09-17-2008 08:22 AM - edited 03-06-2019 01:26 AM
Next week I am getting an office ready for VOIP, we are using a managed VOIP service and will be using 28 Cisco 7940 IP phones and 2 Cisco 3550 switches. Computers will be plugged into the phones. Voice traffic is going to a Cisco 3600 router the VOIP service has provided which is connected to a T1. Data traffic is going to a Cisco ASA 5505 which is connected to a FIOS connection. On each switch I installed copper GBIC's to connect the 2 switches and on the main switch Switch0 I am using port 23 to connect to the VOIP router and port 24 to the ASA 5505. The router is doing DHCP for the phones and the ASA5505 is DHCP for the computers.
Now to my questions. How does my config look for what I want to do?
Is there anything else I need to do for DHCP to work?
Do I need to change the port settings if I plug a computer or printer directly into the port rather than thru a phone first?
Thank you for any suggestions.
Below is my running-config.
Current configuration : 5119 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch0
!
enable secret 5 *************
!
clock timezone BST 5 30
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
mls qos
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 5
switchport priority extend trust
mls qos trust cos
spanning-tree portfast
!
PORTS F0/2 - F0/22 ARE the same as F0/1
interface FastEthernet0/23
description Voice trunk to M5 router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5
switchport mode trunk
!
interface FastEthernet0/24
description Data Trunk to ASA5505 port 2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
!
interface GigabitEthernet0/1
description Trunk connection to Switch1 port Gi0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.5 255.255.255.0
!
ip classless
ip http server
!
line con 0
line vty 0 4
password *****
09-22-2008 12:40 PM
If anybody is interested I will list what I had to do to get this to work.
1. Add VLAN 10 to ASA 5505 plus DHCP for VLAN
Interface Vlan10
nameif Data
security-level 100
ip Address 192.168.1.10 255.255.255.0
dhcpd address 192.168.1.100-192.168.1.150 Data
dhcpd enable data
2. On talking to our VOIP service I changed interface F0/23 to:
interface FastEthernet0/23
description uplink to M5 router
switchport access vlan 5
switchport mode access
speed 10
duplex half
spanning-tree portfast
3. I change int f0/24 to:
interface FastEthernet0/24
description uplink to ASA5505 data
switchport access vlan 10
switchport mode access
Question: On the interface F0/23 and F0/24 I used "switchport mode access" and on Gi0/1 I used "Switchport mode trunk" My understanding of these Modes is that "mode access" is for only one Vlan and "Mode trunk" is for many Vlans. Is this right or am I off the mark?
09-22-2008 01:03 PM
switchport mode access carries only one VLAN (specified in switchport access vlan XX) or default to vlan 1.
switchport mode trunk allows you to carry multiple VLANs across that link.
09-22-2008 02:30 PM
Most of the config looks fine, but I'm unsure why you'd want to trunk to the voice router or to the ASA.
I do very similar configs for customers, and I always use switchport mode access (without the switchport voice vlan command on that port) for ports connecting to routers or firewalls, unless there is a reason to trunk (for example, some customers trunk both a private "voice" vlan for phones, and a "public" vlan for internet data access on the same port).
Reason being is why open up the possibility of having something be "heard" where it isn't supposed to? Security issues aside, sometimes functionality is affected depending on what applications are listening.
You asked about whether or not you'd need to change port config for only computer or printer, etc.
Microsft's DHCP has some issues in 2003 server (and maybe higher, I don't know) where if it can see dot1q encapsulated dhcp requests, and it will respond to them all, even though they are not in the correct network. I have not seen this problem in Windows 2000 dhcp or previous, only in 2003, and especially in customers that upgraded from 2000 to 2003.
If the port an MS 2003 DHCP server is on has "switchport voice vlan 5", it will hand out an incorrect IP address to the phone, since it somehow sees the dhcp request packets from the phone that are supposed to only be in the voice vlan. This is despite the fact that the phone will put it's voice traffic into the voice vlan, negotiated by CDP. So what you end up with is phones that don't work.
For this reason, anytime you have Windows servers (even if they aren't yet 2003 or higher), I recommend removing the "switchport voice vlan 5" line from the port the server is connected to, because that is the only way to prevent the problem.
Granted, you said that the ASA will be doing DHCP for the data network, so it's not an issue now, but that is uncommon in MS networks, since active directory relies so heavily on MS DNS, and in many cases on MS DHCP to help MS DNS be accurate.
Anyways, other than that, I haven't seen any problems with PCs or printers or other devices on ports configured the way you have your "phone + pc or pc" ports configured.
09-22-2008 03:14 PM
I have also seen this issue with Windows DHCP Servers, however it isn't specific to 2003. The issue is the NIC drivers stripping off the 802.1q header before passing the frame up the stack. I agree though that for infrastructure devices (DHCP Server for example) you wouldn't really want to configure the switchport with a voice VLAN, there is no point.
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide