07-28-2010 02:29 PM - edited 03-09-2019 11:05 PM
When switchport protected is configured on a switchport (3750G switch), does that affect the voice vlan as well? I currently have protected ports configured, but will be adding IP phones soon and would prefer not to have to disable protected ports to allow phone to phone voice traffic. I found on cisco.com where a port with a voice vlan can be a protected port, but it doesn't say if the phone to phone traffic on the switch is blocked or allowed, just that it can be configured on a protected port.
Thanks for for any assistance on this.
Thanks,
Mark
Solved! Go to Solution.
07-28-2010 02:46 PM
Hello,
By default, all traffic on a 'switchport protected' interface will be sent to the uplinks. This includes all voice and data traffic from that particular interface.
However, there is an available workaround depending on your setup. Since there is a Layer 2 Isolation between ports, all traffic from these ports are sent to uplinks and need to be routed from one port to another even though they may be in the same VLAN. A connected router running 'local proxy arp' (or ip local-proxy-arp) can respond to ARP requests for IP addresses within a subnet where normally no routing is required.
Depending on the connected device, you may have one capable of using the local proxy arp feature to get around this voice VLAN issue. It should be a L3 device with the available command. 3750's support this command.
Hope this helps
-Joe
07-28-2010 02:46 PM
Hello,
By default, all traffic on a 'switchport protected' interface will be sent to the uplinks. This includes all voice and data traffic from that particular interface.
However, there is an available workaround depending on your setup. Since there is a Layer 2 Isolation between ports, all traffic from these ports are sent to uplinks and need to be routed from one port to another even though they may be in the same VLAN. A connected router running 'local proxy arp' (or ip local-proxy-arp) can respond to ARP requests for IP addresses within a subnet where normally no routing is required.
Depending on the connected device, you may have one capable of using the local proxy arp feature to get around this voice VLAN issue. It should be a L3 device with the available command. 3750's support this command.
Hope this helps
-Joe
07-29-2010 05:24 AM
Joseph,
Thank you for the reply. I would have prefered that the voice vlan would not be included in the protected port policy, but I believe this is the next best thing. Do you know if there are any performance issues with the voice traffic using this setup?
Thanks,
Mark
07-29-2010 06:31 AM
Mark,
I am not aware of any performance issues associated with this setup.
Of course you might still consider setting up some basic QoS for voice traffic.
Config guide:
Config examples:
-Joe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide