Re: 2 Voice vlan questions: 1) Testing the config 2) Dot1p

From: Pavel Bykov (slidersv@gmail.com)
Date: Fri Dec 12 2008 - 11:09:04 ARST

1. Try monitoring some trunk first first, i think you may be surprised, that
you won't see tags there as well.
For SPAN requirements are that either SPAN destination has to be "mode
turnk" or you can force tag propagation using "monitor session 1 destination
interface fa x/x encapsulation replicate". That encapsulation replicate does
the trick. So SPAN does not add tags, only removes them.

2. You need operating system that can receive tags - i.e. Not Windows (you
need to alter windows for this).

3. Just as completeness: SW was 2960 with 12.2(44), but i'm pretty sure
you'll find what's wrong with #1 or #2
SPAN config:
monitor session 1 source interface fast 0/13 both
monitor session 1 destination interface fa 0/2 encapsulation replicate

On Fri, Dec 12, 2008 at 1:53 PM, Carlos G Mendioroz <tron@huapi.ba.ar>wrote:

> Ouch, that hurts... (I'm a very sensitive person, and
> that "you are not correct" bounced into my ego shield :)
>
> May I ask how did you got the trace ?
> Cause if you are using SPAN, it might be adding tags.
>
> At least for me, monitoring using a hub between phone and switch,
> with a 2950 running 12.1(22)EA12, frames from switch to phone are
> not tagged when using voice vlan dot1p.
>
> -Carlos
>
> Pavel Bykov @ 12/12/2008 10:23 -0200 dixit:
> > Ok. Because this interested me I sniffed the behaviour.
> > Carlos, you are not correct - see the sniff output below
> > The stup was very simple SW---PHONE---PC
> >
> > 1. Switch config:
> > interface FastEthernet0/13
> > switchport access vlan 600
> > switchport voice vlan dot1p
> > spanning-tree portfast
> > end
> >
> > 2. Switch sends CDP packet to the phone with "VoIP VLAN Reply" field set
> > to 0, and "Native VLAN: 600"
> >
> > 3. IPPhone encapsulates all traffic that it sends with 802.1Q with
> VlanID=0:
> > 802.1Q Virtual LAN, PRI: 3, CFI: 0, ID: 0
> > 011. .... .... .... = Priority: 3
> > ...0 .... .... .... = CFI: 0
> > .... 0000 0000 0000 = ID: 0
> > Type: IP (0x0800)
> >
> > therefore, it can use 802.1p inside 802.1Q
> > Switch accepts this traffic.
> >
> > 4. All traffic from PC is being forwarded untagged to the switch
> >
> > 5. All traffic that is going from switch to the IPPhone, or PC behind
> > that IP Phone is TAGGED WTIH VLAN600 (because in this case it's access
> > vlan 600)
> > 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 600
> > 000. .... .... .... = Priority: 0
> > ...0 .... .... .... = CFI: 0
> > .... 0010 0101 1000 = ID: 600
> > Type: IP (0x0800)
> >
> > This is not what I expected at all
> >
> > So basically:
> > IPPhone --> SW = 802.1Q with VLAN ID 0
> > PC --> IPPhone --> SW = No 802.1Q tag
> > SW --> IPPhone --> PC = 802.1Q tag with VLAN ID 600
> > SW --> IPPhone = 802.1Q tag with VLAN ID 600
> >
> > wow....
> >
> > On Mon, Dec 8, 2008 at 11:08 PM, Hobbs <deadheadblues@gmail.com
> > <mailto:deadheadblues@gmail.com>> wrote:
> >
> > Thanks Carlos. That's what I was looking for.
> >
> > On Mon, Dec 8, 2008 at 3:05 PM, Carlos G Mendioroz <tron@huapi.ba.ar
> > <mailto:tron@huapi.ba.ar>> wrote:
> >
> > > Hobbs,
> > > VLAN 0 is not a VLAN, is just a filler for the VLAN ID that is not
> > being
> > > used. The port is an access port, the VLAN is whichever you
> > assigned to it.
> > >
> > > Traffic being sent to the phone is not tagged.
> > >
> > > -Carlos
> > >
> > > Hobbs @ 8/12/2008 19:41 -0200 dixit:
> > > > Thank you Alexei.
> > > >
> > > > But how does traffic get TO or FROM this port with vlan 0 tagged?
> > > > How does it learn MAC addresses on this vlan? Does it send it
> > out all
> > > trunk
