07-24-2015 02:30 PM - edited 03-08-2019 01:06 AM
Hi All,
I would like to protect switchports on our switch (used for IP phones) to be used as an internet connection port by our user PC's. Our IP phone can be set with a VLAN-ID (lets say 3) and I would like to configure that only devices that are setup up with VLAN-ID 3 (!) get an DHCP IP on that port. So when and users accidently connects his PC to an outlet port (that is mentioned for IP phone) it does not get an IP by de DHCP because it is on a different VLAN-ID. Is that possible?
Many thanks!
07-24-2015 02:39 PM
Hi,
If you are using cisco ip phones then tey discover their voip vlan via cdp
So if you configure the switch port like
!
int f0/1
switchport mode access
switchport access vlan 99
switcport voice vlan 3
!
Then the phone get a good vlan 3
Any other device using this port would get vlan 99 (no SVI or router interface in this vlan)
If you make vlann 99 UNROUTED then it goes no where.
Regards
Alex
07-25-2015 12:28 AM
Thanks Alex! The phones used are from a different brand (Polycom) :( so I guess this will not work.
07-25-2015 02:04 AM
Hi,
Do the Polycom IP phones support VLAN trunking? If so then you could configure something along the lines of the following:
! interface <type> <module>/<port> switchport mode trunk switchport allowed vlan <voice_vlan> switcport trunk native vlan <pc_vlan> spanning-tree portfast trunk !
This should then see the DHCP server give an address on the voice VLAN only to devices that are using IEEE 802.1Q trunking i.e., the IP phone, and an address from another VLAN for those devices not using trunking.
There are a couple of assumptions here
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide