Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1316
Views
0
Helpful
6
Replies

Voice VLAN basic questionv

jcalhoun11
Level 1
Level 1

‎08-10-2015 09:56 AM - edited ‎03-08-2019 01:18 AM

Hello,

 

I will be creating a Voice VLAN this week. We had some problems with a multicast storm that our older VOIP phones couldn't handle that prompted this. The phones don't support LLDP so I will be using the Telephony OUI feature of the switch.

 

It makes sense that each port will have a VLAN + Voice VLAN. My question is about multicast/broadcasts.

We will just have the native VLAN and the Voice VLAN to begin with.

 

If a port is in the native VLAN and the Voice VLAN, will broadcasts or multicasts go to both VLANS?

The phones have a switch that PC's are connected to. How would one isolate the Voice VLAN to not receive mutlicasts from the rest of the network? Does the port have to be set as access and not trunk?

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎08-11-2015 04:47 AM

Multicast does not go between vlans unless you have configured multicast routing together with PIM.

So if there are no devices transmitting multicast in the voice vlan then there will be no multicast in that vlan ie. it doesn't matter whether the link is an access port or a trunk, what matters is which vlan the multicast packets are being sent from.

Jon

0 Helpful

jcalhoun11
Level 1
Level 1
In response to Jon Marshall

‎08-11-2015 09:31 AM

Ok great. Both very good answers!

I did enable storm control on everything but trunk ports.

It totally makes more sense now...

Thanks

0 Helpful

jcalhoun11
Level 1
Level 1
In response to jcalhoun11

‎08-11-2015 11:13 AM

Ok to take it one step further. I apologize but I think it's necessary...

My reason for posting was due to a huge multicast storm that took down my entire network. 500,000+ of the same exact multi-cast packet in 3 minutes!

So the phone has 2 ports. One plugged into the network and one plugged into a pc. The port connected to the network will have to pass both vlans at one time or another. Say the voice and data vlans are working as expecting. A multicast comes into the phone from the cisco switch..... It's not going to matter that a voice vlan is setup right?

The phones themselves seem vulnerable to the storm. They are older phones. I would imagine a newer cisco would not even have this issue. As the switch built into the phone is totally "dumb", if my logic is correct the voice vlan would do nothing to stop this?

The only option to totally protect the phones from outside multicast would be to put them in their own vlan and disable the pass through port?

0 Helpful

Justin B
Level 1
Level 1
In response to jcalhoun11

‎08-12-2015 07:18 AM

When you setup the voice vlan and the data vlan, for example:

switchport access vlan 10

switchport voice vlan 20

You are creating a 'mini trunk' between the Cisco switch and the phone's switch. 

With our example above and the rest a vanilla config on the switch, the frames destined for vlan 10 on the port will be untagged, frames destined for vlan 20 will stay tagged.

Once the phone's switch receives untagged frames it will forward to the PC port, then frames tagged with vlan 20 will be forwarded to the phone.

 

A multicast comes into the phone from the cisco switch..... It's not going to matter that a voice vlan is setup right?

The phone itself will only receive the multicast storm on vlan 20.

 

To maybe help in understanding, when you plug the phone into the network you are plugging in another switch into the network with a phone attached.

As far as the multicast storm goes the phone's switch might be able to handle the storm, I do not know.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to jcalhoun11

‎08-12-2015 08:07 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"A multicast comes into the phone from the cisco switch..... It's not going to matter that a voice vlan is setup right?"

Yes and no.

The data VLAN traffic, that containing the multicast flood, is still going to consume switch port bandwidth (as also noted by Justin).  Such can delay Voice VLAN traffic.

Once the traffic gets to the phone, the "switch" portion of the phone should not send the data VLAN traffic to the "phone" portion, so the "phone" portion doesn't have to logically deal with that traffic.  (The latter is one of the advantages of "mini trunk" [described by Justin].)

To really get the full advantage of the data and voice VLANs, you need to have dedicated ports for both.  I.e. Phone and PCs on their own network ports.  (NB: BTW, one large VoIP vendor, notes you can have twice as many phones on the same VLAN when you don't "mini trunk"/share the switch ports.)

BTW, you can mitigate some of the sharing the switch port's bandwidth by using egress QoS to give preference to the voice packets.  This doesn't work as well as dedicated ports, for a couple of reasons.  First, a switch's QoS may have a hardware FIFO queue before logical dequeuing occurs.  Second, many VoIP phones internal switch function, isn't too efficient.  (For example, we've seen VoIP phone be a major bottleneck to the PC connected to them.)

BTW, are you sure it was a multicast flood and not a broadcast flood?  If the former, does your switch support IGMP snooping?

0 Helpful

Justin B
Level 1
Level 1

‎08-11-2015 06:32 AM

To preface, I am no expert on Voice VLANs but this is how I understand it:

The phone should act like switch before it is a phone. So if a frame comes in tagged for the Voice VLAN then the phone's switch should forward the frame to the phone.

If a frame comes in untagged it should forward to whatever is plugged into the other port, most likely the PC.

So, from my understanding, the phones will not receive the multicasts that have been originating on the VLAN the PCs are on. However the Cisco switch port itself will still get hammered by multicasts on both VLANs.

Multicasts normally stay within the subnet.

You could try configuring storm control on your edge ports to help mitigate a DoS from a mutlicast storm.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/storm.html

 

-Justin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card