03-31-2009 03:20 PM - edited 03-15-2019 05:13 PM
Hi Gurus,
I have a question about switch configuration for IP Phone.
I usually configure the switch port as followings:
interface FastEthernet1/0/1
switchport access vlan 12
switchport mode access
switchport voice vlan 100
spanning-tree portfast
But I saw the following configuration in two Cisco Tech notes today.
interface FastEthernet0/3/0
switchport trunk native vlan 100
switchport mode trunk
switchport voice vlan 192
spanning-tree portfast
The major difference is the port mode -- access or trunk. I believe both should work, but what are the pros/cons with different configuration or they are actually same? thanks.
03-31-2009 03:41 PM
Hi, I always use the first configuration mode. I think with the first one you are only able to handle 2 vlans (voice and data) and it can be configured as a secure port.
The second one (as a trunk) allows you to handle multiple vlans and the port cannot be configured as a secure port, also if the vlan access are no limited, the PC could have access to all vlans on the switch.
Hope this help
David
04-01-2009 07:37 AM
The primary concern with any trunk interface is broadcast supression. For example, VLANs enable you to segment you network, however if you don't prune or clear vlans of trunk ports, then those ports will listen to broadcasts.
Switchports configured as trunks ports for IP PHones are no exception, therefore it is best practice to configure these ports as per the first example.
Regards
Allan.
04-01-2009 07:49 AM
I use your configuration as well and I implement port security:
switchport portsecurity
switchport portsecurity max 2
Using the second config will make you vulnerable to vlan hoping since you are sending the native/untag vlan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide