No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

S7700 and S9700 V200R011C10

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Connecting IP Phones to Switches Through LLDP

Example for Connecting IP Phones to Switches Through LLDP

Networking Requirements

In Figure 10-43, to save investment costs, the user requires that IP phones and PCs connect to the network through VoIP. IP phones support LLDP and can obtain the voice ID through LLDP. To ensure that IP phones and PCs can connect to the network, the network plan should meet the following requirements:
  • The priority of voice packets sent by IP phones is low and needs to be increased to ensure communication quality.
  • Voice and data packets are transmitted in VLAN 100 and VLAN 101, respectively.
  • IP addresses of IP phones are dynamically allocated by the DHCP server, and the IP addresses of IP phones and the DHCP server are located on different network segments.
  • IP phones need to connect to switches through MAC address authentication.
Figure 10-43  Networking for connecting switches to IP phones through LLDP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable LLDP on SwitchA.
  2. Configure SwitchA to forward data flows and enable the voice VLAN function.
  3. Configure the DHCP relay function on SwitchA.
  4. Configure SwitchB as the DHCP server to allocate IP addresses to IP phones.
  5. Configure AAA on SwitchA.
  6. Configure MAC address authentication on SwitchA to authenticate IP phones.
  7. Configure the Agile Controller.

Procedure

  1. Enable LLDP on SwitchA.
    1. Choose Configuration > Advanced Services > LLDP to access the global LLDP configuration page.
    2. Set Global LLDP status to ON to enable global LLDP, as shown in Figure 10-44.

      Figure 10-44  Enabling LLDP globally

  2. Configure SwitchA to forward data flows and enable the voice VLAN function.
    1. Choose Configuration > Basic Services > Interface Settings > Service Interface Setting > Connect to IP Phone > Based On Phone Model (Manual) to access the page of manually connecting IP phones.
    2. Select GE1/0/1 and GE1/0/2 on the interface card, set parameters according to Figure 10-45 in Step3: Configure Interface, and click Apply. In the dialog box that is displayed, click OK.

      Figure 10-45  IP phone configuration

  3. Configure the DHCP relay function on SwitchA.
    1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page. Click VLAN data under VLAN ID to access the Modify VLAN page, set parameters according to Figure 10-46, and click OK.

      Figure 10-46  Configuring the VLANIF interface

    2. Choose Configuration > Basic Services > DHCP and set DHCP status to ON.
    3. Click Create to access the Create IP Pool page, set parameters according to Figure 10-47, and click OK. The DHCP relay configuration on the VLANIF interface is complete.

      Figure 10-47  Configuring the DHCP relay function

    4. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page. Click Create, set parameters according to Figure 10-48, and click OK. VLANIF 200 is created and the uplink interface is added to VLAN 200.

      Figure 10-48  Creating a VLANIF interface on SwitchA

    5. Choose Configuration > Basic Services > Static Route > IPv4 Static Route, click Add, set parameters according to Figure 10-49, and click to complete static route configuration on SwitchA. The next-hop address of the route is the IP address of VLANIF 200 on SwitchB.

      Figure 10-49  Creating a static route on SwitchA

  4. Configure SwitchB as the DHCP server to allocate IP addresses to IP phones.
    1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page. Click Create, set parameters according to Figure 10-50, and click OK. VLANIF 200 is created and the uplink interface is added to VLAN 200.

      Figure 10-50  Creating a VLANIF interface on SwitchB

    2. Choose Configuration > Basic Services > DHCP and set DHCP status to ON.
    3. Click Create to access the Create IP Pool page, set parameters according to Figure 10-51, and click OK. The DHCP server configuration on the VLANIF interface is complete.

      Figure 10-51  Configuring the DHCP server

    4. Choose Configuration > Basic Services > Static Route > IPv4 Static Route, click Add, set parameters according to Figure 10-52, and click to complete static route configuration on SwitchB. The next-hop address of the route is the IP address of VLANIF 200 on SwitchA.

      Figure 10-52  Creating a static route on SwitchB

  5. Configure AAA on SwitchA.
    1. Choose Configuration > Security Services > AAA, select RADIUS, and click Create to create and configure the RADIUS server template cisco, as shown in Figure 10-53. Click OK.

      Figure 10-53  Configuring a RADIUS server template

    2. Click Authentication/Authorization/Accounting Scheme and click Create to create an authentication scheme radius and set the authentication mode to RADIUS, as shown in Figure 10-54. Click OK.

      Figure 10-54  Configuring an authentication scheme

    3. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > Domain Profile to access the Domain Profile List page. Click default under Domain Profile List to access the domain profile configuration page. Bind the AAA authentication scheme radius and RADIUS server template cisco to the domain profile, as shown in Figure 10-55. Click Apply.

      Figure 10-55  Configuring an authentication domain

  6. Configure MAC address authentication on SwitchA to authenticate IP phones.
    1. Run the authentication unified-mode command in the system view to configure the NAC unified mode.

      NOTE:

      By default, the unified mode is used. The switch restarts after the NAC mode is changed between the common mode and unified mode. After the configuration is complete, save the configuration

    2. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > MAC Authentication Profile to access the MAC Authentication Profile List page. Click Create. The Create MAC Authentication Profile page is displayed. Set Profile name to cisco and click OK to access the MAC access profile parameter configuration page, as shown in Figure 10-56. Click Apply.

      Figure 10-56  Configuring a MAC access profile

    3. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile to access the Authentication Profile List page. Click Create and set Profile name to cisco, as shown in Figure 10-57. Click OK to create an authentication profile cisco.

      Figure 10-57  Creating an authentication profile

    4. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > cisco > MAC Authentication Profile. Select cisco from the MAC Authentication Profile drop-down list box, as shown in Figure 10-58. Click Apply to bind the MAC access profile cisco to the authentication profile cisco.

      Figure 10-58  Binding the authentication profile to the MAC access profile

    5. Choose Configuration > Security Services > AAA Service App > Wired Interface Authentication, select GE1/0/1 on the interface panel, and set Authentication Profile to cisco, as shown in Figure 10-59. Click Apply. Configure GE1/0/2 in the same manner.

      Figure 10-59  Binding the authentication profile to the interface

  7. Configure the Agile Controller. The display of the Agile Controller varies depending on versions. V100R002C10SPC401 is used as an example.

    1. Log in to the Agile Controller.

      Open the Internet Explorer, enter the Agile Controller access address in the address bar, and press Enter.

      Enter the administrator user name and password. If you log in to the Agile Controller for the first time, use the super administrator user name admin and password Changeme123. Change the password immediately after logging in. Otherwise, the Agile Controller cannot be used.

      The following access modes of the Agile Controller can be used.

      Access Mode

      Description

      https://Agile Controller-IP:8443

      Agile Controller-IP specifies the IP address of the Agile Controller.

      IP address of the Agile Controller

      If port 80 is enabled during installation, you can access the Agile Controller by entering its IP address without the port number. The URL of the Agile Controller will automatically change to https://Agile Controller-IP:8443.

    2. Add a MAC address.
      1. Choose Resource > User > User Management.
      2. Select All Accounts.
      3. Click Add to create a MAC account. The value of the first MAC Account parameter is the IP phone's MAC address, and the value of the second MAC Account parameter is the PC's MAC address.



    3. Add SwitchA to the Agile Controller.
      1. Choose Resource > Device > Device Management.

      2. Click Add. On the Add Device page, add SwitchA used to authenticate IP phones.

    4. Add an IP phone to the Agile Controller.
      1. Choose Resource > Terminal > Terminal List.

      2. Click Add to access the Add Device Group page.

      3. On the Add Device Group page, add an IP phone group.

      4. Click a device group, select cisco_ipphone, select Device List, and click Add to add an IP phone.

    5. Add a PC to the Agile Controller.
      1. Choose Resource > Terminal > Terminal List.

      2. Click Add to access the Add Device Group page.

      3. On the Add Device Group page, add a PC group.

      4. Click the device group in the navigation tree, select pc, select Device List, and click Add to add a PC.

    6. Add an authentication rule.

      Choose Policy > Permission Control > Authentication & Authorization > Authentication Rule and click Add to create authentication rules for the IP phone and PC respectively.

    7. Add an authorization result.

      Choose Policy > Permission Control > Authentication & Authorization > Authorization Rule and click Add to create authorization rules for the IP phone and PC respectively.

Operation Result

  • Through the menu of the IP phone, the IP phone can correctly obtain the voice VLAN ID and IP address.
  • After a user logs in, log in to the web platform of SwitchA and choose Monitoring > User > Wired User Statistics. You can check online user information.
Translation
Download
Updated: 2019-10-17

Document ID: EDOC1000178323

Views: 93244

Downloads: 123

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next