From: Ed Lui (edwlui@gmail.com)
Date: Tue Jun 28 2005 - 00:34:31 GMT-3
Thanks Larry. Any idea what is the difference between the trunk and access ?
On 6/27/05, Larry Letterman (lletterm) <lletterm@cisco.com> wrote:
>
> It works either way...
>
> The ios command for voice vlan does the same thing that
> Aux vlans does for catos...
>
> Or you can use the trunk command in ios switches to trunk more
> Than one vlan....
>
>
>
>
>
> ##################################
> Larry Letterman
> Cisco Systems Inc.
> ##################################
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ed Lui
> Sent: Monday, June 27, 2005 9:44 PM
> To: gladston@br.ibm.com
> Cc: Chris Lewis (chrlewis); ccielab@groupstudy.com; John Matus
> Subject: Re: Voice VLAN - Access ports
>
> Gladston,
>
> No doubt. There is NO ONE document can prove if it is correct or not. As
> I mentioned in previous post. Access port carries traffic for more than
> 1 vlan is not what most people learned. But this is what I found from
> cisco documentation and not just one. I checked both 3550 and 6500(voice
> vlan=aux
> vlan) configuration from cisco.com <http://cisco.com> <http://cisco.com>.
> Plus I(myself)
> actually labbed it up with 3550EMI+7960phone. Well, did I overlook
> something? It is possible. I am not a Network Engineer but really want
> to figure out the technology. So far, I know both trunk port and access
> port work as well.
>
> Actually, I keep thinking about the pros and cons for both. What is the
> advantage, overhead...etc. Like Brian Dennis said in one of the online
> seminars. I truly agree, understand the technology is the key point.
> Passing the lab is important. I don't feel good to myself if I get a
> chance to hold a number but don't know what myself is doing. Wish Chris
> Lewis can find out for us.
>
> :)
> Ed Lui
> P.S. Technology is changing every day. The standard is based upon the
> creator. Who knows if one day access port can carry no more than 5
> vlans. It is all up to the creator.
>
>
>
> On 6/27/05, gladston@br.ibm.com <gladston@br.ibm.com> wrote:
> >
> >
> > Thanks for this invaluable feedback.
> >
> > Looking at Maurilio's book, page 96, as Chris pointed:
> >
> > Would you agree with the author statement "Ensure...that the native
> > vlan is 2".
> > As I see it, it is not necessary to configure native vlan (to have
> > vlan 2 for data and vlan 50 for voice). One could let the native vlan
> > as default, configure the voice vlan to 50 and the data vlan to 2.
> >
> > Do you see any reason to configure native vlan to the same vlan as the
>
> > data vlan? (my point is that as 7960 talks dot1q, it can tag data vlan
>
> > to any value)
> >
> > Have you seen voice vlan configured on a access port? (I am asking
> > this because on the last time I posted this subject - sorry to post it
>
> > again, but it was not clear - a guy said it was possible). I argued:
> > "How would the voice vlan be transported if there is no dot1Q?"
> > (similar as Chris
> > explained) and the guy answered that it was an exception.
> > It is hard to understand when the hardware is not available to test :)
> >
> >
> > Cordially
> > ------------------------------------------------------------------
> > Gladston
> >
> >
> >
> > *"Chris Lewis \(chrlewis\)" <chrlewis@cisco.com>*
> >
> > 25/06/2005 12:31
> > To
> > "Ed Lui" <edwlui@gmail.com> cc
> > "John Matus" <jmatus@pacbell.net>, Alaerte Gladston
> > Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com> Subject
> > RE: Voice VLAN - Access ports
> >
> >
> >
> >
> >
> >
> >
> > Hi Ed,
> >
> > Thanks for the reply, this has been a valuable exchange for me, as it
> > has made me rethink some things. However, please consider that Cisco
> > documentation on the web is imperfect, sometimes it is accurate from
> > one point of view, but can easily lead to incorrect conclusions, and
> > sometimes it is flat out wrong and won't work (my favorite current
> > example is the configuration for Outbound Route Filtering, it is
> > missing the reference to the prefix list, without which it does not
> > work). Cisco documentation on the web is a tremendous resource, but it
>
> > should only be taken as a guide for what the starting point for
> configuration in a lab should be IMHO.
