Solved: Hopefully - simple voip configuration question

Nicholas Beard · ‎01-25-2011

I have 70 Astra VOIP handsets which need to be incorporated into my current network which is as follows -

Cisco ASA 5510 - Firewall/Gateway

Two Cisco 3560 Distribution Switches

Eight Cisco 2960 Access switches

I have the physical scope to incorporate these phones but would like to confirm a few questions first -

I currently have a single VLAN running from the Access Switches for desktops. I am aware the configuration for the ports will be as follows -

switchport mode access

switchport access vlan id

switchport voice vlan id

mls qos trust cos

switchport priority extend cos 0

My question is; I currently have a /24 network mask for my DHCP scope and this is mostly used by the desktop PC's. The VOIP handsets being added make a SIP connection to the internet and therefore need an IP Address, Subnet Mask, and Default Gateway as part of their configuration. I don't currently have the required scope as part of the existing DHCP to incorporate all 70 handsets.

1) If i was to statically assign an IP Address to each of the phones in a different VLAN to the "switchport access vlan id" will the phones be able to communicate through the switchport still? All my knowledge tells me absolutely not.

2) If the switchport access vlan id is changed to an alternate VLAN on a seperate network segment, this will affect the desktop PC's plugged into the phone.

3) Therefore i plan to negate the "switchport access vlan id" command and replace it with the "switchport mode trunk" and "switchport trunk native vlan id" commands. This should allow me to statically assign the phones a different subnet to the desktop pc's, still allow the desktop pc's to communicate and still allow the voice traffic to pass on a seperate vlan. All that would be left is to create a virtual interface off the Cisco ASA to allow the new subnet to pass out to the internet.

I think i have answered my own question but if anyone can shoot the idea down, please fire away!! :-)

tobin hawkshaw · ‎01-25-2011

You already have this setup with the access vlan, the access vlan is basically the native vlan in your setup (i.e. no dot1q tags)

the voice vlan however is tagged.

phones need to be on voice vlan id

pc's plugged into the phones will be in native access vlan

You can either stick a DHCP server in the voice vlan to assign the phones their own subnet (this is the normal way)

Or statically assign them.

- I am presumming you are plugged the PC's into the back of the phones?

- I am also presumming that your PC's are happy being put into the access vlan on the switches are do not have to stay in an existing vlan?

hth

View solution in original post

tobin hawkshaw · ‎01-27-2011

nice work, looks good to me.

The only thing I cant see from this is that the correct COS values are being put into the priority Q. but, as they are 3560's (which are the businness) its cos mappings are spot on anyway.

Please rate helpfull posts

View solution in original post

tobin hawkshaw · ‎01-25-2011

You already have this setup with the access vlan, the access vlan is basically the native vlan in your setup (i.e. no dot1q tags)

the voice vlan however is tagged.

phones need to be on voice vlan id

pc's plugged into the phones will be in native access vlan

You can either stick a DHCP server in the voice vlan to assign the phones their own subnet (this is the normal way)

Or statically assign them.

- I am presumming you are plugged the PC's into the back of the phones?

- I am also presumming that your PC's are happy being put into the access vlan on the switches are do not have to stay in an existing vlan?

hth

Nicholas Beard · ‎01-27-2011

Tobin,

Thanks for the response, you were correct in saying the following configuration worked successfully -

switchport mode access

switchport access vlan 10

switchport voice vlan 20

mls qos trust cos

switchport priority extend cos 0

spanning-tree portfast

spanning-tree bpduguard enable

With the IP Phones in a seperate VLAN, I was able to setup DHCP for them from a different subnet. I then created an additional interface off the firewall to route them out to the internet, as the VOIP service was internet based.

A quick question regarding the switches -

As per above the access switch configuration i have enabled VOIP on the access ports. The desktop PC's are plugged into the back of the IP Phones and their data is carried and tagged as VLAN 10 with the voice on VLAN 20. I have setup mls qos on each of the access switches (4 in total) and have enabled the trunked uplinks into the distribution layer (2 switches), with the "auto qos voip trust" command. This has created the necessary configuration automatically for the trunked uplinks. I have then performed the same on the distribution switches which have trunked uplinks to the firewall. Finally, on the firewall (Cisco ASA 5520) i have created a Service Policy to prioritise voip traffic (DSCP EF) from the newly created interface to the internet.

This seems to have worked sufficently and the quality of voice is crystal clear. Just for my own consicience, i would like to know if this configuration is sufficient or is there anything i may have missed? Also, is the configuration for the trunked uplinks suitable (please see below) -

switchport trunk native vlan 10
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
channel-protocol lacp
channel-group 1 mode active

Thanks

Nick

tobin hawkshaw · ‎01-27-2011

nice work, looks good to me.

The only thing I cant see from this is that the correct COS values are being put into the priority Q. but, as they are 3560's (which are the businness) its cos mappings are spot on anyway.

Please rate helpfull posts