Cisco Voice vlan Vs trunking on 3750

Unanswered Question
Aug 31st, 2007
User Badges:

We have a catalyst 3750 switch and cisco ip phones on certain ports...we would like to understand the advantage disadvantages of configuring


Explicit Voice vlan on these ports

VS

where yyy is the voice vlan

switchport access vlan xxx

switchport trunk encapsulation dot1q

switchport trunk native vlan xxx switchport trunk allowed vlan yyy,xxx

switchport mode trunk

speed 100

duplex full


Pointers appreciated +is native vlan config really required

Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Rob Huffman Fri, 08/31/2007 - 05:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Mahesh,


You will probably get lots of answers to this good question. The explicit Voice vlan is certainly a Cisco "best practice" here is a clip from the SRND;


When you deploy voice, Cisco recommends that you enable two VLANs at the access layer: a native VLAN for data traffic and a voice VLAN under Cisco IOS or Auxiliary VLAN under CatOS for voice traffic.


Separate voice and data VLANs are recommended for the following reasons:


Address space conservation and voice device protection from external networks


Private addressing of phones on the voice or auxiliary VLAN ensures address conservation and ensures that phones are not accessible directly via public networks. PCs and servers are typically addressed with publicly routed subnet addresses; however, voice endpoints should be addressed using RFC 1918 private subnet addresses.


QoS trust boundary extension to voice devices


QoS trust boundaries can be extended to voice devices without extending these trust boundaries and, in turn, QoS features to PCs and other data devices.


Protection from malicious network attacks


VLAN access control, 802.1Q, and 802.1p tagging can provide protection for voice devices from malicious internal and external network attacks such as worms, denial of service (DoS) attacks, and attempts by data devices to gain access to priority queues via packet tagging.


Ease of management and configuration


Separate VLANs for voice and data devices at the access layer provide ease of management and simplified QoS configuration.


To provide high-quality voice and to take advantage of the full voice feature set, access layer switches should provide support for:


802.1Q trunking and 802.1p for proper treatment of Layer 2 CoS packet marking on ports with phones connected


Multiple egress queues to provide priority queuing of RTP voice packet streams


The ability to classify or reclassify traffic and establish a network trust boundary


Inline power capability (Although inline power capability is not mandatory, it is highly recommended for the access layer switches.)


Layer 3 awareness and the ability to implement QoS access control lists (These features are required if you are using certain IP telephony endpoints, such as a PC running a softphone application, that cannot benefit from an extended trust boundary.)


Spanning Tree Protocol (STP)


To minimize convergence times and maximize fault tolerance at Layer 2, enable the following STP features:


PortFast


Enable PortFast on all access ports. The phones, PCs, or servers connected to these ports do not forward bridge protocol data units (BPDUs) that could affect STP operation. PortFast ensures that the phone or PC, when connected to the port, is able to begin receiving and transmitting traffic immediately without having to wait for STP to converge.


From this CCM SRND doc;


Cisco Unified Communications SRND Based on Cisco Unified CallManager 4.x


Network Infrastructure


http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guide_chapter09186a00806e8c42.html


Hope this helps and best of luck!


Rob



mchandak Fri, 08/31/2007 - 06:30
User Badges:
  • Gold, 750 points or more

Rob as usual at his best. 5 Points for you :)

Rob Huffman Fri, 08/31/2007 - 06:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Mahesh,


Thank you so much! I hope you know how much your kind words mean to me :)


Take care my friend!

Rob

maheshbalasub75 Fri, 08/31/2007 - 09:57
User Badges:

Thanks Rob just this one query...would there be any disadvantage in configuring a Voice Vlan over a trunk with allowed voice vlan ???

Or in other words any advantage of using "Trunk" command and allowing a seperate Voice vlan YYY...note we still have the best practise of VLAN demaracation ie Voice and data are seperate


switchport access vlan xxx

switchport trunk encapsulation dot1q

switchport trunk native vlan xxx

switchport trunk allowed vlan yyy,xxx

switchport mode trunk

speed 100

duplex full


Thanks

Rob Huffman Fri, 08/31/2007 - 16:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Mahesh,


This an excellent and very reasonable question. My background is primarily voice so it is hard for me to describe why this is a Cisco "best practice". I do know that it is unnecessary to configure the switchport in Trunk mode because when you use the Voice VLAN (with a native vlan) command a "special" dot1q trunk is automatically setup. The reasons I have seen to support this setup are many and vary from minimizing Trunking overhead to ease of configuration and everything in between :) On the older 3500XL Switches your method was the only way to go, but on all newer versions the need for Sitchport mode Trunk is not necessary. Here is one of the better threads I have ever read on this issue (with some Tac links as well). There are some great answers from Mahesh,Paolo Sankar and others here.



http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddd5905/14#selected_message


Hope this helps!

Rob

Actions

This Discussion