Auto Tagging VOIP Phones To Voice VLAN On FortiGate Managed FortiSwitch
hey guys Mike here I had someone mailed me an email asking how they could configure a for permutation that’s being managed by a FortiGate to automatically call telephones voice over IP telephones into the voice VLAN so I figured a quick-witted video demonstrating how to do that might be beneficial to a lot of tribes out there so here we are so so this is my four to Wi-Fi it’s managing the 448 D switching that I have currently running 6 to 2 system and of course the manage force which is as well so yeah that’s good to go so when you’re when the FortiGate is managing the switch itself you’re able to see the things instantly to the GUI so you can actually came back assure what lldp profile is assigned to to the swap port so in order to get a voice over IP telephone to actually label to the proper VLAN you need a couple of things one there is a requirement to the VLAN that you actually miss the phone to tag to and then you likewise need to actually going to be home and induce revises to whatever lldp profile you’re using so by default for two switch ports or appoint this default by Auto ISL profile which entails internal swap connection so basically if if you push a four to switch into this you know automatically statement for the link and give your your 4 to switch fabric if you will which is really really cool but for my sake the channel I are happy to do things is I like to use a thoroughly separate lldp profile for actual access ports and then I use default Auto ISL for ports that I wish to be stalk ports and what that does is that basically makes it to where someone can’t plug in a tether before to swap precisely anywhere and if he isn’t he’s the wrong port because for instance you might want to use fiber SFPs for your up relates and register permutation joins so you have that faster quicken things like that lower latency and I am a very big creature of habit and in in the enterprise regardless you’re gonna miss a standard approach to whatever you’re doing so you can’t have it to where port formerly your uplink port on one switch but port six is on another etc because it doesn’t scale and it spawns troubleshooting a hallucination I don’t care how fairly this succeed for to switch topology layout is if you don’t follow some rank of standardization you’re in for a life of hurt I personally typically use ports the SFP ports whether they be fiber or copper specific SFP if I’m not utilize those let’s say it’s a smaller deployment or is the deployment where maybe that’s just not available right perhaps you’re using a photo Wi-Fi for your uplink then I use the last two ports 47 and 48 and if the switching counts high enough I spend up to 45 etc so regardless that’s a little bit of tangent and that doesn’t really have anything to do with offsetting phones Auto tag right that’s just a kind of a best pattern standardization character thing that will save you a good deal of tribulation last-minute so this particular environment I have two VLANs already built I have my data VLAN and my voice VLAN mostly what you need to do is you need to have your Veda native VLAN be whatever VLAN you want you’re just plain Jane inventions to use if they don’t meet the lldp requirements so generally in most environments unless it’s a high secure environment where ports are just incapacitated typically what you end up here is you have your data VLAN which is like your wired wield operate so if you plug a computer or printer or you know something like that it’ll default to this network and then you come through here and you oblige revises to your ports telling them to allow voice and what this does is it’ll tag every single one of these ports to have the articulate VLAN granted and my regular topology voice VLAN is 20 VLAN ID 20 data is 10 guest is 30 etcetera and what this symbolizes is traffic this cistern for VLAN 20 can now pass on these ports fairly simple but it’s one of those things that Sagat you for a great deal of tribes right so you have this you have your native VLAN set up your let VLAN for your utter setup now what you need to actually do is proceed create the lldp chart that you’re going to use to actually vehicle tag that traffic I use the CLI for this basically what you do is you go to config switch controller lldp – profile and I’ll make you into this there are three by default 6 – 2 or 6 – oh really started bringing in the 4 to articulation a little teepee profile you have your default Auto il which is automatically on your holes and then you have a quote unquote default you what I do is I precisely create a new one and call it standard or base or you can even edit the default but we’re going to create a brand-new one just for the sake of the video so I’m going to edit standard ok so you do it get here’s all your very little things Auto ISL is enabled we want to set automobile ISO disabled I don’t want these ports to automatically become for the link ports have a force which were for some reason into them so I determine that to incapacitated now if I get it on get appreciate all those options that used to be right here have since dispelled or gone away so this is the bulk of it now I need to once you’re inside your LDP profile which I kind of went through that fast so if you do config swap controller lldp – profile it’ll take you into the profile configuration page formerly you’re in here you look at what’s already there where you type edit and then your brand-new sketch identify and just like a firewall objective or plan or something like that it’ll make you into the configuration parameters for the thing that you named I called it standard I incapacitated Auto SL because I don’t want it to be a for loop or anywhere and then I need to configure a medium or structure plan Med Network policy now so config somebodies Network policy and then I want to edit voice because as you can see there are predefined ones here you can actually get fairly granular with us singer articulation signaling guest enunciate client utter signaling soft sud video conferencing so maybe you have big time video conference devices that are in there at cetera and you got to go from there so I want to edit voice by default these guys are incapacitated we’re worried about enunciate so we’re gonna edit singer I’ll decide its status to enable and now I have more options the VLAN interface the assign VLAN priority and the dscp so what I typically doing in there defined VLAN interface and as you can see voice is the option on six-oh code it’ll actually ask you for the VLAN ID here so instead of position VLAN interface articulate you would do adjusted VLAN 20 in this sake so I know this video is on 6 to 2 if you’re running 600 this option will say set VLAN and then it’ll expect a VLAN ID so only enter the VLAN number of your expression VLAN defined dscp I often positioned vscp 46 it helps the priority on expression we’ll have some videos who really dive into dscp and tone of service and things like that so not for this video this is just a simple and that’s pretty much it so you do a get you have your designates if you string boundary utter or VLAN ID 20 or whatever your VLAN ID is on 600 and then your priority or dscp you objective and I do mission again because I’m done that’s all I truly needed right I didn’t need anything reverie now and I can close this out and then you come through now and all your ports that have the opportunity to be access ports you merely edit them and tell them to use standard which is not here that’s wonderful let me change just one of them maybe there’s a flaw in this version of system no the straight-up does not see it which default for enunciate standard it’s definitely there I’d leave and come back to reload it it’s probably a gooey thing there yeah okay it’s always something simple chaps so it’s like a hall do you wish to assign it to and it helps if actually sounds properly you indicate these standard fly it’s gonna apply this all the way down now what this does is you can plug a falling into a port and it’ll automatically leant it in VLAN voice or VLAN 20 whatever the VLAN ID is right you can also do pass-through so most voice over IP telephones have a cable that goes to the wall and then a cable that “re going to the” regional machine so you can actually save on your port concentration now so the computer this passing through rectified phone will be on VLAN 10 or data VLAN or whatever your native is and phone itself is on a totally separate segments in VLAN where you can do your own specific quality of service shaving things like that so reasonably straight and easy it’s getting easier and easier and the newer versions of code and I like that they actually tag it to an boundary refer versus exactly a VLAN ID cuz then it takes the capacities of typos out which is nice I wish I had actually a voice over IP phone so I could just show you that it would attract properly but unfortunately I don’t but regardless that’s the gist of it right I mount your native VLAN for whatever data VLAN you demand or whatever VLAN you wish to be native accept the spokesperson VLAN that you’ve tolerate up and then I’ll start from the top establish your native VLAN data guess whatever you need determined the countenanced VLAN that articulate is actually going to traverse go into the CLI config switch controller lldp – profile generate your lldp sketch laid your medium programme that style whatever media or manoeuvre is plugged into it it’ll actually call it appropriately all of them are disabled by default so as I mentioned just go through edit voice because that’s the one that’s relevant to us right now and tell it to set its status to enable specified the VLAN prepared your priority or DSP if you wish and demise apply it to your ports and you’re good to go from there you can do some trial and error on a port really to make sure that things “re going through” the behavior you expect it but not a heavy-lift at all that’s the way I are happy to make love and it’s kind of like my best practice if you will I’ve got it deployed over 500 orientations between two major organizations and it’s working very well so we’re very happy with it um and clearly it requires a phone that has l-ltp abilities if your device doesn’t talk exerting LOD PA you’re up the creek without a paddle right so but regardless it’s a good thing to look at if you have any questions specific to this please don’t hesitate to post in specific comments below be more than happy to provide any more revelation or rationalization if I did a inadequate errand otherwise you guys have a wonderful night and I’ll see you next time thank you
