Configuring Catalyst 3560 for 1 voice VLAN and multiple data VLANs

s.dovinte · ‎04-19-2011

Hi all,

We currently have our IP Phones connected to the switches (4 catalyst 3560). The Callmanager assigns the phone's ip by DHCP.

Our data and voice LANs are completly separated, logically and physically.

We want to use the IP phone's switch to connect our PC's to the phones and these to the Catalyst Switches.

Our goal is to deploy one VLAN for voice, and at least 5 VLans for data (we want to spearte the data of the different departments). As I said the phones are configured to obtain an ip of the CallManager's DHCP Server, our office has an internal DHCP server and we have a central router to make the routing with the vlans...

Anyone has a similar scenario? We need help to configure the switches properly.

Amer rajai Sha'er · ‎04-19-2011

Hello,

From where i can see , you have no problem with your scenario , where exactly is your problem , is it configuration or desiging .

If it is configuration , the configuration will depends on your netwrok setup.

Let's start with a couple of questions so i can give you the complete scenario:

1- do you have a core switch or the routing is terminated on the sub interface on a router ?

2- what exactly is the setup now.

3- do you have a managment VLAN for the switches.

4- is the call manager is on smae vlan or on the data vlan ?

Amer

s.dovinte · ‎04-20-2011

Hi Amer,

Configuration or desiging, I guess both... we are a little bit lost

I'm goingo to try to answer your questions:

1 - we don't have a core switch for voice, the voice routing is terminated on the voice routers.

2 - Now we have voice lan and our data lan. The voice lan has four dedicated switches and two dedicated voice routers, the CallManager and IPCC clusters are also connected on this voice lan. I paste a switch conf:

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname BBBB

!

enable secret 5

!

username admin privilege 15 secret 5

aaa new-model

aaa authentication login default local

!

aaa session-id common

ip subnet-zero

!

ip dhcp snooping vlan 20

ip dhcp snooping

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/2

switchport mode access

switchport voice vlan 20

spanning-tree portfast

!

interface FastEthernet0/3

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 20

switchport mode access

ip dhcp snooping trust

!

interface FastEthernet0/6

switchport mode access

switchport voice vlan 20

spanning-tree portfast

(#####)

!

interface FastEthernet0/22

switchport mode access

switchport voice vlan 20

spanning-tree portfast

!

interface FastEthernet0/23

switchport access vlan 20

switchport mode access

switchport voice vlan 20

spanning-tree portfast

ip dhcp snooping trust

!

interface FastEthernet0/24

switchport access vlan 20

switchport mode access

!

interface GigabitEthernet0/1

switchport access vlan 20

switchport mode access

ip dhcp snooping trust

!

interface GigabitEthernet0/2

description Off temporaly

shutdown

!

interface Vlan1

ip address 192.168.7.7 255.255.255.0

!

interface Vlan20

ip address 192.168.70.7 255.255.255.0

!

ip classless

ip http server

!

logging 192.168.0.107

radius-server source-ports 1645-1646

!

control-plane

!

3 - No we don't have a management Vlan for switches. I see we have defined and Vlan1 but it's no applied to any port. All ports are on Vlan20. As I said this switches are only for IP phones right now.

4 - The CM is connected to this switches but we do the routing with the voice routers so the CM can reach our data LAN. I mean, we have not any VLAN defined for data, there are two physical separated LANs -Voice and Data-

I'm going to try to do a scheme:

alinasery62 · ‎04-20-2011

you should first create seperate voice vlan (in your configuration, voice and data vlans are same)
and then put your callmanger servers in voice vlan , then just on all switch ports add this configuration

{ switchport mode access
switchport access vlan [your departments vlan number]
switchport voice vlan [voice vlan number]
spanning-tree port-fast }

you should consider this: if you don't have vtp server, you must create voice vlan on all of your switches.

ip phones can obtain vlans information by cdp from switches and automatically send dhcp request at voice vlan to callmanager(dhcp server)

computers cant obtain ip address from dhcp server in data vlan

Amer rajai Sha'er · ‎04-20-2011

Hello,

From what i see , the design looks like cascading .

The cisco voice gateway is connected via one interface to a cisco switch then the cisco switch is connected to the other switches...

What you need to know is :

1- create a sub interface on the voice gateway interface for every vlan you want to configure (5 vlans (data and voice))

2- the port which is connected between the voice gateway and the switch should be trunk.

3- i suggest to use this switch as a server VTP , and the other are clients , in this case , when you create the vlans , they are all going to pop-up on all the switches , all what you have to do is to create a int vlan for management on the switch.

4- the default gateway is going to be the voice gateway interface (for routing).

for the ports that the ip phones should be connected to , do the following :

switch mode access

switch port access vlan (data vlan)

switch port voice vlan (voice vlan)

for the ports that are going to be connected to the CUCM :

only do

switch port mode access

switchport access vlan (voice vlan)

Amer

s.dovinte · ‎04-28-2011

Thank you both, Amer and Ali.

I'm going to start the deployment of this scenario next week and i'll try to keep you posted.

Thanks again!

s.dovinte · ‎06-17-2011

Sorry for the delay. i'm still on the early stages of this deployment but it all seems to be on the right way.

First we deployed a scenario like this for testing:

http://www.cisco.com/en/US/tech/tk1077/technologies_configuration_example09186a00800ffdcc.shtml

Everything went ok and the LAN/Voice behaviour was pretty good.

Now we are testing a few computers on the production enviroment with the scenario described above on my second post. Next Monday i'm going to start the migration and let you know. I have to test the network connectivity, the voice quality, etc.

We also have to test the listening and recording function of the Cisco Supervisor, don't know if I need anything else to make that function work.

Anyway, i'll keep you posted.