> > > > ports?
> > > > "Show interface trunk" does not show vlan 0 as allowed or
> active...
> > > >
> > > >
> > > > On Mon, Dec 8, 2008 at 2:17 PM, Alexei Monastyrnyi
> > <alexeim73@gmail.com <mailto:alexeim73@gmail.com>
> > > >wrote:
> > > >
> > > >> Hobbs,
> > > >> as per 3550/3560 configuration guide:
> > > >>
> > > >> "Instruct the switch port to use 802.1P priority tagging for
> voice
> > > traffic
> > > >> and to use the default native VLAN (VLAN 0) to carry all
> > traffic. By
> > > >> default, the Cisco IP phone forwards the voice traffic with an
> > 802.1P
> > > >> priority of 5."
> > > >>
> > > >> HTH
> > > >>
> > > >> A.
> > > >>
> > > >>
> > > >> Hobbs wrote:
> > > >>
> > > >>> Disregard the first question...I had a freakin' ACL on R2. So
> > the test
> > > is
> > > >>> GOOD.
> > > >>>
> > > >>> My question number 2 still remains...
> > > >>>
> > > >>> thank you,
> > > >>>
> > > >>>
> > > >>> On Mon, Dec 8, 2008 at 2:04 PM, Hobbs <deadheadblues@gmail.com
> > <mailto:deadheadblues@gmail.com>> wrote:
> > > >>>
> > > >>>
> > > >>>
> > > >>>> Hello my friends,
> > > >>>>
> > > >>>> I have 2 questions regarding voice vlans:
> > > >>>>
> > > >>>> 1) Is it possible to test voice vlan by using subinterface
> > and dot1q
> > > >>>> encapsulation on a router port:
> > > >>>>
> > > >>>> R1----SW1----SW2----R2
> > > >>>>
> > > >>>> R1 has a subinterface with "encap dot1q 2".
> > > >>>> SW1 has "voice vlan 2" on port to R1.
> > > >>>> Link SW1-SW2 is a trunk with all VLANs allowed.
> > > >>>> R2 is in vlan 2.
> > > >>>>
> > > >>>> R1's config:
> > > >>>>
> > > >>>> interface Ethernet0/0
> > > >>>> !
> > > >>>> interface Ethernet0/0.2
> > > >>>> encapsulation dot1Q 2
> > > >>>> ip address 139.1.2.101 <http://139.1.2.101> 255.255.255.0
> > <http://255.255.255.0>
> > > >>>>
> > > >>>> SW1:
> > > >>>>
> > > >>>> interface FastEthernet0/1
> > > >>>> switchport access vlan 11
> > > >>>> switchport mode access
> > > >>>> switchport voice vlan 2
> > > >>>> spanning-tree portfast
> > > >>>>
> > > >>>> Should R1 be able to ping R2 at 139.1.2.2 <http://139.1.2.2>
> > ? As of right now, I am not
> > > >>>> able
> > > >>>> to. When I debug icmp, packets from R2 reach R1, but packets
> > from R1
> > > >>>> never
> > > >>>> get to R2. Looks like SW1 is not sending packets from the
> > voice vlan
> > > over
> > > >>>> its trunk to SW2.
> > > >>>>
> > > >>>> 2) What vlan # is used when you configure "switchport voice
> vlan
> > > dot1p"?
> > > >>>> How does the switch know when to send traffic TO this port on
> the
> > > voice
> > > >>>> vlan.
> > > >>>>
> > > >>>> thank you,
> > > >>>>
> > > >>>>
> > > >>>
> > > >>> Blogs and organic groups at http://www.ccie.net
> > > >>>
> > > >>>
> >
> _______________________________________________________________________
> > > >>> Subscription information may be found at:
> > > >>> http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > > Blogs and organic groups at http://www.ccie.net
> > > >
> > > >
> >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > --
> > > Carlos G Mendioroz <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>
> > LW7 EQI Argentina
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > Pavel Bykov
> > ----------------
> > Don't forget to help stopping the braindumps, use of which reduces value
> > of your certifications. Sign the petition at
> http://www.stopbraindumps.com/
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
> 

-- 
Pavel Bykov
----------------
Don't forget to help stopping the braindumps, use of which reduces value of
your certifications. Sign the petition at http://www.stopbraindumps.com/

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST