From: Larry Letterman \(lletterm\) (lletterm@cisco.com)
Date: Tue Jun 28 2005 - 02:42:15 GMT-3
Ed,
The phone is a 3 port switch..the port the phone is connected to is a
trunk and carries both data and voice
to the internal phone port and the data port that the pc is connected
to...in my example I used the vlans allowed
because I only need data and voice on the two vlans I allowed...
whether I used trunks or access commands, the vlans will still be the
same..
##################################
Larry Letterman
Cisco Systems Inc.
##################################
________________________________
From: Ed Lui [mailto:edwlui@gmail.com]
Sent: Tuesday, June 28, 2005 12:03 AM
To: Larry Letterman (lletterm)
Cc: gladston@br.ibm.com; Chris Lewis (chrlewis); ccielab@groupstudy.com;
John Matus
Subject: Re: Voice VLAN - Access ports
Larry,
Thanks ! it is much more clear now. But I am thinking, since you have
the trunk port configuration + allowed vlan(s) across the trunk. My
question is :
1. A trunk link can be connected to the phone's PC port with trunk
configuration on the switch port ?
2. With just the access mode configuration(without any trunk
configuration), no vlan(s) will be allowed other than the voice vlan and
access vlan ? Is it the difference between the trunk configuration and
access port configuration ?
Ed Lui
On 6/27/05, Larry Letterman (lletterm) <lletterm@cisco.com> wrote:
Ed,
This is one of our switches using the trunk method...
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 152
switchport trunk allowed vlan 1,152,155,1002-1005
switchport mode trunk
switchport voice vlan 155
no ip address
spanning-tree portfast
!
##################################
Larry Letterman
Cisco Systems Inc.
##################################
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
Larry Letterman (lletterm)
Sent: Monday, June 27, 2005 10:51 PM
To: Ed Lui
Cc: gladston@br.ibm.com; Chris Lewis (chrlewis);
ccielab@groupstudy.com;
John Matus
Subject: RE: Voice VLAN - Access ports
when we introduced the ip voice platform, they came up with the
aux vlan
command..
plain and simple, it allows the ethernet port to carry 2 vlans,
which is
just a trunk port in disguise...to my knowledge you cannot carry
more
than 1 vlan across ethernet ports without trunking the port
somehow...
The ios based switches, c3550 and C6500, can either trunk the
vlans or
use access switchport settings and voice vlan commands...in my
networks,
I use the switchport access and voice vlan for my ios based
telephony
switches...
the difference is that access ports are for carrying 1 vlan or
subnet
data and trunk ports are for carrying two or more vlans /subnets
on that
port...
##################################
Larry Letterman
Cisco Systems Inc.
##################################
________________________________
From: Ed Lui [mailto: edwlui@gmail.com <mailto:edwlui@gmail.com>
]
Sent: Monday, June 27, 2005 10:35 PM
To: Larry Letterman (lletterm)
Cc: gladston@br.ibm.com; Chris Lewis (chrlewis);
ccielab@groupstudy.com;
John Matus
Subject: Re: Voice VLAN - Access ports
Thanks Larry. Any idea what is the difference between the trunk
and
access ?
On 6/27/05, Larry Letterman (lletterm) < lletterm@cisco.com
<mailto:lletterm@cisco.com> > wrote:
It works either way...
The ios command for voice vlan does the same thing that
Aux vlans does for catos...
Or you can use the trunk command in ios switches to
trunk more
Than one vlan....
##################################
Larry Letterman
Cisco Systems Inc.
##################################
-----Original Message-----
From: nobody@groupstudy.com [mailto:
nobody@groupstudy.com <mailto:nobody@groupstudy.com> ] On
Behalf Of
Ed Lui
Sent: Monday, June 27, 2005 9:44 PM
To: gladston@br.ibm.com
Cc: Chris Lewis (chrlewis); ccielab@groupstudy.com; John
Matus
Subject: Re: Voice VLAN - Access ports
Gladston,
No doubt. There is NO ONE document can prove if it is
correct or
not. As
I mentioned in previous post. Access port carries
traffic for
more than
1 vlan is not what most people learned. But this is what
I found
from
cisco documentation and not just one. I checked both
3550 and
6500(voice
vlan=aux
vlan) configuration from cisco.com <http://cisco.com>.
Plus
I(myself)
actually labbed it up with 3550EMI+7960phone. Well, did
I
overlook
something? It is possible. I am not a Network Engineer
but
really want
to figure out the technology. So far, I know both trunk
port and
access
port work as well.
Actually, I keep thinking about the pros and cons for
both. What
is the
advantage, overhead...etc. Like Brian Dennis said in one
of the
online
seminars. I truly agree, understand the technology is
the key
point.
Passing the lab is important. I don't feel good to
myself if I
get a
chance to hold a number but don't know what myself is
doing.
Wish Chris
Lewis can find out for us.
:)
Ed Lui
P.S. Technology is changing every day. The standard is
based
upon the
creator. Who knows if one day access port can carry no
more than
5
vlans. It is all up to the creator.
On 6/27/05, gladston@br.ibm.com < gladston@br.ibm.com
<mailto:gladston@br.ibm.com > > wrote:
>
>
> Thanks for this invaluable feedback.
>
> Looking at Maurilio's book, page 96, as Chris pointed:
>
> Would you agree with the author statement
"Ensure...that the
native
> vlan is 2".
> As I see it, it is not necessary to configure native
vlan (to
have
> vlan 2 for data and vlan 50 for voice). One could let
the
native vlan
> as default, configure the voice vlan to 50 and the
data vlan
to 2.
>
> Do you see any reason to configure native vlan to the
same
vlan as the
> data vlan? (my point is that as 7960 talks dot1q, it
can tag
data vlan
> to any value)
>
> Have you seen voice vlan configured on a access port?
(I am
asking
> this because on the last time I posted this subject -
sorry to
post it
> again, but it was not clear - a guy said it was
possible). I
argued:
> "How would the voice vlan be transported if there is
no
dot1Q?"
> (similar as Chris
> explained) and the guy answered that it was an
exception.
> It is hard to understand when the hardware is not
available to
test :)
>
>
> Cordially
>
------------------------------------------------------------------
> Gladston
>
>
>
> *"Chris Lewis \(chrlewis\)" < chrlewis@cisco.com
<mailto:chrlewis@cisco.com> >*
>
> 25/06/2005 12:31
> To
> "Ed Lui" < edwlui@gmail.com> cc
> "John Matus" < jmatus@pacbell.net>, Alaerte Gladston
> Vidali/Brazil/IBM@IBMBR, < ccielab@groupstudy.com
<mailto: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
> > Subject
> RE: Voice VLAN - Access ports
>
>
>
>
>
>
>
> Hi Ed,
>
> Thanks for the reply, this has been a valuable
exchange for
me, as it
> has made me rethink some things. However, please
consider that
Cisco
> documentation on the web is imperfect, sometimes it is
accurate from
> one point of view, but can easily lead to incorrect
conclusions, and
> sometimes it is flat out wrong and won't work (my
favorite
current
> example is the configuration for Outbound Route
Filtering, it
is
> missing the reference to the prefix list, without
which it
does not
> work). Cisco documentation on the web is a tremendous
resource, but it
> should only be taken as a guide for what the starting
point
for
configuration in a lab should be IMHO.
>
> The best configuration example I have seen of voice
vlan comes
from
> Maurilio Gorito's routing and switching practice lab
book by
Cisco
> press. In practice lab 2, configurations are shown for
connecting a
> 7960 that does trunking, and a 7905 that does not do
trunking.
>
> The port connecting to a 7960 is configured for
trunking, and
the port
> connected to the 7905 is not. This is given on p96
>
> 3550 config for 7960 phone
> int fa0/16
> switchport access vlan 2
> switchport trunk encapsulation dot1q
> switchport trunk native vlan 2
> switchport mode trunk
> switchport voice vlan 50
> no ip address
> duplex full
> speed 100
> spanning-tree portfast
>
> 3550 config for 7905 phone
> int fa0/17
> switchport access vlan 50
> no ip address
> duplex half
> speed 10
>
> The explanation is given as follows:
>
> The 7960 has the capability to trunk to the 3550 as it
has an
on-board
> 3 port switch and can separate the voice and data
traffic
appropriately.The7905 phone only has 10 base T and needs
manual
insertion in to the voice
> vlan. Ensure that the port connecting to the 7960 is
configured as a
> trunk using dot1q and that the native vlan is 2.
>
> If you also look at the Cisco Press book Cisco
Catalyst QoS,
by
> Flanagan et al, on page 63 you see the following:
>
> "Through the use of dot1q trunks, voice traffic from
an IP
phone
> connected to an access port can reside on a separate
VLAN and
subnet.
> The workstation attached to the Ip phone might still
reside on
the
> access, or native VLAN........Subsequently, with the
use of
voice
> VLANs, all traffic is tagged to and from the Cisco IP
phone
and
Catalyst switch."
>
> Now one could argue that things like portfast are not
needed
for a
> trunk mode in this configuration, and I would agree,
but that
is what
> Maurilio gave in his book, and likely what they would
be
looking for
> on the lab exam, which is the purpose of this list :)
>
> I think there are at least two sources of confusion in
this
documentation.
> First is that not all IP phones are created equal,
some do
trunking
> and some don't. The other is a potential dual use of
the
phrase access
> port. In some contexts it can mean a non trunnking
port, in
others it
> can mean an ethernet port (which can be configured for
trunking or
non-trunking).
>
> Cheers
>
> Chris
> ------------------------------
>
>
> *From:* Ed Lui [mailto: edwlui@gmail.com]
> *Sent:* Saturday, June 25, 2005 12:27 AM
> *To:* Chris Lewis (chrlewis)
> *Cc:* John Matus; gladston@br.ibm.com ;
ccielab@groupstudy.com
> *Subject:* Re: Voice VLAN - Access ports
>
> Chris,
>
> I have been struggling about 2 vlans on an access port
for a
while. I
> know it works with either access port or trunk port
let say
with a
> 7960. What I understand is, an access port can not
carry
traffic for
more than 1 vlan.
> Somehow, the documentation told me voice vlan is an
exception.
Then I
> labbed it up myself(3550 EMI + 7960). The result is an
access
port can
> carry data on one vlan and voice on another within the
same
access
> port. And that is what the documentation said, too.
>
> Consider those underlined below. Portfast is for
access port
and not
> for trunk port.
>
>
> *Voice VLAN Configuration Guidelines*
>
> These are the voice VLAN configuration guidelines:
>
> - *You should configure voice VLAN on switch access
ports.*
> - Before you enable voice VLAN, we recommend that
you
enable QoS on
> the switch by entering the mls qosglobal
configuration
command and
configure
> the port trust state to trust by entering the mls
qos
trustcosinterface
> configuration command.
> - *The Port Fast feature is automatically enabled
when
voice VLAN
is
> configured*. When you disable voice VLAN, the Port
Fast
feature is
> not automatically disabled.
>
>
> Per your config :
> Int fa0/16
> Switch access vlan 2
> Switch trunk encap dot1q<---to be removed-----> Switch
trunk
native
> vlan 2<---to be removed-----> Switch mode trunk<---to
be
removed----->
> Switch voice vlan 50 switchport priority extend cos 0
mls qos
trust
> cos < or "mls qos trust device cisco-phone" should
also work
> >
>
> It works with those lines removed. But also WORKS WITH
THOSE
LINES. I
> am so confuse about the configurations. Wish someone
can
explain the
> Pros and Cons between the 2. Finally, I also have the
same
book you
> guys have and understand it says trunk port
configuration
needs to be
> included. On the other hand, documentation from
*cisco.com*
> <http://cisco.com> said access port.
>
> :)
> Ed Lui
>
>
>
>
>
>
> On 6/24/05, *Chris Lewis (chrlewis)*
<*chrlewis@cisco.com*< chrlewis@cisco.com
<mailto:chrlewis@cisco.com> >>
> wrote:Hi,
>
> John, that is correct, the 7960 uses trunking, the
cheaper
ones do
not.
>
> Ed, my question to you is if you are told to configure
a
switch port
> to have voice traffic from the phone in vlan 50 and
data
traffic from
> a PC attached to the phone in vlan 2, how can you do
that
without
> configuring trunking on the port? Clearly you would
not want
data
> traffic rom the PC in the same vlan as the voice
traffic,
otherwise it
> ceases to be a voice vlan :)
>
> Chris
>
> -----Original Message-----
> From: John Matus [mailto:*jmatus@pacbell.net*
<jmatus@pacbell.net> ]
> Sent: Friday, June 24, 2005 9:32 PM
> To: Ed Lui; Chris Lewis (chrlewis)
> Cc: *gladston@br.ibm.com* <gladston@br.ibm.com>;
*ccielab@groupstudy.com*<ccielab@groupstudy.com>
> Subject: Re: Voice VLAN - Access ports
>
> my ciscopress lab book is in the car...........but....
> i think it all depends on which type of phone you are
using.
>
> i believe that the cheapy phones actually use the
"switch
access vlan"
> for their traffic and a more expensive one <if i can
remember
> correctly, the 7960 phone??> uses trunking.
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> *jmatus@pacbell.net * <jmatus@pacbell.net>
> ----- Original Message -----
> From: "Ed Lui" <*edwlui@gmail.com* < edwlui@gmail.com
>>
> To: "Chris Lewis (chrlewis)" <*chrlewis@cisco.com*
> <chrlewis@cisco.com>>
> Cc: <* gladston@br.ibm.com * <gladston@br.ibm.com>>;
<*
> ccielab@groupstudy.com* <ccielab@groupstudy.com>>
> Sent: Friday, June 24, 2005 6:34 PM
> Subject: Re: Voice VLAN - Access ports
>
>
> > Chris,
> > It doesn't sound like what I learned from the DocCD.
According to
> > the DocCD. Switch port connected to IPphone should
be
configured as
> > access
>
> > port
> > and NOT TRUNK. Take a look :
> > Voice VLAN Configuration Guidelines
> >
> > These are the voice VLAN configuration guidelines:
> >
> > - You should configure voice VLAN on switch access
ports.
> > - Before you enable voice VLAN, we recommend that
you enable
QoS on
> > the switch by entering the mls qos global
configuration
command and
> > configure the port trust state to trust by entering
the mls
qos
> trust
> > cos interface configuration command.
> > - The Port Fast feature is automatically enabled
when voice
VLAN is
> > configured. When you disable voice VLAN, the Port
Fast
feature is
> not
> > automatically disabled.
> > - When you enable port security on an interface that
is also
> > configured with a voice VLAN, you must set the
maximum
allowed
> secure
> > addresses on the port to at least two.
> > - If any type of port security is enabled on the
access
VLAN,
> dynamic
> > port security is automatically enabled on the voice
VLAN.
> > - You cannot configure static secure or sticky
secure MAC
addresses
> on
> > a voice VLAN.
> > - Voice VLAN ports can also be these port types:
> > - Dynamic access port. See the "Configuring Dynamic
Access
Ports on
> > VMPS Clients"
> >
> section<
>
*http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> *
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e>
> a1/35
> > 50scg/swvlan.htm#94106>for
> > more information.
> > - Secure port. See the "Configuring Port Security"
> >
>
section<*
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114>
e*<ht
tp://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e >
> a1/35
> > 50scg/swtrafc.htm#86378>for
> > more information.
> > - 802.1X authenticated port. See the "Using 802.1X
with
Voice VLAN
> > Ports"
> >
> section<*
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/121
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/121>
> 14e
> *
<
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e> >
> a1/35
> > 50scg/sw8021x.htm#50544>for
> > more information.
> > - Protected port. See the "Configuring Protected
Ports"
> >
> section<*
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e
> *
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114e >
> a1/35
> > 50scg/swtrafc.htm#56161>for
> > more information
> >
> > HTH,
> > Ed Lui
> >
> > On 6/24/05, Chris Lewis (chrlewis) <
* chrlewis@cisco.com <mailto:chrlewis@cisco.com>
*<chrlewis@cisco.com>>
> wrote:
> >>
> >> This is a config that I believe works to make vlan
50 the
voice
> >> vlan, and vlan 2 to be the data vlan, then sets
data from
the PC to
> >> CoS 0
> and
> >> trusts CoS from the phone.
> >>
> >> Mls qos
> >>
> >> Vlan 50
> >> Name voice vlan
> >>
> >> Int fa0/16
> >> Switch access vlan 2
> >> Switch trunk encap dot1q
> >> Switch trunk native vlan 2
> >> Switch mode trunk
> >> Switch voice vlan 50
> >> switchport priority extend cos 0
> >> mls qos trust cos
> >>
> >> The switch access configuration in the interface
defines
what vlan
> the
> >> port belongs to if for some reason the port stops
trunking.
Voice
> vlan
> >> has to work on a trunk port for there to be traffic
that
are
> >> members
> of
> >> two vlans on it.
> >>
> >> It could be possible that the documentation you
refer to is
listing
> >> a restriction for configuring port security in
addition to
voice
> >> vlan, although I don't know for sure.
> >>
> >> Chris
> >>
> >> -----Original Message-----
> >> From: *nobody@groupstudy.com* <
nobody@groupstudy.com <mailto:nobody@groupstudy.com> >
[mailto:*
> nobody@groupstudy.com* <nobody@groupstudy.com > ] On
Behalf Of
> >> *gladston@br.ibm.com* < gladston@br.ibm.com>
> >> Sent: Wednesday, June 22, 2005 12:14 PM
> >> To: * ccielab@groupstudy.com
<mailto:ccielab@groupstudy.com> * <ccielab@groupstudy.com>
> >> Subject: Voice VLAN - Access ports
> >>
> >> Hi,
> >>
> >> Looking for Port security information I read this:
> >>
> >> "Voice VLAN is only supported on access ports and
not on
trunk
> >> ports, even though the configuration is allowed"
> >>
> >>
> *
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/sc
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/sc >
> g/s
>
*<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/s
> cg/s>
> >> wtrafc.htm#wp1038501
> >>
> >> Some time ago I was researching about this subject
(if it
would be
> >> allowed to configure an interface connected to an
IPPhone
with
> >> 'switchport mode trunk').
> >> One of the answers was 'yes'.
> >>
> >> Do you know if an IPPhone only works if the port is
configured as
> access
> >> port?
> >> If yes, how does it work, considering the previous
Cisco
statement?
> >>
> >> Thanks for any feedback.
> >>
> >>
>
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:45 GMT-3