• 802.3af, the standard for Power-over-Ethernet (PoE), enables the switch to allocate up to 15.4 watts of power per port.
• Quality-of-Service (QoS) mechanisms enable the network to give voice flow—which is sensitive to delay, jitter and packet loss—priority over the data traffic, to guarantee that the communications will continue in case of congestion.
• LLDP-MED is a discovery protocol that enables switches to get some layer 2 information about a phone (such as its model, firmware, location, etc.) and automatically allocate certain network parameters (VLAN and QoS) to the phone.
• 802.1X is the most recommended authentication method for access control on the network. It is recognized as a standard, and is implemented by most IP telephony constructors. Multiple 802.1X authentication enables authentication both of a phone plugged into a switch and of a user plugged into the dual port of the phone, while assigning them different profiles (VLAN, QoS, bandwidth).

» Return to top

The platform contains:

• One or more servers with the following services: Active Directory, DHCP, DNS, Certificate Authority, IAS.
• Latest versions of ProCurve Manager Plus (PCM+) and Identity-Driven Manager (IDM).
• A Cisco Unified IP Phone 7900 Series. The examples in this application note use the Cisco Unified IP Phone 7971G.
• A ProVision Switch 3500yl or 2610-PWR with the latest firmware version. A similar configuration can also be used with a ProCurve 5400zl series switch or a 8212zl series switch. The configuration commands are identical for these products and the 3500yl.
• A client laptop that can be plugged into the phone dual port for multiple authentication tests or used as a network analyzer (e.g., Wireshark).

Figure 1. Setup for ProCurve-Cisco interoperability

» Return to top

ProVision switches support standard PoE (802.3af), and so do the 7900 series of Cisco Unified IP phones. (Older Cisco phone models supported only Cisco PoE.)
When the Cisco Unified IP 7900 Series Phone is plugged into a port on the 3500yl switch, the phone boots up.

1. To view the power consumption of the phone, issue the following command on the switch:

Where X is the port on which the phone is plugged.

2. On a 2610 switch, the command is:

For a Cisco Unified IP Phone 7971G this consumption is around 7.5 watts (Power Class 3):

» Return to top

This section explains how to configure Quality of Service parameters.

4.1 Configure QoS on the Cisco phone
To configure QoS on the Unified IP Phone 7971G, use Cisco Unified Call Manager. The QoS Configuration Menu options are the following:

• DSCP for Call Control: DSCP IP classification for call control signaling
• DSCP for Configuration: DSCP IP classification for any phone configuration transfer
• DSCP for Services: DSCP IP classification for phone-based services.

These parameters can be modified from the CCM Administration > System > Enterprise Parameters menu:

You can also view QoS settings (read-only) from the phone web interface (http://<phone-ip-address>) on the Network Configuration page. For example:

» Return to top

4.2 Configure QoS on the ProCurve switch
The recommended method is to have a dedicated VLAN for voice and configure the QoS parameters for the VLAN. The L2 and DSCP policy advertised are based on the actual QoS configuration for the voice VLAN. By default these values are:

• L2 priority 6
• DSCP 46, which corresponds to the Expedited Forwarding (EF) class

To modify the 802.1p or DSCP values:

To view which DSCP and QoS values are configured:

For more information on QoS settings on ProCurve switches, please refer to the following documents:

• For the 3500yl switch: http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-ATG-Jan08-6-Qos.pdf
• For the 2610-POE switch: http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=2610

» Return to top

This section explains how to configure LLDP-MED support.

5.1 Configure LLDP-MED support on the Cisco phone
All Cisco Unified IP Phones 7900 Series beginning with firmware version 8.3(3) support LLDP-MED. LLDP-MED is enabled by default for the phone switch port, and LLDP is enabled for the phone PC port. LLDP-MED settings can be viewed from the Network Configuration page on the web interface of the phone:

» Return to top

5.2 Configure LLDP-MED on the ProCurve switch

1. Defining a VLAN as voice VLAN enables LLDP-MED:

2. Then configure LLDP-MED. LLDP-MED must be configured on the switch to support MED TLVs, in particular network policy and capabilities:

3. To obtain information about the phone, issue the command:

Where X is the port on which the phone is plugged. For example:

» Return to top

5.3 Configure LLDP-MED fine-grained power allocation
On a ProVision switch such as the 3500yl with K.13.XX firmware release you can have the port automatically configure power allocation if the link partner is able to support PoE. When LLDP is enabled, the information about the power usage of the powered device (PD) is available and the switch can then comply with or ignore this information.

