 |
|
|
|
This document describes how ProCurve switches and Aastra IP phones interoperate to build a secure and easy-tomanage
network. Both the switch and the phone rely on standard protocols:
- 802.3af, standard for Power-over-Ethernet (PoE) enables the switch to allocate up to 15.4W of power per port.
- Quality-of-Service (QoS) mechanisms enable the network to give voice flow—which is sensitive to delay, jitter and packet loss—priority over the data traffic, to guarantee that the communications will continue in case of congestion.
- LLDP-MED is a discovery protocol that enables switches to get some layer 2 information about a phone (such as its model, firmware, location, etc.) and automatically allocate certain network parameters (VLAN and QoS) to the phone.
- 802.1X is the most recommended authentication method for access control on the network. It is recognized as a standard, and is implemented by most IP telephony constructors. Multiple 802.1X authentication enables authentication both of a phone plugged into a switch and of a user plugged into the dual port of the phone, while assigning them different profiles (VLAN, QoS, bandwidth).
» Return to top
|
|
|
|
|
|
The platform contains:
- One or more servers with the following services: Active Directory, DHCP, DNS, Certificate Authority, IAS.
- Latest versions of ProCurve Manager Plus (PCM+) and Identity-Driven Manager (IDM).
- Aastra 5xi Series phone (53i, 55i or 57i).
- A ProVision Switch 3500yl or 2610-PWR with the latest firmware version. A similar configuration can also be used with a ProCurve 5400zl series switch or a 8212zl series switch. The configuration commands are identical for these products and the 3500yl.
- A client laptop that can be plugged into the phone dual port for multiple authentication tests or used as a network analyzer (e.g., Wireshark)
Figure 1. Setup for ProCurve-Aastra interoperability
» Return to top
|
|
|
|
|
|
This section explains how to configure an Aastra phone and the ProCurve switch.
3.1 Check PoE compatibility on ProCurve Switch 3500yl
ProVision switches support standard PoE (802.3af), and so do Aastra phones. When the phone is plugged into a port
on the ProCurve Switch 3500yl, the phone boots up.
To view the power consumption of the phone, issue the following command on the switch:
Where X is the port into which the phone is plugged.
» Return to top
3.2 Check PoE compatibility on ProCurve Switch 2610
On a 2610 switch, the command to view power consumption is:
Where X is the port into which the phone is plugged.
For example:
For an Aastra 53i SIP phone this consumption is around 2160 mW.
» Return to top
|
|
|
|
|
|
This section explains how to configure 802.1X support.
6.1 Configure 802.1X login credentials on the phone
To configure the phone:
- In the phone’s Web interface, got to Advanced Settings | 802.1X support to 802.1X.
- Select the EAP type. For the EAP type you have the choice between EAP-MD5 (login/password) or EAP/TLS
(with certificates):
- Reset the phone. When it reboots you see a display indicating 802.1X authentication:
» Return to top
6.2 Configure 802.1 X on the switch
To configure 802.1X on the switch:
1. Enable 802.1X on the phone ports:
2. Enter the RADIUS information in the switch configuration:
» Return to top
6.3 Configure multiple 802.1X sessions
To configure multiple 802.1X sessions:
- Modify the switch configuration for the port connected to the phone. Configure it so the voice VLAN is tagged and the data VLAN untagged.
- Set the client-limit parameter on the switch to 3 to enable both the PC and the phone to authenticate. For example:
The data VLAN can also be dynamically assigned using Identity Driven Manager.
The phone and PC authentication appear in IDM: 
» Return to top
|
|
|
Where X is the port into which the phone is plugged.
