Community discussions

MikroTik App
 
foriamroot
just joined
Topic Author
Posts: 2
Joined: Fri Dec 03, 2021 12:22 am

LLDP-MED on CRS-328-24P-4S+RM RouterOS v6.49.1

Fri Dec 03, 2021 1:36 am

Good Evening:

I am trying to configure LLDP-MED assigned VLAN configuration for a PolyCom endpoint (PolyCom VVX500 model: 3111-44500-001 firmware 5.9.6.2996) on a hybrid port. I checked the forums and tried a few different configurations; however, none of them seemed to fit what I am looking for. Our current deployments utilize a Cisco 3750X behind a MikroTik RB4011; however, the 3750 is too loud for some deployments so I am looking at alternatives. I am happy with the RB4011 so I thought why not try one of MikroTik's offerings.

The PolyCom devices are basically drop shipped so I am unable to manually assign the VLAN on the device itself and it must be set automatically once on location. The preferred method would be LLDP-MED as some deployments may utilize different endpoints (Yealink, Algo, Obihai, etc). An OUI table is not out of the question; however, when OUI's are added in the future, all of the tables would require updating to support replacement equipment so this solution is not ideal. The switch configuration would need to support one or more VLAN unaware devices behind the endpoints. This untagged traffic would need to be tagged on ingress and popped on egress.

The working Cisco configuration is:
!
interface range GigabitEthernet1/0/1-44
description PHONES
switchport access vlan 101
switchport mode access
switchport nonegotiate
switchport voice vlan 202
.....
!

The MikroTik currently has a very simple configuration based on forum posts / the manual. The higher layer configuration will be added once this is working.

[admin@MikroTik] > /export terse
# jan/02/1970 01:04:18 by RouterOS 6.49.1
# software id = B3E4-HUCH
#
# model = CRS328-24P-4S+
# serial number = ############
/interface bridge add name=bridge1 pvid=101 vlan-filtering=yes
/interface vlan add interface=bridge1 name=vlan101 vlan-id=101
/interface vlan add interface=bridge1 name=vlan202 vlan-id=202
/interface list add name=list1
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port add bridge=bridge1 interface=ether4 pvid=101
/ip neighbor discovery-settings set discover-interface-list=list1 lldp-med-net-policy-vlan=202
/interface bridge vlan add bridge=bridge1 tagged=ether4 vlan-ids=202
/interface list member add interface=ether4 list=list1
/system routerboard settings set boot-os=router-os
[admin@MikroTik] >

The endpoint should receive the LLDP-MED frame and restart the networking service using the assigned VLAN (202); however, it is not receiving the LLDP-MED frame so it is booting up with no VLAN. Any help getting this configured is appreciated.

Thanks!
 
foriamroot
just joined
Topic Author
Posts: 2
Joined: Fri Dec 03, 2021 12:22 am

Re: LLDP-MED on CRS-328-24P-4S+RM RouterOS v6.49.1

Fri Dec 03, 2021 11:29 pm

Current configuration that is working correctly if VLAN is manually set on the endpoint. LLDP-MED still eludes me.

Configuration reference: https://help.mikrotik.com/docs/display/ ... +discovery

# software id = B3E4-HUCH
#
# model = CRS328-24P-4S+
# serial number = ############
/interface bridge add comment="Hosted Bridge" name="Hosted Bridge"
/interface ethernet set [ find default-name=ether1 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether2 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether3 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether4 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether5 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether6 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether7 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether8 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether9 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether10 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether11 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether12 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether13 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether14 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether15 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether16 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether17 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether18 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether19 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether20 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether21 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether22 ] comment="Phone Port"
/interface ethernet set [ find default-name=ether23 ] comment="Uplink to Customer Switch"
/interface ethernet set [ find default-name=ether24 ] comment="Uplink to WAN"
/interface ethernet set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface ethernet set [ find default-name=sfp-sfpplus2 ] disabled=yes
/interface ethernet set [ find default-name=sfp-sfpplus3 ] disabled=yes
/interface ethernet set [ find default-name=sfp-sfpplus4 ] disabled=yes
/interface vlan add interface="Hosted Bridge" name=VLAN101 vlan-id=101
/interface vlan add interface="Hosted Bridge" name=VLAN202 vlan-id=202
/interface list add name="Hosted Ports"
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option add code=2 name="GMT Offset -5" value=0xFFFFB9B0
/ip dhcp-server option add code=42 name=NTP value="'0.0.0.0'"
/ip dhcp-server option add code=66 name="Provisioning Server" value="'https://some.provisioning.server'"
/ip dhcp-server option add code=160 name="Provisioning Server Option 160" value="'https://some.provisioning.server'"
/ip dhcp-server option add code=129 name=Phone_VLAN value="'VLAN-A=202'"
/ip dhcp-server option sets add name="Phone Options" options="GMT Offset -5,NTP,Phone_VLAN,Provisioning Server,Provisioning Server Option 160"
/ip pool add name="Phone IP Pool" ranges=0.0.0.0-0.0.0.0 ip dhcp-server add address-pool="Phone IP Pool" authoritative=after-2sec-delay dhcp-option-set="Phone Options" disabled=no interface=VLAN202 name="Phone DHCP"
/interface bridge port add bridge="Hosted Bridge" interface=ether1 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether2 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether3 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether4 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether5 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether6 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether7 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether8 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether9 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether10 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether11 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether12 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether13 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether14 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether15 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether16 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether17 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether18 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether19 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether20 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether21 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether22 pvid=101
/interface bridge port add bridge="Hosted Bridge" interface=ether23 pvid=101
/ip neighbor discovery-settings set discover-interface-list="Hosted Ports" lldp-med-net-policy-vlan=202 protocol=lldp
/interface bridge vlan add bridge="Hosted Bridge" tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22 vlan-ids=202
/interface bridge vlan add bridge="Hosted Bridge" untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23 vlan-ids=101
/interface list member add interface=ether1 list="Hosted Ports"
/interface list member add interface=ether2 list="Hosted Ports"
/interface list member add interface=ether3 list="Hosted Ports"
/interface list member add interface=ether4 list="Hosted Ports"
/interface list member add interface=ether5 list="Hosted Ports"
/interface list member add interface=ether6 list="Hosted Ports"
/interface list member add interface=ether7 list="Hosted Ports"
/interface list member add interface=ether8 list="Hosted Ports"
/interface list member add interface=ether9 list="Hosted Ports"
/interface list member add interface=ether10 list="Hosted Ports"
/interface list member add interface=ether11 list="Hosted Ports"
/interface list member add interface=ether12 list="Hosted Ports"
/interface list member add interface=ether13 list="Hosted Ports"
/interface list member add interface=ether14 list="Hosted Ports"
/interface list member add interface=ether15 list="Hosted Ports"
/interface list member add interface=ether16 list="Hosted Ports"
/interface list member add interface=ether17 list="Hosted Ports"
/interface list member add interface=ether18 list="Hosted Ports"
/interface list member add interface=ether19 list="Hosted Ports"
/interface list member add interface=ether20 list="Hosted Ports"
/interface list member add interface=ether21 list="Hosted Ports"
/interface list member add interface=ether22 list="Hosted Ports"
/ip address add address=0.0.0.0/0 comment="Uplink to WAN" interface=ether24 network=0.0.0.0
/ip address add address=0.0.0.0/0 comment="PHONE VLAN" interface=VLAN202 network=0.0.0.0
/ip dhcp-server network add address=0.0.0.0/0 dhcp-option-set="Phone Options" dns-server=0.0.0.0,0.0.0.0gateway=0.0.0.0ntp-server=0.0.0.0
/ip firewall address-list add address=0.0.0.0/0 list=MGMT
/ip firewall address-list add address=0.0.0.0/0 list=MGMT
/ip firewall address-list add address=0.0.0.0/0 list=MGMT
/ip firewall address-list add address=0.0.0.0/0 list=BT
/ip firewall address-list add address=0.0.0.0/0 list=MGMT
/ip firewall address-list add address=0.0.0.0/0 list=MGMT
/ip firewall address-list add address=0.0.0.0/0 list=PBX
/ip firewall address-list add address=0.0.0.0/0 list=PBX
/ip firewall address-list add address=0.0.0.0/0 list=PBX
/ip firewall address-list add address=0.0.0.0/0 list="PHONE VLAN"
/ip firewall filter add action=accept chain=forward comment="ALLOW PASSTHROUGH"
/ip firewall filter add action=accept chain=input comment="ALLOW MGMT" src-address-list=MGMT
/ip firewall filter add action=accept chain=input comment="ALLOW BANDWIDTH TESTING" src-address-list=BT
/ip firewall filter add action=accept chain=input comment="ALLOW PBX" src-address-list=PBX
/ip firewall filter add action=accept chain=input comment="ALLOW ESTABLISHED" connection-state=established
/ip firewall filter add action=accept chain=input comment="ALLOW RELATED" connection-state=related
/ip firewall filter add action=accept chain=input comment="ALLOW PING" protocol=icmp
/ip firewall filter add action=accept chain=input comment="ALLOW PHONES" src-address-list="PHONE VLAN"
/ip firewall filter add action=drop chain=input
/ip firewall nat add action=masquerade chain=srcnat comment="NAT PHONE TRAFFIC" out-interface=ether24 src-address=0.0.0.0
/ip firewall service-port set ftp disabled=yes
/ip firewall service-port set tftp disabled=yes
/ip firewall service-port set irc disabled=yes
/ip firewall service-port set h323 disabled=yes
/ip firewall service-port set sip disabled=yes
/ip firewall service-port set pptp disabled=yes
/ip firewall service-port set udplite disabled=yes
/ip firewall service-port set dccp disabled=yes
/ip firewall service-port set sctp disabled=yes
/ip service set telnet address=0.0.0.0/0,0.0.0.0/0,0.0.0.0/0
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh address=0.0.0.0/0,0.0.0.0/0,0.0.0.0/0
/ip service set api disabled=yes
/ip service set winbox address=0.0.0.0/0,0.0.0.0/0,0.0.0.0/0
/ip service set api-ssl disabled=yes
/ip ssh set allow-none-crypto=yes forwarding-enabled=remote
/system clock set time-zone-name=America/Detroit
/system identity set name=HOSTNAME
/system ntp client set enabled=yes primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system routerboard settings set boot-os=router-os

Wireshark capture:
Image

Any help is appreciated!
Last edited by foriamroot on Sat Dec 04, 2021 2:02 am, edited 1 time in total.

Who is online

Users browsing this forum: jamesperks and 88 guests