Interoperability between Cisco Unified IP 7900 Series phones and

An HP ProCurve Networking Application Note
Interoperability between Cisco Unified IP 7900
Series phones and ProCurve switches
Contents
1. Introduction ................................................................................................................................................................. 3 2. Architecture ................................................................................................................................................................. 3 3. Checking PoE compatibility ....................................................................................................................................... 3 4. Configuring QoS support ........................................................................................................................................... 4 4.1 Configure QoS on the Cisco phone......................................................................................................................... 4 4.2 Configure QoS on the ProCurve switch .................................................................................................................. 5 5. Configuring LLDP-MED support ................................................................................................................................ 6 5.1 Configure LLDP-MED support on the Cisco phone ................................................................................................ 6 5.2 Configure LLDP-MED on the ProCurve switch ....................................................................................................... 6 5.3 Configure LLDP-MED fine-grained power allocation .............................................................................................. 7 Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
6. Configuring 802.1X support ....................................................................................................................................... 9 6.1 Configure 802.1X login credentials on the Cisco phone ......................................................................................... 9 6.2 Configure 802.1X on the ProCurve switch .............................................................................................................. 9 6.3 Configure multiple 802.1X sessions ...................................................................................................................... 10 7. Firmware versions .................................................................................................................................................... 11 7.1 ProCurve switch firmware...................................................................................................................................... 11 7.2 Cisco phone firmware ............................................................................................................................................ 11 8. Reference documents............................................................................................................................................... 12 HP ProCurve Networking
2
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
1. Introduction
This document describes how ProCurve switches and Cisco Unified IP Phones 7900 Series interoperate to build a
secure and easy-to-manage network. Both the switch and the phone rely on standard protocols:
•
802.3af, the standard for Power-over-Ethernet (PoE), enables the switch to allocate up to 15.4 watts of power
per port.
•
Quality-of-Service (QoS) mechanisms enable the network to give voice flow—which is sensitive to delay, jitter
and packet loss—priority over the data traffic, to guarantee that the communications will continue in case of
congestion.
•
LLDP-MED is a discovery protocol that enables switches to get some layer 2 information about a phone (such
as its model, firmware, location, etc.) and automatically allocate certain network parameters (VLAN and QoS)
to the phone.
•
802.1X is the most recommended authentication method for access control on the network. It is recognized as
a standard, and is implemented by most IP telephony constructors. Multiple 802.1X authentication enables
authentication both of a phone plugged into a switch and of a user plugged into the dual port of the phone,
while assigning them different profiles (VLAN, QoS, bandwidth).
2. Architecture
The platform contains:
•
One or more servers with the following services: Active Directory, DHCP, DNS, Certificate Authority, IAS.
•
Latest versions of ProCurve Manager Plus (PCM+) and Identity-Driven Manager (IDM).
•
A Cisco Unified IP Phone 7900 Series. The examples in this application note use the Cisco Unified IP Phone
7971G.
•
A ProVision Switch 3500yl or 2610-PWR with the latest firmware version. A similar configuration can also be
used with a ProCurve 5400zl series switch or a 8212zl series switch. The configuration commands are
identical for these products and the 3500yl.
•
A client laptop that can be plugged into the phone dual port for multiple authentication tests or used as a
network analyzer (e.g., Wireshark).
Figure 1. Setup for ProCurve-Cisco interoperability
3. Checking PoE compatibility
This section explains how to check power over Ethernet compatibility on the Cisco phone and the ProCurve switch.
ProVision switches support standard PoE (802.3af), and so do the 7900 series of Cisco Unified IP phones. (Older
Cisco phone models supported only Cisco PoE.)
When the Cisco Unified IP 7900 Series Phone is plugged into a port on the 3500yl switch, the phone boots up.
HP ProCurve Networking
3
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
1. To view the power consumption of the phone, issue the following command on the switch:
show power-over-ethernet X
Where X is the port on which the phone is plugged.
2. On a 2610 switch, the command is:
show power-management X
For a Cisco Unified IP Phone 7971G this consumption is around 7.5 watts (Power Class 3):
ProCurve Switch 2610-24/12PWR# sh power-management 2
Status and Counters - Port Power Status for port 2
Power Enable
Priority
Detection
: Yes
: Low
Status : Delivering
Configured Type
Power Class
:
: 3
Over Current Cnt
Power Denied Cnt
: 0
: 0
MPS Absent Cnt
Short Cnt
: 0
: 0
Voltage
Power
: 466 dV
: 7541 mW
Current
: 162 mA
4. Configuring QoS support
This section explains how to configure Quality of Service parameters.
4.1 Configure QoS on the Cisco phone
To configure QoS on the Unified IP Phone 7971G, use Cisco Unified Call Manager. The QoS Configuration Menu
options are the following:
•
DSCP for Call Control: DSCP IP classification for call control signaling
•
DSCP for Configuration: DSCP IP classification for any phone configuration transfer
•
DSCP for Services: DSCP IP classification for phone-based services.
HP ProCurve Networking
4
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
These parameters can be modified from the CCM Administration > System > Enterprise Parameters menu:
You can also view QoS settings (read-only) from the phone web interface (http://<phone-ip-address>) on the Network
Configuration page. For example:
4.2 Configure QoS on the ProCurve switch
The recommended method is to have a dedicated VLAN for voice and configure the QoS parameters for the VLAN.
The L2 and DSCP policy advertised are based on the actual QoS configuration for the voice VLAN. By default these
values are:
•
L2 priority 6
•
DSCP 46, which corresponds to the Expedited Forwarding (EF) class
To modify the 802.1p or DSCP values:
Vlan <vid> qos priority <0-7>
Sets the 802.1p priority for the VLAN
Vlan <vid> qos dscp-map <codepoint> priority <0-7>
No vlan <vid> qos
HP ProCurve Networking
Removes QoS for the VLAN
5
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
To view which DSCP and QoS values are configured:
Show qos vlan
show qos dscp-map
Shows DSCP and QoS values
For more information on QoS settings on ProCurve switches, please refer to the following documents:
•
For the 3500yl switch: http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-ATG-Jan08-6-Qos.pdf
•
For the 2610-POE switch: http:/www.hp.com/rnd/support/manuals/2610.htm
5. Configuring LLDP-MED support
This section explains how to configure LLDP-MED support.
5.1 Configure LLDP-MED support on the Cisco phone
All Cisco Unified IP Phones 7900 Series beginning with firmware version 8.3(3) support LLDP-MED. LLDP-MED is
enabled by default for the phone switch port, and LLDP is enabled for the phone PC port. LLDP-MED settings can be
viewed from the Network Configuration page on the web interface of the phone:
5.2 Configure LLDP-MED on the ProCurve switch
1. Defining a VLAN as voice VLAN enables LLDP-MED:
(conf)# vlan 70 voice
Enables LLDP-MED
2. Then configure LLDP-MED. LLDP-MED must be configured on the switch to support MED TLVs, in particular
network policy and capabilities:
(conf)# lldp run
(conf)# lldp config <port> medTlvEnable network_policy
(conf)# lldp config <port> medTlvEnable capabilities
3. To obtain information about the phone, issue the command:
show lldp info remote X
HP ProCurve Networking
6
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
Where X is the port on which the phone is plugged. For example:
5.3 Configure LLDP-MED fine-grained power allocation
On a ProVision switch such as the 3500yl with K.13.XX firmware release you can have the port automatically
configure power allocation if the link partner is able to support PoE. When LLDP is enabled, the information about the
power usage of the powered device (PD) is available and the switch can then comply with or ignore this information.
You can configure PoE on each port according to the PD (IP phone, wireless device, etc.) specified in the LLDP field.
The default configuration is for PoE information to be ignored if detected through LLDP.
Cisco 7900 series IP phones support the MED TLV that enables LLDP-MED fine-grained power allocation.
5.3.1 Enable LLDP power allocation on the ProCurve switch:
To enable LLDP power allocation on the switch, use the command poe-lldp-detect enabled globally or on an
interface. For example:
ProCurve Switch 3500yl-48G(eth-13)# poe-lldp-detect enabled
HP ProCurve Networking
7
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
5.3.2 View power consumption of the Cisco phone with and without PoE LLDP detection
To view the power consumption of the phone use the command show power-over-ethernet brief. By default
(that is, without the poe-lldp-detect enabled command), power is allocated by usage. For example, with the
Cisco phone plugged into port 13 and LLDP disabled, power is allocated by usage and the phone draws 17 watts:
(config)# show power-over-ethernet brief
Status and Counters - Port Power Status
PoE
Port
----1
2
3
|
|
+
|
|
|
Power
Enable
------Yes
Yes
Yes
13
| Yes
LLDP
Detect
-------disabled
disabled
disabled
Power
Priority
--------low
low
low
Alloc
By
----usage
usage
usage
PoE Configured
Val Type
---- ----------17
17
17
Detection
Status
----------Searching
Searching
Searching
Power
Class
-----0
0
0
Delivering
3
…
disabled low
usage 17
Now enable PoE LLDP detection on port 13, where the Cisco phone is plugged, then view the results:
ProCurve Switch 3500yl-48G(config)# int 13 poe-lldp-detect enabled
ProCurve Switch 3500yl-48G(config)# show power-over-ethernet brief
Status and Counters - Port Power Status
PoE
Port
----1
2
3
|
|
+
|
|
|
Power
Enable
------Yes
Yes
Yes
13
| Yes
LLDP
Detect
-------disabled
disabled
disabled
Power
Priority
--------low
low
low
Alloc
By
----usage
usage
usage
PoE Configured
Val Type
---- ----------17
17
17
Detection
Status
----------Searching
Searching
Searching
Power
Class
-----0
0
0
Delivering
3
…
enabled
value 15
With PoE detection enabled, only 15 watts of power are allocated to the phone, and power is allocated by value.
HP ProCurve Networking
8
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
To view details of the power allocation, use the show power-over-ethernet command on the port:
ProCurve Switch 3500yl-48G(config)# show power-over-ethernet 13
Status and Counters - Port Power Status for port 13
Power Enable
: Yes
Priority
:
AllocateBy
: value
Detection Status : Delivering
LLDP Detect
Configured Type
Value
Power Class
: enabled
:
: 15
: 3
Over Current Cnt
Power Denied Cnt
: 0
: 0
MPS Absent Cnt
Short Cnt
: 0
: 0
Voltage
Power
: 511 dV
: 15000 mW
Current
: 175 mA
6. Configuring 802.1X support
This section explains how to configure 802.1X support.
6.1 Configure 802.1X login credentials on the Cisco phone
On the Cisco Unified IP Phone 7971G you can configure 802.1X from the phone’s screen menu. To configure 802.1X:
1. On the phone, go to Settings > Security Configuration > 802.1X Authentication.
2. Select 1 on the phone taskpad to enter the Device Authentication menu.
3. By default, Device Authentication is set to Disabled. Select 2 to enable Device Authentication, then select
Save at the bottom of the phone screen.
4. Return to the 802.1X Authentication screen and select 2 on the phone taskpad to enter the EAP-MD5 menu.
In this menu, configure the following parameters:
o Device ID. By default, this is the phone name (for example, CP-7971G-GE-SEP001EF72897C1).
o Shared secret, which is the login password (for example, hp).
o Realm (for example, PCU01).
5. To see 802.1X authentication, return to the Security Configuration menu, and view the 802.1X authentication
status in menu 9.
6.2 Configure 802.1X on the ProCurve switch
To configure 802.1X on the switch:
1. Enable 802.1X on the phone ports:
# aaa port-access authenticator B12
# aaa port-access authenticator active
# aaa authentication port-access eap-radius
HP ProCurve Networking
Selects port B12 to act as an authenticator
Activates the previous command
Selects the authentication protocol
(eap-radius or chap-radius)
9
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
2. Enter the RADIUS information in the switch configuration:
# radius-server host 10.50.10.170 key procurve
Gives the switch the address and
key of the radius server
6.3 Configure multiple 802.1X sessions
To configure multiple 802.1X sessions:
1. Modify the switch configuration for the port connected to the phone. Configure it so the voice VLAN is tagged
and the data VLAN untagged.
2. Also, set the client-limit parameter on the switch to 3 to enable both the PC and the phone to authenticate. For
example:
(config-vlan-1)# untagged 7
(config-vlan-12)# tagged 7
(config)# aaa port-access authenticator 7 client-limit 3
After configuration, a PC plugged into the dual port of the phone is authenticated by the RADIUS server:
HP ProCurve Networking
10
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
The data VLAN can also be dynamically assigned using Identity Driven Manager. For example:
7. Firmware versions
7.1 ProCurve switch firmware
Firmware versions of the ProCurve switches used for this application note are as follows:
•
K.13.09 for the ProCurve ProVision switches (5406zl, 3500yl, 8212zl)
•
R.11.07 for the ProCurve Switch 2610-PWR
7.2 Cisco phone firmware
Cisco Unified IP Phone 7971G firmware:
• SCCP 8.3(4)SR1 (cmterm-7970_7971-sccp.8-3-4SR1.zip)
A Cisco CCO login is needed to download the firmware version from Cisco web site.
To manage the Cisco phones you need Cisco Unified Call Manager version 4.1 or later.
HP ProCurve Networking
11
Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches
8. Reference documents
This concludes the procedures for interoperating ProCurve switches and Cisco Unified IP telephones.
For further information about how to configure ProCurve switches and Cisco phones to support convergence, please
refer to the following links:
•
For user manuals for ProCurve 3500yl-5400zl-8212zl switches:
http://www.hp.com/rnd/support/manuals/3500-6200-5400-ChapterFiles.htm
•
For ProCurve Switch 2610 series manuals:
http://www.hp.com/rnd/support/manuals/2610.htm
•
For PCM+ and IDM manuals:
http://www.hp.com/rnd/support/manuals/ProCurve-Manager.htm
http://www.hp.com/rnd/support/manuals/IDM.htm
•
For information on Cisco Unified IP phones:
http://www.cisco.com/en/US/products/hw/phones/ps379/tsd_products_support_series_home.html
For further information, please visit www.procurve.eu
© 2008 Hewlett-Packard Development Company, L.P. The information
contained herein is subject to change without notice. The only warranties
for HP products and services are set forth in the express warranty
statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not
be liable for technical or editorial errors or omissions contained herein.
4AA2-2301EEE, July 2008
HP ProCurve Networking
12