Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
0
Helpful
3
Replies

Video Endpoints on which Vlan?

Rahul Patel
Level 5
Level 5

‎11-06-2014 06:48 PM - edited ‎03-18-2019 03:38 AM

Hello,

 

We have about 15+ MX300's deployed in our environment.  The video infrastructure is not connected to our Call Manager environment.  The two are separate and we will be integrating next year.  The Video endpoints currently use the data vlan and the IP phones are on the voice vlans.  We also have dot1x as port security.  Cisco phones connect fine and register on the voice vlans.  MX300's mac address is added to the MAB table and they pass authentication and get on the data vlan.  

We purchased two MX300 G2 units, and these units by default go on the voice vlan.  The question that came up was, should these units be on the voice vlan instead of the data vlan?  

Has anyone deployed them on the voice vlan?  Has this caused an issue with voice traffic? 

Thank you,

Rahul Patel

Labels:
0 Helpful
3 Replies 3

Chris Swinney
Level 5
Level 5

‎11-07-2014 08:44 AM

Hi Rahul,

I would put the video stuff in their own VLAN, not voice or data. If you use QoS, you can then check and manipulate VLAN differentially in addition to the tags that can be set on the endpoints.

There is no reason why they couldn't exist in either the data or voice VLAN, however, its simply is a matter of preference as to how you wish to setup and segregate your network. I think the automatic voice VLAN operation is often because organisations may have setup preferential queues already n the voice side of things.

 

Cheers

Chris

 

0 Helpful

Rahul Patel
Level 5
Level 5
In response to Chris Swinney

‎11-10-2014 06:37 AM

Hi Chris,

Thanks for your reply.  We have dot1x on our ports and if an unauthorized computer is connected, its put on the guest vlan with no access.  The computer will authenticate since the are on the domain and go ont the data vlan.  The phones pass dot1x and are on the voice vlan.

The video units, when plugged in out of the box go on the voice vlan, since by default voice vlan is set to auto.  We add the mac address of the video endpoint to the MAB table in ACS, change the setting from Auto to Off for Voice Vlan, Assign a static IP on the separate vlan (other than the voice vlan), Unplug and replug the video unit.  The port displays that it passed dot1x using mab.  But, we are unable to ping the unit.

The only way we get a ping is when we turn off dot1x and that is something we don't want to do.  Since the units will be located in a public area.

Have you or anyone else seen this behaviour?

 

Thanks,

Rahul Patel

0 Helpful

Chris Swinney
Level 5
Level 5
In response to Rahul Patel

‎11-27-2014 08:13 AM

Hi Rahul,

Did you manage to resolve this? One thing we don't use is 802.1x, just simple MAC address look up on wired ports.

Chris

 

0 Helpful
Customers Also Viewed These Support Documents