Disclaimer

3CX only provides the ability to provision IP phones LAN/WAN port and optional the PC port. However, setting up of switches, DHCP and routing remains solely the network administrator obligation. Misconfiguration of VLAN settings will result in loss of connectivity to the device and a hard reset is required (to be executed on the device itself). Furthermore, if VLAN priorities mismatch to switch port configuration, poor audio quality or connectivity issues are expected. VLAN provisioning requires good switching/routing equipment to support those setups. 3CX VLAN provisioning can not work without matching switch/dhcp configuration of the network and therefore should only be used by experienced network engineers after test runs in lab environments.

Implementation

Here is 3CX best common practice while using the IP phone’s switching capability while splitting VoIP and Data traffic from each other.

Golden Rule:

1. It is not mandatory to do (admin overhead)
2. May use different switch port for workstations and IP phones
3. Mainly big installs benefit from the setup (saves switch ports)
4. Vlan tag on the switchport to move IP phone and PC combined in same subnet
5. Test it before rolling it out
6. Vlan Priorities do not solve fully overloaded network issues

The most common deployment among installations is the following:

1. Data Network

• no VLAN tag
• Workstations → 3CX WebClient, 3CXPhone
• Routing to 3CX PBX which is in Voice Network
  (HTTP/s, SIP and RTP Ports)

2. Voice Network

• VLAN tagged (for this example Vlan ID55
• 3CX Network Interface located in this network

The above requires the IP Phone to be configured in the Voice network, therefore a VLAN tag is required and the workstation in the Data Network without any VLAN tag. For this example we will use the following topology:

1. Data Network 10.10.10.0 / 24

• Workstation IP 10.10.10.3 / 24

2. Voice Network 10.10.20.0 / 24 (Vlan Tag 55) ← Lan/WAN Port Vlan

• 3CX PBX IP 10.10.20.2 / 24
• IP Phone 10.10.20.5 / 24

As from the network layout above an issue arises. Newly plugged in IP phones do not have any Vlan configuration and will acquire an IP address in the Data Network as it is untagged. Due to the simplest form to provision an IP device will be using PnP provisioning, which is limited to devices within the same subnet as 3CX, the IP phone must be instructed to automatically switch into the “Voice Network” in order to send its “Multicast” which then can be intercepted by 3CX for provisioning.

DHCP Option 132

Note: LLDP on switch level must be disabled to function correctly!

Within your DHCP server create a new DHCP option, Option 132. In this enter the Vlan ID (55 to match the sample given) a device should assume once it understands this option (Workstations commonly don’t read this value and will not be affected by the change). IP phones will get an IP address from the Data Network, evaluate DHCP Option 132, release the IP address, change to Vlan ID configured in the DHCP option 132 and will request another IP address from the DHCP server on Vlan 55.

Once completed, the IP phone will send it multicast which can be answered from the 3CX Management console.

LAN/WAN Port

From the phone provisioning tab of the IP phone, the Vlan port can now be hard coded to match the Vlan ID given out by the DHCP option 132.

Benefit of setting the same values via Provisioning then in the DHCP option are:

– The device does not fakely takes an IP address from the data network to learn the Vlan ID

– DHCP option 132 become unrespected from the IP phone

Priority (802.1p) 

The Priority option is enabled on VLAN activation. The priority field can take a value between 0 – 7. The priority value determines how the packet is going to be handled on the network level by the participating network nodes. Note that this value is immediately connected to the network configuration, network infrastructure and network topology therefore any changes may have the opposite results that may lead to audio corruption and even call instability. 1 = low priority, 6 = high priority. 7 should generally not be used as it is for emergency service.

An IP phone should always have a higher priority over the data network as real time traffic is handled.

PC Port (Optional)

Not setting the PC port VLAN tag within 3CX, will trigger the PC port to follow the default/untagged network, which is connected through the WAN/LAN port (Data Network). It should not be confused with “Disabling” the port. Not configuring it in 3CX will not shutdown the port for access!

In some network, the workstation behind the IP phone should be moved (tagged) in a different Vlan than the default. In this case the PC also need to be tagged and will rely solely on the IP phone configuration in order to determine in which network its data will be send (as it it will be tagged by the IP phones switch port). A sample network might look like:

1. Boarding Network 10.10.10.0 / 24

• DHCP Only Network 10.10.10.3 / 24

2. Voice Network 10.10.20.0 / 24 (Vlan Tag 55) ← Lan/WAN Port Vlan

• 3CX PBX IP 10.10.20.2 / 24
• IP Phone 10.10.20.5 / 24

3. Data Network 10.10.30.0 / 24 (Vlan Tag 77) ← PC Port Vlan

• Workstation IP 10.10.30.3 / 24

Sample Flows

Provision an IP Phone with VLAN tag within the Voice Network and DHCP Option 132

• Connecting the IP Phone, the device will allocate a local IP taken from the Data Network range (10.10.10.5). Data Network is not allowed to access the PBX (10.10.30.2) therefore Phone cannot be automatically be provisioned (PnP).
• Configure a DHCP static allocation for the IP Phone and pass DHCP option 132 with value (text) 55
• Reboot the IP Phone
• Upon reboot, the IP Phone will be assigned to get VLAN tag 55, and will re-allocate an IP address within the range of Voice Network (10.10.20.5).
• Under 3CX Console > Phones select the IP Phone and assign or add it to an extension
• Enable the option “Enable VLAN for WAN PORT” under VLAN Configuration
• Under “Configure your VLAN settings below for WAN PORT VLAN ID (numeric vendor dependant – Snom can be empty, allowed values are 1-4094).” set the value to 55.
• Apply the changes
• The IP Phone will get the configuration file and reboot
• Upon reboot, the IP Phone’s WAN/LAN port, will be tagged with VLAN ID 55
• A local IP address within the Voice Network (10.10.20.5) will be allocated from the IP Phone
• DHCP option 132 will be overwritten by the configuration file upon provisioning.

Provision an IP Phone with VLAN tag within the Voice Network

• Connecting the IP Phone, the device will allocate a local IP taken from the Data Network range (10.10.10.X)
• Under 3CX Console > Phones select the IP Phone and assign or add it to an extension
• Enable the option “Enable VLAN for WAN PORT” under VLAN Configuration
• Under “Configure your VLAN settings below for WAN PORT VLAN ID (numeric vendor dependant – Snom can be empty, allowed values are 1-4094).” set the value to 55.
• Apply the changes
• The IP Phone will get the configuration file and reboot
• Upon reboot, the IP Phone’s WAN/LAN port, will be tagged with VLAN ID 55
• A local IP address within the Voice Network (10.10.20.5) will be allocated from the IP Phone

Provision an IP Phone with VLAN tag within the Voice Network and connect a workstation on PC port within the Data Network

• Connect the Workstation on the PC port of the IP Phone and the WAN/LAN port of the IP Phone on the network
• Connecting the IP Phone, the device will allocate a local IP taken from the Data Network range (10.10.10.5)
• The PC Port will also get a local IP from the Data Network pool (10.10.10.3).
• Under 3CX Console > Phones select the IP Phone and assign or add it to an extension
• Enable the option “Enable VLAN for WAN PORT” under VLAN Configuration
• Under “Configure your VLAN settings below for WAN PORT VLAN ID (numeric vendor dependant – Snom can be empty, allowed values are 1-4094).” set the value to 55.
• Do not enable the option “Enable VLAN for PC PORT”
• Apply the changes
• The IP Phone will get the configuration file and reboot
• Upon reboot, the IP Phone’s WAN/LAN port, will be tagged with VLAN ID 55 and the PC port will keep listening/be part of the Data Network (10.10.10.3).
• A local IP address within the Voice Network (10.10.20.5) will be allocated from the IP Phone