Re: Voice VLAN - Access ports

From: Ed Lui (edwlui@gmail.com)
Date: Fri Jun 24 2005 - 22:34:30 GMT-3

• Next message: ccie2004@excite.com: "Re: NTP Basics"
• Previous message: Bajo: "sh run full or brief"
• Maybe in reply to: gladston@br.ibm.com: "Voice VLAN - Access ports"
• Next in thread: John Matus: "Re: Voice VLAN - Access ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Chris,
 It doesn't sound like what I learned from the DocCD. According to the
DocCD. Switch port connected to IPphone should be configured as access port
and NOT TRUNK. Take a look :
 Voice VLAN Configuration Guidelines

These are the voice VLAN configuration guidelines:

   - You should configure voice VLAN on switch access ports.
   - Before you enable voice VLAN, we recommend that you enable QoS on
   the switch by entering the mls qos global configuration command and
   configure the port trust state to trust by entering the mls qos trust
   cos interface configuration command.
   - The Port Fast feature is automatically enabled when voice VLAN is
   configured. When you disable voice VLAN, the Port Fast feature is not
   automatically disabled.
   - When you enable port security on an interface that is also
   configured with a voice VLAN, you must set the maximum allowed secure
   addresses on the port to at least two.
   - If any type of port security is enabled on the access VLAN, dynamic
   port security is automatically enabled on the voice VLAN.
   - You cannot configure static secure or sticky secure MAC addresses on
   a voice VLAN.
   - Voice VLAN ports can also be these port types:
      - Dynamic access port. See the "Configuring Dynamic Access Ports
      on VMPS Clients"
section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/35
50scg/swvlan.htm#94106>for
more information.
      - Secure port. See the "Configuring Port Security"
section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/35
50scg/swtrafc.htm#86378>for
more information.
      - 802.1X authenticated port. See the "Using 802.1X with Voice
      VLAN Ports"
section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/35
50scg/sw8021x.htm#50544>for
more information.
      - Protected port. See the "Configuring Protected Ports"
section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/35
50scg/swtrafc.htm#56161>for
more information

HTH,
 Ed Lui

 On 6/24/05, Chris Lewis (chrlewis) <chrlewis@cisco.com> wrote:
>
> This is a config that I believe works to make vlan 50 the voice vlan,
> and vlan 2 to be the data vlan, then sets data from the PC to CoS 0 and
> trusts CoS from the phone.
>
> Mls qos
>
> Vlan 50
> Name voice vlan
>
> Int fa0/16
> Switch access vlan 2
> Switch trunk encap dot1q
> Switch trunk native vlan 2
> Switch mode trunk
> Switch voice vlan 50
> switchport priority extend cos 0
> mls qos trust cos
>
> The switch access configuration in the interface defines what vlan the
> port belongs to if for some reason the port stops trunking. Voice vlan
> has to work on a trunk port for there to be traffic that are members of
> two vlans on it.
>
> It could be possible that the documentation you refer to is listing a
> restriction for configuring port security in addition to voice vlan,
> although I don't know for sure.
>
> Chris
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> gladston@br.ibm.com
> Sent: Wednesday, June 22, 2005 12:14 PM
> To: ccielab@groupstudy.com
> Subject: Voice VLAN - Access ports
>
> Hi,
>
> Looking for Port security information I read this:
>
> "Voice VLAN is only supported on access ports and not on trunk ports,
> even though the configuration is allowed"
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/scg/s
> wtrafc.htm#wp1038501
>
> Some time ago I was researching about this subject (if it would be
> allowed to configure an interface connected to an IPPhone with
> 'switchport mode trunk').
> One of the answers was 'yes'.
>
> Do you know if an IPPhone only works if the port is configured as access
> port?
> If yes, how does it work, considering the previous Cisco statement?
>
> Thanks for any feedback.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2004@excite.com: "Re: NTP Basics"
• Previous message: Bajo: "sh run full or brief"
• Maybe in reply to: gladston@br.ibm.com: "Voice VLAN - Access ports"
• Next in thread: John Matus: "Re: Voice VLAN - Access ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:43 GMT-3