01-24-2021 12:30 AM
Hi Everyone,
Let say, we have an #Access_switch and an #Ip_Phone connected to that switch in port g1/0/1. This last is configured as access to vlan 10 and voice to vlan 20.
Q: how to force a user to access vlan 10 -#Forced using the #ip_Phone_pc_port- => not unplug the cable from the ip phone and plug it in his PC or laptop!
NB: without using (eem,tcl,....) only the switchport_commands
Best Regards!
01-24-2021 01:46 AM - edited 01-24-2021 05:49 AM
Hello
Configure the switchport to instruct the ip phone to trust all data traffic or even mark it down to a cos 0 originating from it own access-port
int x/x/
description voip_port
switchport priority extend cos 0 (default)
or
switchport priority extend trust
01-24-2021 03:03 AM
as per my understanding of the question was - you have original configure of the port was to cater to VOICE and DATA VLAN,
before it was connected to Phone-PC, now you like to connect to only Pc without a Phone? is this correct. ?
I do not believe you need to change anything on the switch port config technically, the PC should work as expected.(without connected to the phone)
if that is not the case please post-show run interface gi 1/0/1 to understand better.
01-24-2021 03:41 AM
hi,
1) i have configured 2 vlans : Access and voice
2) i do not want that a user unplug the cable from the ip_Phone ==> [ip phone off], and use it for his laptop!
and if he do, he can #NOT be connected
3) a user must {if wanna connect to lan using that switchport } be connected after the ip phone on the PC port(of the ip phone)
im I cear!
01-24-2021 05:47 AM - edited 01-24-2021 05:49 AM
Hello
Well @balaji.bandi is correct, traffic originating from the pc should work, However if you wanted to qos remark that data traffic from the pc or trust it you could apply one of the two commands i stated previously.
01-24-2021 05:49 AM
Sure thank you for the clarification, i agree with @paul driver suggested commands,
Since we do not know the device model and IOS running, i can refer good document which can help you to understand better.
01-24-2021 10:27 AM
@benahmeddaho_MOURADIf I understand your last comment, you want to make it so the computer only gets a connection if it is plugged into the phone. If the user unplugs the phone from the wall jack and plugs in their computer, you do not want them to get a connection.
I'm not sure you can easily do that; however, my first question is why you might want to do that. Assuming your data VLAN is 10 and your voice VLAN is 20, if you configure your switch interface with the following commands:
interface GigabitEthernet1/0/1 switchport access vlan 10 switchport voice vlan 20 switchport mode access
then the computer will get VLAN 10 regardless of if it is plugged into the phone or directly into the wall jack. The phone figures out that it needs to use VLAN 20 for voice because of CDP so you should have no worries in a user unplugging the phone and plugging their laptop into the wall jack because they will always get the same network.
01-25-2021 01:04 AM - edited 01-25-2021 02:34 AM
Hi,
i feel like, you understand well my query.
[my first question is why you might want to do that] :
1) the laptops can get connection from WiFi
2) there are many ports destinated for lan connection
3) and why turning off an Ip_Phone== calls local & external == Business (by unpluging the ip_phone and plug it to laptop ), we can say it is a DoS for ip_phone
Best Regards!
01-25-2021 03:13 AM
2) i do not want that a user unplug the cable from the ip_Phone ==> [ip phone off], and use it for his laptop! and if he do, he can #NOT be connected
But this what you looking to do so as per the post ? we suggested to secure the port config - have you tried it ?
01-25-2021 03:43 AM
Hi,
Yes, i did. And the laptop can connect easely after the cable unplug from the ip phone then plug it to the Laptop!
i use this command [#switchport priority extend trust]
01-25-2021 04:28 AM
Can you post one of interface config, how you configured - (i will be more intrested to look to - show run full config)
that give us certain degree of view what is the issue.
show run
show version
01-25-2021 06:35 AM
If the laptops are getting a connection via the Wi-Fi, you could look at implementing port security on each switch interface (not on the interfaces connected to other switches or APs). If a user unplugs the phone and tries to plug in their laptop, the switch interface can either shutdown completely or just drop the laptop's traffic (depending on your configuration).
The following code sample will learn the MAC address of the phone. If any other MAC address is "heard" on the switch interface (such as a laptop that has been plugged in after removing the phone), that traffic is discarded and a log entry is added to the switch's log:
interface GigabitEthernet0/1 switchport access vlan 10 switchport mode access switchport voice vlan 20
switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation restrict
Unfortunately, this solution means that the users would not be able to plug their laptops into the port on the phone either and would have to remain on Wi-Fi in order to get their network connection. If you are specifically looking for a solution where the switch port will not forward traffic if it does not detect the phone being connected, I do not know how that might be accomplished.
01-25-2021 01:45 PM - edited 01-25-2021 01:47 PM
Hello
you seem to going off track with your query?
What exactly are you trying to accomplish?
if its that you wish the wifi to be disabled upon a wired connection then this ISNT a switch setting its a wifi network card setting
in the advanced properties of the wifi nic driver you can set it to “disable upon wired connection”
Is it this you require?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: