Cisco voice vlan

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi Guys,

I am configuring our Cisco 3750 to support CIsco CME, i have noticed
that we can configure the interface either as ab access port or as a
trunk and both will support Voice and Data Vlans.

EXAMPLE 1 ACCESS PORT
********************************

interface GigabitEthernet0/11
 switchport access vlan 141
 switchport mode access
 switchport voice vlan 41
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable




EXAMPLE 2 TRUNK PORT
**********************************

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 141
 switchport trunk allowed vlan 41,141
 switchport mode trunk
 switchport voice vlan 41
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable


Kindly ignore the Qos configuration as Auto Qos has been used in both
configuration; cisco's macro configuration applies the access port
configuration while cisco's documentation recommmend the .1q trunk
configuration.

I have tested both in the Lab and both have worked just fine; i always
thought that  we have to use .1q for security reasons.

Your recommendation as the best practices is higly appreciated.



Regards,
Andy






Re: Cisco voice vlan

Quoted text here. Click to load it
Both configurations do the same thing, the data vlan is untagged and the
voice vlan is a dot1q tagged vlan.  In a pure Cisco environment (with Cisco
switches and Cisco phones) the best practice is the ACCESS configuration.
The difference between the two is subtle but significant.  In the ACCESS
configuration, the port is NOT in trunking mode unless a Cisco phone is
attached to the port.  The phone detection mechanism used by the switch is
CDP, which is why it can only be used with Cisco phones.    With the TRUNK
configuration the port is ALWAYS in trunk mode even if you don't have a
phone attached.  Broadcast traffic and unknown unicast on the voice vlan is
always sent out (tagged with the voice vlan) even when no phone is attached.
If you attach another switch, then the port is also in trunking mode, but
with the ACCESS configuration the port is not trunked.  For these reasons,
the ACCESS configuration is considered a bit more secure.




Re: Cisco voice vlan
Thrill5,

Thank you for your reply.


Regards,
Andy

Site Timeline