You can configure PoE on each port according to the PD (IP phone, wireless device, etc.) specified in the LLDP field. The default configuration is for PoE information to be ignored if detected through LLDP.

Cisco 7900 series IP phones support the MED TLV that enables LLDP-MED fine-grained power allocation.

» Return to top

5.3.1 Enable LLDP power allocation on the ProCurve switch:
To enable LLDP power allocation on the switch, use the command poe-lldp-detect enabled globally or on an interface. For example:

» Return to top

5.3.2 View power consumption of the Cisco phone with and without PoE LLDP detection
To view the power consumption of the phone use the command show power-over-ethernet brief. By default (that is, without the poe-lldp-detect enabled command), power is allocated by usage. For example, with the Cisco phone plugged into port 13 and LLDP disabled, power is allocated by usage and the phone draws 17 watts:

Now enable PoE LLDP detection on port 13, where the Cisco phone is plugged, then view the results:

With PoE detection enabled, only 15 watts of power are allocated to the phone, and power is allocated by value.

To view details of the power allocation, use the show power-over-ethernet command on the port:

» Return to top

This section explains how to configure 802.1X support.

6.1 Configure 802.1X login credentials on the Cisco phone
On the Cisco Unified IP Phone 7971G you can configure 802.1X from the phone’s screen menu. To configure 802.1X:

1. On the phone, go to Settings > Security Configuration > 802.1X Authentication.
2. Select 1 on the phone taskpad to enter the Device Authentication menu.
3. By default, Device Authentication is set to Disabled. Select 2 to enable Device Authentication, then select Save at the bottom of the phone screen.
4. Return to the 802.1X Authentication screen and select 2 on the phone taskpad to enter the EAP-MD5 menu. In this menu, configure the following parameters:
• Device ID. By default, this is the phone name (for example, CP-7971G-GE-SEP001EF72897C1).
• Shared secret, which is the login password (for example, hp).
• Realm (for example, PCU01).
5. To see 802.1X authentication, return to the Security Configuration menu, and view the 802.1X authentication status in menu 9.

» Return to top

6.2 Configure 802.1X on the ProCurve switch
To configure 802.1X on the switch:

1. Enable 802.1X on the phone ports:

2. Enter the RADIUS information in the switch configuration:

» Return to top

6.3 Configure multiple 802.1X sessions
To configure multiple 802.1X sessions:

1. Modify the switch configuration for the port connected to the phone. Configure it so the voice VLAN is tagged and the data VLAN untagged.
2. Also, set the client-limit parameter on the switch to 3 to enable both the PC and the phone to authenticate. For example:

After configuration, a PC plugged into the dual port of the phone is authenticated by the RADIUS server:

The data VLAN can also be dynamically assigned using Identity Driven Manager. For example:

» Return to top

7.1 ProCurve switch firmware
Firmware versions of the ProCurve switches used for this application note are as follows:

• K.13.09 for the ProCurve ProVision switches (5406zl, 3500yl, 8212zl)
• R.11.07 for the ProCurve Switch 2610-PWR

» Return to top

7.2 Cisco phone firmware
Cisco Unified IP Phone 7971G firmware:

• SCCP 8.3(4)SR1 (cmterm-7970_7971-sccp.8-3-4SR1.zip)

A Cisco CCO login is needed to download the firmware version from Cisco web site.

To manage the Cisco phones you need Cisco Unified Call Manager version 4.1 or later.

http://www.polycom.com/usa/en/support/voice/wi-fi/spectralink_8020_wireless.html

» Return to top

This concludes the procedures for interoperating ProCurve switches and Cisco Unified IP telephones.

For further information about how to configure ProCurve switches and Cisco phones to support convergence, please refer to the following links:

• For user manuals for ProCurve 3500yl-5400zl-8212zl switches:
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=3500-6200-5400-ChapterFiles
• For ProCurve Switch 2610 series manuals:
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=2610
• For PCM+ and IDM manuals:
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=ProCurve-Manager
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=IDM
• For information on Cisco Unified IP phones:
  http://www.cisco.com/en/US/products/hw/phones/ps379/tsd_products_support_series_home.html

» Return to top