cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
862
Views
0
Helpful
10
Replies
Highlighted

how to configure dhcp snooping withe voice vlan

I config my PC's connect to network by IP phones PC jack and config voice vlan tag and PC Vlan on my switch.Then, I set dhcp snooping,ip source guard and arp inspection but after this change all nodes that connected to Iphones shut down!!I know every port can learn one ip and mac but dont have any solution for this problem,

My config :

conf t
service password-encryption
no ip http server
no ip http secure server

int rang gig 1/0/25-26
ip dhcp snooping trust
ip arp inspection trust

int range gig 1/0/1-24
sw host
sw port-secu
sw port-secu max 2
sw port-secu violation shut
sw port-secu mac-add stick
ip dhcp snooping limit rate 3
ip verify source port-security
no cdp enable
exit

ip dhcp snooping
ip dhcp snooping vlan 8,10,111,7,60
ip dhcp snooping information option
ip arp inspection vlan 8,10,111,7,60

 

 
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hello,

 

also, I think Grandstreams don't use CDP but rather LLDP. I have googled around, try the switchport config below:

 

interface GigabitEthernet0/1

switchport access vlan data_vlan

switchport trunk native vlan data_vlan

switchport trunk allowed vlan data_vlan,voice_vlan

switchport voice vlan voice_vlan

View solution in original post

10 REPLIES 10
Highlighted
VIP Expert

Hello,

 

--> ip dhcp snooping vlan 8,10,111,7,60

 

Is your voice VLAN included in the dhcp snooping list ?

Highlighted

Yes
Highlighted
VIP Expert

Hello,

 

post the ful config of your switch, as well as the output of 'show ver' ...

Highlighted
VIP Mentor

Hi

If your phones are Cisco, the CDP must enabled, it is used for the DHCP reply

 

My config :

conf t
service password-encryption
no ip http server
no ip http secure server

int rang gig 1/0/25-26
ip dhcp snooping trust
ip arp inspection trust

int range gig 1/0/1-24
sw host
sw port-secu
sw port-secu max 2
sw port-secu violation shut
sw port-secu mac-add stick
ip dhcp snooping limit rate 3  <--- it could be other value, like 5 or +, I usually use 20
ip verify source port-security
cdp enable
exit

ip dhcp snooping
ip dhcp snooping vlan 8,10,111,7,60
no ip dhcp snooping information option  <-- it should be disabled. 
ip arp inspection vlan 8,10,111,7,60  <-- as Georg mentioned, check if your voice vlan is included. 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Highlighted

 my phones are grandstream and my voice vlan is included but after deply config all ports that connected to ip phone will shut down and another port that connect just to pc will operate well.

thanks to all

Highlighted

Try chaging the value

 

ip dhcp snooping limit rate 10

 

Also verify if the ports are in errdisable by port security.  




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Highlighted

Hello,

 

how did you register the phones in Callamanger...as Third Party SIP Phones ?

Highlighted

Hello,

 

also, I think Grandstreams don't use CDP but rather LLDP. I have googled around, try the switchport config below:

 

interface GigabitEthernet0/1

switchport access vlan data_vlan

switchport trunk native vlan data_vlan

switchport trunk allowed vlan data_vlan,voice_vlan

switchport voice vlan voice_vlan

View solution in original post

Highlighted

i icrease rate but dont work it:(

int rang gig 1/0/49-52
sw mo trunk
sw trunk allowed 8,10,111,7,60
no ip dhcp snooping trust
no ip arp inspection trust

int range gig 1/0/1-48
sw host
sw port-secu
sw port-secu max 2
sw port-secu violation shut
sw port-secu mac-add stick
ip dhcp snooping limit rate 10
ip verify source port-security
no cdp enable
exit

ip dhcp snooping
ip dhcp snooping vlan 8,10,111,7,60
ip arp inspection vlan 8,10,111,7,60

Highlighted

Hello,

 

post the full running configuration of your switch...

Content for Community-Ad