# Zyxel GS1920-24HP LLDP-MEP LLDP VoIP



## jackwetson (Jan 12, 2015)

Hi All,

I'm completely stuck and I'm just hoping someone can help me!

What i'm trying to achieve I belive is quite simple.

I have a Zyxel GS1920-24HP and two routers giving out DHCP on two different ranges, 192.168.2.X and 192.168.3.X. The 2.x is for data (port 1 on the switch) and the 3.X (port 2 on the switch) is for voice. What i'm trying to do is use LLDP (I understand this is the best route) so that on the switch a phone goes over port 2 and data over port 1, and when a PC is plugged into the back of the phone the phone still goes over port 2 and the PC over port 1. However my lack of understanding around LLDP i'm struggling to get this setup.

Is anyone able to explain how I achieve this?

Kind Regards,

Jack Wetson


----------



## TheCyberMan (Jun 25, 2011)

Hi and welcome to TSF,

The PC sends data that is probaly why it will not send down port 2, the identity and capabilities are different to the PC's


----------



## Shadowjk (Sep 3, 2014)

jackwetson said:


> Hi All,
> 
> I'm completely stuck and I'm just hoping someone can help me!
> 
> ...


LLDP is mainly used to for informational purposes. Unlike Cisco's CDP, I don't believe auto configuration of a switchport can be achieved with LLDP due to the lack of information included. Scratch that, Yes you can use LLDP-MED (Media Endpoint Device) to achieve the same thing though I'd still avoid such use...

What you would normally do is implement VLAN's to resolve this issue. A quick check of the model shows that this is supported.

You would create two vlans:

1 for Data
1 for Voice

Then for the router handing out 192.168.2.0/24 - Assign that port to the data VLAN. Equally, the one handing out 192.168.3.0/24 - assign that to the Voice VLAN.

As you've said, most phones do have internal bridges inside to allow the attachment of a computer. Normally, IP Phones are VLAN "aware" and computers aren't. A "hack" you can do is to assign the end user port as a tagged port and set the native VLAN (Untagged traffic) as the data VLAN. This does however present a security issue with regards to VLAN hopping.

OR

Set the voice VLAN to a number on the port and then set the regular VLAN number for the data VLAN.

I'd typically avoid LLDP just as I would avoid CDP in Cisco environments. Unless there are certain requirements for it; it can pose a potential security risk with regards to reconnaissance attacks.

As for exact configurations, I am unable to find any documentation that may be of use. The concepts still apply though.

Hope This Helps,
Josh :smile:


----------



## jackwetson (Jan 12, 2015)

Hi Josh,

First of all many thanks for your in depth reply.

I'll try out your suggestions!

Regards,

Jack


----------



## jackwetson (Jan 12, 2015)

Hi,

I've been doing lots of digging on this, and to my understanding I have to use LLDP, as you cannot set a VLAN on the phone and the supplier expects LLDP to be used. It's a limitation imposed by the firmware by the vendor. So this is where I am so far.

*Switch*
IP: 192.168.1.1
Management PVID: 1

*VLANS*
1 - default
20 - data (192.168.2.1)
150 - voice (192.168.3.1)

*Tagging*
Port 1 - PVID 20 - Untagged Traffic Only - No Ingress Check - No VLAN Trunk - Data Router
Port 2 - PVID 150 - Tagged Traffic Only - No Ingres Check - No VLAN Trunk - Voice Router
Port 3 - PVID 1 - All Traffic - No Ingress Check - No Vlan Trunk - Management Port
Port 4 to 24 - PVID 20 - All Traffic - No Ingress Check

VLAN 1 - Untagged All
VLAN 20 - Untagged All
VLAN 150 - Tagged All

*LLDP*
Port 1,3 - Disable
Port 2,4 to 24 - Tx & Rx

*Network Policy*
1) Voice - VLAN 150 - Tagged - L2 Priority 0 - DSCP 0
2) Voice Signal - VLAN 150 - Tagged - L2 Priority 0 - DSCP 0

*MED Port*
3 - Disabled
1,2,4 to 24 - Enabled

So with all this setup all devices are still getting from the 2.x range. Again any help is greatly appreciated.


----------



## Wand3r3r (Sep 17, 2010)

"all devices are still getting from the 2.x range"

Then the vlans are not setup correctly. The phones would also have to support both vlans since the pcs are passing through the phones to get to the network.

The vendor should have docs that cover all this


----------



## jackwetson (Jan 12, 2015)

Wand3r3r said:


> "all devices are still getting from the 2.x range"
> 
> Then the vlans are not setup correctly. The phones would also have to support both vlans since the pcs are passing through the phones to get to the network.
> 
> The vendor should have docs that cover all this


To be honest no they don't. All I can find out is that they suggest VLAN'S and LLDP/LLDP-MED to achieve this. Which as you can see i'm trying to do and clearly not succeeding.


----------



## Wand3r3r (Sep 17, 2010)

is there any way you can NOT have the pc go through the phones?

If so that would be the easiest way to set everything up using only vlans. Vlan20 would be on all the data ports exclusively and vlan 150 would be on all the ports the phones connect to exclusively.

In turn each port connecting to the routers would each have their exclusive vlan.

Right now it appears you have all ports on vlan 20. Somehow the phones have to be either on their own vlan or have to be aware of both vlans but assigned to only 150 with vlan 20 passing through the phone. Under this configuration all data/voice combo ports would have to be on both vlans. As long as the phones can talk on their own vlan this will work.


----------

