IP PHONE DEPLOYMENT PART 3 OF 6
Table Of Contents
3- Key Elements Of DHCP Configuration & Overview of DHCP Provisioning
Key Elements Of DHCP Configuration & Overview of DHCP Provisioning
When converging the voice and data networks there are several key features that attract administrators. These features are addressed by the (heritage Nortel) Automatic Provisioning feature which provides for auto configuration of multiple IP Phone features. Introduced originally with the Nortel-i2004-A specification, Nortel initially only covered a basic set of features. As this feature set grew, Nortel (and now Avaya) chose to expand the Automatic Provisioning functionality through the use of the Nortel-i2004-B string, replacing the Nortel-i2004-A string.
This article will discuss a few of the key elements of DHCP configuration and provide an overview of the DHCP Automatic Provisioning feature set. In part five of this six part series we will cover Automatic Provisioning using TFTP and HTTP. Automatic Provisioning via TFTP and HTTP introduces a greater level of control than is offered via DHCP as well as the ability for administrators to distribute provisioning demands in large scale environments, both reducing system performance impacts as well as increasing both security as well as redundancy.
Benefits of DHCP and auto-configuration
- Reduce administration overhead; simplifying the implementation and maintenance of a VoIP network.
- Reduce TCO through convergence of the Voice and Data networks— running the voice traffic over the same network equipment as the data traffic, but giving the voice traffic the necessary priority to maintain quality of service.
- Control IP Phone deployment security, including: restricting network access to authorized devices only, encrypting the voice media stream, preventing unauthorized phone relocation and reconfiguration.
DHCP B-string feature groups
Let’s look briefly at the feature groups supported by the Nortel-i2004-B (i.e., B-string) DHCP option string. This information is covered in more detail in the IP Deskphones Fundamentals guide (NN43001-368), in Appendix B: Provisioning the IP Phones:
- Extensible Authentication Protocol (EAP), 802.1x – IP Phone interaction with port-based network security.
- Connect Server Access – configuration of the IP Phone for registration with the Connect Servers (i.e., Signaling Servers).
- Other Networking – other networking features such as HTTP provisioning, LLDP, Certificate Authorities, etc.
- Voice VLAN – 802.1q, 802.1p, VLAN tagging and QOS configuration for the Network port for Voice traffic originating from the IP Phone itself.
- PC Port – Despite its name, the PC port feature group controls speed and duplex settings for both the Network and PC ports, as well as the enable/disable control of the PC port.
- Data VLAN – 802.1q, 802.1p, VLAN tagging and QOS configuration for the Network port for Data traffic originating from the PC Port.
- Differentiated Services Code Point (DSCP) – QOS configuration.
- Application Gateway – XAS Server (Application Gateway 1000/2000, the AG2K was EOL December 2012. Some of the AG2K features have been migrated directly into the UNIStim firmware under Push and WML. There are however replacement products available.)
- Miscellaneous – TFTP provisioning, Bluetooth, Menulock, and USB controls
- Display Control – Font, contrast, brightness, dimmer, background, slideshow and other display replated features.
- Error Logging – Automatic recovery and error logging feature settings.
- Security – Call recording type & security, phone menu security, and remote diagnostic access.
- Virtual Private Networking (VPN) – configuration of the built in VPN client for Avaya 1120, 1140, 1150 and 1165 IP Deskphones.
- Push – configuration of Audio Push features. See also the Audio PushSDK.
- Wireless Markup Language (WML) Browsing – configuration of built in browser functionality
DHCP Options, Vendor-specific, Site-specific
When you configure a DHCP option, you have to use a Vendor-specific or Site-specific option code. This DHCP option is sent with every DHCPOFFER (DHCP Offer) and DHCPACK (DHCP Acknowledgement). The available DHCP Option codes are limited by the specifications outlined in the IP Deskphones Fundamentals guide (NN43001-368).
- DHCP Option 43 — In Windows NT environments, vendor-specific option 43 only supports 16 octets (i.e., bytes/characters) of data which is insufficient to support minimum length for the DHCP string (A-string or B-string). For Windows NT environments, use of a site-specific options is required. Use DHCP Options 128 (0x80) through 254 (0xFE) instead.
- DHCP Options available for backward compatibility: 131, 144, 157, 188, 191, 205, 219
- Recommended DHCP Options: 224, 227, 230, 232, 235, 238, 241, 244, 247, 249, 251, 254
RFC 3942 states that DHCP site-specific options 128 to 223 are reclassified as publicly defined options. The IP Deskphone supports 7 (note: documentation says 9) vendor-specific options in this range and continues to do so for backward compatibility but, because of RFC 3942, continued use of these options is discouraged to avoid potential future collision.
A-String and B-String
Administrator must use either the A-string or the B-string in a single subnet. Use of both may cause unexpected behavior up to and including failure to register.
DHCP Auto-VLAN feature, VLAN-A string
In addition to the Nortel-i2004-A or -B string specification, Avaya CS1000 IP Phones can automatically provision Voice VLANparticipation (802.1q) through the VLAN-A string. This increases the demand on the DHCP server associated with the default VLAN (access VLAN in Cisco terminology, Primary VLAN ID or PVID in Avaya data terminology). For larger environments where this load must be mitigated, Avaya offers the ability to provision the Voice VLAN through LLDP or ADAC (Automatic Detection, Automatic Configuration). We’ll discuss LLDP/ADAC in more detail in next weeks topic.
When configuring the VLAN-A option in an environment, the VLAN-A option is configured in the Access/Primary VLAN while the Nortel-i2004-B string is configured in the Voice VLAN.
Some key B-string features are:
- s1ip / s2ip = Primary/Backup Connect Server IP address
- p1/p2 = Primary/Backup Connect Server port number (often 4100 for CS1000 environments)
- a1/a2 = Primary/Backup Connect Server action (always 1)
- r1/r2 = Primary/Backup Connect Server retry value (I like 3— this is how many times the IP phone will attempt to connect to each server prior to failing. r1 failures failover to attempt connection with the Backup Connect Server, r2 failures result in IP Phone rebooting.)
- vq = Voice 802.1q (usually set to [y]es)
- pc = Enable/disable the PC port using y or n, but does not apply to 2001 IP Phones. Can be used to prevent the PC port from working to increase network security (i.e., controlling network access.)
- pcs = PC Network Interface Speed (Due to a speed mismatch issue, pcs should be manually set to Network Port speed if the Network Port speed is less than 1 GB.)
- pcd = PC Network Interface Duplex ([a]utomatic, [f]ull or [h]alf duplex)
- dq = Data 802.1q (usually set to [y]es)
- dvid = Data VLAN ID, in case the PC should be put in a VLAN other than the Voice or Access/Primary VLAN. Or, in case the default VLAN has been configured with no network access for security reasons.
- pcuntag = y/n; strip tags from packets forwarded to PC port
- bt = y/n; Enable Bluetooth (Applicable to 1140, 1150, 1165 IP Phones only.) TIP: There are only 79 Bluetooth channels. Having multiple Bluetooth headsets in a small space can cause headsets to fail to register.
- menulock = [f]ull, [p]artial, [u]nlocked; restricts access to the services/diagnostic menus
- hd = [w]ired, [b]luetooth, [u]sb, [n]one; headset type (Applicable to 1120, 1140, 1150, 1165 IP Phones only.)
- ll = [cr]itical, [ma]jor, [mi]nor, [in]formational; log level for diagnostics
- menupwd = 1-21 character Administration password (applicable when menulock set to [f]ull or [p]artial.)
- ssh = y/n; Enable SSH for diagnostic access
- sshid = 4-12 character SSH login ID
- sshpwd = 4-12 character SSH login password
WARNING: Passwords configured via TFTP, HTTP or DHCP are sent as clear text and can be sniffed from the network.
TIP: When a refurbished phone is returned from the repair center, restoring the phone to factory defaults is not part of the refurbish process. If the configured DHCP settings are not applying as expected, a factory default reset of the IP Phone is recommended.