Re: if voice phone supports 802.1q should i config the port as

From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Thu Jun 01 2006 - 10:09:59 ART

• Next message: Petr Lapukhov: "Re: frame-relay fragment & exclude voice pakkets from being"
• Previous message: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Maybe in reply to: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I meant configure both on a switch and issue the command :) .....coffee
first!

On 6/1/06, Chris Lewis <chrlewiscsco@gmail.com> wrote:
>
> Scott,
>
> I don't understand what you mean by this post. There are two ways of
> configuring voice vlan, the old and new, the old explicitly configures the
> port as a trunk, the new leverages CDP to exchange vlan information between
> the switch and phone. Both end up in the switch port trunking. This is
> easily seen if you configure both options on a router and issue the show int
> f0/5 switchport command.
>
> Port security will work for either configuration, with the caveat that you
> need to increase the number of secure addresses by 2.
>
> Chris
>
>
> On 6/1/06, Scott Morris <swm@emanon.com> wrote:
> >
> > Where's the fun in that??? Actually, after a little poking around, you
> > are
> > correct that you CAN use switchport mode access.. This was introduced
> > as a
> > "fix", however.... Certain features, like port-security, require that
> > you
> > be on an access port which defeats the purpose of trunking to your
> > phone...
> >
> > In THIS example, the voice-vlan command has the added effect of allowing
> >
> > tagged traffic to only one vlan. Kinda obviates the trunking idea, but
> > allows it through exceptions. I guess the Voice Design Guide (calling
> > for
> > port-security) initially got a bit ahead of the code development
> > guys. :)
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > JNCIE
> > #153, CISSP, et al.
> > CCSI/JNCI
> > IPExpert CCIE Program Manager
> > IPExpert Sr. Technical Instructor
> > smorris@ipexpert.com
> > http://www.ipexpert.com
> >
> >
> > _____
> >
> > From: Petr Lapukhov [mailto:petrsoft@gmail.com]
> > Sent: Thursday, June 01, 2006 1:00 AM
> > To: Scott Morris
> > Cc: Victor Cappuccio; Vinu; Cisco certification
> > Subject: Re: if voice phone supports 802.1q should i config the port as
> > trunk
> >
> >
> > Scott,
> >
> > just to break the tie :) Let's ask Cisco's hardware:
> >
> > SW1(config)#interface fastEthernet 0/21
> > SW1(config-if)#macro apply cisco-phone $access_vlan 10 $voice_vlan 200
> >
> > SW1#sh running-config interface fastEthernet 0/21
> > Building configuration...
> >
> > Current configuration : 734 bytes
> > !
> > interface FastEthernet0/21
> > switchport access vlan 10
> > switchport mode access
> > switchport voice vlan 200
> > switchport port-security maximum 3
> > switchport port-security
> > switchport port-security aging time 2
> > switchport port-security violation restrict
> > switchport port-security aging type inactivity
> > mls qos trust device cisco-phone
> > mls qos trust cos
> > macro description cisco-phone
> > auto qos voip cisco-phone
> > wrr-queue bandwidth 10 20 70 1
> > wrr-queue min-reserve 1 5
> > wrr-queue min-reserve 2 6
> > wrr-queue min-reserve 3 7
> > wrr-queue min-reserve 4 8
> > wrr-queue cos-map 1 0 1
> > wrr-queue cos-map 2 2 4
> > wrr-queue cos-map 3 3 6 7
> > wrr-queue cos-map 4 5
> > priority-queue out
> > spanning-tree portfast
> > spanning-tree bpduguard enable
> >
> > SW1#show parser macro name cisco-phone
> > Macro name : cisco-phone
> > Macro type : default interface
> > # Cisco IP phone + desktop template
> >
> > # macro keywords $access_vlan $voice_vlan
> >
> > # VoIP enabled interface - Enable data VLAN
> > # and voice VLAN
> > # Recommended value for access vlan should not be 1
> > switchport access vlan $access_vlan
> > switchport mode access
> >
> > # Update the Voice VLAN value which should be
> > # different from data VLAN
> > # Recommended value for voice vlan should not be 1
> > switchport voice vlan $voice_vlan
> >
> > # Enable port security limiting port to a 3 MAC
> > # addressess -- One for desktop and two for phone
> > switchport port-security
> > switchport port-security maximum 3
> >
> > # Ensure port-security age is greater than one minute
> > # and use inactivity timer
> > switchport port-security violation restrict
> > switchport port-security aging time 2
> > switchport port-security aging type inactivity
> >
> > # Enable auto-qos to extend trust to attached Cisco phone
> > auto qos voip cisco-phone
> >
> > # Configure port as an edge network port
> > spanning-tree portfast
> > spanning-tree bpduguard enable
> >
> > HTH
> > Petr
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Petr Lapukhov: "Re: frame-relay fragment & exclude voice pakkets from being"
• Previous message: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Maybe in reply to: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART