cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
463
Views
0
Helpful
4
Replies

Setup 3550 for voice and data

servnj
Level 1
Level 1

Next week I am getting an office ready for VOIP, we are using a managed VOIP service and will be using 28 Cisco 7940 IP phones and 2 Cisco 3550 switches. Computers will be plugged into the phones. Voice traffic is going to a Cisco 3600 router the VOIP service has provided which is connected to a T1. Data traffic is going to a Cisco ASA 5505 which is connected to a FIOS connection. On each switch I installed copper GBIC's to connect the 2 switches and on the main switch Switch0 I am using port 23 to connect to the VOIP router and port 24 to the ASA 5505. The router is doing DHCP for the phones and the ASA5505 is DHCP for the computers.

Now to my questions. How does my config look for what I want to do?

Is there anything else I need to do for DHCP to work?

Do I need to change the port settings if I plug a computer or printer directly into the port rather than thru a phone first?

Thank you for any suggestions.

Below is my running-config.

Current configuration : 5119 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch0

!

enable secret 5 *************

!

clock timezone BST 5 30

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

mls qos

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

switchport voice vlan 5

switchport priority extend trust

mls qos trust cos

spanning-tree portfast

!

PORTS F0/2 - F0/22 ARE the same as F0/1

interface FastEthernet0/23

description Voice trunk to M5 router

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 5

switchport mode trunk

!

interface FastEthernet0/24

description Data Trunk to ASA5505 port 2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10

switchport mode trunk

!

interface GigabitEthernet0/1

description Trunk connection to Switch1 port Gi0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 192.168.1.5 255.255.255.0

!

ip classless

ip http server

!

line con 0

line vty 0 4

password *****

4 Replies 4

servnj
Level 1
Level 1

If anybody is interested I will list what I had to do to get this to work.

1. Add VLAN 10 to ASA 5505 plus DHCP for VLAN

Interface Vlan10

nameif Data

security-level 100

ip Address 192.168.1.10 255.255.255.0

dhcpd address 192.168.1.100-192.168.1.150 Data

dhcpd enable data

2. On talking to our VOIP service I changed interface F0/23 to:

interface FastEthernet0/23

description uplink to M5 router

switchport access vlan 5

switchport mode access

speed 10

duplex half

spanning-tree portfast

3. I change int f0/24 to:

interface FastEthernet0/24

description uplink to ASA5505 data

switchport access vlan 10

switchport mode access

Question: On the interface F0/23 and F0/24 I used "switchport mode access" and on Gi0/1 I used "Switchport mode trunk" My understanding of these Modes is that "mode access" is for only one Vlan and "Mode trunk" is for many Vlans. Is this right or am I off the mark?

switchport mode access carries only one VLAN (specified in switchport access vlan XX) or default to vlan 1.

switchport mode trunk allows you to carry multiple VLANs across that link.

maltuna
Level 1
Level 1

Most of the config looks fine, but I'm unsure why you'd want to trunk to the voice router or to the ASA.

I do very similar configs for customers, and I always use switchport mode access (without the switchport voice vlan command on that port) for ports connecting to routers or firewalls, unless there is a reason to trunk (for example, some customers trunk both a private "voice" vlan for phones, and a "public" vlan for internet data access on the same port).

Reason being is why open up the possibility of having something be "heard" where it isn't supposed to? Security issues aside, sometimes functionality is affected depending on what applications are listening.

You asked about whether or not you'd need to change port config for only computer or printer, etc.

Microsft's DHCP has some issues in 2003 server (and maybe higher, I don't know) where if it can see dot1q encapsulated dhcp requests, and it will respond to them all, even though they are not in the correct network. I have not seen this problem in Windows 2000 dhcp or previous, only in 2003, and especially in customers that upgraded from 2000 to 2003.

If the port an MS 2003 DHCP server is on has "switchport voice vlan 5", it will hand out an incorrect IP address to the phone, since it somehow sees the dhcp request packets from the phone that are supposed to only be in the voice vlan. This is despite the fact that the phone will put it's voice traffic into the voice vlan, negotiated by CDP. So what you end up with is phones that don't work.

For this reason, anytime you have Windows servers (even if they aren't yet 2003 or higher), I recommend removing the "switchport voice vlan 5" line from the port the server is connected to, because that is the only way to prevent the problem.

Granted, you said that the ASA will be doing DHCP for the data network, so it's not an issue now, but that is uncommon in MS networks, since active directory relies so heavily on MS DNS, and in many cases on MS DHCP to help MS DNS be accurate.

Anyways, other than that, I haven't seen any problems with PCs or printers or other devices on ports configured the way you have your "phone + pc or pc" ports configured.

I have also seen this issue with Windows DHCP Servers, however it isn't specific to 2003. The issue is the NIC drivers stripping off the 802.1q header before passing the frame up the stack. I agree though that for infrastructure devices (DHCP Server for example) you wouldn't really want to configure the switchport with a voice VLAN, there is no point.

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco