From: Ed Lui (edwlui@gmail.com)
Date: Sat Jun 25 2005 - 02:26:57 GMT-3
Chris,
I have been struggling about 2 vlans on an access port for a while. I know
it works with either access port or trunk port let say with a 7960. What I
understand is, an access port can not carry traffic for more than 1 vlan.
Somehow, the documentation told me voice vlan is an exception. Then I labbed
it up myself(3550 EMI + 7960). The result is an access port can carry data
on one vlan and voice on another within the same access port. And that is
what the documentation said, too.
Consider those underlined below. Portfast is for access port and not for
trunk port.
Voice VLAN Configuration Guidelines
These are the voice VLAN configuration guidelines:
- *You should configure voice VLAN on switch access ports.*
- Before you enable voice VLAN, we recommend that you enable QoS on
the switch by entering the mls qos global configuration command and
configure the port trust state to trust by entering the mls qos trust
cos interface configuration command.
- *The Port Fast feature is automatically enabled when voice VLAN is
configured*. When you disable voice VLAN, the Port Fast feature is not
automatically disabled.
Per your config :
Int fa0/16
Switch access vlan 2
Switch trunk encap dot1q<---to be removed----->
Switch trunk native vlan 2<---to be removed----->
Switch mode trunk<---to be removed----->
Switch voice vlan 50
switchport priority extend cos 0
mls qos trust cos < or "mls qos trust device cisco-phone" should also work >
It works with those lines removed. But also WORKS WITH THOSE LINES. I am so
confuse about the configurations. Wish someone can explain the Pros and Cons
between the 2. Finally, I also have the same book you guys have and
understand it says trunk port configuration needs to be included. On the
other hand, documentation from cisco.com <http://cisco.com> said access
port.
:)
Ed Lui
On 6/24/05, Chris Lewis (chrlewis) <chrlewis@cisco.com> wrote:
>
> Hi,
>
> John, that is correct, the 7960 uses trunking, the cheaper ones do not.
>
> Ed, my question to you is if you are told to configure a switch port to
> have voice traffic from the phone in vlan 50 and data traffic from a PC
> attached to the phone in vlan 2, how can you do that without configuring
> trunking on the port? Clearly you would not want data traffic rom the PC
> in the same vlan as the voice traffic, otherwise it ceases to be a voice
> vlan :)
>
> Chris
>
> -----Original Message-----
> From: John Matus [mailto:jmatus@pacbell.net]
> Sent: Friday, June 24, 2005 9:32 PM
> To: Ed Lui; Chris Lewis (chrlewis)
> Cc: gladston@br.ibm.com; ccielab@groupstudy.com
> Subject: Re: Voice VLAN - Access ports
>
> my ciscopress lab book is in the car...........but....
> i think it all depends on which type of phone you are using.
>
> i believe that the cheapy phones actually use the "switch access vlan"
> for their traffic and a more expensive one <if i can remember correctly,
> the 7960 phone??> uses trunking.
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
> ----- Original Message -----
> From: "Ed Lui" <edwlui@gmail.com>
> To: "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
> Cc: <gladston@br.ibm.com>; <ccielab@groupstudy.com>
> Sent: Friday, June 24, 2005 6:34 PM
> Subject: Re: Voice VLAN - Access ports
>
>
> > Chris,
> > It doesn't sound like what I learned from the DocCD. According to the
> > DocCD. Switch port connected to IPphone should be configured as access
>
> > port
> > and NOT TRUNK. Take a look :
> > Voice VLAN Configuration Guidelines
> >
> > These are the voice VLAN configuration guidelines:
> >
> > - You should configure voice VLAN on switch access ports.
> > - Before you enable voice VLAN, we recommend that you enable QoS on
> > the switch by entering the mls qos global configuration command and
> > configure the port trust state to trust by entering the mls qos
> trust
> > cos interface configuration command.
> > - The Port Fast feature is automatically enabled when voice VLAN is
> > configured. When you disable voice VLAN, the Port Fast feature is
> not
> > automatically disabled.
> > - When you enable port security on an interface that is also
> > configured with a voice VLAN, you must set the maximum allowed
> secure
> > addresses on the port to at least two.
> > - If any type of port security is enabled on the access VLAN,
> dynamic
> > port security is automatically enabled on the voice VLAN.
> > - You cannot configure static secure or sticky secure MAC addresses
> on
> > a voice VLAN.
> > - Voice VLAN ports can also be these port types:
> > - Dynamic access port. See the "Configuring Dynamic Access Ports
> > on VMPS Clients"
> >
> section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> a1/35
> > 50scg/swvlan.htm#94106>for
> > more information.
> > - Secure port. See the "Configuring Port Security"
> >
> section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> a1/35
> > 50scg/swtrafc.htm#86378>for
> > more information.
> > - 802.1X authenticated port. See the "Using 802.1X with Voice
> > VLAN Ports"
> >
> section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> a1/35
> > 50scg/sw8021x.htm#50544>for
> > more information.
> > - Protected port. See the "Configuring Protected Ports"
> >
> section<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> a1/35
> > 50scg/swtrafc.htm#56161>for
> > more information
> >
> > HTH,
> > Ed Lui
> >
> > On 6/24/05, Chris Lewis (chrlewis) <chrlewis@cisco.com> wrote:
> >>
> >> This is a config that I believe works to make vlan 50 the voice vlan,
> >> and vlan 2 to be the data vlan, then sets data from the PC to CoS 0
> and
> >> trusts CoS from the phone.
> >>
> >> Mls qos
> >>
> >> Vlan 50
> >> Name voice vlan
> >>
> >> Int fa0/16
> >> Switch access vlan 2
> >> Switch trunk encap dot1q
> >> Switch trunk native vlan 2
> >> Switch mode trunk
> >> Switch voice vlan 50
> >> switchport priority extend cos 0
> >> mls qos trust cos
> >>
> >> The switch access configuration in the interface defines what vlan
> the
> >> port belongs to if for some reason the port stops trunking. Voice
> vlan
> >> has to work on a trunk port for there to be traffic that are members
> of
> >> two vlans on it.
> >>
> >> It could be possible that the documentation you refer to is listing a
> >> restriction for configuring port security in addition to voice vlan,
> >> although I don't know for sure.
> >>
> >> Chris
> >>
> >> -----Original Message-----
> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> >> gladston@br.ibm.com
> >> Sent: Wednesday, June 22, 2005 12:14 PM
> >> To: ccielab@groupstudy.com
> >> Subject: Voice VLAN - Access ports
> >>
> >> Hi,
> >>
> >> Looking for Port security information I read this:
> >>
> >> "Voice VLAN is only supported on access ports and not on trunk ports,
> >> even though the configuration is allowed"
> >>
> >>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/scg/s
> >> wtrafc.htm#wp1038501
> >>
> >> Some time ago I was researching about this subject (if it would be
> >> allowed to configure an interface connected to an IPPhone with
> >> 'switchport mode trunk').
> >> One of the answers was 'yes'.
> >>
> >> Do you know if an IPPhone only works if the port is configured as
> access
> >> port?
> >> If yes, how does it work, considering the previous Cisco statement?
> >>
> >> Thanks for any feedback.
> >>
> >>
> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:43 GMT-3