• October 31, 2024, 07:28:43 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Voice VLan with Fortinet Fortigate interoperability  (Read 6498 times)

lorx

  • Level 1 Member
  • *
  • Posts: 1
Voice VLan with Fortinet Fortigate interoperability
« on: September 22, 2017, 10:21:07 AM »

Hi,

I have little remote site with a Fortinet Fortigate, a DGS-1210-08P and two Cisco Phone 7861.
I configured the internal Fortigate interface with the base Vlan 1 and an additional Vlan called Voip id 5.
Also the switch is configured with the Vlan 1 and Voip Vlan 5, the port connected to the Fortigate as the Vlan id 1 untagged and the Vlan id 5 tagged.
I enabled the Voice VLAN on the DGS and added the Cisco Phone OUI (08-CC-A7-00-00-00) of my phones.
The port inwitch the phones are connected go dynamically to tag to Voip Vlan, and the two phones takes its ip from the Fortigate DHCP sevice, but I can't ping the phones from Fortigate and the phones can't connect to the call manager to register it. Appear that only DHCP registration works.
If I disable Voice Vlan feature on the DGS and I configure the ports connected to the phones with Vlan id 5 untagged (Vlan 1 not member)  all it works.
Then it seams that Voice Vlan configuration is not fully compatible with Fortigate.
Is there a way to solve it?

Regards.
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: Voice VLan with Fortinet Fortigate interoperability
« Reply #1 on: September 23, 2017, 06:41:50 AM »

Hi,

please check if you have configured the D-Link Voice VLAN feature as described here, while adapting the sample situation to your needs.

The D-Link working model for voice vlan is to require the phone to send untagged frames that are dynamically assigned to the voice vlan according to the MAC source address of the phone (its OUI part, that is the first 24 bits which tell the vendor). I read somewhere that Cisco phones may also operate in a different way where they require CDP (Cisco Discovery Protocol) and a switch sending CDP (that is: a Cisco switch) in order to learn which voice vlan is configured by the switch and then send voice frames already tagged with that dynamically learned voice vlan ID. This operating mode wouldn't be compatible with a D-Link switch.

I don't know Fortigate, but according to my understanding of your scenario there are no compatibilty needs between D-Link's voice vlan features and your Fortigate: All you need is a VLAN trunk for voice and data vlan on the physical link between your D-Link switch and your Fortigate. In addition you need two DHCP scopes defining two IP pools for the different IP networks that are assigned to your data and voice vlan. Did you check if devices in data and voice vlan get IP addresses from the corresponding data and voice IP pool respectively? If your phones get IP addresses from the IP pool defined for your data vlan something goes wrong either with your DHCP and vlan configuration at the Fortigate side or with the correct vlan assignment of data (DHCP discover and request packets) sent from your phones to the switch.

PT
« Last Edit: September 23, 2017, 06:56:10 AM by PacketTracer »
Logged