Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2068
Views
0
Helpful
3
Replies

Protected port and voice vlan

Go to solution
MARK BAKER
Level 4
Level 4

‎07-28-2010 02:29 PM - edited ‎03-09-2019 11:05 PM

When switchport protected is configured on a switchport (3750G switch), does that affect the voice vlan as well? I currently have protected ports configured, but will be adding IP phones soon and would prefer not to have to disable protected ports to allow phone to phone voice traffic. I found on cisco.com where a port with a voice vlan can be a protected port, but it doesn't say if the phone to phone traffic on the switch is blocked or allowed, just that it can be configured on a protected port.

Thanks for for any assistance on this.

Thanks,

Mark

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johuggin
Level 1
Level 1

‎07-28-2010 02:46 PM

Hello,

By default, all traffic on a 'switchport protected' interface will be sent to the uplinks. This includes all voice and data traffic from that particular interface.

However, there is an available workaround depending on your setup. Since there is a Layer 2 Isolation between ports, all traffic from these ports are sent to uplinks and need to be routed from one port to another even though they may be in the same VLAN. A connected router running 'local proxy arp' (or ip local-proxy-arp) can respond to ARP requests for IP addresses within a subnet where normally no routing is required.

Depending on the connected device, you may have one capable of using the local proxy arp feature to get around this voice VLAN issue. It should be a L3 device with the available command. 3750's support this command.

Hope this helps

-Joe

View solution in original post

0 Helpful
3 Replies 3

Go to solution
johuggin
Level 1
Level 1

‎07-28-2010 02:46 PM

Hello,

By default, all traffic on a 'switchport protected' interface will be sent to the uplinks. This includes all voice and data traffic from that particular interface.

However, there is an available workaround depending on your setup. Since there is a Layer 2 Isolation between ports, all traffic from these ports are sent to uplinks and need to be routed from one port to another even though they may be in the same VLAN. A connected router running 'local proxy arp' (or ip local-proxy-arp) can respond to ARP requests for IP addresses within a subnet where normally no routing is required.

Depending on the connected device, you may have one capable of using the local proxy arp feature to get around this voice VLAN issue. It should be a L3 device with the available command. 3750's support this command.

Hope this helps

-Joe

0 Helpful

Go to solution
MARK BAKER
Level 4
Level 4
In response to johuggin

‎07-29-2010 05:24 AM

Joseph,

Thank you for the reply. I would have prefered that the voice vlan would not be included in the protected port policy, but I believe this is the next best thing. Do you know if there are any performance issues with the voice traffic using this setup?

Thanks,

Mark

0 Helpful

Go to solution
johuggin
Level 1
Level 1
In response to MARK BAKER

‎07-29-2010 06:31 AM

Mark,

I am not aware of any performance issues associated with this setup.

Of course you might still consider setting up some basic QoS for voice traffic.

Config guide:

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swqos.html

Config examples:

http://www.cisco.com/en/US/partner/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml

-Joe

0 Helpful
Customers Also Viewed These Support Documents