This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

How to use XMC to configure Unify phone or Cisco Phone with LLDP-MED

How to use XMC to configure Unify phone or Cisco Phone with LLDP-MED

Giuseppe_Montan
Contributor

ā€Ž12-14-2021 04:25 PM 

Hi everyone,
I have an XMC system and X440 switches. I need to authenticate unify or Cisco phones using the LLDP-MED protocol.
Is this possible?
I have created a policy in the NAC that analyzes the mac-address but I want to exploit the potential of the LLDP-MED protocol and XMC to configure the phone with the vlan correct (egress tagged for voip and pvid untagged for data for example ). Thanks to all
Giuseppe
0 Kudos
6 REPLIES 6

Zdeněk_Pala
Extreme Employee

ā€Ž12-15-2021 07:13 AM

Ok.

The Radius Access-Accept can contain both the Policy and script name for logon and the script name for logoff.

Then EXOS will execute the UPM script, the script will configure LLDP-MED

I shared an example...
Regards Zdeněk Pala
0 Kudos

Giuseppe_Montan
Contributor

ā€Ž12-15-2021 05:31 AM

Hi Zdeněk Pala

 Before try to use XMC I have configured UPM and everything works,with XMC I can not configure static lldp without configure the port dedicated to Voip as tagged, I can configure lldp only after I connect the phone to the switch.

At the moment I can use XMC-NAC only if I want to configure Voip on untagged port.

Giuseppe
0 Kudos

Zdeněk_Pala
Extreme Employee

ā€Ž12-15-2021 03:48 AM

I would use the option 1: assign tagged VLAN by policy = switch will send frames with VLAN ID and configure LLDP-MED statically to tell the phone to tag its own traffic

b2221915f72340f58eb7e183a84e3d93.png

Regards Zdeněk Pala
0 Kudos

Zdeněk_Pala
Extreme Employee

ā€Ž12-15-2021 03:37 AM

I see these options:
  • assign tagged VLAN by policy = switch will send frames with VLAN ID and configure LLDP-MED statically to tell the phone to tag its own traffic
  • assign tagged VLAN by policy + use UPM script to configure and reconfigure the LLDP-MED dynamically
  • use untagged traffic for both voice and user data, the switch will assign the VLAN based on policy. Not all phones are happy with untagged traffic

here is an example of EXOS config for the option dynamic command execution as a result of radius access accept:

Here is the radius attribute:

Extreme-Security-Profile=UserLogonProfile;LOGOFF-PROFILE=UserLogoffProfile;

 

Here is the UPM:

X440G2.1 # sh upm profile

================================================================================

UPM Profile          Events                 Flags Ports

================================================================================

UserLogoffProfile    user-unauthenticated      e  1-6

UserLogonProfile     user-authenticated        e  1-6

================================================================================

Number of UPM Profiles: 2

Number of UPM Events in Queue for execution: 0

Flags: d - disabled, e - enabled

Event name: log-message(Log filter name) - Truncated to 20 chars

 

X440G2.2 # sh configuration upm

#

# Module upm configuration.

#

create upm profile UserLogoffProfile

create log message "Logoff EnterpriseUser UPM executed"

 

.

create upm profile UserLogonProfile

create log message "Logon EnterpriseUser UPM executed"

 

.

configure upm event user-authenticate profile UserLogonProfile ports 1-6

configure upm event user-unauthenticated profile UserLogoffProfile ports 1-6

 

Regards Zdeněk Pala
0 Kudos
GTM-P2G8KFN