New Lync Aries Series Phone Reboots

Recently I was working with a client who was moving to a native Lync 2010 Enterprise Voice solution; a very exciting project and one that involved replacing an Avaya phone switch and the desktop phones with Lync and Polycom CX500CX600, and CX3000 phones. In addition to the new phone hardware, there was a switch upgrade happening at the same time to provide PoE to all of the desks. Cisco Catalyst 3750 switches were purchased and used for the new desktop switching which also supported the LLDP-MEP option for VLAN segregation (rather than the DHCP scope options).

Everything appeared to be going great until the next day. We noticed that in the morning as soon as the user unlocked their workstation or touched the phone it would reboot. Not a great result especially since we were using the Ethernet pass-through switch port on the back of the CX600 phones for the user's computer.

As it turns out, the issue dealt with the power saving modes of the Aries Phones and a PoE/LLDP-MEP compatibility issue. There are three stages of power on the phones, full, idle, and sleep. When the phones were jumping from sleep to full (at workstation unlock or touching a key) they jump an additional 2w. The Cisco switches, because LLDP-MEP was being used, knew the devices were phones and in a prevention action saw the jump as a surge and killed power to the port (thus the reboot).

The solution was simple - disable LLDP-MEP on the Cisco switches globally and add the DHCP options to assign the voice VLAN. Once this was done the phones remained up and all was well.

Thanks to Dave Howe of Microsoft PSS and Jeff Schertz of Polycom for pointing us in the right direction.

PIN Authentication Login Fails on the Devices, NTP

PIN Authentication works using the Test-CsPhoneBootstrap cmdlet but fails on Lync devices

Recently I decided to 'play' with my Lync devices by moving them to a dedicated voice VLAN on my network. After doing so, I noticed I was unable to use PIN authentication. I found this extremely odd especially since I had just told a fellow colleague how simple the PIN process was. From the Lync 2010 servers the Test-CsPhoneBootstrap cmdlet was passing with a code of Success making me even more perplexed. Digging a bit deeper into the issue, I noticed that the phones authenticating using a PIN as well as my CX700 phones were taking a significant amount of time at boot while they were acquiring their time.

Comparing my two VLANs nothing stood out until I remembered I did not allow the new VLAN Internet access (why should the phones need to go out to the Internet after all?). Well, as it turns out, they were getting their time service from time.windows.com come even though my Windows domain controllers were configured as NTP servers and their SRV records existed in DNS.

The solution was quite simple and all devices benifited from a faster boot time. Within DHCP there is a standard option, 042 NTP Servers, which I configured with mydomain controllers as the defined values. As soon as I added this option, the phones received their time nearly instantly and PIN authentication worked as expected.

Dedicated Voice VLAN for Lync Devices

There are multiple reasons to deploy a dedicated VLAN for your Lync devices - IP constraint, data partitioning, QoS, just because (my personal case). I decided it was a brilliant idea to move my phones to their own VLAN but wanted to make sure my PCs behind the various devices (Polycom CX600/CX700 and Aastra 6725ip) remained on the current VLAN.

In OCS, this was accomplished exclusively via DHCP options. The process was poorly documented for whatever reason by Microsoft (and nearly non-existent in OCS 2007 R2) although multiple bloggers came to the rescue and had (for the most part) the answers. In Lync Server 2010 in addition to the DHCP OPTION 43 'option' LLDP-MEP was introduced as a method to define the multiple VLANs. Unfortunately my older networking equipment did not support LLDP-MEP so I was pushed back into the DHCP realm (thank you Microsoft for retaining the option!).

Luckily the configuration of the second VLAN is exactly the same as it was in OCS although the process is manual. Why Microsoft didn't create a script like they did to create the 'other' PIN required DHCP options is beyond me. Below I have written a batch file to create the required functionality to make sure typos are eliminated. Like the Microsoft DHCP PIN script, the options are added at the Server Options level; if this is not what you want/need, go ahead and add the Option (010 VoiceVLAN) directly to the desired scopes and remove it from the Server Options.

Note: if the DHCP MMC is running when you execute this script, you will not see the changes made. To refresh, exit the MMC and re-launch.

Now to break down what we are doing in the script. When executed from an elevated prompt (ex. VoiceVLAN.bat 30) the script uses netsch to create a Vendor Class named CPEOCPhone with a value of CPE-OCPHONE. It then creates an option 10 definition called VoiceVLAN and assigns it (in this case) a value of 30. Simply replace 30 with the desired Voice VLAN number (displayed in HEX in the MMC). Manually this would be accomplished using the following steps.

Right-click on IPv4 and select Define Vendor Classes...

 

Select Add to define a New Class. The Display name is whatever you want it to be; the script sets it to CPEOCPhone with a Description of VLAN tagging for the Microsoft Phone Devices. The only part that MUST be entered exactly is the ID value. This is set most easily in ASCII by simply placing the cursor under the word ASCII and clicking. Enter CPE-OCPHONE (yes, case sensitive) and watch the Binary equivalent automatically appear.

 

Click OK to save the new Vendor Class and Close to complete the creation process.

Next the Predefined Options must be created (in this case, Option 10). Once again, right-click IPv4 in the DHCP MMC but this time select Set Predefined Options...

Change the Option class... to the newly created class (CPEOCPhone) where you will find no Options created. Click Add... to create the new option. In the Name, enter VoiceVLAN. Change the Data type to Word. In the Code, enter the number 10. Enter Phone VLAN in the Description and click OK.

 

The Predefined Options and Values will now display option 010 VoiceVLAN with no default Value. Click OK to close the configuration dialog. You must now add the option to one or more scopes. Select a scope and select Configure Options...

 

Select the Advanced tab and from the Vendor class drop-down select CPEOCPhone. A single option should be listed, 010 VoiceVLAN. Select the option and under Data entry enter your VLAN (ex. 30).

 

Click OK to add the Option to the selected DHCP scope and repeat as necessary.

IMPORTANT: After changing the VLAN options for the phones, a hard reset is required as the devices cache their VLAN information to avoid the query process each time. For the CX700 (Tanjay) this is accomplished by using a small object to push the reset button on the back of the phone. For the newer Lync phones (Polycom CX600/CX500 and Aastra 6725ip/6721ip) you must hold down the * and # keys while powering on the phone until prompted to reset the device (this takes a few minutes). After the phone reboots, the new DHCP options will be passed to the phone. The switch port the phone is attached to must already have both VLANs associated to it with the PVID (primary VLAN) set to the computer VLAN, not to the voice VLAN. Of course, normal routing and switching configuration must be completed as well (as defined by the switch/router vendor).

VoiceVLAN.bat

netsh dhcp server add class CPEOCPhone "VLAN tagging for the Microsoft Phone Devices" "CPE-OCPHONE" 1

netsh dhcp server add optiondef 10 VoiceVLAN Word 0 Vendor=CPEOCPhone comment="Phone VLAN"
netsh dhcp server set optionvalue 10 Word vendor=CPEOCPhone "%1"