> >
> > The best configuration example I have seen of voice vlan comes from
> > Maurilio Gorito's routing and switching practice lab book by Cisco
> > press. In practice lab 2, configurations are shown for connecting a
> > 7960 that does trunking, and a 7905 that does not do trunking.
> >
> > The port connecting to a 7960 is configured for trunking, and the port
>
> > connected to the 7905 is not. This is given on p96
> >
> > 3550 config for 7960 phone
> > int fa0/16
> > switchport access vlan 2
> > switchport trunk encapsulation dot1q
> > switchport trunk native vlan 2
> > switchport mode trunk
> > switchport voice vlan 50
> > no ip address
> > duplex full
> > speed 100
> > spanning-tree portfast
> >
> > 3550 config for 7905 phone
> > int fa0/17
> > switchport access vlan 50
> > no ip address
> > duplex half
> > speed 10
> >
> > The explanation is given as follows:
> >
> > The 7960 has the capability to trunk to the 3550 as it has an on-board
>
> > 3 port switch and can separate the voice and data traffic
> appropriately.The7905 phone only has 10 base T and needs manual
> insertion in to the voice
> > vlan. Ensure that the port connecting to the 7960 is configured as a
> > trunk using dot1q and that the native vlan is 2.
> >
> > If you also look at the Cisco Press book Cisco Catalyst QoS, by
> > Flanagan et al, on page 63 you see the following:
> >
> > "Through the use of dot1q trunks, voice traffic from an IP phone
> > connected to an access port can reside on a separate VLAN and subnet.
> > The workstation attached to the Ip phone might still reside on the
> > access, or native VLAN........Subsequently, with the use of voice
> > VLANs, all traffic is tagged to and from the Cisco IP phone and
> Catalyst switch."
> >
> > Now one could argue that things like portfast are not needed for a
> > trunk mode in this configuration, and I would agree, but that is what
> > Maurilio gave in his book, and likely what they would be looking for
> > on the lab exam, which is the purpose of this list :)
> >
> > I think there are at least two sources of confusion in this
> documentation.
> > First is that not all IP phones are created equal, some do trunking
> > and some don't. The other is a potential dual use of the phrase access
>
> > port. In some contexts it can mean a non trunnking port, in others it
> > can mean an ethernet port (which can be configured for trunking or
> non-trunking).
> >
> > Cheers
> >
> > Chris
> > ------------------------------
> >
> >
> > *From:* Ed Lui [mailto:edwlui@gmail.com]
> > *Sent:* Saturday, June 25, 2005 12:27 AM
> > *To:* Chris Lewis (chrlewis)
> > *Cc:* John Matus; gladston@br.ibm.com; ccielab@groupstudy.com
> > *Subject:* Re: Voice VLAN - Access ports
> >
> > Chris,
> >
> > I have been struggling about 2 vlans on an access port for a while. I
> > know it works with either access port or trunk port let say with a
> > 7960. What I understand is, an access port can not carry traffic for
> more than 1 vlan.
> > Somehow, the documentation told me voice vlan is an exception. Then I
> > labbed it up myself(3550 EMI + 7960). The result is an access port can
>
> > carry data on one vlan and voice on another within the same access
> > port. And that is what the documentation said, too.
> >
> > Consider those underlined below. Portfast is for access port and not
> > for trunk port.
> >
> >
> > *Voice VLAN Configuration Guidelines*
> >
> > These are the voice VLAN configuration guidelines:
> >
> > - *You should configure voice VLAN on switch access ports.*
> > - Before you enable voice VLAN, we recommend that you enable QoS on
> > the switch by entering the mls qosglobal configuration command and
> configure
> > the port trust state to trust by entering the mls qos
> trustcosinterface
> > configuration command.
> > - *The Port Fast feature is automatically enabled when voice VLAN
> is
> > configured*. When you disable voice VLAN, the Port Fast feature is
> > not automatically disabled.
> >
> >
> > Per your config :
> > Int fa0/16
> > Switch access vlan 2
> > Switch trunk encap dot1q<---to be removed-----> Switch trunk native
> > vlan 2<---to be removed-----> Switch mode trunk<---to be removed----->
>
> > Switch voice vlan 50 switchport priority extend cos 0 mls qos trust
> > cos < or "mls qos trust device cisco-phone" should also work
> > >
> >
> > It works with those lines removed. But also WORKS WITH THOSE LINES. I
> > am so confuse about the configurations. Wish someone can explain the
> > Pros and Cons between the 2. Finally, I also have the same book you
> > guys have and understand it says trunk port configuration needs to be
> > included. On the other hand, documentation from *cisco.com*
> > <http://cisco.com> said access port.
> >
> > :)
> > Ed Lui
> >
> >
> >
> >
> >
> >
> > On 6/24/05, *Chris Lewis (chrlewis)*
> <*chrlewis@cisco.com*<chrlewis@cisco.com>>
> > wrote:Hi,
> >
> > John, that is correct, the 7960 uses trunking, the cheaper ones do
> not.
> >
> > Ed, my question to you is if you are told to configure a switch port
> > to have voice traffic from the phone in vlan 50 and data traffic from
> > a PC attached to the phone in vlan 2, how can you do that without
> > configuring trunking on the port? Clearly you would not want data
> > traffic rom the PC in the same vlan as the voice traffic, otherwise it
>
> > ceases to be a voice vlan :)
> >
> > Chris
> >
> > -----Original Message-----
> > From: John Matus [mailto:*jmatus@pacbell.net* <jmatus@pacbell.net> ]
> > Sent: Friday, June 24, 2005 9:32 PM
> > To: Ed Lui; Chris Lewis (chrlewis)
> > Cc: *gladston@br.ibm.com* <gladston@br.ibm.com>;
> *ccielab@groupstudy.com*<ccielab@groupstudy.com>
> > Subject: Re: Voice VLAN - Access ports
> >
> > my ciscopress lab book is in the car...........but....
> > i think it all depends on which type of phone you are using.
> >
> > i believe that the cheapy phones actually use the "switch access vlan"
> > for their traffic and a more expensive one <if i can remember
> > correctly, the 7960 phone??> uses trunking.
> >
> >
> > Regards,
> >
> > John D. Matus
> > MCSE, CCNP
> > Office: 818-782-2061
> > Cell: 818-430-8372
> > *jmatus@pacbell.net* <jmatus@pacbell.net>
> > ----- Original Message -----
> > From: "Ed Lui" <*edwlui@gmail.com* <edwlui@gmail.com>>
> > To: "Chris Lewis (chrlewis)" <*chrlewis@cisco.com*
> > <chrlewis@cisco.com>>
> > Cc: <* gladston@br.ibm.com* <gladston@br.ibm.com>>; <*
> > ccielab@groupstudy.com* <ccielab@groupstudy.com>>
> > Sent: Friday, June 24, 2005 6:34 PM
> > Subject: Re: Voice VLAN - Access ports
> >
> >
> > > Chris,
> > > It doesn't sound like what I learned from the DocCD. According to
> > > the DocCD. Switch port connected to IPphone should be configured as
> > > access
> >
> > > port
> > > and NOT TRUNK. Take a look :
> > > Voice VLAN Configuration Guidelines
> > >
> > > These are the voice VLAN configuration guidelines:
> > >
> > > - You should configure voice VLAN on switch access ports.
> > > - Before you enable voice VLAN, we recommend that you enable QoS on
> > > the switch by entering the mls qos global configuration command and
> > > configure the port trust state to trust by entering the mls qos
> > trust
> > > cos interface configuration command.
> > > - The Port Fast feature is automatically enabled when voice VLAN is
> > > configured. When you disable voice VLAN, the Port Fast feature is
> > not
> > > automatically disabled.
> > > - When you enable port security on an interface that is also
> > > configured with a voice VLAN, you must set the maximum allowed
> > secure
> > > addresses on the port to at least two.
> > > - If any type of port security is enabled on the access VLAN,
> > dynamic
> > > port security is automatically enabled on the voice VLAN.
> > > - You cannot configure static secure or sticky secure MAC addresses
> > on
> > > a voice VLAN.
> > > - Voice VLAN ports can also be these port types:
> > > - Dynamic access port. See the "Configuring Dynamic Access Ports on
> > > VMPS Clients"
> > >
> > section<
> > *http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> > * <http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > a1/35
> > > 50scg/swvlan.htm#94106>for
> > > more information.
> > > - Secure port. See the "Configuring Port Security"
> > >
> >
> section<*http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114
> e*<ht
> tp://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > a1/35
> > > 50scg/swtrafc.htm#86378>for
> > > more information.
> > > - 802.1X authenticated port. See the "Using 802.1X with Voice VLAN
> > > Ports"
> > >
> > section<*http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/121
> > 14e
> > * <http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > a1/35
> > > 50scg/sw8021x.htm#50544>for
> > > more information.
> > > - Protected port. See the "Configuring Protected Ports"
> > >
> > section<*
> > http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> > * <http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> > a1/35
> > > 50scg/swtrafc.htm#56161>for
> > > more information
> > >
> > > HTH,
> > > Ed Lui
> > >
> > > On 6/24/05, Chris Lewis (chrlewis) <
> *chrlewis@cisco.com*<chrlewis@cisco.com>>
> > wrote:
> > >>
> > >> This is a config that I believe works to make vlan 50 the voice
> > >> vlan, and vlan 2 to be the data vlan, then sets data from the PC to
>
> > >> CoS 0
> > and
> > >> trusts CoS from the phone.
> > >>
> > >> Mls qos
> > >>
> > >> Vlan 50
> > >> Name voice vlan
> > >>
> > >> Int fa0/16
> > >> Switch access vlan 2
> > >> Switch trunk encap dot1q
> > >> Switch trunk native vlan 2
> > >> Switch mode trunk
> > >> Switch voice vlan 50
> > >> switchport priority extend cos 0
> > >> mls qos trust cos
> > >>
> > >> The switch access configuration in the interface defines what vlan
> > the
> > >> port belongs to if for some reason the port stops trunking. Voice
> > vlan
> > >> has to work on a trunk port for there to be traffic that are
> > >> members
> > of
> > >> two vlans on it.
> > >>
> > >> It could be possible that the documentation you refer to is listing
>
> > >> a restriction for configuring port security in addition to voice
> > >> vlan, although I don't know for sure.
> > >>
> > >> Chris
> > >>
> > >> -----Original Message-----
> > >> From: *nobody@groupstudy.com* <nobody@groupstudy.com> [mailto:*
> > nobody@groupstudy.com* <nobody@groupstudy.com> ] On Behalf Of
> > >> *gladston@br.ibm.com* <gladston@br.ibm.com>
> > >> Sent: Wednesday, June 22, 2005 12:14 PM
> > >> To: *ccielab@groupstudy.com * <ccielab@groupstudy.com>
> > >> Subject: Voice VLAN - Access ports
> > >>
> > >> Hi,
> > >>
> > >> Looking for Port security information I read this:
> > >>
> > >> "Voice VLAN is only supported on access ports and not on trunk
> > >> ports, even though the configuration is allowed"
> > >>
> > >>
> > *http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/sc
> > g/s
> > *<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/s
> > cg/s>
> > >> wtrafc.htm#wp1038501
> > >>
> > >> Some time ago I was researching about this subject (if it would be
> > >> allowed to configure an interface connected to an IPPhone with
> > >> 'switchport mode trunk').
> > >> One of the answers was 'yes'.
> > >>
> > >> Do you know if an IPPhone only works if the port is configured as
> > access
> > >> port?
> > >> If yes, how does it work, considering the previous Cisco statement?
> > >>
> > >> Thanks for any feedback.
> > >>
> > >>
> > ______________________________________________________________________
> > _
> > >> Subscription information may be found at:
> > >>
> *http://www.groupstudy.com/list/CCIELab.html*
> list/
> CCIELab.html>
> > >>
> > >>
> > ______________________________________________________________________
> > _
> > >> Subscription information may be found at:
> > >>
> *http://www.groupstudy.com/list/CCIELab.html*
> list/
> CCIELab.html>
> > >
> > >
> > ______________________________________________________________________
> > _
> > > Subscription information may be found at:
> > >
> *http://www.groupstudy.com/list/CCIELab.html*
> list/
> CCIELab.html>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:44 GMT-3