Most corporate networks today use IP telephony. This means that the phones are connect to the same network and use the same cabling as other network devices, such as workstations or routers. Since offices usually have only a single UTP cable to each desk, most of the IP phones today include a small switch that enable you to connect your PC to the phone sitting on the desk, and then connect the phone to the local network. Consider the backside of an IP telephone Yealink T21:  As you can see from the picture, this phone has two UTP ports. One port is connected to the local network, while the other port can be connected to the PC. The port on the phone connected to the switch can carry both data and voice traffic. To enable this, we need to define two VLANs on the switch port – data VLAN and voice VLAN. Here is how we can do that: SW1(config)#vlan 5 SW1(config)#vlan 20 SW1(config)#int fa0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 5 SW1(config-if)#switchport voice vlan 20We’ve created two VLANs – VLAN 5 that will be used for data sent by the PC and VLAN 20 for IP phone’s voice traffic. We’ve then placed the port into both VLANs. The keyword voice indicates that the VLAN 20 will be a voice VLAN. To verify that the interface indeed carries data from both VLANs, we can use the show interfaces Fa0/1 switchport command: Switch#show interfaces fa0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 5 (VLAN0005) Trunking Native Mode VLAN: 1 (default) Voice VLAN: 20 Administrative private-vlan host-association: none Administrative private-vlan mapping: none ...The lines Access Mode VLAN: 5 (VLAN0005) and Voice VLAN: 20 indicate that the interface is indeed carrying traffic from both VLANs. NOTE Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book. We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: Hello, we are in the middle of slowly upgrading our network, and have come quite a ways since I first started here two years ago. We finally were able to implement a router with vlans into our network back in January, but that's a whole different story for another day. We have an archaic phone switch (Nortel!) and we have some licenses for VoIP phones, but most desk phones are Cat3. Because of the way the network was previously designed, we haven't yet moved any VoIP phones out of our staging/temporary vlan onto our final vlan structure. We are testing that today, and have come across a conundrum with having separate voice and data vlans. I have tried searching the internet, but I believe this is a case of not using the correct search terms to find the answer I'm looking for. We are using Cisco 2960-X switches here, with version 15.0. There appears to be two different ways we can accomplish this and both appear to fall in line with "best practices". We configure the IP phone to tag the voice vlan, and leave the data untagged, and on the switch, we set the switchport to trunk and apply a native vlan of the data vlan. We configure the IP phone to tag both the voice vlan, and the data vlan, and on the switch, we set the switchport to trunk. It appears that both would work. We currently have the one phone set to option 1. I honestly did not know option 2 was valid until I was reconfiguring the phone and saw that a data vlan could be tagged. What is the better way to configure these IP phones?
802.1Q tagging allows you to run multiple VLANs over a single, physical link. With phones, often the normal PC client VLAN remains untagged (access VLAN) while the VoIP VLAN is tagged. Using a DHCP vendor option to tell the phones to use tagged VLAN x is a good method to avoid configuring each phone manually. You should consider to limit this option to phones though (by MAC filter or vendor class), so a potential attacker has a harder time figuring out which VLAN to enter. "Best practice" for my company is to not use the phone-integrated switches productively but run separate cables to the phones and the PC clients. The phone "through" port remains active as spare access to the client access VLAN. The switchport trunk encapsulation dot1q enables 802.1Q tagging on the switch port. spanning-tree portfast isn't really required but significantly decreases the delay between the port's physical link "up" and actual forwarding. STP port states usually delay forwarding until the port role has become clear. portfast starts forwarding immediately and still uses STP to discover redundant links, avoiding bridge loops. Separate access and voice VLANs have several purposes. For one, separating the device types allows you to more easily prioritize voice traffic, so network congestion has no or less impact on VoIP. Additionally, separating traffic hinders listening in to the (mostly) unencrypted VoIP traffic or attacking the phones directly. When combined with port-level authentication (e.g. 802.1X or MACSEC) or similar measures this can be rather secure.
IP Phones are one of the most used network devices in modern offices today. Voice over IP (VoIP) is also a popular technology which is used in such devices. In an office LAN, beside normal VLANs, Voice VLAN is also used for these devices. Here, we will talk about these VLANs and how to configure Voice VLANs on Cisco switches. You can also check Packet Tracer VLAN Configuration Example. Why We Use Voice VLANs?Think about your desk in the office. Generally, only one network cable comes to the desk in the office. The data connection is done over this cable. What if you are using multiple devices and one of them is an IP Phone? You have one cable but you need to access two different services. Here, you need a solution. For such a topology, to overcome this issue, multiple ports on the IP Phone are used beside a specific Voice VLANs configuration on the switch By using a separate Voice VLAN beside the Data VLAN, you can use both of these devices over a single link. Here, a basic topology like below is used. As you can see, in this topology, IP Phone is connected to the switch and then PC is connected to that IP Phone. The PC sends untagged data to IP Phone. Only, untagged data is passed over this link. On the other hand, on the link which connects IP Phone to switch, passes both tagged voice and untagged data traffic. Voice VLAN ConfigurationNow, let’s do a Voice VLAN Configuration example. Below example is typically an office desk connection. Here, we use two separate VLANs for data and voice. Data is used over VLAN 20 and voice is used over VLAN 10. Below, you can find the configuration steps one by one. Firstly, we will create VLAN 10 and VLAN 20. We will also give the names of the VLANs.
Then, we will go to the interface which IP Phone is connected to the switch. We will configure this port as access port and two VLANs can be used under this port.
In this lesson, we have configured Voice VLAN basically. With this configuration, we will access both data and voice traffic over the same link. This configuration is especially widely used in offices which uses IP phones.
|
Cisco voice VLAN best practices
Related Posts
Copyright © 2024 themosti Inc.
