Fortinet black logo

New Features

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Voice VLAN Auto-Assignment

Voice VLAN Auto-Assignment

You can leverage LLDP-MED to assign voice traffic to the desired voice VLAN. After detection and setup, the IP phone on the network is segmented to its own VLAN for policy, prioritization, and reporting. The LLDP reception capabilities in FortiOS have been extended to support LLDP-MED assignment for voice, voice signaling, guest, guest voice signaling, softphone, video conferencing, streaming video, and video signaling.

You can configure this feature using the FortiOS CLI. Configuration consists of the following steps:

  1. Setting up the VLAN for the voice device
  2. Setting up the DHCP server for the voice VLAN
  3. Setting up the LLDP network policy
  4. Enabling LLDP on the physical interface that the VLAN belongs to
  5. Applying the LLDP network policy on the physical interface
  6. Confirming that the VLAN was assigned
To set up the VLAN for the voice device:

config system interface

edit "vlan_100"

set vdom "root"

set ip 192.168.1.99 255.255.255.0

set alias "voice_vlan"

set device-identification enable

set role lan

set snmp-index 25

set interface "port10"

set vlanid 100

next

end

To set up the DHCP server for the voice VLAN:

config system dhcp server

edit 1

set dns-service default

set default-gateway 192.168.1.99

set netmask 255.255.255.0

set interface "vlan_100"

config ip-range

edit 1

set start-ip 192.168.1.110

set end-ip 192.168.1.210

next

end

next

end

To set up the LLDP network policy:

config system lldp network-policy

edit "1"

config voice

set status enable

set tag dot1q

set vlan 100

end

next

end

To enable LLDP on the physical interface that the VLAN belongs to:

config system interface

edit "port10"

set vdom "root"

set type physical

set lldp-reception enable

set lldp-transmission enable

set snmp-index 14

next

end

To apply the LLDP network policy on the physical interface:

config system interface

edit "port10"

set lldp-network-policy "1"

next

end

To confirm that the VLAN was assigned:

To confirm that the VLAN was assigned as expected, connect an IP phone to the network. Check the IP address on the phone. The IP address should belong to the voice VLAN.

You can also sniff on the FortiGate incoming interface to see if traffic from the IP phone has the desired VLAN tag.

In the example commands above, the voice VLAN was configured as VLAN 100. Therefore, voice traffic from the IP phone should be in VLAN 100.

Previous
Next

Related Videos

sidebar video

Assigning VLAN to a VOIP phone over LLDP-MED

  • 1,774 views
  • 5 years ago

Voice VLAN Auto-Assignment

You can leverage LLDP-MED to assign voice traffic to the desired voice VLAN. After detection and setup, the IP phone on the network is segmented to its own VLAN for policy, prioritization, and reporting. The LLDP reception capabilities in FortiOS have been extended to support LLDP-MED assignment for voice, voice signaling, guest, guest voice signaling, softphone, video conferencing, streaming video, and video signaling.

You can configure this feature using the FortiOS CLI. Configuration consists of the following steps:

  1. Setting up the VLAN for the voice device
  2. Setting up the DHCP server for the voice VLAN
  3. Setting up the LLDP network policy
  4. Enabling LLDP on the physical interface that the VLAN belongs to
  5. Applying the LLDP network policy on the physical interface
  6. Confirming that the VLAN was assigned
To set up the VLAN for the voice device:

config system interface

edit "vlan_100"

set vdom "root"

set ip 192.168.1.99 255.255.255.0

set alias "voice_vlan"

set device-identification enable

set role lan

set snmp-index 25

set interface "port10"

set vlanid 100

next

end

To set up the DHCP server for the voice VLAN:

config system dhcp server

edit 1

set dns-service default

set default-gateway 192.168.1.99

set netmask 255.255.255.0

set interface "vlan_100"

config ip-range

edit 1

set start-ip 192.168.1.110

set end-ip 192.168.1.210

next

end

next

end

To set up the LLDP network policy:

config system lldp network-policy

edit "1"

config voice

set status enable

set tag dot1q

set vlan 100

end

next

end

To enable LLDP on the physical interface that the VLAN belongs to:

config system interface

edit "port10"

set vdom "root"

set type physical

set lldp-reception enable

set lldp-transmission enable

set snmp-index 14

next

end

To apply the LLDP network policy on the physical interface:

config system interface

edit "port10"

set lldp-network-policy "1"

next

end

To confirm that the VLAN was assigned:

To confirm that the VLAN was assigned as expected, connect an IP phone to the network. Check the IP address on the phone. The IP address should belong to the voice VLAN.

You can also sniff on the FortiGate incoming interface to see if traffic from the IP phone has the desired VLAN tag.

In the example commands above, the voice VLAN was configured as VLAN 100. Therefore, voice traffic from the IP phone should be in VLAN 100.

Previous
Next