Automatic VLAN Assignment (AVA) - Problem with option routers

Tarik Gasmi tarik.gasmi at rz.uni-freiburg.de
Wed May 14 15:33:25 UTC 2008 

Hi there,

we are trying to set up Automatic VLAN Assignment (AVA) on an Alcatal
switch with an ISC DHCP server.

IP phones should automatically be assigned to a dedicated phone VLAN
(and Subnet) for Voip Traffic, while when a PC is plugged to the same
switch port it stays in the default data VLAN (Subnet).

Purpose is to ensure traffic separation between Data and Voip, e.g. for
QoS and security issues.

DHCP Configuration:
***snip***

# default subnet
subnet 10.10.100.0 netmask 255.255.255.0 {
  option routers 10.10.100.254;
  option broadcast-address ...;
  ...
  # if it is an IP Phone ...
  if substring (option vendor-class-identifier, 0, 11) = "OptiIpPhone" {
    option vendor-encapsulated-options
     01:07:53:69:...:   # vendor option code
     02:04:00:00:07:82:   # phone VLAN ID tag
     03:1b:73:...;  # some information where to find the SIP Server
  }
  pool {
    range 10.10.100.1 10.10.100.239;
  }
}

# phone subnet
subnet 10.10.200.0 netmask 255.255.255.0 {
  option routers 10.10.200.254;
  option broadcast-address ...;
  ...
}

host ip-phone {
  hardware ethernet ...;
  fixed-address 10.10.200.2;
}
***snap***

AVA is realized in 2 DHCP Discover-ACK Cycles:

   1. the phone sends out a DHCP Discover message
   2. the DHCP server sends back a DHCP Offer with the Option 43 Vendor
Specific Options in a special format, the phone will accept the Offer,
send back the DHCP Request, and save the VLAN ID provided by the DHCP
server in the Vendor Specific Options. and with an IP Adress from Pool
10.10.100.1 - 239.
   3. After the DHCP server has send the ACK message to the phone, the
phone will release the leased IP address and start a new DHCP Discover
cycle using the now known Voice VLAN ID tagging
   4. the phone gets the fixed-address 10.10.200.2 in the Voip Subnet

the phone gets the correct IP in the Voice VLAN.
the problem is that the phone does not get sent the correct routers
option in the DHCP Offer of the second cycle (10.10.200.254) but the one
from the default subnet (10.10.100.254). due to this misconfiguration
(IP and Router in different subnets), the phone cannot communicate.

Strangely, everything is fine - the phone gets the correct router option
- when this option is specified in the host-declaration also, an not
only in the subnet-declarations. see the following ...

***snip***
host ip-phone {
  hardware ethernet ...;
  fixed-address 10.10.200.2;
  option routers 10.10.200.254;
}
***snap***
this works

We want to avoid to have to add the specific router option to every
ip-phone host declaration (we will have thousands of them).

Any ideas or suggestions, what the problem could be?

Thanks and best regards,

Tarik Gasmi

-- 
________________________________________

 Tarik Gasmi
 Rechenzentrum Universität Freiburg
 Hermann-Herder-Str.10 / 79104 Freiburg

 Email: tarik.gasmi at rz.uni-freiburg.de
 Tel.:  +49 (0)761 203-4674
________________________________________

More information about the dhcp-users mailing list