cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1521
Views
0
Helpful
13
Replies

vlans on a switch

sarahr202
Level 5
Level 5

Hi every body!

According to my book vlans1 through 1005 are automatically created and set aside for special uses.

When we use the command switchport voice vlan dot1p, It will cause voice traffic to use vlan 0

But the question is vlan 0 is not created by default on switches but yet the command assume this vlan 0 is created by default.

Any suggestion ?

thanks a lot!

3 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sarah,

the automatically created Vlans should be only the following:

1 : ethernet default vlans

1002-1005 : legacy Vlans for token ring switching and FDDI switching cannot be used.

Sometimes this can create some issue on trunks to modules like WISM (not VOIP related)

Second note:

a vlan-id of 0 is just a placeholder to send an 802.1Q 4 bytes header and the meaningful three bits of CoS = 802.1p that is inside it.

That's all vlan 0 does not exist and you cannot create it

In my understanding an 802.1p marking cannot be sent alone but only as the CoS field of an 802.1Q vlan tag so the vlan-id 0 can just mean this field is unused

Happy New Year

Hope to help

Giuseppe

View solution in original post

Jon Marshall
Hall of Fame
Hall of Fame

Sarah

My understanding is the same as Giuseppe's, ie. you must have a vlan ID but because you want to just use the tag for 802.1p markings you use a "dummy" vlan as such.

I have to admit though that the documentation is a little confusing. From the 3750 configuration guide about the dot1p option -

dot1p-Configure the phone to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1p priority of 5.

Not sure what it means by native vlan 0 as i always though the default native vlan is 1 unless it is different for an IP Phone ?

Jon

View solution in original post

Hi Sarah,

Just to add a small note to Guiseppe's post

The IP phones understand 802.lq, we all agree on that.

The IP phone's access port is thus capable of sending and receiving tagged or untagged frames (from PC). It need not be in access mode or trunk to be capable of simply relaying frames back and forth (switch to pc or pc to switch).

HTH

Lejoe

View solution in original post

13 Replies 13

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sarah,

the automatically created Vlans should be only the following:

1 : ethernet default vlans

1002-1005 : legacy Vlans for token ring switching and FDDI switching cannot be used.

Sometimes this can create some issue on trunks to modules like WISM (not VOIP related)

Second note:

a vlan-id of 0 is just a placeholder to send an 802.1Q 4 bytes header and the meaningful three bits of CoS = 802.1p that is inside it.

That's all vlan 0 does not exist and you cannot create it

In my understanding an 802.1p marking cannot be sent alone but only as the CoS field of an 802.1Q vlan tag so the vlan-id 0 can just mean this field is unused

Happy New Year

Hope to help

Giuseppe

Thanks a lot Giuseppe!

Devices in same vlan can communicate with each other. Communication between vlans require router or mulilayer switch.

please consider the layer 2 network for the following scenario

sw is connectedted to ip- phone1 via f0/1 and ip- phone2 via 2

Both phone must be in same vlan or they can not talk to each other.

So if ip- phone1 uses vlan 0 and the other ip- phone2 must also use vlan 0 . Is it correct?

Alternatively we can use vlan0 for ip phone1 and vlan 2 for ip phone2 and use layer 3 switch to provide communication between these two switches. Is it correct ?

thanks a lot and happy new year as well!

Jon Marshall
Hall of Fame
Hall of Fame

Sarah

My understanding is the same as Giuseppe's, ie. you must have a vlan ID but because you want to just use the tag for 802.1p markings you use a "dummy" vlan as such.

I have to admit though that the documentation is a little confusing. From the 3750 configuration guide about the dot1p option -

dot1p-Configure the phone to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1p priority of 5.

Not sure what it means by native vlan 0 as i always though the default native vlan is 1 unless it is different for an IP Phone ?

Jon

Hello Jon, Sarah

Vlan 0 and vlan 4095 are reserved for internal use of catalyst switches

see

http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml#pre4

the section VTP and Extended VLANs the table provides that info.

But I still think that the usage of vlan-id 0 in IP phones is just a placeholder.

My guess is that routed ports (with no switcport command) in multilayer switches can be seen as in vlan0 or vlan4095 from the point of view of L2 switching logic and this tell that are not usable (at LAN layer2)

Hope to help

Giuseppe

Giuseppe

Agree with what you are saying just a bit confused about it saying the default native vlan is 0 which is not my understanding ie. i always though the default native vlan was 1.

Jon

Giuseppe

As a further point that Sarah and me have been discussing.

The command "switchport priority extend trust" tells the switch to instruct the IP phone to trust the CoS value in packets received by the phone from an attached PC (attached meaning the PC is connected to the IP phone switch).

But as Sarah quite rightly points out the port on the IP phone built in switch is configured as an access port. So how can a PC set 802.1p markings in an untagged packet ?

My understanding, based on one of your posts actually !, is that an access port on a switch will accept packets that are either

1) untagged

2) tagged with the vlan ID that the access port is a member of

So i'm assuming that is how a PC can set 802.1p markings in the packet when connected to an IP Phone.

So

1) Have you confirmed this behaviour of an access port receiving frames tagged with the vlan ID of the vlan the access port is a member of

2) Would this be your interpretation of how a PC could send tagged traffic to an IP Phone.

Apologies Sarah for hi-jacking thread but another viewpoint would be very useful.

Jon

Hello Jon,

1) when I made L2 security tests I've seen exactly that behaviour: in modern switches frames are accepted on an access port if untagged or with a vlan-id = access vlan id (PVID)

The voice vlan vlan-id allows also frames with vlan = voice vlan

if voice vlan dot1p vlan id 0 tagged frames are accepted

2) I agree that a PC can send tagged frames only inside an 802.1Q header as every device.

To be noted the PC could also send untagged frame with a non zero DSCP byte.

Could be the phone to add an 802.1Q tag for the PC and in doing this can trust or untrust.

see

http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m2.html#wp1016079

Otherwise if the phone cannot add the vlan tag on behalf of the PC to support qos trust extend the voice vlan vlan-id is a needed command.

And this can be the case and why the voice vlan vlan-id option is recommended for real end-to-end QoS support.

Depending on the phone model the PC port can allow or block tagged frames so the PC port is not limited to untagged ports.

For example in our customer network some workstations with two VMware instances have been deployed : the 802.1Q capable NIC is connected to the phone PC port one instance uses the native vlan but the other uses a tagged vlan

in this case the switch port is configured as a trunk carrying three vlans.

But we use the voice vlan vlan-id option for the voice vlan.

Hope to help

Giuseppe

Thanks for your reply Giuseppe!

Let me quote from your post for easy reference

"Depending on the phone model the PC port can allow or block tagged frames so the PC port is not limited to untagged ports.

For example in our customer network some workstations with two VMware instances have been deployed : the 802.1Q capable NIC is connected to the phone PC port one instance uses the native vlan but the other uses a tagged vlan

in this case the switch port is configured as a trunk carrying three vlans.

My point is even if pc has dot1q capable of nic but the pc port on phone is in access mode.

Being an access port, how can pc port on ip phone will form trunk with pc 'nic?

Hi Sarah,

Just to add a small note to Guiseppe's post

The IP phones understand 802.lq, we all agree on that.

The IP phone's access port is thus capable of sending and receiving tagged or untagged frames (from PC). It need not be in access mode or trunk to be capable of simply relaying frames back and forth (switch to pc or pc to switch).

HTH

Lejoe

thanks Lejoe for your reply,

By the same logic , a switch that understand 802.1q , should be able to unesranand tagged or untagged frames on acess port.

Thanks a lot Giuseppe!

I quote you for easy reference below:

"To be noted the PC could also send untagged frame with a non zero DSCP byte.

Could be the phone to add an 802.1Q tag for the PC and in doing this can trust or untrust".

please consider the following configuration

switch------ip phone------pc

switch has following configuration:

switch(config-if) mls qos trust cos

switch (config-if) switchport priority extend trust.

The above configuration tells the switch to instruct the ip phone to trust cos calue in pc frame. Had i used the command

switch(config-if) mls qos trust dscp instead of " mls qos trust cos". , the switch would have told the ip phone to trust dscp value in pc frame.

thanks a lot!

thanks Jon and Giuseppe!

Here is another scenario , i thought over my lunch:-)

switch--------pc(running cisco smart soft phone)

The link between switch and pc could only be access link because pc's nic is not capable of trunking.

Now cdp will be of no use either

The pc set dscp value but not cos

It raises the same questions that Jon pointed out.

Thanks a lot!

Jon If pc(NIC capable of trunking) can use the tag frame, it implies that trunking is use between ip phone 'access port and pc. My question how is it possible?

thanks a lot!