RE: if voice phone supports 802.1q should i config the port as

From: Eric.Stuhl@ferguson.com
Date: Thu Jun 01 2006 - 10:56:19 ART

• Next message: Godswill Oletu: "Re: Passed CCIE in Brussels yesterday."
• Previous message: Scott Morris: "RE: if voice phone supports 802.1q should i config the port as"
• Maybe in reply to: Scott Morris: "RE: if voice phone supports 802.1q should i config the port as"
• Next in thread: Schulz, Dave: "RE: if voice phone supports 802.1q should i config the port as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

And if you want to get really funky, you can start doing 802.1x, as long
as the supplicant on the end device can handle sending an EAPOL START
(the windows supplicant needs a registry hack, cisco trust agent should
be fine).
 
Eric Stuhl
CCNP, CCDP, CCSE-NG
Ferguson Enterprises
eric.stuhl@ferguson.com
(757)-969-4146

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis
Sent: Thursday, June 01, 2006 9:05 AM
To: Scott Morris
Cc: Petr Lapukhov; Victor Cappuccio; Vinu; Cisco certification
Subject: Re: if voice phone supports 802.1q should i config the port as
trunk

Scott,

I don't understand what you mean by this post. There are two ways of
configuring voice vlan, the old and new, the old explicitly configures
the port as a trunk, the new leverages CDP to exchange vlan information
between the switch and phone. Both end up in the switch port trunking.
This is easily seen if you configure both options on a router and issue
the show int
f0/5 switchport command.

Port security will work for either configuration, with the caveat that
you need to increase the number of secure addresses by 2.

Chris

On 6/1/06, Scott Morris <swm@emanon.com> wrote:
>
> Where's the fun in that??? Actually, after a little poking around,
> you are correct that you CAN use switchport mode access.. This was
> introduced as a
> "fix", however.... Certain features, like port-security, require
that
> you
> be on an access port which defeats the purpose of trunking to your
> phone...
>
> In THIS example, the voice-vlan command has the added effect of
> allowing tagged traffic to only one vlan. Kinda obviates the trunking

> idea, but allows it through exceptions. I guess the Voice Design
> Guide (calling for
> port-security) initially got a bit ahead of the code development guys.

> :)
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE #153, CISSP, et al.
> CCSI/JNCI
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
> _____
>
> From: Petr Lapukhov [mailto:petrsoft@gmail.com]
> Sent: Thursday, June 01, 2006 1:00 AM
> To: Scott Morris
> Cc: Victor Cappuccio; Vinu; Cisco certification
> Subject: Re: if voice phone supports 802.1q should i config the port
> as trunk
>
>
> Scott,
>
> just to break the tie :) Let's ask Cisco's hardware:
>
> SW1(config)#interface fastEthernet 0/21 SW1(config-if)#macro apply
> cisco-phone $access_vlan 10 $voice_vlan 200
>
> SW1#sh running-config interface fastEthernet 0/21 Building
> configuration...
>
> Current configuration : 734 bytes
> !
> interface FastEthernet0/21
> switchport access vlan 10
> switchport mode access
> switchport voice vlan 200
> switchport port-security maximum 3
> switchport port-security
> switchport port-security aging time 2
> switchport port-security violation restrict switchport port-security
> aging type inactivity mls qos trust device cisco-phone mls qos trust
> cos macro description cisco-phone auto qos voip cisco-phone wrr-queue
> bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2

> 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue
> cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7
> wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast
> spanning-tree bpduguard enable
>
> SW1#show parser macro name cisco-phone Macro name : cisco-phone Macro
> type : default interface # Cisco IP phone + desktop template
>
> # macro keywords $access_vlan $voice_vlan
>
> # VoIP enabled interface - Enable data VLAN # and voice VLAN #
> Recommended value for access vlan should not be 1 switchport access
> vlan $access_vlan switchport mode access
>
> # Update the Voice VLAN value which should be # different from data
> VLAN # Recommended value for voice vlan should not be 1 switchport
> voice vlan $voice_vlan
>
> # Enable port security limiting port to a 3 MAC # addressess -- One
> for desktop and two for phone switchport port-security switchport
> port-security maximum 3
>
> # Ensure port-security age is greater than one minute # and use
> inactivity timer switchport port-security violation restrict
> switchport port-security aging time 2 switchport port-security aging
> type inactivity
>
> # Enable auto-qos to extend trust to attached Cisco phone auto qos
> voip cisco-phone
>
> # Configure port as an edge network port spanning-tree portfast
> spanning-tree bpduguard enable
>
> HTH
> Petr
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Godswill Oletu: "Re: Passed CCIE in Brussels yesterday."
• Previous message: Scott Morris: "RE: if voice phone supports 802.1q should i config the port as"
• Maybe in reply to: Scott Morris: "RE: if voice phone supports 802.1q should i config the port as"
• Next in thread: Schulz, Dave: "RE: if voice phone supports 802.1q should i config the port as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART