From: Ed Lui (edwlui@gmail.com)
Date: Tue Jun 28 2005 - 02:13:26 GMT-3
Erick,
Thanks for sharing your experience. I have been thinking the switch tags the
traffic with vlan id which comes from the phone. Is it possible.....
Ed Lui
On 6/27/05, Erick Bergquist <ebergquist@ameritech.net> wrote:
>
>
> From my experience/knowledge of this topic, the voice
> vlan command populates the CDP packet voice vlan field
> with the vlan # of the voice vlan # so the phone knows
> what vlan to put voice traffic on. Since cisco ip
> phones listen to CDP to get this. Thats why other
> vendors IP phones you need to manually set the voice
> vlan on the phone.
>
> With the access port method (pseudo-trunk is term I
> like) less traffic is sent to phone then a
> full-fledged port configured in trunk mode. Some of
> the lower end model phones (7905, 7912, etc) can be
> sensitive to amount of traffic/broadcasts/etc and to
> much of that can cause those to reset depending on
> firmware versions, etc or have voice quality issues.
> Using the access-port method with those has cleaned up
> phone reboots for us on chatty networks.
>
>
> --- Ed Lui <edwlui@gmail.com> wrote:
>
> > Gladston,
> >
> > No doubt. There is NO ONE document can prove if it
> > is correct or not. As I
> > mentioned in previous post. Access port carries
> > traffic for more than 1 vlan
> > is not what most people learned. But this is what I
> > found from cisco
> > documentation and not just one. I checked both 3550
> > and 6500(voice vlan=aux
> > vlan) configuration from cisco.com <http://cisco.com>
> > <http://cisco.com>. Plus I(myself)
> > actually labbed it up with 3550EMI+7960phone. Well,
> > did I overlook
> > something? It is possible. I am not a Network
> > Engineer but really want to
> > figure out the technology. So far, I know both trunk
> > port and access port
> > work as well.
> >
> > Actually, I keep thinking about the pros and cons
> > for both. What is the
> > advantage, overhead...etc. Like Brian Dennis said in
> > one of the online
> > seminars. I truly agree, understand the technology
> > is the key point. Passing
> > the lab is important. I don't feel good to myself if
> > I get a chance to hold
> > a number but don't know what myself is doing. Wish
> > Chris Lewis can find out
> > for us.
> >
> > :)
> > Ed Lui
> > P.S. Technology is changing every day. The standard
> > is based upon the
> > creator. Who knows if one day access port can carry
> > no more than 5 vlans. It
> > is all up to the creator.
> >
> >
> >
> > On 6/27/05, gladston@br.ibm.com
> > <gladston@br.ibm.com> wrote:
> > >
> > >
> > > Thanks for this invaluable feedback.
> > >
> > > Looking at Maurilio's book, page 96, as Chris
> > pointed:
> > >
> > > Would you agree with the author statement
> > "Ensure...that the native vlan
> > > is 2".
> > > As I see it, it is not necessary to configure
> > native vlan (to have vlan 2
> > > for data and vlan 50 for voice). One could let the
> > native vlan as default,
> > > configure the voice vlan to 50 and the data vlan
> > to 2.
> > >
> > > Do you see any reason to configure native vlan to
> > the same vlan as the
> > > data vlan? (my point is that as 7960 talks dot1q,
> > it can tag data vlan to
> > > any value)
> > >
> > > Have you seen voice vlan configured on a access
> > port? (I am asking this
> > > because on the last time I posted this subject -
> > sorry to post it again, but
> > > it was not clear - a guy said it was possible). I
> > argued: "How would the
> > > voice vlan be transported if there is no dot1Q?"
> > (similar as Chris
> > > explained) and the guy answered that it was an
> > exception.
> > > It is hard to understand when the hardware is not
> > available to test :)
> > >
> > >
> > > Cordially
> > >
> >
> ------------------------------------------------------------------
> > > Gladston
> > >
> > >
> > >
> > > *"Chris Lewis \(chrlewis\)" <chrlewis@cisco.com>*
> > >
> > > 25/06/2005 12:31
> > > To
> > > "Ed Lui" <edwlui@gmail.com> cc
> > > "John Matus" <jmatus@pacbell.net>, Alaerte
> > Gladston
> > > Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com>
> > Subject
> > > RE: Voice VLAN - Access ports
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Hi Ed,
> > >
> > > Thanks for the reply, this has been a valuable
> > exchange for me, as it has
> > > made me rethink some things. However, please
> > consider that Cisco
> > > documentation on the web is imperfect, sometimes
> > it is accurate from one
> > > point of view, but can easily lead to incorrect
> > conclusions, and sometimes
> > > it is flat out wrong and won't work (my favorite
> > current example is the
> > > configuration for Outbound Route Filtering, it is
> > missing the reference to
> > > the prefix list, without which it does not work).
> > Cisco documentation on the
> > > web is a tremendous resource, but it should only
> > be taken as a guide for
> > > what the starting point for configuration in a lab
> > should be IMHO.
> > >
> > > The best configuration example I have seen of
> > voice vlan comes from
> > > Maurilio Gorito's routing and switching practice
> > lab book by Cisco press. In
> > > practice lab 2, configurations are shown for
> > connecting a 7960 that does
> > > trunking, and a 7905 that does not do trunking.
> > >
> > > The port connecting to a 7960 is configured for
> > trunking, and the port
> > > connected to the 7905 is not. This is given on p96
> > >
> > > 3550 config for 7960 phone
> > > int fa0/16
> > > switchport access vlan 2
> > > switchport trunk encapsulation dot1q
> > > switchport trunk native vlan 2
> > > switchport mode trunk
> > > switchport voice vlan 50
> > > no ip address
> > > duplex full
> > > speed 100
> > > spanning-tree portfast
> > >
> > > 3550 config for 7905 phone
> > > int fa0/17
> > > switchport access vlan 50
> > > no ip address
> > > duplex half
> > > speed 10
> > >
> > > The explanation is given as follows:
> > >
> > > The 7960 has the capability to trunk to the 3550
> > as it has an on-board 3
> > > port switch and can separate the voice and data
> > traffic
> > appropriately.The7905 phone only has 10 base T and
> > needs manual insertion in
> > to the voice
> > > vlan. Ensure that the port connecting to the 7960
> > is configured as a trunk
> > > using dot1q and that the native vlan is 2.
> > >
> > > If you also look at the Cisco Press book Cisco
> > Catalyst QoS, by Flanagan
> > > et al, on page 63 you see the following:
> > >
> > > "Through the use of dot1q trunks, voice traffic
> > from an IP phone connected
> > > to an access port can reside on a separate VLAN
> > and subnet. The workstation
> > > attached to the Ip phone might still reside on the
> > access, or native
> > > VLAN........Subsequently, with the use of voice
> > VLANs, all traffic is tagged
> > > to and from the Cisco IP phone and Catalyst
> > switch."
> > >
> > > Now one could argue that things like portfast are
> > not needed for a trunk
> > > mode in this configuration, and I would agree, but
> > that is what Maurilio
> > > gave in his book, and likely what they would be
> > looking for on the lab exam,
> > > which is the purpose of this list :)
> > >
> > > I think there are at least two sources of
> > confusion in this documentation.
> > > First is that not all IP phones are created equal,
> > some do trunking and some
> > > don't. The other is a potential dual use of the
> > phrase access port. In some
> > > contexts it can mean a non trunnking port, in
> > others it can mean an ethernet
> > > port (which can be configured for trunking or
> > non-trunking).
> > >
> > > Cheers
> > >
> > > Chris
> > > ------------------------------
> > >
> > >
> > > *From:* Ed Lui [mailto:edwlui@gmail.com]
> > > *Sent:* Saturday, June 25, 2005 12:27 AM
> > > *To:* Chris Lewis (chrlewis)
> > > *Cc:* John Matus; gladston@br.ibm.com;
> > ccielab@groupstudy.com
> > > *Subject:* Re: Voice VLAN - Access ports
> > >
> > > Chris,
> > >
> > > I have been struggling about 2 vlans on an access
> > port for a while. I know
> > > it works with either access port or trunk port let
> > say with a 7960. What I
> > > understand is, an access port can not carry
> > traffic for more than 1 vlan.
> > > Somehow, the documentation told me voice vlan is
> > an exception. Then I labbed
> > > it up myself(3550 EMI + 7960). The result is an
> > access port can carry data
> > > on one vlan and voice on another within the same
> > access port. And that is
> > > what the documentation said, too.
> > >
> > > Consider those underlined below. Portfast is for
> > access port and not for
> > > trunk port.
> > >
> > >
> > > *Voice VLAN Configuration Guidelines*
> > >
> > > These are the voice VLAN configuration guidelines:
> > >
> > > - *You should configure voice VLAN on switch
> > access ports.*
> > > - Before you enable voice VLAN, we recommend
> > that you enable QoS on
> > > the switch by entering the mls qosglobal
> > configuration command and
> > configure
> > > the port trust state to trust by entering the
> > mls qos trustcosinterface
> > > configuration command.
> > > - *The Port Fast feature is automatically
> > enabled when voice VLAN is
> > > configured*. When you disable voice VLAN, the
> > Port Fast feature is
> > > not automatically disabled.
> > >
> > >
> > > Per your config :
> > > Int fa0/16
> > > Switch access vlan 2
> > > Switch trunk encap dot1q<---to be removed----->
> > > Switch trunk native vlan 2<---to be removed----->
> > > Switch mode trunk<---to be removed----->
> > > Switch voice vlan 50
> > > switchport priority extend cos 0
> > > mls qos trust cos < or "mls qos trust device
> > cisco-phone" should also work
> > > >
> > >
> > > It works with those lines removed. But also WORKS
> > WITH THOSE LINES. I am
> > > so confuse about the configurations. Wish someone
> > can explain the Pros and
> > > Cons between the 2. Finally, I also have the same
> > book you guys have and
> > > understand it says trunk port configuration needs
> > to be included. On the
> > > other hand, documentation from *cisco.com*
> > <http://cisco.com> said access
> > > port.
> > >
> > > :)
> > > Ed Lui
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 6/24/05, *Chris Lewis (chrlewis)*
> > <*chrlewis@cisco.com*<chrlewis@cisco.com>>
> > > wrote:Hi,
> > >
> > > John, that is correct, the 7960 uses trunking, the
> > cheaper ones do not.
> > >
> > > Ed, my question to you is if you are told to
> > configure a switch port to
> > > have voice traffic from the phone in vlan 50 and
> > data traffic from a PC
> > > attached to the phone in vlan 2, how can you do
> > that without configuring
> > > trunking on the port? Clearly you would not want
> > data traffic rom the PC
> > > in the same vlan as the voice traffic, otherwise
> > it ceases to be a voice
> > > vlan :)
> > >
> > > Chris
> > >
> > > -----Original Message-----
> > > From: John Matus [mailto:*jmatus@pacbell.net*
> > <jmatus@pacbell.net> ]
> > > Sent: Friday, June 24, 2005 9:32 PM
> > > To: Ed Lui; Chris Lewis (chrlewis)
> > > Cc: *gladston@br.ibm.com* <gladston@br.ibm.com>;
> > *ccielab@groupstudy.com*<ccielab@groupstudy.com>
> > > Subject: Re: Voice VLAN - Access ports
> > >
> > > my ciscopress lab book is in the
> > car...........but....
> > > i think it all depends on which type of phone you
> > are using.
> > >
> > > i believe that the cheapy phones actually use the
> > "switch access vlan"
> > > for their traffic and a more expensive one <if i
> > can remember correctly,
> > > the 7960 phone??> uses trunking.
> > >
> > >
> > > Regards,
> > >
> > > John D. Matus
> > > MCSE, CCNP
> > > Office: 818-782-2061
> > > Cell: 818-430-8372
> > > *jmatus@pacbell.net* <jmatus@pacbell.net>
> > > ----- Original Message -----
> > > From: "Ed Lui" <*edwlui@gmail.com*
> > <edwlui@gmail.com>>
> > > To: "Chris Lewis (chrlewis)" <*chrlewis@cisco.com*
> > <chrlewis@cisco.com>>
> > > Cc: <* gladston@br.ibm.com*
> > <gladston@br.ibm.com>>; <*
> > > ccielab@groupstudy.com* <ccielab@groupstudy.com>>
> > > Sent: Friday, June 24, 2005 6:34 PM
> > > Subject: Re: Voice VLAN - Access ports
> > >
> > >
> > > > Chris,
> > > > It doesn't sound like what I learned from the
> > DocCD. According to the
> > > > DocCD. Switch port connected to IPphone should
> > be configured as access
> > >
> > > > port
> > > > and NOT TRUNK. Take a look :
> > > > Voice VLAN Configuration Guidelines
> > > >
> > > > These are the voice VLAN configuration
> > guidelines:
> > > >
> > > > - You should configure voice VLAN on switch
> > access ports.
> > > > - Before you enable voice VLAN, we recommend
> > that you enable QoS on
> > > > the switch by entering the mls qos global
> > configuration command and
> > > > configure the port trust state to trust by
> > entering the mls qos
> > > trust
> > > > cos interface configuration command.
> > > > - The Port Fast feature is automatically enabled
> > when voice VLAN is
> > > > configured. When you disable voice VLAN, the
> > Port Fast feature is
> > > not
> > > > automatically disabled.
> > > > - When you enable port security on an interface
> > that is also
> > > > configured with a voice VLAN, you must set the
> > maximum allowed
> > > secure
> > > > addresses on the port to at least two.
> > > > - If any type of port security is enabled on the
> > access VLAN,
> > > dynamic
> > > > port security is automatically enabled on the
> > voice VLAN.
> > > > - You cannot configure static secure or sticky
> > secure MAC addresses
> > > on
> > > > a voice VLAN.
> > > > - Voice VLAN ports can also be these port types:
> > > > - Dynamic access port. See the "Configuring
> > Dynamic Access Ports
> > > > on VMPS Clients"
> > > >
> > > section<
> >
> *http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> > > *
> >
> <http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > > a1/35
> > > > 50scg/swvlan.htm#94106>for
> > > > more information.
> > > > - Secure port. See the "Configuring Port
> > Security"
> > > >
> > >
> >
> section<*http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e*
> <ht
> >
> tp://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > > a1/35
> > > > 50scg/swtrafc.htm#86378>for
> > > > more information.
> > > > - 802.1X authenticated port. See the "Using
> > 802.1X with Voice
> > > > VLAN Ports"
> > > >
> > >
> >
> section<*http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> > > *
> >
> <http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > > a1/35
> > > > 50scg/sw8021x.htm#50544>for
> > > > more information.
> > > > - Protected port. See the "Configuring Protected
> > Ports"
> > > >
> > > section<*
> >
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> > > *
> >
> <http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > > a1/35
> > > > 50scg/swtrafc.htm#56161>for
> > > > more information
> > > >
> > > > HTH,
> > > > Ed Lui
> > > >
> > > > On 6/24/05, Chris Lewis (chrlewis) <
> > *chrlewis@cisco.com*<chrlewis@cisco.com>>
> > > wrote:
> > > >>
> > > >> This is a config that I believe works to make
> > vlan 50 the voice vlan,
> > > >> and vlan 2 to be the data vlan, then sets data
> > from the PC to CoS 0
> > > and
> > > >> trusts CoS from the phone.
> > > >>
> > > >> Mls qos
> > > >>
> > > >> Vlan 50
> > > >> Name voice vlan
> > > >>
> > > >> Int fa0/16
> > > >> Switch access vlan 2
> > > >> Switch trunk encap dot1q
> > > >> Switch trunk native vlan 2
> > > >> Switch mode trunk
> > > >> Switch voice vlan 50
> > > >> switchport priority extend cos 0
> > > >> mls qos trust cos
> > > >>
> > > >> The switch access configuration in the
> > interface defines what vlan
> > > the
> > > >> port belongs to if for some reason the port
> > stops trunking. Voice
> > > vlan
> > > >> has to work on a trunk port for there to be
> > traffic that are members
> > > of
> > > >> two vlans on it.
> > > >>
> > > >> It could be possible that the documentation you
> > refer to is listing a
> > > >> restriction for configuring port security in
> > addition to voice vlan,
> > > >> although I don't know for sure.
> > > >>
> > > >> Chris
> > > >>
> > > >> -----Original Message-----
> > > >> From: *nobody@groupstudy.com*
> > <nobody@groupstudy.com> [mailto:*
> > > nobody@groupstudy.com* <nobody@groupstudy.com> ]
> > On Behalf
> > > Of
> > > >> *gladston@br.ibm.com* <gladston@br.ibm.com>
> > > >> Sent: Wednesday, June 22, 2005 12:14 PM
> > > >> To: *ccielab@groupstudy.com *
> > <ccielab@groupstudy.com>
> > > >> Subject: Voice VLAN - Access ports
> > > >>
> > > >> Hi,
> > > >>
> > > >> Looking for Port security information I read
> > this:
> > > >>
> > > >> "Voice VLAN is only supported on access ports
> > and not on trunk ports,
> > > >> even though the configuration is allowed"
> > > >>
> > > >>
> > >
> >
> *http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/scg/s
> > >
> >
> *<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/scg/s
> >
> > > >> wtrafc.htm#wp1038501
> > > >>
> > > >> Some time ago I was researching about this
> > subject (if it would be
> > > >> allowed to configure an interface connected to
> > an IPPhone with
> > > >> 'switchport mode trunk').
> > > >> One of the answers was 'yes'.
> > > >>
> > > >> Do you know if an IPPhone only works if the
> > port is configured as
> > > access
> > > >> port?
> > > >> If yes, how does it work, considering the
> > previous Cisco statement?
> > > >>
> > > >> Thanks for any feedback.
> > > >>
> > > >>
> > >
> >
> _______________________________________________________________________
> > > >> Subscription information may be found at:
> > > >>
> >
> *http://www.groupstudy.com/list/CCIELab.html*<
> http://www.groupstudy.com/list/
> > CCIELab.html>
> > > >>
> > > >>
> > >
> >
> _______________________________________________________________________
> > > >> Subscription information may be found at:
> > > >>
> >
> *http://www.groupstudy.com/list/CCIELab.html*<
> http://www.groupstudy.com/list/
> > CCIELab.html>
> > > >
> > > >
> > >
> >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > >
> >
> *http://www.groupstudy.com/list/CCIELab.html*<
> http://www.groupstudy.com/list/
> > CCIELab.html>
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:44 GMT-3