Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6002
Views
0
Helpful
2
Replies

SG-300 difference betwen switchport access and general mode

the79bomb
Level 1
Level 1

‎10-31-2017 01:53 PM - edited ‎03-21-2019 11:17 AM

I have 30 ShoreTel IP480G phones connected to an SG300. All POE switchports are configured like this:

 

 switchport mode general
 switchport general allowed vlan add 10 tagged

 

Half of the phones correctly negotiate vlan 10 and connect to the SBC on:

 

interface gigabitethernet52
 switchport mode access
 switchport access vlan 10

 

The other half end up on vlan 1.  I am told all phones have the same config and I have verified the firmware and software versions are identical.

 

If I change the port config for a phone which refuses VLAN 10 to:

 

(map mac 00:10:49:00:00:00 24 macs-group 10)

 switchport general map macs-group 10 vlan 10
 switchport mode general
 switchport general allowed vlan add 10 tagged

 

The phone is forced to VLAN 10 however it refuses DHCP.  Packet capture shows the Discover from the phone and the offer from the SBC but this is followed by another Discover.  The phone is deaf to the response.  I assigned a static IP on the phone and was unable to ping it.

 

If I change the port config to:

 switchport mode access
 switchport access vlan 10

 

Everything works but the passthrough port on the phone becomes useless.

 

I am trying to understand any possible reasons for these issues.

 

Other relevant config:

v1.4.8.6 / R800_NIK_1_4_202_008
CLI v1.0
set system mode switch

vlan database
vlan 2,10,65,200-201

interface vlan 1
 ip address 10.1.0.33 255.255.255.0
 no ip address dhcp

 

Labels:
0 Helpful
2 Replies 2

ktonev
Cisco Employee
Cisco Employee

‎11-08-2017 07:10 AM

Hi,

An access port can be a member of only 1 VLAN - in your case VLAN10. 

A general port can be a member of many VLANs and there is no restriction how many will be tagged and untagged. The reason why the phones which are connected to the general ports end up on VLAN1 is because by default that is the untagged VLAN.

If you have PCs connected behind the phones you will need to have a trunk (or general) port containing both the data VLAN and the voice VLAN (assuming that this is how you have designed your network).

Feel free to call our support centre and an engineer can assist you in setting up your switches correctly to avoid any issues. 

Thanks,

Kris

0 Helpful

the79bomb
Level 1
Level 1
In response to ktonev

‎11-10-2017 08:07 AM

Thank you for the response.  I understand what the difference is supposed to be between general and access ports however I am seeing behavior which seems to expose additional difference I am unaware of.

 

My question is in regards to the inability to ping the phone when the port is in general mode with a macs group vs access mode where everything works fine.  From the perspective of the phone these 2 configurations should behave identically.  However they do not.  I was hoping for some clues as to the difficulty.

 

Perhaps I will try to disable LLDP on the port as I suspect that the LLDP behavior may be different in general mode.

0 Helpful
Customers Also Viewed These Support Documents