cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3664
Views
3
Helpful
10
Replies

trouble on getting an ip address for voice vlan in certain switches

farhanshariam
Level 1
Level 1

hi,

i had setup a new switch on a new building on my workplace and it seems that the switch is having problem releasing the ip add for the ip phone but have no problem at all with other devices.

the switch configuration is not the main problem i guess because it is pretty much the same with the other switches. can anyone having this kind of problem because the other switches did not giving me this kind of issue.

here is the mac-add table for the access switch

944    0015.6552.d914    STATIC      Gi1/0/12

here is the result when i try to filter it on an arp table.

9-5-cor1.net>sh arp | i 0015.6552.d914

9-5-cor1.net>

nothing on the arp table

i would be very happy to get an advice or solution from anyone. thanks

10 Replies 10

Dragan Ilic
Level 4
Level 4

Could you post part of config related to voice?

HTH,
Dragan

HTH,
Dragan

on core switch 1

interface Vlan944

ip address 192.168.1.252 255.255.252.0

ip helper-address 192.168.16.13

no ip redirects

standby 1 ip 192.168.1.254

standby 1 timers 5 15

standby 1 priority 110

standby 1 preempt

end

on core switch 2

interface Vlan944

ip address

192.168.1.253 255.255.252.0

ip helper-address 192.168.16.13

no ip redirects

standby 1 ip 192.168.1.254

standby 1 timers 5 15

standby 1 priority 115

standby 1 preempt

end

on trunk port on core switch

interface GigabitEthernet2/24

switchport

switchport trunk native vlan 999

switchport trunk allowed vlan 900-999

switchport mode trunk

switchport nonegotiate

end

on the access port on access switch

interface GigabitEthernet1/0/10

switchport access vlan 910

switchport mode access

switchport voice vlan 944

switchport port-security maximum 2

switchport port-security maximum 2 vlan access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

spanning-tree bpduguard enable

end

on trunk port on access switch

interface GigabitEthernet1/0/50

switchport trunk native vlan 999

switchport trunk allowed vlan 900-999

switchport mode trunk

switchport nonegotiate

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast disable

ip dhcp snooping trust

end

hope this helps.

Jeff Van Houten
Level 5
Level 5

Does the access switch have an svi in the 944 vlan? If not, the MAC address will never show in the arp table because ARPs are used to locate mac addresses in the same ip subnet as the interface that is sourcing the communication. No int vlan 944, no arp. The fact that the switch sees the entry in the mac addr table means the switch is likely doing its job. If you can't get dhcp to assign an address to a phone, I would suggest you check
The port configuration
The trunk configuration from this switch to the upstream
Where does routing occur for this subnet
Where is the dhcp server in all this? Same subnet or different? If different, do you have ip dhcp helper at the routing interface?


Sent from Cisco Technical Support iPad App

i have posted my configurations . hope those will answer your questions

Do you see any logs related to your port-security config? These lines:

switchport port-security maximum 2

switchport port-security maximum 2 vlan access

I would preconfigure this in some way:

option 1:

switchport port-security maximum 2

option 2:

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

It seems like your config is giving everything to access vlan (PC) and nothing left for phones...I can't confirm this but you can test with changing these parameters...

HTH,
Dragan

HTH,
Dragan

Guru Mysoruu
Level 1
Level 1

Hi,

the below command should resolve all your problems.

Switch(config-if)#switchport voice vlan

Both ipphone and switch,starts communicating with the help of cdp..they both exchange information,once switch identifies end device has a phone,it will divert to voice vlan.so once it  get divert to voice vlan,everything will work fine.

Regards,

Guru

I think he has that on access switch:

"switchport voice vlan 944"

HTH,
Dragan

HTH,
Dragan

Hi Muhammad,

.Try to do changes on port-secuirty config as belwo  ,sicne your config says allowed mac address

You are limiting the number of mac-addresses learned on a switch port for only data vlan. The thing to remember is that the maximum number of mac addresses learned on a port must be additive  number of mac addresses you have defined for the data and voice vlans. So if you would only want 2 MAC addresses learned on the data vlan and 1 on the voice vlan then the max number of maximum addresses you have for the port would be 3. Also note that the option for the max number of mac addresses learned for a voice vlan or data vlan within the port-security command will not show up until you tell the switchport about these vlans

Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 910

Switch(config-if)# switchport voice vlan 944

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 3

Switch(config-if)# switchport port-security violation restrict

Switch(config-if)# switchport port-security mac-address sticky

Switch(config-if)# switchport port-security maximum 2 vlan access

Switch(config-if)# switchport port-security maximum 1 vlan voice

Also,Can you try removing the comamnd switchport nonegotiate on both the trunk ports from Core -> Access and Access -> Core. I mean to say this will not solve teh problem but yeah...woth this commamnd you are tirning off the DTP. If you obsrever an ything strange then add it backup. But idelaly it deosn't matter truningo ff DTP between two trunk ports. IT's ideal to do when switch is connected to a high latency specific serevsr or application serevrs.

farhanshariam
Level 1
Level 1

hi guys,

i did find something interesting in the access switch, when when i debug dhcp i got this:

DHCPD: No option 125

note: i did use an external dhcp server


carlos59
Level 1
Level 1

I think .. as i lerned in CCNA when you assign a port to voice VLAN you can only assign only one more data-VLAN and nothing more to the port.. and you can only configure that port mode access not as trunk so it should looks as follow :

 

S3(config)# vlan 20

S3(config-vlan)# name student

S3(config-vlan)# vlan 150

S3(config-vlan)# name VOICE

S3(config-vlan)# exit

S3(config)# interface fa0/18

S3(config-if)# switchport mode access

S3(config-if)# switchport access vlan 20

S3(config-if)# mls qos trust cos

S3(config-if)# switchport voice vlan 150

S3(config-if)# end S3#

and another question why do you want to set all these security configs when the port only can be assign to 2VLANs ?

i am still learnig my CCNA part 2
i hope i could help 

Review Cisco Networking for a $25 gift card