Skip to main content
ybkevin
ybkevin
New Member
October 19, 2023
Solved

voip and pc data vlans on same fortiswitch port

  • October 19, 2023
  • 3 replies
  • 5792 views

hello everyone.

i have a fortiswitch 224E PoE connected on fortilink to a fortigate 60f. initially i used an cisco switch which allowed on the same port voice vlan and data vlan so desktop can access is vlan through the ip phone second port.

now with the fortiswitch i tried the voip vlan for native vlan and the pc vlan as allowed vlan and the pc cant access his network. if i reverse vlans my pc access his network but the ip phone doesn't reach his.

need some help please

Best answer by Toshi_Esumi

The link @ebilcari provided was for FortiSwitch config (standalone). In case configured from a FGT over fortilink, the LLDP-MED config admin guide is below:
https://docs.fortinet.com/document/fortiswitch/7.2.6/fortilink-guide/173276/configuring-lldp-med-settings
With FGT switch-controller, you don't directly configure VLAN ID, instead VLAN interface is specified. Apparently the FGT picks up the VLAN ID from the interface and send it to the FSWs.

Below is our example. Some phones use only "voice", others might use both "voice" and "voice-signaling". It's up to phones. We ended up not using fortilink so we don't use this but directly configure FSWs though.

config switch-controller lldp-profile     edit "our-voice-lldp"         set med-tlvs network-policy         config med-network-policy             edit "voice"                 set status enable                 set vlan-intf "our_voice"                 set assign-vlan enable                 set priority 5                 set dscp 46             next             edit "voice-signaling"                 set status enable                 set vlan-intf "our_voice"                 set assign-vlan enable                 set priority 5                 set dscp 24             next         end     next end

 

config switch-controller managed-switch     edit "<serial_number>"         config ports             edit "<port_name>"                 set lldp-profile "our-voice-lldp"             next         end     next end

 

Toshi

3 replies

tayor93
tayor93
New Member
October 19, 2023

Based on this and your first post, it seems like you need to tag the VoIP VLAN and leave the data VLAN untagged. Try this first if you haven’t already as it will likely replicate your HP setup.

ebilcari
Staff
ebilcari
Staff
October 19, 2023

If you are not using RADIUS authentication on the port level than you can try LLDP-MED as shown in the deployment example here. In case you can't make it work with LLDP last resort is to use a tagged VLAN for Voice at the switch port and manually configure every IP Phone to use tagged VLAN on their uplink ports.

Emirjon
    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    October 19, 2023

    The link @ebilcari provided was for FortiSwitch config (standalone). In case configured from a FGT over fortilink, the LLDP-MED config admin guide is below:
    https://docs.fortinet.com/document/fortiswitch/7.2.6/fortilink-guide/173276/configuring-lldp-med-settings
    With FGT switch-controller, you don't directly configure VLAN ID, instead VLAN interface is specified. Apparently the FGT picks up the VLAN ID from the interface and send it to the FSWs.

    Below is our example. Some phones use only "voice", others might use both "voice" and "voice-signaling". It's up to phones. We ended up not using fortilink so we don't use this but directly configure FSWs though.

    config switch-controller lldp-profile     edit "our-voice-lldp"         set med-tlvs network-policy         config med-network-policy             edit "voice"                 set status enable                 set vlan-intf "our_voice"                 set assign-vlan enable                 set priority 5                 set dscp 46             next             edit "voice-signaling"                 set status enable                 set vlan-intf "our_voice"                 set assign-vlan enable                 set priority 5                 set dscp 24             next         end     next end

     

    config switch-controller managed-switch     edit "<serial_number>"         config ports             edit "<port_name>"                 set lldp-profile "our-voice-lldp"             next         end     next end

     

    Toshi

      ybkevin
      ybkevinAuthor
      New Member
      October 23, 2023

      thank to y'all. all things running up now

      Terms & ConditionsAccessibility statement