RE: Voice Vlan

From: Magmax (magmax@bigpond.net.au)
Date: Sat Sep 30 2006 - 22:06:03 ART

• Next message: David Hoon: "IEWB Security version 2.0"
• Previous message: Robert Watson: "Username X access-class feature broken?"
• Maybe in reply to: Magmax: "Voice Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys,

I know both will work. I think we should use this one

Switchport mode access
Switchport access vlan <datavlan>
Switchport voice vlan <voicevlan>
Spanning-tree portfast
<insert QoS commands>

-----Original Message-----
From: DBehrens@logosinc.com [mailto:DBehrens@logosinc.com]
Sent: Sunday, 1 October 2006 5:16 AM
To: jvdbro@yahoo.com; deckland@gmail.com; magmax@bigpond.net.au
Cc: ccielab@groupstudy.com
Subject: RE: Voice Vlan

Jan,

When Cisco says 'Dynamic Access Port' they DO NOT mean 'switchport mode
desirable'

They are referring to Dynamic VLAN Membership, as in 'switchport access vlan
dynamic' using VMPS.

Configuring your ports as 'switchport mode trunk' or 'switchport mode
desirable' will WORK, however Cisco does not support it. There is a
distinction in this case between the best practice and what will make it
work.

On the LAB, I'm pretty sure we should configure 3550 ports like this:

Switchport mode access
Switchport access vlan <datavlan>
Switchport voice vlan <voicevlan>
Spanning-tree portfast
<insert QoS commands>

 (3550's are configured the same as 3560's. Here's the Config Guide that
shows IOS 12.1EA's Voice VLAN Feature)
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration
_guide_chapter09186a00801cdf35.html

Dennis

________________________________________
From: jan vdb [mailto:jvdbro@yahoo.com]
Sent: Saturday, September 30, 2006 1:11 PM
To: Dennis Behrens; deckland@gmail.com; magmax@bigpond.net.au
Cc: ccielab@groupstudy.com
Subject: Re: Voice Vlan

Hello Dennis,
 
If I read the config guide of the 3560 your indeed 100% right, though I do
not understand it very well since all our Cat3560 are configured as Trunks
to an IP-phone with a static dot1q trunk as described before. This is what
the config guide exactly mentions (voice VLAN is not supported on
trunk ports)!!!
 
We run "flash:c3560-i9-mz.122-20.EX/c3560-i9-mz.122-20.EX.bin
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 5
 switchport trunk allowed vlan 5,64
 switchport mode trunk
 switchport voice vlan 64
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape 10 0 0 0
 priority-queue out
 no snmp trap link-status
 mls qos trust device cisco-phone
 mls qos trust cos
 no mdix auto
 auto qos voip cisco-phone
 spanning-tree portfast trunk
 
If I look into the config guide of a 3550, they mention
Voice VLAN ports can also be these port types:
-Dynamic access port.
- Secure ports
- IEEE dot1x ports.
 
So for the EXAM I propose to configure it on dynamic port to be sure.
 
CU,
 
Jan

DBehrens@logosinc.com wrote:
All,

This is an interesting topic. Cisco suggests that Radoslav is correct
for 3550's, 3560's, 3750's, etc. You are NOT supposed to make the port
a TRUNK. Refer to this document:

http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configur
ation_guide_chapter09186a00805b57d7.html

However, you NEED to make it a trunk if you want a separate voice vlan
when using a 3500XL. I don't have that document handy, but it's
definitely in the config guide as a pre-requisite for configuring Voice
VLAN on a 3500XL. This is the same for some other switches, such as
NM-16ESW modules.

Both methods will work on the 3550's, 3560's, 3750's, etc if you
configure it that way. I believe Cisco probably changed the best
practice in order to limit the STP and VTP traffic sent to each phone.
Security is also a concern because a trunk port can allow access to
other VLANS. (These can be mitigated by using 'switchport trunk allowed
vlans', but that line can be easily forgotten). Can anyone verify the
merit of this? Are there any other valid reasons why this change was
made?

Dennis Behrens

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
jan vdb
Sent: Saturday, September 30, 2006 9:04 AM
To: Radoslav Vasilev; Magmax
Cc: ccielab@groupstudy.com
Subject: [SPAM] - Re: Voice Vlan - Email has different SMTP TO: and MIME
TO: fields in the email addresses

Hello,

I think both methods are OK.
Forced or dynamic trunk, it won't matter as long as it is a trunk.

This is an example of a live VOIP network where we configured it via
"forced" trunks!!
Example
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q (Trunking encap method)
switchport trunk native vlan 37 (Your data Vlan as native (when
port stop to trunk)
switchport trunk allowed vlan 37,64 (Vlan's allowed on
your trunk)
switchport mode trunk (Forced the port
to TRUNK)
switchport voice vlan 64 (Your VOICE Vlan
=> No need for Dot1p)
srr-queue bandwidth share 10 10 60 20 (Cat4k Q'ing)
srr-queue bandwidth shape 10 0 0 0
queue-set 2
priority-queue out
no snmp trap link-status
mls qos trust device cisco-phone
mls qos trust cos
no mdix auto
auto qos voip cisco-phone
spanning-tree portfast trunk

First method is also OK since the port is by default dynamic desirable
and it will be negotiated to trunk via the switch in the IP-Phone.

You only need dot1p if you phone uses Dot1p priority tags.
switchport voive vlan dot1p (Packets are transported in vlan0).

Regards,

Jan

Radoslav Vasilev wrote:
Hi,

The second one is incorrect.

The Voice VLAN feature can be configured on static access or dynamic
access ports.
Therefor configuring the port as dot1q is an incorrect. Now, once we
agree that the physical swtich port should be in access mode, we have
the following options for the additional voice vlan:

1. make the phone and the switch port carry the voice vlan in dot1q
frames (you don't need to configure the port as trunk !!!):

switchport voice vlan

don't forget to create the vlan on the vtp server/locally.
check the status with: show interface ... switchport

2. make the phone and the switch carry the voice vlan in dot1p frames
(traffic is CoS marked but uses the default vlan 0).

switchport voice vlan dot1p
check the status with: show interface ... switchport

Rado

On 9/30/06, Magmax wrote:
> Guys,
>
>
>
>
>
> Let say I am configuring voice port on 3550.Is there any difference in
these
> two methods. In think both should be ok .
>
>
>
> Method 1
>
> mls qos
>
> interface FastEthernet0/19
>
> switchport access vlan XX
>
> switchport voice vlan XX
>
>
>
>
>
> Final config
>
>
>
>
>
> mls qos
>
> interface FastEthernet0/19
>
> switchport access vlan XX
>
> switchport voice vlan XX
>
> switchport mode dynamic desirable
>
> spanning-tree portfast
>
>
>
>
>
>
>
> Method 2
>
>
>
> mls qos
>
> interface FastEthernet0/7
>
> switchport voice vlan XX
>
> switchport trunk encapsulation dot1q
>
> switchport mode trunk
>
> switchport trunk native vlan XX
>
> mls qos trust cos
>
>
>
>
>
> Final config
>
>
>
> mls qos
>
> interface FastEthernet0/7
>
> switchport voice vlan XX
>
> switchport trunk encapsulation dot1q
>
> switchport mode trunk
>
> switchport trunk native vlan XX
>
> mls qos trust cos
>
> spanning-tree portfast
>
>

• Next message: David Hoon: "IEWB Security version 2.0"
• Previous message: Robert Watson: "Username X access-class feature broken?"
• Maybe in reply to: Magmax: "Voice Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:42 ART