Community discussions

MikroTik App
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Is an example available for VoIP with PC?

Sat May 30, 2020 10:11 am

I've found mention of typical VoIP installations where the VoIP phone connects to the switch and a workstation connects to the phone. But I haven't found an actual configuration example for how to place the phones into a VLAN. I'm assuming this would be MAC-based VLAN - and I'm finding no documentation on how to use that. At the moment for my configuration all phones are on a CRS1XX switch.
 
User avatar
mutluit
Forum Veteran
Forum Veteran
Posts: 821
Joined: Wed Mar 25, 2020 4:04 am

Re: Is an example available for VoIP with PC?

Sat May 30, 2020 5:15 pm

The following page gives an example, says "We will have a vlan for voip and untagged data for the PC":
https://wiki.mikrotik.com/wiki/Vlans_on ... nvironment
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Re: Is an example available for VoIP with PC?

Sat May 30, 2020 7:13 pm

Exactly the page I'm talking about - it mentions such a configuration but doesn't actually show it. Everything there is port-based which doesn't help.
 
User avatar
mutluit
Forum Veteran
Forum Veteran
Posts: 821
Joined: Wed Mar 25, 2020 4:04 am

Re: Is an example available for VoIP with PC?

Sat May 30, 2020 8:53 pm

Exactly the page I'm talking about - it mentions such a configuration but doesn't actually show it. Everything there is port-based which doesn't help.
What do you mean by "...but doesn't actually show it"?
Don't you see the commands there? FYI: It is done in the CLI, not in the GUI.
To me the page looks very ok and complete.
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 7:18 am

Sorry - I just don't see it. Everything there is port based - nothing filters on MAC. So if a phone is connected to port ether2 on a switch, and a PC is connected to the phone, with the examples given both the phone and the PC will be in a VLAN - which is not the desired behavior.
 
User avatar
mutluit
Forum Veteran
Forum Veteran
Posts: 821
Joined: Wed Mar 25, 2020 4:04 am

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 3:54 pm

Sorry - I just don't see it. Everything there is port based - nothing filters on MAC. So if a phone is connected to port ether2 on a switch, and a PC is connected to the phone, with the examples given both the phone and the PC will be in a VLAN - which is not the desired behavior.
Hmm. since each interface has a unique MAC, then what difference does it make in the link for the VLAN VOIP example given in posting #2, whether one uses the interface name or the MAC address in specifying the members of a VLAN?

Take a look at the output of this and decide yourself:
/interface print

Your phones will have their own MACs, but they have to be plugged into the above interfaces.
So, then it should be obvious, IMO...
...unless you mean something really different.

Maybe you can find the answer in these links:

Example for MAC Based VLAN in CRS1xx/2xx series switches:
https://wiki.mikrotik.com/wiki/Manual:C ... Based_VLAN

And if your question is about CRS3xx then see this (though in your OP you mention the CRS1xx):
viewtopic.php?t=124377
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 4:48 pm

EDIT: duplicate post
Last edited by anav on Sun May 31, 2020 10:44 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 5:01 pm

https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
The fourth diagram down shows a hybrid vlan approach.
If this is what you are looking for?
What is not clear to me is how the ethernet coming from the router is going to reach both the PC and VOIP device ????

In a nutshell (using this as a ref guide for setting up vlans)
viewtopic.php?f=13&t=143620

One will take the port to the PC (lets say ether2) and assume its a trunk port for INGRESS (bridge port settings) and a combination for EGRESS (bridge vlan settings)
(vlan 10 for homevlan to PC, vlan 20 for VOIP )
(PC cannot read tags, and VOIP device can read tags)

/interface bridge port
add bridge=bridge1 comment=defconf ingress-filtering=yes interface=ether2

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether2 vlan-ids=20
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=10
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 10:41 pm

First, thanks for the responses. Second, let me be clear that I'm not just a novice at VLAN - I've never configured one before. So some foundation concepts are still trying to sink into my tiny brain.

The physical connection - these phones basically have built-in two port switches. One port (PoE) connects to the LAN and provides power and ethernet to the phone. The second port provides connectivity to an additional device - generally a PC though in my particular setup it's a printer.

My previous setup had phones, and only phones, connected to a dedicated PoE switch which in turn connected to the VoIP server. In replacing/upgrading equipment I'm trying to reduce components - which means more advanced configuration. I'm trying to learn through failure...but in some cases I'm not even sure where to start.

Below is my existing config for the switch. Following the examples I setup filtering for DHCP - so the phones would only receive DHCP from the VoIP server and the VoIP server wouldn't reach the LAN PC's. In theory. And that's...mostly working. And if I hadn't taken the next step I wouldn't need VLAN - though I really want to get it working so I can start understanding it. The next step was connecting a printer to one of the phones. Now - I want that printer to receive DHCP from the LAN server. But using a port-based solution, since both the phone and the printer connected to the CRS via ether8, means either the printer sees the VoIP server or the phone sees the LAN server for DHCP.

What I have now gives me functioning phones, and a mostly functioning printer via manual IP assignment on the printer (no DHCP).

For interface names below:
  • "jack x" refers to patch panel positions
    "JustINA" is the VoIP server
    "Foxy" is the LAN router/switch (RB750GL)
    "Wify" is a hAP AC2
Also:
Regular LAN is 192.168.0.0/24
VoIP network is 192.168.11.0/24
Printer is MAC 58:20:B1:DE:7F:99 and IP 192.168.0.40
# may/31/2020 12:22:44 by RouterOS 6.46.6
# software id = 49N1-PQKT
#
# model = CRS112-8P-4S
# serial number = 9B210B772A59
/interface ethernet
set [ find default-name=ether1 ] name="ether1-Phone-jack 10"
set [ find default-name=ether2 ] name="ether2-Foxy 4"
set [ find default-name=ether3 ] name="ether3-Phone-jack 1"
set [ find default-name=ether4 ] name=ether4-JustINA
set [ find default-name=ether5 ] name="ether5-Phone-jack 8"
set [ find default-name=ether7 ] name="ether7-Phone-jack 19"
set [ find default-name=ether8 ] name="ether8-Phone-jack 4"
set [ find default-name=sfp10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=sfp10-Wify
/interface bridge
add admin-mac=C4:AD:34:52:ED:9E auto-mac=no name=bLAN priority=0x1000
add name=bLoopback
/routing ospf area
add area-id=0.0.0.2 default-cost=1 inject-summary-lsas=no name=JustINA-DMZ translator-role=\
    translate-never type=nssa
add area-id=0.0.0.1 name=AMFES-LAN
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1 router-id=10.255.255.9
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff\
    ,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bLAN interface="ether1-Phone-jack 10"
add bridge=bLAN interface="ether2-Foxy 4"
add bridge=bLAN interface="ether3-Phone-jack 1"
add bridge=bLAN interface=ether4-JustINA
add bridge=bLAN interface="ether5-Phone-jack 8"
add bridge=bLAN interface=ether6
add bridge=bLAN interface="ether7-Phone-jack 19"
add bridge=bLAN interface="ether8-Phone-jack 4"
add bridge=bLAN interface=sfp9
add bridge=bLAN interface=sfp10-Wify
add bridge=bLAN interface=sfp11
add bridge=bLAN interface=sfp12
/interface ethernet switch acl
add action=drop disabled=yes dst-ports=ether4-JustINA mac-src-address=58:20:B1:DE:7F:99 \
    table=egress
/interface ethernet switch egress-vlan-translation
add customer-vlan-format=untagged-or-tagged disabled=yes new-customer-vid=0 ports="ether1-Pho\
    ne-jack 10,ether4-JustINA,ether5-Phone-jack 8,ether7-Phone-jack 19,ether8-Phone-jack 4,et\
    her3-Phone-jack 1" service-vlan-format=untagged-or-tagged
/interface ethernet switch mac-based-vlan
add disabled=yes new-customer-vid=30 src-mac-address=00:E0:6F:12:80:06
add disabled=yes new-customer-vid=30 src-mac-address=00:04:F2:39:BC:85
add disabled=yes new-customer-vid=30 src-mac-address=00:04:F2:39:BB:32
add disabled=yes new-customer-vid=30 src-mac-address=00:A8:59:F6:B2:DE
add disabled=yes new-customer-vid=30 src-mac-address=00:04:F2:39:BA:F7
add disabled=yes new-customer-vid=30 src-mac-address=00:04:F2:39:BE:B5
/interface ethernet switch port
set 0 isolation-leakage-profile-override=2
set 1 isolation-leakage-profile-override=3
set 2 isolation-leakage-profile-override=2
set 4 isolation-leakage-profile-override=2
set 6 isolation-leakage-profile-override=2
set 7 isolation-leakage-profile-override=2
/interface ethernet switch port-isolation
add forwarding-type=bridged port-profile=2 ports=ether4-JustINA protocol-type=dhcpv4 \
    registration-status="" traffic-type="" type=dst
add forwarding-type=bridged port-profile=3 ports=sfp10-Wify protocol-type=dhcpv4 \
    registration-status="" traffic-type="" type=dst
/ip address
add address=192.168.0.9/24 interface=bLAN network=192.168.0.0
add address=10.255.255.9 interface=bLoopback network=10.255.255.9
add address=192.168.11.9/24 interface=bLAN network=192.168.11.0
/ip dns
set allow-remote-requests=yes servers=192.168.0.2,1.1.1.1,8.8.8.8
/ip firewall filter
add action=fasttrack-connection chain=forward
add action=accept chain=forward
/ip firewall nat
add action=src-nat chain=srcnat dst-address=192.168.11.0/24 to-addresses=192.168.11.9
add action=src-nat chain=srcnat dst-address=192.168.0.0/24 to-addresses=192.168.0.9
/ip route
add distance=1 gateway=192.168.0.1
add distance=1 dst-address=10.59.97.0/24 gateway=192.168.0.2
/routing ospf network
add area=backbone network=10.21.3.0/24
add area=backbone network=10.255.255.9/32
add area=backbone network=192.168.0.0/24
add area=JustINA-DMZ network=192.168.11.0/24
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=Poe
/system note
set note="00:E0:6F:12:80:06 Justina\r\
    \n00:04:F2:39:BC:85\r\
    \n00:04:F2:39:BB:32\r\
    \n00:A8:59:F6:B2:DE\r\
    \n00:04:F2:39:BA:F7\r\
    \n00:04:F2:39:BE:B5\r\
    \n58:20:B1:DE:7F:99 printer"
/system ntp client
set enabled=yes primary-ntp=192.168.0.2 secondary-ntp=216.228.192.52
/tool bandwidth-server
set enabled=no
/tool sniffer
set filter-ip-address=192.168.0.40/32
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 10:47 pm

Well the most important thing for me is to understand how this phone connection thingy works.
The physical connection - these phones basically have built-in two port switches. One port (PoE) connects to the LAN and provides power and ethernet to the phone. The second port provides connectivity to an additional device - generally a PC though in my particular setup it's a printer.

Can you provide a model for the device?
Its not clear to me if the device is VOIP capable and if not, I dont think there is no way to provide two access vlans on one ethernet connection.
Looking at grandstream phones for example, they have VLAN capabilities.
(The Grandstream products only support manual method to get VLAN ID for the PC port.)

I find their guide very confusing but nonetheless the capabilites of the phone device will drive the config on the router.
It seems, that it can ONLY pass through the PC vlan to the PC.
This seems really stupid to me because PCs are typically 'dumb' and cannot read vlan tags and cannot strip or add vlan tags.
So at first blush great the telephone device can handle multiple VLANS, but useless if it cannot strip the vlan before it hits the PC and add back the vlan on return packets, then what has been gained???

Again, not familiar with this particular application so might be missing key issues.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 11:04 pm

Reading some more in general..............
The native or untagged data should be destined for the PC and the tagged data on vlan 20 is for the voip phone. The voip phone will strip these tagged packets off the wire so the PC will never see them.

Thus in our construct, the untagged packets belong to the PC and will pass straight through the phone device and the tagged packets belong to the VOIP and will be picked up by the phone and handled appropriately. So my guidance above seems correct!! phew>.........

As to your config.......... willlooknow
oopsie, cannot help that is switch chip talk, I only work in bridge vlan filtering speak...............

In any case the process/requirement is the same, the ports that go to phone devices need to be hybrid.
 
vikinggeek
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sat Aug 02, 2014 4:14 am

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 11:14 pm

The only practical way to support VoIP phones is if the switch implements LLDP-MED. Unfortunately, this is not supported on MT switches and many of us have to use other brands to achieve the functionality the OP is inquiring about. More details in this thread:
viewtopic.php?f=2&t=24690
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 11:25 pm

The grandstream I was reading about allowed for LLDP OR MANUAL methods to setup vlan. However I have no idea what the OP is using.
Equally stupid of VOIP hardware/software providers to RELY on lldp for anything so its not just an MT issue in my mind.
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Re: Is an example available for VoIP with PC?

Sun May 31, 2020 11:28 pm

The phone in question is a Polycom IP550 which has VLAN support. If necessary, I can manually set the VLAN id in the phone if that leads to a Mikrotik solution.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Mon Jun 01, 2020 12:27 am

I believe that is the correct path.....
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Re: Is an example available for VoIP with PC?

Mon Jun 01, 2020 12:39 am

So I return to my question - how do I configure the CRS1xx to use MAC based VLAN? WinBox shows options, the manual gives minimal descriptions, so I believe there is support for it - but I don't know where to start. Terms like PVID, SVID, CVID, have me quite confused. Ingress/egress are concepts I understand - but filtering, including bridge VLAN filtering, again aren't documented well (at least that I've found).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is an example available for VoIP with PC?

Mon Jun 01, 2020 3:11 am

The best reference is for bridge vlan based filtering not chip based filtering........
viewtopic.php?f=13&t=143620
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Mon Dec 12, 2011 9:18 am

Re: Is an example available for VoIP with PC?  [SOLVED]

Sat May 22, 2021 4:58 am

Ok. I finally did it. At least at the moment - hopefully things are still working next week...

This is the definitive way of accomplishing hybrid MAC-based VLAN. I'm declaring that officially - so any mistakes (impossible!) need to be critiqued and corrected. If anything here is wrong, inefficient, or just not clear now's the time to clean it up.

First of all - set aside any thoughts of auto-configuring your phones via DHCP. If someone's got a working example with Mikrotik & Polycom I'd love to see it. But even then - start with manual configuration. That's one of the biggest hurdles - you must set your phones correctly. For my Polycom phones, that meant manually going into Advanced Settings, Network, Ethernet, VLAN, and enabling VLAN, setting the ID (30 for me), and enabling VLAN filtering.

Side note - while wandering through these menus I found my PCs are connecting as half-duplex 10M via the Polycom. Admittedly these are older phones but still... Finding mention of this elsewhere I manually set the PC connection to full duplex 100M - which isn't the gigabit it should be but it's a hell of a lot better than it was.

Back to the CRS1xx. First, having already created a bridge for all ports (you did that on initial setup also, didn't you?). First create a VLAN interface.
/interface vlan add interface=bLAN name=vlan30 vlan-id=30
Now, in my case I have a mix of port usage - which is the whole reason I needed MAC based VLAN. My VoIP server is on ether4. My phones are on ether1, 3, 5, 7, 8.

First, we need to identify which ports may participate in the VLAN. This does not force them to exclusively talk in the VLAN - but they must be declared first so the other rules will apply. Additionally, we specify SVL for MAC-based processing. Note to future proof readers - do I really need SVL and if so why?
/interface ethernet switch vlan add ports="ether1,ether3,ether4,ether5,ether7,ether8" svl=yes vlan-id=30
Now, my VoIP server is...sort of a hosted 3rd party solution. So I don't have access to change its VLAN settings. But - it's on a known port. So I'll force all traffic coming from that VoIP server to be on the VLAN.
/interface ethernet switch ingress-vlan-translation new-customer-vid=30 ports=ether4
Now - since I just said I can't adjust the VLAN settings on the VoIP server I need (or should) strip any VLAN information on traffic to that device.
/interface ethernet switch egress-vlan-translation add customer-vid=30 new-customer-vid=0 ports=ether4
On the other hand, I need to expressly communicate on the VLAN for the phones that are on dedicated ports.
/interface ethernet switch egress-vlan-translation add ports="ether1,ether3,ether5,ether7"
At this point - four of my phones should be communicating properly with the server. That leaves the lone oddball that needs a MAC-based connection.
/interface ethernet switch mac-based-vlan add new-customer-vid=30 src-mac-address=00:04:F2:39:BE:B5
If I wanted a "pure" MAC-based solution, I'd omit the "egress-vlan-translation" line for the dedicated ports and specify the other MAC addresses. That would allow for roaming of phones - but I believe that would increase the load on the CRS1xx CPU. At the moment, looks like the CPU load on mine is floating around 10% (plus/minus whatever), with occasional spikes to 20%.

Who is online

Users browsing this forum: Google [Bot] and 29 guests