03-14-2018 06:33 AM - edited 03-08-2019 02:15 PM
Hello experts,
I am a bit confused regarding the native VLAN behavior. I came across such a network set up .
R1-----SW03------SW02--------SW01------IP Phone-----PC
Note - There are some other customers also connected to SW01 and using different VLANs.
IP Phone is on VLAN 2, PC is on VLAN 10
SW01's Gi0/1 is connecting to IP phone
Whats the point of creating a Native VLAN of 10 on SW01? Would all the traffic form different VLANs would be segregated when reaching SW3/R1?
Please let me know if you need more configs?
Thanks in advance :)
03-14-2018 06:38 AM - edited 03-14-2018 06:41 AM
Hi
It looks wrong:
SW01's Gi0/1 is connecting to IP phone
interface GigabitEthernet0/1
03-14-2018 08:35 AM
Hi Juilio,
Unfortunately, the network is set up that way and it just works fine. We may reconfigure all the switches in the future.
Thanks for your input.
03-14-2018 08:56 AM
Re the native VLAN, it's best practice to configure this as a "dead" VLAN. The default (i.e. 1) is not good in the interests of security.
Martin
03-14-2018 10:32 AM
I don't know if I'm answering your question but the native VLANs between devices just has to match. The traffic is going to get tagged again on its way out from SW01 to R1.
03-16-2018 03:23 AM
Hi
As Julio mentioned, the best practice would be to use the voice vlan feature.
However I have seen some phones that do not work with voice vlan configuration, but works well when using a regular trunk config.
In fact it is the same function. The command "switchport trunk native vlan 10" means that traffic from datavlan is sent out without a dot1q header, and all other vlans will be sent with a dot1q header. (With the allowed vlan that means that "all other vlan" will be only vlan 2 in this case).
When you use the voice vlan function it is like the same. First config is ´switchpor access vlan 10" wich means send all data vlan traffic without dot1q tag. The switchport voice vlan 2 specifies that traffic from voice vlan should be sent with dot1q tag.
/Mikael
03-16-2018 04:00 AM
Based on this all the PCs and the phone are all in the same VLAN, correct?
Also since they are all in the same VLAN there is no real QoS which can lead to poor voice quality.
Having this type of setup is not best practice but more importantly is is very susceptible to poor voice quality.
If this is a smaller network you may not notice issues but just because it is working fine now does not mean it is working optimally.
I would really work on a strategy to correct this configuration before it does become a problem and then you are scrambling for a fix.
03-16-2018 04:14 AM
VLAN 2 will be Voice and 10 data.
Martin
03-16-2018 04:24 AM
03-16-2018 04:19 AM
It's because Cisco handsets use CDP to discover the Voice VLAN, using that command.
I have never had the opportunity to test this, but if the Voice VLAN is tagged on the handset, I can see this should work.
Martin
03-16-2018 04:28 AM
The way it is configured now CDP makes no difference, both the Phone and PC will be in the same VLAN with the same subnet.
And as mentioned not QoS.
Bad all around.
Mike
03-16-2018 04:37 AM
Hi
I agree with cdp making no difference.
But the original poster doesn't tell us whether this is cisco phones or not.
If the phones tagged there voice with vlan 2, then this config works perfectly well.
We have used this type of config a lots of times, when the phones are not cisco.
/Mikael
03-16-2018 04:51 AM
Not really saying this won't work, just saying not a best practice design.
I did assume a Cisco phone since it is posted on a Cisco site :-) but you know what happens when you assume... :-)
Also sure if the phone is Tagged with VLAN 2 than the PC connected to it would also be Tagged vlan 2.
I also assume that the phone and PC are using DHCP.
Mike
03-16-2018 05:05 AM
Only on the phone's interface though. The second interface on the phones switch is probably untagged (which is the typical configuration), thus VLAN 10.
Martin
03-16-2018 06:31 AM
Hi,
Thanks for the response. The phone is non-cisco (Mitel)
Phones are on VLAN 2 and DATA is VLAN 10 and it works fine. But I understand from the responses that it is not a best practice.
Also Phones are getting IP address from DHCP pool (VLAN2) and PCs are from VLAN 10.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide