Re: if voice phone supports 802.1q should i config the port as

From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Thu Jun 01 2006 - 10:04:56 ART

• Next message: Petr Lapukhov: "Re: frame-relay fragment & exclude voice pakkets from being"
• Previous message: Schulz, Dave: "RE: if voice phone supports 802.1q should i config the port as"
• Maybe in reply to: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Next in thread: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Scott,

I don't understand what you mean by this post. There are two ways of
configuring voice vlan, the old and new, the old explicitly configures the
port as a trunk, the new leverages CDP to exchange vlan information between
the switch and phone. Both end up in the switch port trunking. This is
easily seen if you configure both options on a router and issue the show int
f0/5 switchport command.

Port security will work for either configuration, with the caveat that you
need to increase the number of secure addresses by 2.

Chris

On 6/1/06, Scott Morris <swm@emanon.com> wrote:
>
> Where's the fun in that??? Actually, after a little poking around, you
> are
> correct that you CAN use switchport mode access.. This was introduced as
> a
> "fix", however.... Certain features, like port-security, require that
> you
> be on an access port which defeats the purpose of trunking to your
> phone...
>
> In THIS example, the voice-vlan command has the added effect of allowing
> tagged traffic to only one vlan. Kinda obviates the trunking idea, but
> allows it through exceptions. I guess the Voice Design Guide (calling for
> port-security) initially got a bit ahead of the code development guys. :)
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
> #153, CISSP, et al.
> CCSI/JNCI
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
> _____
>
> From: Petr Lapukhov [mailto:petrsoft@gmail.com]
> Sent: Thursday, June 01, 2006 1:00 AM
> To: Scott Morris
> Cc: Victor Cappuccio; Vinu; Cisco certification
> Subject: Re: if voice phone supports 802.1q should i config the port as
> trunk
>
>
> Scott,
>
> just to break the tie :) Let's ask Cisco's hardware:
>
> SW1(config)#interface fastEthernet 0/21
> SW1(config-if)#macro apply cisco-phone $access_vlan 10 $voice_vlan 200
>
> SW1#sh running-config interface fastEthernet 0/21
> Building configuration...
>
> Current configuration : 734 bytes
> !
> interface FastEthernet0/21
> switchport access vlan 10
> switchport mode access
> switchport voice vlan 200
> switchport port-security maximum 3
> switchport port-security
> switchport port-security aging time 2
> switchport port-security violation restrict
> switchport port-security aging type inactivity
> mls qos trust device cisco-phone
> mls qos trust cos
> macro description cisco-phone
> auto qos voip cisco-phone
> wrr-queue bandwidth 10 20 70 1
> wrr-queue min-reserve 1 5
> wrr-queue min-reserve 2 6
> wrr-queue min-reserve 3 7
> wrr-queue min-reserve 4 8
> wrr-queue cos-map 1 0 1
> wrr-queue cos-map 2 2 4
> wrr-queue cos-map 3 3 6 7
> wrr-queue cos-map 4 5
> priority-queue out
> spanning-tree portfast
> spanning-tree bpduguard enable
>
> SW1#show parser macro name cisco-phone
> Macro name : cisco-phone
> Macro type : default interface
> # Cisco IP phone + desktop template
>
> # macro keywords $access_vlan $voice_vlan
>
> # VoIP enabled interface - Enable data VLAN
> # and voice VLAN
> # Recommended value for access vlan should not be 1
> switchport access vlan $access_vlan
> switchport mode access
>
> # Update the Voice VLAN value which should be
> # different from data VLAN
> # Recommended value for voice vlan should not be 1
> switchport voice vlan $voice_vlan
>
> # Enable port security limiting port to a 3 MAC
> # addressess -- One for desktop and two for phone
> switchport port-security
> switchport port-security maximum 3
>
> # Ensure port-security age is greater than one minute
> # and use inactivity timer
> switchport port-security violation restrict
> switchport port-security aging time 2
> switchport port-security aging type inactivity
>
> # Enable auto-qos to extend trust to attached Cisco phone
> auto qos voip cisco-phone
>
> # Configure port as an edge network port
> spanning-tree portfast
> spanning-tree bpduguard enable
>
> HTH
> Petr
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Petr Lapukhov: "Re: frame-relay fragment & exclude voice pakkets from being"
• Previous message: Schulz, Dave: "RE: if voice phone supports 802.1q should i config the port as"
• Maybe in reply to: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Next in thread: Petr Lapukhov: "Re: if voice phone supports 802.1q should i config the port as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART