Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3785
Views
0
Helpful
10
Replies

Subinterface to Access Port

Go to solution
alexkrycek
Level 1
Level 1

‎02-19-2019 03:54 AM - edited ‎03-08-2019 05:23 PM

I'm sorry if this has already been addressed, but I couldn't find an answer to my question.

 

I have a pretty standard setup: a few subinterfaces on a router connected to a trunk port on a switch (G0/24).  All other ports on the switch have an access VLAN as well as a voice VLAN.  However, I apparently fat-fingered the configuration and left G0/24 as an access port.  I didn't notice because my phone still registered with the distant end CUCM.  How did this happen if G0/24 was not configured as a trunk port?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to alexkrycek

‎02-19-2019 06:17 AM

i think it might be something particular to how the voice vlan works as a syntax statement , if you look at a standard port set as no trunk with voice and data set the port is still a trunk using 802.1q but not a trunk but if you read some of the guides online its still acting as some form of trunk

Wee last section of this and then i confirmed it one of my voice ports below
https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/voice-vlan

#sh int g1/0/6 tru

Port Mode Encapsulation Status Native vlan
Gi1/0/6 off 802.1q not-trunking 1

Port Vlans allowed on trunk
Gi1/0/6 2016,2048

Port Vlans allowed and active in management domain
Gi1/0/6 2016,2048

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/6 2016,2048
#sh run int g1/0/6
Building configuration...

Current configuration : 526 bytes
!
interface GigabitEthernet1/0/6
description Voice and Data
switchport access vlan 2016
switchport mode access
switchport voice vlan 2048
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎02-19-2019 04:18 AM

Hi
what vlan was left on the port when it went to access , there had to be one available even as access port was it voice ?
was the phone actually able to ping the CUCM at this stage if vlan was not there or even its gateway , how long did you wait for registration to fail?
did you collect any logs from the router when it happened or outputs to check ?
0 Helpful

Go to solution
alexkrycek
Level 1
Level 1
In response to Mark Malone

‎02-19-2019 04:23 AM

G0/24 had a voice vlan and access vlan configured.  The registration went through just fine - I was even able to dial out.  Unfortunately, I didn't think to collect logs before I changed G0/24 to a trunk port as originally intended.

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to alexkrycek

‎02-19-2019 04:29 AM

hmm ok so switch interface was configured as a trunk on switchside but also in port config it had voice and data vlan set separately which happens when ports are migrated to trunks but not defaulted first , that may explain why it still worked , trunk overrides access port immediately you can see that with show interface gx/x switchport , state changes when trunk applied but if trunk was removed and port still had valid access port commands that's probably why it maintained registration as v.vlan was still at access level , you could replicate it easy enough to retest to see , if i understood what you were saying there correctly
0 Helpful

Go to solution
alexkrycek
Level 1
Level 1
In response to Mark Malone

‎02-19-2019 04:33 AM

No, G0/24 was set only as an access port:

switchport mode access
switchport access vlan 49
switchport voice vlan 48

 

When I realized the error, I defaulted G0/24 and changed it to:

switchport trunk encapsulation dot1q
switchport mode trunk
0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to alexkrycek

‎02-19-2019 04:44 AM

it should still work with that config both sides will just use untagged frames and i think you already proved that as the phone never dropped even when trunk was not set , obviously its not the right config or ideal scenario but traffic can still get through , you could see it wireshark id say if you drilled down into the packets
0 Helpful

Go to solution
alexkrycek
Level 1
Level 1
In response to Mark Malone

‎02-19-2019 04:51 AM

But how would the router know which subinterface to use if it's only receiving untagged traffic?

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to alexkrycek

‎02-19-2019 04:55 AM

hard to tell switch and router may have been arping or something and it was going to both subs but only being processed by one , your asking how a miss configured design worked correctly , maybe someone has checked this before but i would need to see it at packet level to be a 100% and test it see what way there responding to each other to be sure , the traffic was getting through though if phone stayed online registered
0 Helpful

Go to solution
alexkrycek
Level 1
Level 1
In response to Mark Malone

‎02-19-2019 04:57 AM - edited ‎02-19-2019 04:59 AM

Yeah, I think i'll need to recreate the situation and do a packet capture.  I know access ports process tagged voice packets, but I didn't think they transmitted tagged packets.  I suppose they need to for a Cisco phone to know what vlan is the voice vlan.

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to alexkrycek

‎02-19-2019 06:17 AM

i think it might be something particular to how the voice vlan works as a syntax statement , if you look at a standard port set as no trunk with voice and data set the port is still a trunk using 802.1q but not a trunk but if you read some of the guides online its still acting as some form of trunk

Wee last section of this and then i confirmed it one of my voice ports below
https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/voice-vlan

#sh int g1/0/6 tru

Port Mode Encapsulation Status Native vlan
Gi1/0/6 off 802.1q not-trunking 1

Port Vlans allowed on trunk
Gi1/0/6 2016,2048

Port Vlans allowed and active in management domain
Gi1/0/6 2016,2048

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/6 2016,2048
#sh run int g1/0/6
Building configuration...

Current configuration : 526 bytes
!
interface GigabitEthernet1/0/6
description Voice and Data
switchport access vlan 2016
switchport mode access
switchport voice vlan 2048
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-19-2019 08:21 AM

An access-port, configured with a voice VLAN, is a baby trunk port. Basically the data VLAN is the "native" VLAN, and the voice VLAN is the one allowed "tagged" VLAN.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card