Re: 2 Voice vlan questions: 1) Testing the config 2) Dot1p

From: Hobbs (deadheadblues@gmail.com)
Date: Fri Dec 12 2008 - 14:35:14 ARST

Yes. Great testing, thanks. I still might do a lab for myself ;-)

On Fri, Dec 12, 2008 at 7:50 AM, Marijo Bernardic <
MBernardic@relianceglobalcom.com> wrote:

> Guys,
>
> Excellent discussion.
> Thanks for sharing and your efforts.
>
> Regards
> Marijo
>
>
> -----Urspr|ngliche Nachricht-----
> Von: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Im Auftrag von
> Pavel Bykov
> Gesendet: Freitag, 12. Dezember 2008 15:25
> An: Carlos G Mendioroz
> Cc: Hobbs; alexeim73@gmail.com; Cisco certification
> Betreff: Re: 2 Voice vlan questions: 1) Testing the config 2) Dot1p
>
> wow.... omfg... you were right. SPAN failed me.
>
> Using a HUB the answer is different and much more logical
>
> PC -- > IPPhone --> SW = no 802.1Q
> IPPhone --> SW = 802.1Q VLAN ID 0
> SW -- > IPPhone = no 802.1Q
> SW -- > IPPhone --> PC = no 802.1Q (almost definitely - although not
> tested)
>
>
> SPAN was adding a 802.1Q tag to all packets that were outgoing from the
> switch port.
>
>
> On Fri, Dec 12, 2008 at 2:38 PM, Pavel Bykov <slidersv@gmail.com> wrote:
>
> > I trust SPAN enough, but ok, i'm going to go find a hub, and reply in a
> > minute
> >
> >
> > On Fri, Dec 12, 2008 at 2:17 PM, Carlos G Mendioroz <tron@huapi.ba.ar
> >wrote:
> >
> >> Pavel,
> >> 1) I do see tags in the trace (otherwise I could not see the 802.1p,
> >> right ?)
> >> I don't follow your logic on the SPAN, but alas, you are using it,
> >> so may be YOU are for a surprise here. Find a hub, do a real trace,
> >> and then we see if the issue is SPAN, or different IOS, or what.
> >>
> >> 2) I know. In fact, I posted about this issue a couple a week ago.
> >> And yes, you can use windows. Just with the right hardware/drivers.
> >> I'm using an Intel pro quad with no problem in seeing tags (wireshark
> >> 1.1.1)
> >>
> >> 3) I'm not using SPAN, cause I confronted this same issues a week ago.
> >>
> >> Let's try to find where is the issue, w/o finger pointing, yep ?
> >>
> >> -Carlos
> >>
> >> Pavel Bykov @ 12/12/2008 11:09 -0200 dixit:
> >> > 1. Try monitoring some trunk first first, i think you may be
> surprised,
> >> > that you won't see tags there as well.
> >> > For SPAN requirements are that either SPAN destination has to be "mode
> >> > turnk" or you can force tag propagation using "monitor session 1
> >> > destination interface fa x/x encapsulation replicate". That
> >> > encapsulation replicate does the trick. So SPAN does not add tags,
> only
> >> > removes them.
> >> >
> >> > 2. You need operating system that can receive tags - i.e. Not Windows
> >> > (you need to alter windows for this).
> >> >
> >> > 3. Just as completeness: SW was 2960 with 12.2(44), but i'm pretty
> sure
> >> > you'll find what's wrong with #1 or #2
> >> > SPAN config:
> >> > monitor session 1 source interface fast 0/13 both
> >> > monitor session 1 destination interface fa 0/2 encapsulation replicate
> >> >
> >> > On Fri, Dec 12, 2008 at 1:53 PM, Carlos G Mendioroz <tron@huapi.ba.ar
> >> > <mailto:tron@huapi.ba.ar>> wrote:
> >> >
> >> > Ouch, that hurts... (I'm a very sensitive person, and
> >> > that "you are not correct" bounced into my ego shield :)
> >> >
> >> > May I ask how did you got the trace ?
> >> > Cause if you are using SPAN, it might be adding tags.
> >> >
> >> > At least for me, monitoring using a hub between phone and switch,
> >> > with a 2950 running 12.1(22)EA12, frames from switch to phone are
> >> > not tagged when using voice vlan dot1p.
> >> >
> >> > -Carlos
> >> >
> >> > Pavel Bykov @ 12/12/2008 10:23 -0200 dixit:
> >> > > Ok. Because this interested me I sniffed the behaviour.
> >> > > Carlos, you are not correct - see the sniff output below
> >> > > The stup was very simple SW---PHONE---PC
> >> > >
> >> > > 1. Switch config:
> >> > > interface FastEthernet0/13
> >> > > switchport access vlan 600
> >> > > switchport voice vlan dot1p
> >> > > spanning-tree portfast
> >> > > end
> >> > >
> >> > > 2. Switch sends CDP packet to the phone with "VoIP VLAN Reply"
> >> > field set
> >> > > to 0, and "Native VLAN: 600"
> >> > >
> >> > > 3. IPPhone encapsulates all traffic that it sends with 802.1Q
> with
> >> > VlanID=0:
> >> > > 802.1Q Virtual LAN, PRI: 3, CFI: 0, ID: 0
> >> > > 011. .... .... .... = Priority: 3
> >> > > ...0 .... .... .... = CFI: 0
> >> > > .... 0000 0000 0000 = ID: 0
> >> > > Type: IP (0x0800)
> >> > >
> >> > > therefore, it can use 802.1p inside 802.1Q
> >> > > Switch accepts this traffic.
> >> > >
> >> > > 4. All traffic from PC is being forwarded untagged to the switch
> >> > >
> >> > > 5. All traffic that is going from switch to the IPPhone, or PC
> >> behind
> >> > > that IP Phone is TAGGED WTIH VLAN600 (because in this case it's
> >> access
> >> > > vlan 600)
> >> > > 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 600
> >> > > 000. .... .... .... = Priority: 0
> >> > > ...0 .... .... .... = CFI: 0
> >> > > .... 0010 0101 1000 = ID: 600
> >> > > Type: IP (0x0800)
> >> > >
> >> > > This is not what I expected at all
> >> > >
> >> > > So basically:
> >> > > IPPhone --> SW = 802.1Q with VLAN ID 0
> >> > > PC --> IPPhone --> SW = No 802.1Q tag
> >> > > SW --> IPPhone --> PC = 802.1Q tag with VLAN ID 600
> >> > > SW --> IPPhone = 802.1Q tag with VLAN ID 600
> >> > >
> >> > > wow....
> >> > >
> >> > > On Mon, Dec 8, 2008 at 11:08 PM, Hobbs <deadheadblues@gmail.com
> >> > <mailto:deadheadblues@gmail.com>
> >> > > <mailto:deadheadblues@gmail.com <mailto:deadheadblues@gmail.com
> >> >>>
> >> > wrote:
> >> > >
> >> > > Thanks Carlos. That's what I was looking for.
> >> > >
> >> > > On Mon, Dec 8, 2008 at 3:05 PM, Carlos G Mendioroz
> >> > <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>
> >> > > <mailto:tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>> wrote:
> >> > >
> >> > > > Hobbs,
> >> > > > VLAN 0 is not a VLAN, is just a filler for the VLAN ID
> that
> >> > is not
> >> > > being
> >> > > > used. The port is an access port, the VLAN is whichever
> you
> >> > > assigned to it.
> >> > > >
> >> > > > Traffic being sent to the phone is not tagged.
> >> > > >
> >> > > > -Carlos
> >> > > >
> >> > > > Hobbs @ 8/12/2008 19:41 -0200 dixit:
> >> > > > > Thank you Alexei.
> >> > > > >
> >> > > > > But how does traffic get TO or FROM this port with vlan
> 0
> >> > tagged?
> >> > > > > How does it learn MAC addresses on this vlan? Does it
> send
> >> it
> >> > > out all
> >> > > > trunk
> >> > > > > ports?
> >> > > > > "Show interface trunk" does not show vlan 0 as allowed
> or
> >> > active...
> >> > > > >
> >> > > > >
> >> > > > > On Mon, Dec 8, 2008 at 2:17 PM, Alexei Monastyrnyi
> >> > > <alexeim73@gmail.com <mailto:alexeim73@gmail.com>
> >> > <mailto:alexeim73@gmail.com <mailto:alexeim73@gmail.com>>
> >> > > > >wrote:
> >> > > > >
> >> > > > >> Hobbs,
> >> > > > >> as per 3550/3560 configuration guide:
> >> > > > >>
> >> > > > >> "Instruct the switch port to use 802.1P priority
> tagging
> >> > for voice
> >> > > > traffic
> >> > > > >> and to use the default native VLAN (VLAN 0) to carry
> all
> >> > > traffic. By
> >> > > > >> default, the Cisco IP phone forwards the voice traffic
> >> > with an
> >> > > 802.1P
> >> > > > >> priority of 5."
> >> > > > >>
> >> > > > >> HTH
> >> > > > >>
> >> > > > >> A.
> >> > > > >>
> >> > > > >>
> >> > > > >> Hobbs wrote:
> >> > > > >>
> >> > > > >>> Disregard the first question...I had a freakin' ACL on
> >> > R2. So
> >> > > the test
> >> > > > is
> >> > > > >>> GOOD.
> >> > > > >>>
> >> > > > >>> My question number 2 still remains...
