Re: Best Practice in configuring voice vlan ...

Unanswered Question
Jul 3rd, 2008
User Badges:


What is the best practise way to configure a voice vlan on a switchport ? Both ways work but what is the best practice to do this task :-

Config A


switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport trunk allowed vlan 96,104

switchport voice vlan 96

spanning-tree portfast trunk

spanning-tree bpduguard enable

Config B


switchport access vlan 104

switchport voice vlan 96

spanning-tree portfast

spanning-tree bpduguard enable

Thank you,


- sn -

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Justin Brenton Thu, 07/03/2008 - 23:36
User Badges:
  • Silver, 250 points or more

Hi sanjaynadarajah,

Config A is a Trunk port configuration. Which is when you want to connect a port on a switch to connect to another switch.

Config B is a Access port configuration. This is a configuration for end points.

The way to configure a voice vlan is as follows.

switchport access vlan 104

switchport voice vlan 96

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

HTH, Please rate my reply



royalblues Fri, 07/04/2008 - 00:49
User Badges:
  • Green, 3000 points or more


It depends on the IP phone you are deploying at the site

I have seen that avaya ip phones require configurations as per method A (i.e trunk). Also some old nortel phones do require similar configs

With a Cisco or the newer nortel ip phones, method B should be used


andrew.butterworth Fri, 07/04/2008 - 02:24
User Badges:
  • Gold, 750 points or more

Avaya have some documentation that seems to have been written when the EOL Catalyst 3500XL/2900XL series were current and has not updated it since. It states that you must have a trunk configured.

This is definitely not the case with any IOS switch later than the 3500XL/2900XL. With these switches you had to create a trunk to use Voice VLANs. Now however the 2nd configuration you posted is considered the best-practise.

I have also done a large deployment of Nortel IP Phones on Cisco Catalyst 4500 Access Switches and we used the recommended Cisco best-practise method. So again if Nortel have documentation stating trunks must be configured they are incorrect and the best practise method should be used.

If you use the 1st configuration STP sees the port differently (you have applied portfast-trunk to change the behaviour). You also cannot enable port-security on a trunk which is a recommended security measure to mitigate against users connecting hubs and unamanaged switches.



achegaray Fri, 07/04/2008 - 08:27
User Badges:


Port-security can be enabled on a trunk interface.

Configuration 1 is actually the one used for Alcatel IP-phone



andrew.butterworth Fri, 07/04/2008 - 08:51
User Badges:
  • Gold, 750 points or more

Alex, you are correct port-security can be enabled on a trunk as I have just tried - I thought it was one of the things in the comparison list between trunks and access ports that was different.

Configuration 1 can be used for connecting an Alcatel IP-Phone (or any other IP Phone that uses Voice VLANs), however configuration 2 is more appropriate and is the preferred, best-practise way.



This Discussion