Sample network using Cisco Small Business Switch and Router.
In my model (SMALL):
SPA IP Phones in ports 1,2, and 3
SPA9000 in port 4
SPA400s in ports 5 & 6
Data clients for the SMB in ports 7-24(one of which runs a SYSLOG server)
GE Uplink (G1) connected to Router (802.1q trunk)
We want to place SPA Phones and SPA9000 and SPA400 in a VOICE VLAN, which we are calling in our examnple VLAN 10 within the SMB in this reference design.This configuration also supports plugging a data client in the back of a SPA9x2 phone and having it get its IP address from VLAN 1 (untagged). This VLAN is created on both the Switch and the Router and the two devices are connected with an 802.1q trunk.. The DHCP Scopes for the VLANs resides on the router.
Ethernet ports 7-24 have identical configurations, they are members of the default VLAN1 which by default are left as all untagged members of this VLAN.
Port G1 on the switch is the 802.1q Trunk to the Router, hence it must carry Tagged Traffic for VLAN 10 and untagged traffic for VLAN1.
Regarding the PVID and MODE settings on the switch, this identifies the VLAN assigned to untagged frames on that port.The mode dictates its frame handling capability.Slightly different from usual Cisco ‘mode’ terminology is the use of ‘General” for ports carrying both tagged and untagged traffic which is either VLAN aware or unaware.General is sometimes referred to also as ‘hybrid’ mode when uploading the configuration CLI from the switch.
Ports 1-4:PVID = 1
Ports 5-6:PVID = 10
Ports 7-24: PVID = 1
Port G1:PVID = 1
Spanning Tree Protocol and Port Fast
LVS phones rely on multicast for discovering and communicating with the SPA9000. Since multicast is used by the phones during initialization, it’s important that ‘PORTFAST’ be enabled on any port connected to an LVS device. This will eliminate the need for the configured switch port from having to transition through the listening and learning STP states each time a phone restarts or is power cycled, which can cause the initialization multicasts to be dropped by the switch, and the phones fail to find the SPA9000.This would be undesirable as the phones would fall out of synchronization with the SPA9000.
Simply disabling Spanning Tree Protocol from running on all SPA devices switch (Phones, IP-PBX, and GW) and enabling PORTFAST is the recommendation which must be followed.I included this same configuration on the Uplink (G1) port to the router.
The SPA9000 offers a VLAN association configuration option on its GUI, so we configure it for the VOICE VLAN 10 and it will send TAGGED Frames indicating this in its DHCP Discover messages.We don’t need to worry about untagged devices behind a SPA9000, so the PVID of the SPA9000 port really doesn’t matter much, but configuring its switch port like a phone allows you to plug phones and SPA9000 into any VOICE VLAN port.
In the case of the SPA400, it doesn’t offer administration of the VLAN, so we must exclude it from VLAN1 and place it in VLAN 10 on the switch port used for connection.This allows communicate with the SPA9000 via Layer 2 on the switch itself.
The SPA Phones offer an administrative GUI option to allocate the phone to the Voice VLAN 10 (they all default to VLAN 1).In the case of the SPA9x2 models, switch ports must be considered since non voice data clients (like PCs) may be plugged in (especially if only one CAT5 Ethernet drop is available per office/cube location).
With these settings, the SPA Phones (all models) will send DHCP Discover messages with the Frame ‘Ether Type’ set to 0x8100, which indicates ‘802.1q TAGGED Frame’ with the TAG parameter set to VLAN 10.
Data clients plugged into the phone switch ports will send DHCP Discover messages UNTAGED with normal ‘Ether Type’ = 0x0800 (normal untagged frame)and be placed in the PVID of the switch port (in our configuration, VLAN1).
QoS for DSCP
We will be using L3 IP based DSCP for SIP and RTP Media packets.It is good to understand what to look for in the traces so you can see if its set correctly.So first see the basic description of values you will see in the traces and the different network element GUIs:
IP DSCP0x68 (hex) is 104 decimal
seen as 0110 1000
where dscp (bold) is 011010 which is 1a (hex) or 26 decimal
IP RTP0xb8 (hex) is 184 decimal
seen as 1011 1000
where dscp (bold) is 10111 which is 2e (hex) or 46 decimal
It helps to recognize all above values since the router GUI presents decimal values for DSCP but the Wire shark trace will show you hex.
First,set the QOS Trust Mode to DSCP (other options are Port or COS, just FYI).
DSCP will use 6 bits in TOS header which marks and maps (to Queue) as follows:
We want to use Differentiated Services Code Point (DSCP) markings to determine Packet priority through the network.The switch will support either L2 COS or L3 QoS.We recommend L3 DSCP.This enables the switch to mark the packets which will be classified and prioritized by the router.
On the switch, under the QoS Tab, you will want to enable DSCP:
In the reference architecture, we are using a Customer Premises based IP-PBX, and it is the Linksys SPA9000.The SIP trunk SP I am using uses SIPConnect (see SIP Forum definition) to perform the SIP Register for all DIDs assigned to all IP Phones at the customer Premises to the SIP Trunk Service Provider.
The SPA9000 has up to 4 “lines” each of which can be used to connect to a separate SIP Trunk using SIP Connect, or other types of connections (Local Voice Mail, FXO Gateway to the PSTN included).
Shown below is Line 1.The User ID and SIP Proxy and Outbound proxy are erased, to protect the provider’s identity and the test account.
Setting Line 1 as sown in this section should allow the line to REGISTER with the SP (as seen Under the SPA9000 INFO Tab:
And Under the SPA9000 VOICE: SIP Tab, we also set up the NAT so we can have bi directional communications with the SIP Trunk over a public internet connection, as I have in this reference architecture.
The IP address of my WAN router is the 12.19.xx.yy address shown in the configuration GUI.
Hi, Just suddenly 5 of our switches got crashed by themselves. it started to reboot and could not find the image file. the system light is blinking and no interface is working at all. Is there any kind of bug and suddenly the image's time is over? I ...
Hi allMy first time posting on here so I'm hope you all have patience with me thanks in advance.What I have done through the web GUI is set up two vlans, vlan2 and vlan3 with different ip's with dchp pool. They work fine, and there is no communication bet...
Hi I just got this switch and really like it, but now I see this "In pause frame" on port 1 where my Ruckus Accesspoint is plugged in.I tried to refresh and it occur every minut or so, see attaced pictures. If I check out the "Trafic error informatio...
Hello, I have a couple of old SG350XG switches, and I am trying to generate a CSR and create a new custom SSL certificate.After applying the generated certs, Chrom/Edge etc still does not trust the cert because there is no SAN. The CSR gives me no op...