Re: Native Vlan Tagging

vsurresh · ‎03-14-2018

Hello experts,

I am a bit confused regarding the native VLAN behavior. I came across such a network set up .

R1-----SW03------SW02--------SW01------IP Phone-----PC

Note - There are some other customers also connected to SW01 and using different VLANs.

IP Phone is on VLAN 2, PC is on VLAN 10

SW01's Gi0/1 is connecting to IP phone

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan10

switchport trunk allowed vlan 2,10

switchport mode trunk

SW01's Gi0/2 is connecting to SW02

interface GigabitEthernet0/2

description "To SW02"

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4,10,14-21

switchport mode trunk

SW02's Gi0/1 is connecting to SW01

interface GigabitEthernet0/1

description "Connection to SW01"

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4,10,14-21

switchport mode trunk

switchport nonegotiate

SW02's Gi0/2 is connecting to SW03

interface GigabitEthernet0/2

description " to SW03"

switchport trunk encapsulation dot1q

switchport trunk allowed vlan1-4,10,14-21

switchport mode trunk

switchport nonegotiate

SW03's Gi0/1 is connecting to SW02

interface GigabitEthernet0/27

description "Connection to SW02"

switchport trunk encapsulation dot1q

switchport trunk allowed vlan1-4,10,14-21

switchport mode trunk

switchport nonegotiate

SW03's Gi0/2 is connecting to R1

interface GigabitEthernet0/2

description to R1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4,10,14-21

switchport mode trunk

SW01#show inter trunk

Gi0/1 on 802.1q trunking 10

Gi0/2 on 802.1q trunking 1

SW02#show inter trunk

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/2 on 802.1q trunking 1

SW03#show inter trunk

Gi0/1 on 802.1q trunking 1

Gi0/2 on 802.1q trunking 1

Whats the point of creating a Native VLAN of 10 on SW01? Would all the traffic form different VLANs would be segregated when reaching SW3/R1?

Please let me know if you need more configs?

Thanks in advance :)

Julio E. Moisa · ‎03-14-2018

Hi

It looks wrong:

SW01's Gi0/1 is connecting to IP phone

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan10

switchport trunk allowed vlan 2,10

switchport mode trunk

I have never configured the switchport for IP phones as trunks, you can use:

interface GigabitEthernet0/1

switchport

switchport access vlan 2

switchport voice vlan 10

switchport mode access

no shutdown

The native vlan should be configured under Trunks connecting Switches only or router in a stick scheme.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

vsurresh · ‎03-14-2018

Hi Juilio,

Unfortunately, the network is set up that way and it just works fine. We may reconfigure all the switches in the future.

Thanks for your input.

Martin Carr · ‎03-14-2018

Re the native VLAN, it's best practice to configure this as a "dead" VLAN. The default (i.e. 1) is not good in the interests of security.

Martin

1pc0nf1g · ‎03-14-2018

I don't know if I'm answering your question but the native VLANs between devices just has to match. The traffic is going to get tagged again on its way out from SW01 to R1.

mlund · ‎03-16-2018

Hi

As Julio mentioned, the best practice would be to use the voice vlan feature.

However I have seen some phones that do not work with voice vlan configuration, but works well when using a regular trunk config.

In fact it is the same function. The command "switchport trunk native vlan 10" means that traffic from datavlan is sent out without a dot1q header, and all other vlans will be sent with a dot1q header. (With the allowed vlan that means that "all other vlan" will be only vlan 2 in this case).

When you use the voice vlan function it is like the same. First config is ´switchpor access vlan 10" wich means send all data vlan traffic without dot1q tag. The switchport voice vlan 2 specifies that traffic from voice vlan should be sent with dot1q tag.

/Mikael

burleyman · ‎03-16-2018

Based on this all the PCs and the phone are all in the same VLAN, correct?

Also since they are all in the same VLAN there is no real QoS which can lead to poor voice quality.

Having this type of setup is not best practice but more importantly is is very susceptible to poor voice quality.

If this is a smaller network you may not notice issues but just because it is working fine now does not mean it is working optimally.

I would really work on a strategy to correct this configuration before it does become a problem and then you are scrambling for a fix.

Martin Carr · ‎03-16-2018

VLAN 2 will be Voice and 10 data.

Martin

Joseph W. Doherty · ‎03-16-2018

"Also since they are all in the same VLAN there is no real QoS which can lead to poor voice quality."

BTW, QoS can support VoIP fine on the same VLAN. I.e. you don't need a VoIP VLAN to provide QoS for VoIP.

Martin Carr · ‎03-16-2018

It's because Cisco handsets use CDP to discover the Voice VLAN, using that command.

I have never had the opportunity to test this, but if the Voice VLAN is tagged on the handset, I can see this should work.

Martin

burleyman · ‎03-16-2018

The way it is configured now CDP makes no difference, both the Phone and PC will be in the same VLAN with the same subnet.

And as mentioned not QoS.

Bad all around.

Mike

mlund · ‎03-16-2018

Hi

I agree with cdp making no difference.

But the original poster doesn't tell us whether this is cisco phones or not.

If the phones tagged there voice with vlan 2, then this config works perfectly well.

We have used this type of config a lots of times, when the phones are not cisco.

/Mikael

burleyman · ‎03-16-2018

Not really saying this won't work, just saying not a best practice design.

I did assume a Cisco phone since it is posted on a Cisco site :-) but you know what happens when you assume... :-)

Also sure if the phone is Tagged with VLAN 2 than the PC connected to it would also be Tagged vlan 2.

I also assume that the phone and PC are using DHCP.

Mike

Martin Carr · ‎03-16-2018

Only on the phone's interface though. The second interface on the phones switch is probably untagged (which is the typical configuration), thus VLAN 10.

Martin

vsurresh · ‎03-16-2018

Hi,

Thanks for the response. The phone is non-cisco (Mitel)

Phones are on VLAN 2 and DATA is VLAN 10 and it works fine. But I understand from the responses that it is not a best practice.

Also Phones are getting IP address from DHCP pool (VLAN2) and PCs are from VLAN 10.

Thanks