cancel
Showing results for 
Search instead for 
Did you mean: 

Fine tune LLDP-MED CEP Detection

Fine tune LLDP-MED CEP Detection

Anonymous
Not applicable
Hi,

In the process of trying to make use of CEP detection and policy assignment to provide Mitel phones with a phones policy and dynamically assign the VLAN.

CEP is configured, and working by providing the Voice policy I want. The issue I have is that the LLDP-MED detection looks like its just detecting that a device is LLDP-MED capable instead of checking if an actual phone is being detected.

If you see below are the results of two ports that have LLDP enabled, the first is a PC the second is a phone:

PC

code:
B20_23-L-GND.1 # show lldp port 1:1 neighbors detailed 

-----------------------------------------------------------------------------
LLDP Port 1:1 detected 1 neighbor
Neighbor: 08:2E:5F:06:D7:19/08:2E:5F:06:D7:19, age 689 seconds
- Chassis ID type: MAC address (4)
Chassis ID : 08:2E:5F:06:D7:19
- Port ID type: MAC address (3)
Port ID : 08:2E:5F:06:D7:19
- Time To Live: 3601 seconds
- IEEE802.3 MAC/PHY Configuration/Status
Auto-negotiation : Supported, Enabled (0x03)
Operational MAU Type : (0)
- MED Capabilities: "MED Capabilities"
MED Device Type : Endpoint Class I (1)



Phone

code:
B20_23-L-GND.2 # show lldp port 1:32 neighbors detailed 

-----------------------------------------------------------------------------
LLDP Port 1:32 detected 1 neighbor
Neighbor: (5.1)10.20.64.27/08:00:0F:3B:2A:A7, age 1 seconds
- Chassis ID type: Network address (5); Address type: IPv4 (1)
Chassis ID : 10.20.64.27
- Port ID type: MAC address (3)
Port ID : 08:00:0F:3B:2A:A7
- Time To Live: 120 seconds
- Port Description: "LAN port"
- System Name: "mobDN 7207,MITEL 5340 IP"
- System Description: "mobDN 7207,MITEL 5340 IP,Cordless,h/w rev 1,ASIC \
rev 1,f/w Boot 06.04.00.03,f/w Main 06.03.02.07"
- System Capabilities : "Bridge, Telephone"
Enabled Capabilities: "Bridge, Telephone"
- Management Address Subtype: IPv4 (1)
Management Address : 10.20.64.27
Interface Number Subtype : Unknown (1)
Interface Number : 0
Object ID String : "null"
- IEEE802.3 MAC/PHY Configuration/Status
Auto-negotiation : Supported, Enabled (0x03)
Operational MAU Type : 100BaseTXFD (16)
- MED Capabilities: "MED Capabilities, Network Policy, Extended Power via MDI - PD"
MED Device Type : Endpoint Class III (3)
- MED Network Policy
Application Type : Voice (1)
Policy Flags : Unknown Policy, Untagged (0x0)
VLAN ID : 0
L2 Priority : 0
DSCP Value : 0
- MED Network Policy
Application Type : Voice Signaling (2)
Policy Flags : Unknown Policy, Untagged (0x0)
VLAN ID : 0
L2 Priority : 0
DSCP Value : 0
- MED Extended Power-via-MDI
Power Type : PD Device (1)
Power Source : Unknown (0)
Power Priority: High (2)
Power Value : 8.8 Watts
- MED Hardware Revision: "PCB Version: 1"
- MED Firmware Revision: "Boot 06.04.00.03"
- MED Software Revision: "Main 06.03.02.07"
- MED Serial Number: ""
- MED Manufacturer Name: "Mitel Corporation"
- MED Model Name: "MITEL 5340 IP"
- MED Asset ID: ""



Below is the result of the CEP detection and policy assignment:

PC

code:
B20_23-L-GND.3 # show netlogin session ports 1:1 agent convergence-endpoint 
Multiple authentication session entries
---------------------------------------

Port : 1:1 Station address : 08:2e:5f:06:d7:19
Auth status : success Last attempt : Mon Apr 8 16:01:15 2019
Agent type : cep Session applied : false
Server type : local VLAN-Tunnel-Attr : None
Policy index : 23 Policy name : Allow All Voice (active)
Session timeout : 0 Session duration : 17:52:14
Idle timeout : 300 Idle time : 0:00:00
Auth-Override : disabled Termination time : Not Terminated



Phone

code:
B20_23-L-GND.5 # show netlogin session ports 1:31 agent convergence-endpoint 
Multiple authentication session entries
---------------------------------------

Port : 1:31 Station address : 08:00:0f:30:e9:39
Auth status : success Last attempt : Mon Apr 8 15:58:29 2019
Agent type : cep Session applied : false
Server type : local VLAN-Tunnel-Attr : None
Policy index : 23 Policy name : Allow All Voice (active)
Session timeout : 0 Session duration : 17:56:09
Idle timeout : 300 Idle time : 0:00:00
Auth-Override : disabled Termination time : Not Terminated



As you can see both the phone and the PC have been detected by CEP and given the same policy.

What I would like to do is perhaps use a specific feild within LLDP-MED TLV's, say "MED Manufacturer Name" to match "Mitel Corporation" and then assign the policy

The configuration looks like the following:

code:
enable policy
configure policy convergence-endpoint enable
configure policy convergence-endpoint index 23 lldp-med
configure policy convergence-endpoint ports 1:1 lldp-med enable
configure policy convergence-endpoint ports 1:31 lldp-med enable


2cd6982502fc4abe8ea9bb0d5d1eda2c_5162be5b-ab3c-4a30-8dd3-95fb05af3247.png



Switch Version: 22.6.1.4
XMC Version: 8.2.4.42

Many thanks.
1 REPLY 1

Anonymous
Not applicable
So managed to configure a work around.

Fortunately the IP Phones also support Cisco Discovery Protocol, so used that as the CEP detection method instead.

Since none of the laptop use this, only phones are being detected.

Would still like to use a more standards approach with LLDP-MED, so if anyone has any further ideas on that please post and I can hopefully try.

Thanks
GTM-P2G8KFN