YEALINK NETWORK TECHNOLOGY CO.,LTD.

www.yealink.com

VLAN，LLDP and 802.1X

 Feature mechanism:
VLAN: VLAN is disabled on IP phones by default. You can configure VLAN for the Internet port
and PC port manually.
LLDP: Linker Layer Discovery Protocol is a vendor-neutral Link Layer protocol, which
allows IP phones to receive and/or transmit device-related information from/to directly
connected devices on the network that are also using the protocol, and store the
information about other devices.
CDP: CDP (Cisco Discovery Protocol) allows IP phones to receive and/or transmit device-related
information from/to directly connected devices on the network that are also using the protocol,
and store the information about other devices 802.1X
802.1X:
More details you can refer to the latest Yealink “Administrator” guide.

 Issue Description:
1. 802.1X: Yealink IP phones are currently connected to Cisco switches where 802.1x

authentication is enabled. We have one of the phone with EAD-MD5 configuration using

default IP Phone user name and password for authentication. However, packet captures

shows that the phones are not sending “EAPOL-Logoff” whenever the PC ports is

disconnected
2. Customer has manually configured a VLAN ID for phone, but the phone can’t obtain
the correct IP from this VLAN ID.
3. Phone can’t obtain the VLAN from LLDP.
4. Phone can’t obtain the IP.

 Resolution: （Checking list）

1. 802.1X issue:
You can configure the parameter with 1 through auto provisioning,
network.802_1x.proxy_eap_logoff.enable=1
## It enables or disables the 802.1x-logoff feature for the PC port.
0- Disabled, 1-Enabled
If it is set to 1 (Enabled), the 802.1x logoff message is sent to the authenticator when the PC is
disconnected.
If only can be supported by V71 or higher.
2. Customer has manually configured a VLAN ID for phone, but the phone can’t obtain
the correct IP from this VLAN ID.
Yealink phone has three ways to obtain VLAN ID , below is the priority
1
 YEALINK NETWORK TECHNOLOGY CO.,LTD.
www.yealink.com
LLDP>manually VLAN >DHCP Option

It may because the customer has enabled LLDP, so the phone use the VLAN ID received
from the LLDP. In this case, customer can disabled the LLDP feature to see if the phone
can work well.

3. Phone can’t obtain the VLAN from LLDP.

Ask the customer to provide the trace and then check whether the LLDP packet has
included the VLAN information. If it doesn’t has the VLAN information, the issue may
be caused by the Switch , ask the customer to check the setting of the Switch; if it has
the information , ask the customer to provide the config.bin file ,trace and level 6 syslog
that ask the R&D for help.
4. Phone can’t obtain the IP
a. There are a few possible reasons for this issue, first we can exclude the hardware issue
by reset the phone, configure static IP address, and connect other working phone to this
network cable.
b. Check whether customer’s network environment has VLAN, if not, ask them to disable
LLDP feature try
c. If customer’s network has VLAN, check whether the phone has been added in the
correct VLAN
d. Catch the trace to see if the DHCP progress is correct.

2
 YEALINK NETWORK TECHNOLOGY CO.,LTD.
www.yealink.com
Trace analysis:
802.1X:
You can filter with the trace with eap||eapol
If the phone has enabled 802.1X authentication, the phone will send Start request to the server
for authentication every 3 seconds for three time when power on.
The phone won’t response to the request if the server don’t need to authentication, like below.

If the server need authentication, it will show like below, the phone will response with “SUCCESS”
if authentication is successfully. The phone will receive with FAILURE packet when the phone has
configured with incorrect username or password, then you need to enter the correct user name
and password in the web UI.

VLAN:
The initiating process of the phone:
The phone send the LLDP packet when power on with network cable plugged in -> received LLDP

3
 YEALINK NETWORK TECHNOLOGY CO.,LTD.
www.yealink.com
Packet response from Switch ->the phone detect whether it included VLAN ID, if yes, the phone
will add this VLAN ID in all the new packets->the phone send DHCP to request for the IP->DHCP
serve assign the IP address for phone.

You can find related information include manufacture message in the LLDP packet when the
phone power on, by filer with lldp.

It includes switch information and VLAN information in the LLDP packet response by switch.

4
 YEALINK NETWORK TECHNOLOGY CO.,LTD.
www.yealink.com
You can find the detail VLAN information like below, the VLAN ID assigned for the phone is 73,
and you can find the phone will add this mark in the later DHCP packet. DHCP server assign
different segment IP addresses according to different VLAN ID.

Below is the process of DHCP to require for IP, the Phone send DHCP discover broadcast packet,
Switch will assign an IP for this phone after it receives this request. , filter the trace by bootp.

Note: if the phone disabled LLDP and DHCP VLAN, the phone can be considered as a PC, we
can use point to do debug.

Example 1
The phone can’t obtain the IP address but the PC in the same network can, in this case, we
can ask the customer to disable LLDP feature and then connect the phone to the network
port which the PC connect to and check if the phone can obtain the IP address .
Normally, the phone can obtain the IP address except the phone hardware issue.
So that we can consider the issue is caused by the LLDP, may be caused by the LLDP setting in
the Switch or maybe the issue in the phone side.
Example 2
Switch as the DHCP server, customer can’t find the IP address of the phone in the switch. But
as the Switch is the DHCP server, it should have a table where has recorded the IP assignment
information.
Check with the customer to see that the network doesn’t has the VLAN and switch can see
the IP address of the phone, in this case, ask the customer to disable LLDP feature to fix the
issue.

5
 YEALINK NETWORK TECHNOLOGY CO.,LTD.
www.yealink.com

 Products:
All

 Firmware version:
All