> >> > > > >>>
> >> > > > >>> thank you,
> >> > > > >>>
> >> > > > >>>
> >> > > > >>> On Mon, Dec 8, 2008 at 2:04 PM, Hobbs
> >> > <deadheadblues@gmail.com <mailto:deadheadblues@gmail.com>
> >> > > <mailto:deadheadblues@gmail.com
> >> > <mailto:deadheadblues@gmail.com>>> wrote:
> >> > > > >>>
> >> > > > >>>
> >> > > > >>>
> >> > > > >>>> Hello my friends,
> >> > > > >>>>
> >> > > > >>>> I have 2 questions regarding voice vlans:
> >> > > > >>>>
> >> > > > >>>> 1) Is it possible to test voice vlan by using
> >> subinterface
> >> > > and dot1q
> >> > > > >>>> encapsulation on a router port:
> >> > > > >>>>
> >> > > > >>>> R1----SW1----SW2----R2
> >> > > > >>>>
> >> > > > >>>> R1 has a subinterface with "encap dot1q 2".
> >> > > > >>>> SW1 has "voice vlan 2" on port to R1.
> >> > > > >>>> Link SW1-SW2 is a trunk with all VLANs allowed.
> >> > > > >>>> R2 is in vlan 2.
> >> > > > >>>>
> >> > > > >>>> R1's config:
> >> > > > >>>>
> >> > > > >>>> interface Ethernet0/0
> >> > > > >>>> !
> >> > > > >>>> interface Ethernet0/0.2
> >> > > > >>>> encapsulation dot1Q 2
> >> > > > >>>> ip address 139.1.2.101 <http://139.1.2.101>
> >> > <http://139.1.2.101> 255.255.255.0 <http://255.255.255.0>
> >> > > <http://255.255.255.0>
> >> > > > >>>>
> >> > > > >>>> SW1:
> >> > > > >>>>
> >> > > > >>>> interface FastEthernet0/1
> >> > > > >>>> switchport access vlan 11
> >> > > > >>>> switchport mode access
> >> > > > >>>> switchport voice vlan 2
> >> > > > >>>> spanning-tree portfast
> >> > > > >>>>
> >> > > > >>>> Should R1 be able to ping R2 at 139.1.2.2
> >> > <http://139.1.2.2> <http://139.1.2.2>
> >> > > ? As of right now, I am not
> >> > > > >>>> able
> >> > > > >>>> to. When I debug icmp, packets from R2 reach R1, but
> >> > packets
> >> > > from R1
> >> > > > >>>> never
> >> > > > >>>> get to R2. Looks like SW1 is not sending packets from
> >> the
> >> > > voice vlan
> >> > > > over
> >> > > > >>>> its trunk to SW2.
> >> > > > >>>>
> >> > > > >>>> 2) What vlan # is used when you configure "switchport
> >> > voice vlan
> >> > > > dot1p"?
> >> > > > >>>> How does the switch know when to send traffic TO this
> >> > port on the
> >> > > > voice
> >> > > > >>>> vlan.
> >> > > > >>>>
> >> > > > >>>> thank you,
> >> > > > >>>>
> >> > > > >>>>
> >> > > > >>>
> >> > > > >>> Blogs and organic groups at http://www.ccie.net
> >> > > > >>>
> >> > > > >>>
> >> > >
> >> >
> >> _______________________________________________________________________
> >> > > > >>> Subscription information may be found at:
> >> > > > >>> http://www.groupstudy.com/list/CCIELab.html
> >> > > > >
> >> > > > >
> >> > > > > Blogs and organic groups at http://www.ccie.net
> >> > > > >
> >> > > > >
> >> > >
> >> >
> >> _______________________________________________________________________
> >> > > > > Subscription information may be found at:
> >> > > > > http://www.groupstudy.com/list/CCIELab.html
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > >
> >> > > > --
> >> > > > Carlos G Mendioroz <tron@huapi.ba.ar
> >> > <mailto:tron@huapi.ba.ar> <mailto:tron@huapi.ba.ar
> >> > <mailto:tron@huapi.ba.ar>>>
> >> > > LW7 EQI Argentina
> >> > >
> >> > >
> >> > > Blogs and organic groups at http://www.ccie.net
> >> > >
> >> > >
> >> >
> >> _______________________________________________________________________
> >> > > Subscription information may be found at:
> >> > > http://www.groupstudy.com/list/CCIELab.html
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Pavel Bykov
> >> > > ----------------
> >> > > Don't forget to help stopping the braindumps, use of which
> reduces
> >> > value
> >> > > of your certifications. Sign the petition at
> >> > http://www.stopbraindumps.com/
> >> >
> >> > --
> >> > Carlos G Mendioroz <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>
> >> > LW7 EQI Argentina
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Pavel Bykov
> >> > ----------------
> >> > Don't forget to help stopping the braindumps, use of which reduces
> value
> >> > of your certifications. Sign the petition at
> >> http://www.stopbraindumps.com/
> >>
> >> --
> >> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
> >>
> >
> >
> >
> > --
> > Pavel Bykov
> > ----------------
> > Don't forget to help stopping the braindumps, use of which reduces value
> of
> > your certifications. Sign the petition at http://www.stopbraindumps.com/
> >
>
>
>
> --
> Pavel Bykov
> ----------------
> Don't forget to help stopping the braindumps, use of which reduces value of
> your certifications. Sign the petition at http://www.stopbraindumps.com/
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST