Frame tagging will be supported as specified in IEEE Std 802.1Q [7.2-6], clause 9 and Annex C. 802.1Q tagging will be activated and deactivated as specified in the flowcharts in 96x1H-IPI.3.1.100, 96x1H-IPI.5.1.260, and 96x1H-IPI.5.1.600, for all frames generated by the telephone unless explicitly specified otherwise. The value transmitted in the VID (VLAN IDentifier) field will be the value of L2QVLAN and the value transmitted in the user_priority field will be L2QAUD for audio (RTP, RTCP, SRTP and SRTCP) frames, L2QSIG for H.323 signaling frames and zero for all other frames (e.g., RSVP, DHCP, ARP, DNS, HTTP, SNMP, etc.). Both tagged and untagged received frames will always be processed, but received Tag Control Information will be ignored.
Tagged frames will be padded such that they have a minimum length of 68 octets.
Rationale:
Although IEEE 802.3 only requires a minimum frame size of 64 octets, and section C.4.4.1 of 802.1Q makes it clear that, "for correct operation on 802.3/Ethernet, all devices have to be capable of correctly handling tagged frames of less than 68 octets in length," extra processing is required if tags are removed from shorter frames which must then be re-padded up to the 64-octet minimum. This was initially identified by IP Office, which removes tags before internally forwarding the frames in a manner very similar to Avaya IP telephones, which remove tags before forwarding frames to the secondary Ethernet interface.
Note:
In an IEEE 802.1Q tagged frame, the value of the length/type field will be 81-00 hex for IEEE 802.1Q (which may cause some equipment to reject them as having an unknown protocol type), followed by 2 octets of IEEE Std 802.1Q Tag Control Information (TCI). Thus, tagged frames look like they use Ethernet frame format at the outermost level even if they have ISO/IEC 8802-2 frames inside. IEEE 802.1Q tagging also adds 4 octets to the maximum length of a frame, so some older equipment may drop maximum-sized 802.1Q frames as oversized. The Tag Control Information consists of 3 bits for priority, 1 bit as a “Canonical Format Indicator” (CFI) and 12 bits for the VLAN ID (VID), as shown below:
For ISO/IEC 8802-2 frames, the Tag Control Information is followed by the “real” length field and the LLC information. For an Ethernet frame, the Tag Control Information is followed by the EtherType for the data field.
Thus, MAC frames with IEEE 802.1Q tagging have the following format:
Destination MAC Address
(6 octets)
Source
MAC Address
(6 octets)
802.1Q Ethertype (81-00 hex)
(2 octets)
802.1Q TCI
(2 octets)
Length/ Type
(2 octets)
Data/LLC
(46-1500 octets)
Frame Check Sequence
(4 octets)
Note:
Since the telephones can tag their own frames, upstream Ethernet switches may need to be configured to allow frames with the VLAN ID used by the telephone to be forwarded. Since frames generated by the device attached to the secondary Ethernet interface (typically a PC) will usually not tag their own frames or be capable of receiving tagged frames (which may be discarded as invalid), tagging should be removed from frames transmitted to the secondary Ethernet interface, either by the upstream Ethernet switch (which is the only way it can be done for a telephone with an internal shared Ethernet hub) or by an Ethernet switch in the telephone. Since the telephone does not need any of the tag information in received frames, the upstream switch port may be configured to remove all 802.1Q tags from frames transmitted towards the telephone.
Note:
When the VID (VLAN Identifier) field in an 802.1Q frame is set to zero, it will be changed to the default port VLAN ID by the network access switch.
Rationale:
A priority of zero is used for tagged frames that do not contain voice or signaling traffic based on the recommendation for Best Effort traffic in ISO/IEC 15802-3 [7.2-4] Annex H.2.
Approved
All telephones with an internal Ethernet switch will support VLAN separation as specified in the following flowchart.
Rationale:
It is preferable not to change the VLAN ID of priority-tagged frames received from the secondary Ethernet interface because the 802.1X standard allows a Supplicant to priority-tag EAPOL frames, but does not allow a Supplicant to tag EAPOL frames with a non-zero VLAN ID. While the standard does not explicitly state whether or not an Authenticator must accept or discard received EAPOL frames that have a non-zero VLAN ID, it is possible that they would be discarded. The Broadcom hardware in the 96xx telephones can only be configured to treat all tagged frames received on the secondary Ethernet interface in the same way, so the less-preferred operation is allowed. However, the Marvel switch used in the 96xx GigE adapter can be configured to strip off priority tags or to forward them unchanged while re-marking tagged frames that have a non-zero VLAN ID.
Note:
If VLANSEP is “1”, and if the telephone is tagging frames with a VLAN ID that is not the same as PHY2VLAN, and if the value of PHY2VLAN is not zero, the network access switch must be configured to not remove tags from frames forwarded to the Ethernet switch in the telephone for the VLANs to remain separated.
If VLANSEP = “1” but PHY2VLAN is set to zero (the default), only partial VLAN separation will be provided, in that a device attached to the secondary Ethernet interface will be prevented from transmitting frames on the voice VLAN, but the phone will not be protected from receiving frames from the data VLAN (all broadcast frames, frames unicast to the phone’s MAC address, and all unicast frames received from the network with a destination MAC address that is not the same as the PC’s) and the PC will be able to receive some frames from the voice VLAN (all broadcast frames, frames unicast to the PC’s MAC address, and all unicast frames received from the network with a destination MAC address that is not the same as the phone’s). Full VLAN separation requires knowledge of the data VLAN ID, which may be assigned or dynamically changed via network management to which the phone does not have access. In such cases, the data (port) VLAN ID could be provided via LLDP
(see 96x1H-IPI.5.1.260).
Rationale:
802.1Q tags are removed from frames transmitted on the secondary Ethernet interface by telephones with an internal Ethernet switch for two reasons: 1) to allow a telephone that is tagging its own frames for improved QOS to be able to communicate with an attached PC that does not support tagging, and 2) because not all switches that may be in the customer’s network may be able to selectively or completely remove tags from transmitted frames if they are configured to accept tagged frames (from the telephone for improved QOS). Just like the IP telephones, PCs that can be configured to tag transmitted frames can receive untagged frames without any problem.
Untagged frames received on the Ethernet line interface or on the secondary Ethernet interface must not be tagged before they are forwarded because some multicast frames such as BPDUs (that carry Spanning Tree Protocol) are not allowed to be tagged, and others such as 802.1X frames may only be priority tagged or not tagged at all.
Tagged frames received on the secondary Ethernet interface that do not have a VLAN ID equal to PHY2VLAN are “remarked” and forwarded rather than discarded because the Broadcom hardware does not distinguish between a VLAN ID of zero (which is a valid priority tag) and an incorrect non-zero VLAN ID.