Re: voice vlan configuration in trunk or access port

getaway51 · ‎11-06-2019

Hi,

I am very confused with voice vlan config and its impact under interface cfg. Considering the 3 cfg below, with data and voice vlan present, which shld be the correct one?

Also I understood tht voice devices like cisco/avaya voip phone tagged its voice traffic in certain voice vlan ID.

Another issue is i am really not sure wht is the impact with/without "switchport voice vlan"?

1)"switchport mode trunk" with "switchport voice vlan" under interface config.

2)Some switches only has "switchport mode trunk" but no "switchport voice vlan" cfg.

3)Some switches only has "switchport mode access" with "switchport voice vlan".

Seb Rupik · ‎11-06-2019

Hi there,

You shouldn't need to make it a trunk port, Option3 is the valid configuration:

!
int gix/x/x
  switchport mode access
  switchport access vlan xx
  switchport voice vlan xx
  spanning-tree portfast
!

The switch will use CDP/ LLDP by the switch to determine if a VOIP handset is connected and will place the applicable frames in the voice VLAN.

As you point out, VOIP frames are always tagged, as such with older switches/ handsets it is necessary to configure switchport mode trunk to ensure the tagged frames are handled correctly.

cheers,

Seb.

getaway51 · ‎11-07-2019

Hi,

I have some switches still running the config 1) & 2) below.

I heard avaya and cisco Voip phones has tagged voice vlan with a VLAN ID (for e,g 100) & data goes to vlan 1

Wht exactly will happen to voice traffic especially when no "switchport voice vlan 100" present? wht exactly is the difference and implications will it caused?

1)"switchport mode trunk" with "switchport voice vlan 100" .

switchport allowed vlan 1,100

2)"switchport mode trunk" but no "switchport voice vlan 100".

switchport allowed vlan 1,100

Seb Rupik · ‎11-07-2019

Hi the,

The VLAN ID specified by the command switchport voice vlan xxx is used by CDP to inform the IP phone what VLAN ID to tag voice traffic with.

If switchport voice vlan xxx is missing from the switchport config then this information cannot be relayed to the phone. I guess this would rely on the phone to have a default, VLAN ID 100 as you suggest....I have never configured it this way so cannot confirm.

cheers,

Seb.

getaway51 · ‎11-07-2019

Hi,

If i change switchport mode trunk to access (with voice vlan 100), can it integrate with tagged voice vlan 100 from cisco voip phones ?

It means tagged voice(vlan 100)+untagged data(vlan 1) frm Voip phones------->swithport(access vlan 1, voice vlan 100)

Can still works?

btw , wt happens to those switches with switchport mode trunk? Does tagged voice(vlan 100)+untagged data(vlan 1) frm Voip phones------->swithport(access vlan 1, voice vlan 100). End result still the same?

Seb Rupik · ‎11-07-2019

The first config you describe would fit the standard setup. Although the switchport is not explicitly configured for handling tagged frames (ie mode trunk), the switchport voice vlan xx command will correctly handle VOIP frames which match the voice VLAN ID.

The second description will work assuming the IP phone is preset to tag voice traffic with VLAN ID 100. It is worth noting that on a trunk port the default native VLAN is 1, so this will pickup and place the untagged DATA traffic in VLAN 1.

cheers,

Seb.

getaway51 · ‎11-07-2019

Hi Seb,

Many thanks for yr kind reply!!!

May I know further, the difference between switch1-'switchport mode trunk' with 'switchport voice vlan 100' AND switch2-'switchport mode trunk' when it comes to NAC auth?

The reason was because when i checked under sh mac address-table, the mac addresses for VoIP phones shown in switch1 are STATIC (all ALLOW access)whilst the mac addresses for VoIP phones shown in switch2 are all dynamic(all DENY access).

There must be something set by this simple command considering it affect NAC auth.Can you enligthen me?

Seb Rupik · ‎11-08-2019

The use of the switchport voice vlan xxx, as well as informing a Cisco phone which VLAN to tag voice frames with via CDP, also instructs the switchport to allow the traffic on the voice VLAN to work independently of 802.1x authentication.

In your scenario of using switchport mode trunk and NAC you will probably need to configure MAB (MAC Address Bypass) for the IP phone.

I say probably as I don't have much experience of using non-cisco IP phones in 802.1x setups.

cheers,

Seb.

getaway51 · ‎11-08-2019

Hi,

When sh mac address-table, it shows static or dynamic, wht does it means?

This happens when switchport voice vlan XX is configured. In terms of networking, wht static and dynamic means?

Seb Rupik · ‎11-19-2019

Dynamic MAC addresses are learnt by the switch as ethernet frames are received. The source MAC address is gleaned from the frame and used to populate the MAC address table. Each dynamic entry has a timer against to age out old addresses. Each time a MAC address is seen again the timer is reset.

Static MAC addresses are either manually configured by an administrator or are hardcoded by the switch itself.

there is also a third type, 'sticky' which is encountered when using certain port-security configuration.

cheers,

Seb.

Joseph W. Doherty · ‎11-07-2019

"Also I understood tht voice devices like cisco/avaya voip phone tagged its voice traffic in certain voice vlan ID."

Unsure about Cisco VoIP phones, but Avaya VoIP phones I recall will work without VLAN tags.

One of the possible configuration for Avaya VoIP phones is to connect only them to an access port, which connects to a VoIP VLAN. No need, or advantage, to tag the VolIP frames.

Further, in the Avaya implementations I used to support, Avaya phones booted up on the untagged VLAN, looked at the option strings passed in DHCP, one of which was what VLAN the phone was to switch over to, and then the phone did.