a Switch to an IP Phone Through Simplified ACL-based Traffic Policy

1.5.1 Networking Requirements

Voice data flows of HSI, VoIP, and IPTV services are transmitted on a network. Users require high quality of the VoIP service; therefore, voice data flows must be transmitted with a high priority. If a voice device does not support DHCP or LLDP, you can configure a traffic policy on the switch. Then the switch assigns the VLAN ID to the voice device.

As shown in the following figure, the IP phone does not support DHCP or LLDP, so the switch cannot assign a voice VLAN to the IP phone and the IP phone sends untagged voice packets. To ensure high quality of the VoIP service, the switch adds a voice VLAN for the interface and changes the 802.1p priority of voice packets to 5.

1.5.2 Data Plan

VLAN plan: Voice flows (VoIP) are transmitted in VLAN 300 and data flows (HIS and IPTV) are transmitted in VLAN 500.

1.5.3 Configuration Roadmap

The configuration roadmap is as follows:

l   Create VLANs for voice and data flows.

l   Configure Layer 2 forwarding on the access interface that forwards data flows.

l   Specify the PVID of an interface to add VLAN to untagged packets received by the interface.

l   Define an ACL rule to identify voice packets and change the 802.1p priority of packets.

1.5.4 Procedure

   Step 1      Create VLANs for voice and data flows on the switch.

<HUAWEI> system-view

[HUAWEI] vlan batch 300 500

 

   Step 2      Configure Layer 2 forwarding on the access interface that forwards data flows.

[HUAWEI] interface gigabitethernet 0/0/3

[HUAWEI-GigabitEthernet0/0/3] port link-type hybrid  //Configure the link type of a switch interface forwarding data flows as hybrid so that the interface can forward tagged and untagged packets.

[HUAWEI-GigabitEthernet1/0/3] port hybrid pvid vlan 500  //Configure the default VLAN ID as 500. Then GE0/0/1 adds VLAN 500 to received packets so that packets are forwarded in VLAN 500.

[HUAWEI-GigabitEthernet0/0/3] port hybrid untagged vlan 500  //The switch is configured to remove VLAN 500 from packets sent by GE0/0/1so that downlink devices receive untagged packets.

 

   Step 3      Configure the PVID of the interface forwarding voice flows and add the voice VLAN to voice packets.

[HUAWEI] interface gigabitethernet 0/0/1

[HUAWEI-GigabitEthernet0/0/1] port link-type access  //Configure the link type of a switch interface connected to an IP phone as access so that the interface only forwards voice flows.

[HUAWEI-GigabitEthernet0/0/1] port default vlan 300  //Configure the switch to add VLAN 300 to untagged packets received by an interface.

 

   Step 4      Define an ACL rule matching the source MAC address to identify voice flows.

[HUAWEI] acl 4000  //The ACL rule matching the source MAC address is a Layer 2 ACL rule. The Layer 2 ACL number ranges from 4000 to 4999.

[HUAWEI-acl-L2-4000] rule permit source-mac 00e0-bb00-1234 ffff-ff00-0000  //The ACL rule allows packets with the source MAC address of 00e0-bbXX-XXXX to pass.

[HUAWEI-acl-L2-4000] quit

 

   Step 5      Apply simplified traffic policy on the interface to modify the 802.1p priority of voice packets.

 [HUAWEI] interface gigabitethernet 0/0/1

[HUAWEI-GigabitEthernet0/0/1] traffic-remark inbound acl 4000 8021p 5  //Configure the interface to change the 802.1p priority of received packets matching the ACL rule to 5.

[HUAWEI-GigabitEthernet0/0/1] quit

 

   Step 6      Configure the uplink interface to transparently transmit voice flows and data flows.

[HUAWEI] interface gigabitethernet 0/0/2

[HUAWEI-GigabitEthernet0/0/2] port link-type trunk  //Configure the link type of the interface as trunk so that the interface can transparently transmit VLAN packets.

[HUAWEI-GigabitEthernet0/0/2] port trunk allow-pass vlan 300 500

[HUAWEI-GigabitEthernet0/0/2] quit

 

   Step 7      Verify the configuration.

l   Run the display acl 4000 command to check whether the ACL configuration is correct.

[HUAWEI] display acl 4000

L2 ACL 4000, 1 rule

Acl's step is 5

 rule 5 permit source-mac 00e0-bb00-0000 ffff-ff00-0000

 

l   The VoIP service is normal. Check the MAC address entry of the IP phone. The VLAN ID in the MAC address entry is 300.

[HUAWEI] display mac-address 00e0-bb00-1234

-------------------------------------------------------------------------------

MAC Address    VLAN/VSI   Learned-From     Type      

-------------------------------------------------------------------------------

00e0-bb00-1234 300/-        GE0/0/1          dynamic    

                                                                                

-------------------------------------------------------------------------------

Total items displayed = 1

1.5.5 Configuration Files

#

sysname HUAWEI

#

vlan batch 300 500

#

acl number 4000

 rule 5 permit source-mac 00e0-bb00-0000 ffff-ff00-0000 

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 300

traffic-remark inbound acl 4000 8021p 5

#

interface GigabitEthernet0/0/2

port link-type trunk

  port trunk allow-pass vlan 300 500

#

interface GigabitEthernet0/0/3

port link-type hybrid

  port hybrid pvid vlan 500

port hybrid untagged vlan500 

#

return

 

1.5.6 Summary

l   In this example, if data flows can be forwarded in VLAN 300, voice and data flows can be transmitted on the same interface. This method is not recommended because the transmission efficiency of voice flows is affected.

l   In this example, if packets sent by the IP phone carry VLAN tags, voice and data flows can be transmitted on the same interface only when the interface joins the voice VLAN in tagged mode.

l   In this example, if packets sent by the IP phone carry VLAN tags, the method of connecting a switch to an IP phone through a traffic policy is also applicable to modular switches in V200R005 and later versions.

 

   ★★★Summary★★★ All About Huawei Switch Features and Configurations

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

hehe     Created Sep 24, 2015 15:58:45 Helpful(1) Helpful(1)

Thanks, Good.

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top