From: Voss, David (dvoss@heidrick.com)
Date: Thu Mar 13 2003 - 23:30:02 GMT-3
In the CAT3550 guide, it specifically states that mls qos must also be
enabled, not as an option, but as a requirement. I've noticed that this
does not come up very often in voice vlan discussions.
Command Purpose
GLOBAL CONFIG
mls qos Enable QoS for the entire switch.
INTERFACE CONFIG
mls qos trust cos Classify ingress traffic packets with packet
CoS values.
switchport voice vlan 100 Instruct the Cisco IP phone to forward all
voice traffic through the specified VLAN. By default, the Cisco IP phone
forwards the voice traffic with an 802.1Q priority of 5.
Configuring Ports to Carry Voice Traffic in 802.1P Priority-Tagged Frames
Beginning in privileged EXEC mode, follow these steps to configure a port to
instruct the IP phone to give voice traffic a higher priority and to forward
all traffic through the native VLAN.
Command Purpose
GLOBAL CONFIG
mls qos Enable QoS for the entire switch.
INTERFACE CONFIG
mls qos trust cos Classify ingress traffic packets with packet
CoS values.
switchport voice vlan dot1p Instruct the switch port to use 802.1P
priority tagging for voice traffic and to use the default native VLAN (VLAN
0) to carry all traffic. By default, the Cisco IP phone forwards the voice
traffic with an 802.1P priority of 5.
-----Original Message-----
From: Songbin Wei [mailto:sbwei_2000@yahoo.com]
Sent: Thursday, March 13, 2003 12:03 PM
To: jfaure@sztele.com; ccielab@groupstudy.com
Subject: Re: VOICE VLANS & 802.1X AUTHENTICATION in 3550 switch
For voice vlan configuration, we have two options:
1. 'multiple access' port
The concept of 'multiple access' is not in the
documentation yet. But that is the way the port works.
int f0/10
switchport access vlan 10
switchport voice vlan 20
Usually an access port can only accept one Vlan. But
for voice vlan, it will create a virtual port which
takes care of dot1q frames. To use dot1x, this is the
only option for voice vlan.
2. dot1q trunk mode
int f0/10
switchport trunk encap dot1q
switchport mode trunk
switchport trunk native vlan 10
switchport voice vlan 20
This configuration puts the switchport to trunk mode.
But remember that data traffic coming from IP phone is
not tagged (native), so you MUST configure the native
vlan, otherwise the data traffic will be dropped. You
may also need to configured 'switchport trunk allowed
vlan 10,20' so that traffic from other vlans won't be
punted to the IP phone.
--- jfaure@sztele.com wrote:
> Hi all:
>
> We are trying to configure 802.1x port
> authentication in a 3550 port that
> has a voice vlan. You know to support the voice
> vlan and 1 data vlan (if
> you have a cisco 7960 ip phone with 1 pc, connected
> to this 3550 port for
> example) you need to configure the catalyst port as
> a trunk with dot1q.
>
> We have read that it's possible to perform 802.1x
> authentication with voice
> vlan in the 12.1.13EA1 3550 configuration guide.
> However, if you try to put
> the "dot1x port control auto" command in an 3550
> interface configured for
> voice vlan, the system saids that this command isn't
> supported in trunk
> mode.
>
> Do you have tested this subject any time? Any help
> would be apreciated.
>
> Regards
>
>
>
> Juan Faure Ferrer
> email: jfaure@sztele.com
>
> Lmnea de Negocio de Telematica y CC
> Ingeniero de Integracisn de Redes y Sistemas
>
----------------------------------------------------------------------------
>
> SOLUZIONA TELECOMUNICACIONES
> Servicios Profesionales de UNION FENOSA
> Jerez, 3
> 28016 MADRID
> tel 91 579 30 00 fax 91 350 72 83
>
---------------------------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:39 GMT-3