From: Zajeski, Michael (mikezajeski@sentinel.com)
Date: Wed Nov 03 2004 - 10:39:10 GMT-3
We usually recommends mirroring an octet to easily identify Phone's IP
Address vs. the workstation. For example, if your company uses the
range 10.0.100.0 /24 for a certain vlan, you might want to consider
using 10.10.100.0 /24 for your voice vlan. This will make acl's easier
to write as well as integrate with IDS systems.
MZ
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Wednesday, November 03, 2004 5:45 AM
To: 'Edward Sohn'; ccielab@groupstudy.com
Subject: RE: Voice VLAN Design (was RE: voice Vlan)
Use the same design guidelines that you do for other IP ranges. Bear in
mind that for multiple VLANs, you will need different ACLs to make sure
that
phones only talk to other phones, gateways and Call Manager/Unity/etc
systems, but not the real world!
I've seen it done both ways though!
Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
#4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist,
IP
Telephony Support Specialist, IP Telephony Design Specialist, CISSP
CCSI #21903
swm@emanon.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Edward Sohn
Sent: Wednesday, November 03, 2004 2:10 AM
To: ccielab@groupstudy.com
Subject: Voice VLAN Design (was RE: voice Vlan)
I have another question...
It is conceivable that my IP phone infrastructure consist of 1000+
phones.
When assigning this voice VLAN, how is this partitioned in the IP space?
Is
it a single /22 VLAN or is this broken up somehow? How do large
corporations do this?
Can you guys share your experiences on this for me as I am planning a
VoIP
implementation soon?
Thanks,
Ed
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Copleston, Daniel (LDN Int)
Sent: Tuesday, November 02, 2004 9:01 AM
To: 'David Pues (dpues)'; Brian McGahan; reo@chavallos.net;
ccielab@groupstudy.com
Subject: RE: voice Vlan
This will also work with non-Cisco phones that do not support CDP as
long as
the phone supports some other method of finding out that it should tag
its
packets. We find config such as the below on a 3750 works fine with
Nortel
handsets that use additional DHCP options to find out that they should
tag
packets:
interface FastEthernet4/0/12
switchport access vlan 5
switchport mode access
switchport voice vlan 498
spanning-tree portfast
!
In this set-up the phone initially aquires a DHCP provided IP address on
the
access vlan but the DHCP details also tell the phone the vlan it should
be
on. At this point the handset releases the IP address it had obtains and
sends a 2nd DHCP request but this time with the Ethernet frames tagged
with
the VLAN ID specified in the first DHCP response - the result is an IP
address in the voice VLAN is assigned and the phone tags all Ethernet
frames
orginated. The switch accepts these frames and treats them correctly
without
any additional trunking configuration.
Thanks
Dan
-----Original Message-----
From: David Pues (dpues) [mailto:dpues@cisco.com]
Sent: 02 November 2004 16:48
To: Brian McGahan; reo@chavallos.net; ccielab@groupstudy.com
Subject: RE: voice Vlan
It all depends on the type of switch used. Basically a trunk is NOT a
requirement between the IP phone and the switch except eg for a switch
module in a router.
The voice vlan config is basically there to let the phone know via CDP
how
to tag the packets it sends (originated from the phone). At that moment
the
phone will just pick this up via CDP and when ever it sends a packet, it
will tag it. The way Cisco has implemented this does not require a trunk
to
be there (with the above exception). In this mode, the switch will also
not
tag any packets out the port, which is not required as the phone just
looks
at the destination MAC address and only sends these packets to its logic
(phone does MAC filtering). It does not really look at the tags.
The voice vlan has a significance upstream to the network, not
downstream to
the phone/pc.
Eg on a Cat4k, cat6k, cat3550 etc, putting the port in access mode into
the
data vlan and assigning the voice/auxiliary vlan should do the trick.
When you do configure a .1Q trunk, make sure to configure the data vlan
for
the pc as the native vlan (as the phone just forwards the packets which
are
not destined for the phone logic, without untagging the
packet) unless the daisy-chained device understands the tags....
So, Ahmed, native vlans are used when trunking and makes sure that the
data
packets are untagged; access vlan is used in access mode.
My 2 cents,
David - CCIE 9666
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian McGahan
Sent: Tuesday, November 02, 2004 5:29 PM
To: reo@chavallos.net; ccielab@groupstudy.com
Subject: RE: voice Vlan
You cannot issue the "switchport mode access" command on the
interface otherwise trunking negotiation cannot occur.
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> reo@chavallos.net
> Sent: Tuesday, November 02, 2004 9:51 AM
> To: ccielab@groupstudy.com
> Subject: Re: voice Vlan
>
> Here's an example
>
> ---
> interface GigabitEthernet1/2
> no ip address
> switchport
> switchport access vlan 30
> switchport mode access
> switchport voice vlan 130
> ---
>
> ----- Original Message -----
> From: "Ahmed Hassan" <ahmed_hassan@rayatelecom.net>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, November 02, 2004 1:01 AM
> Subject: voice Vlan
>
>
> > HI,
> > When we configure a port with the command Switchport voice Vlan 20
> >
> > How we configure the data VLAN on the same port
> >
> > Switchport access vlan 10
> >
> > Or
> >
> > Switchport native vlan 10
> >
> > Or Both
> > Switchport access vlan 10
> > Switchport native vlan 10
> >
> > Best Regards
> > Ahmed Hassan
> > Product Development Supervisor
> > Raya Telecom
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:37 GMT-3