DHCP Options for phones sharing LAN

mjohnson

I have a client that is installing a Mitel phone system. The phones need to share the same physical connection as the PCs, meaning the PC will piggy back off the Phone. They however are not going to share the same IP network. 10.199 for the PCs and 192.168 for the phones with different gateways etc. Below is a really crude outline:

GW1 (LAN)                    GW2 (MITEL PH)
    |                                    |
SW1 (LAN)–---------------SW1 (MITEL PH POE)
  |                                      |
PCs                                PHONES, PCs (SHARED)

The option the phone vendor wants to take is to create a VLAN100, then configure the DHCP options on the PFSense to specify that if the VendorID (phone) requests a DHCP address, assign a VLAN, then redirect to the alternate DHCP Server (GW2) and obtain from there.

I will admit openly- I am completely lost. I did some research and these options make no sense to me. Can anyone help a floundering member?

Funkblastin

Any update on this? I'm attempting the same thing.

Mitel VoIP traffic out one PFSense interface, PC traffic connected through the Mitel phone out another PFsense interface.

Trel

Do the phones have a specific MAC segment in common, and does that brand phone have a specific option you can add to DHCP to push a vlan?
Some IP phones allow for pushing the VLAN with DHCP option 43.

mjohnson

Sorry for not updating.

I am waiting for my next Mitel install coming up shortly with the same scenario to test this all out. The Mitel phones push a vendor ID and I was able to get them to assign a VLAN, however I was hampered by the 3rd party company that was setting up their POE switches- they didn't understand VLANs and they would not give me access to the switch to set it all up. The phones responded fine to the vendor ID option (ipphone.mitel.com) and I then used the VLAN option which assigned the VLAN and forced it to search a new DHCP server, however in the switches they had setup the VLAN would not traverse switches because they had ingress filtering enabled and insisted I was on crack for wanting it disabled.

Anyways, I will update further when I can test this all out again in a clean environment that I set up rather than relying on an outside party.

Reddawg

So, maybe this might help clarify:
When you set the "Option" in the DHCP scope, the phone picks it up, sees the option and knows to tag itself on another VLAN. Once there, it asks again for DHCP.

Things you need to be in place:
1. DHCP Option set in the DATA scope for the phones to pickup the correct VLAN
2. All ports untagged on the data VLAN (or "Native VLAN" in cisco speak)
3. All ports (or just the ones the phones will use, easier with all) tagged on the voice VLAN
4. A DHCP scope for the phones with any relevant options (Voice Server….)
5. A DHCP Helper-address  or "Relay" to get the requests from the Voice VLAN to the DHCP server.

Let me know if this helps!

mjohnson

Maybe if you could clarify this piece for me:

"5. A DHCP Helper-address  or "Relay" to get the requests from the Voice VLAN to the DHCP server."

Basically what I have done is defined a new VLAN in on the LAN interface and created a new DHCP scope on that VLAN. That should work, shouldn't it? The phones of course need to obtain a different IP block as well a different default gateway.

Thanks for your help :)

Reddawg

I am accustomed to using a server to hand out DHCP which is why the helper address is needed. In the case where PFsense is running a DHCP server directly on the voice VLAN, a helper-address is not needed. A helper address or "relay" is used to have one central DHCP server with many scopes but only 1 network connection.

What are the symptoms you have now?

Trel

@Reddawg:

So, maybe this might help clarify:
When you set the "Option" in the DHCP scope, the phone picks it up, sees the option and knows to tag itself on another VLAN. Once there, it asks again for DHCP.

Things you need to be in place:
1. DHCP Option set in the DATA scope for the phones to pickup the correct VLAN
2. All ports untagged on the data VLAN (or "Native VLAN" in cisco speak)
3. All ports (or just the ones the phones will use, easier with all) tagged on the voice VLAN
4. A DHCP scope for the phones with any relevant options (Voice Server….)
5. A DHCP Helper-address  or "Relay" to get the requests from the Voice VLAN to the DHCP server.

Let me know if this helps!

If that's how it works, then assuming the rest of your network is setup correctly you would push the DHCP option on your main network, and a second network in PFSense for the phone VLAN with a DHCP that assigns in the correct range for the phones.

So the option on how to tag itself should be added to the NON-Phone VLAN for when the phone tries to connect there if the phone system works as you said it does.

So in PFSense

Main Interface: Add the option for how to tag to THIS DHCP server
Phone VLAN Interface: Standard DHCP

This is assuming I understand your network setup

dotdash

OP-
Mitel should have instructions on what DHCP options to set. You can set custom options with the pfSense DHCP server. You generally set an option on the LAN scope that tells the phones what VLAN to hop to. The DHCP scope on the phone subnet might need options for tftp server, etc.
If the phones support it, it's better to send the VLAN tag via LLDP on the switches. If the phone vendor doesn't suck, they should be able to assist.