Solved: the command switchport voice vlan

sarahr202 · ‎12-29-2008

Hi every body!

I have few questions about the command " showport voice vlan "

Let say we have a network with vlan 2 being native vlan.

If i use the command:

switch(config-if) switchport voice vlan 3

Should i have to use the command

" switchport trunk native vlan 2" to tell switch regard vlan 2 as native vlan ? if yes does it means the command " switchport voice vlan 3" will tell the ip phone that native vlan is vlan 2 and use this vlan 2 for data traffic?

2)what is access vlan? My book says" suppose that a switch port is configured with access vlan 10,voice vlan 110 and native vlan 99".

I just quoted where I find problem.

How could one port be in three vlans?

I thought there is one-to-one correspondence between vlan and port,( static vlans)

thanks a lot!

lejoe.thomas · ‎12-29-2008

Hi Sarah,

The concept of native vlan pertains to a switchport rather than the switch as a whole.

#interface configuration

switchport voice vlan 3

switchport trunk native vlan 2

--For this port the native vlan is 2, i.e all untagged traffic on this port should be put into this vlan.

The switch port is normally in one of the operation modes either access or trunk.

#interface configuration (BB)

switchport voice vlan 3

switchport trunk native vlan 2

switchport mode trunk

Now lets assume the port is a trunk port with following options. A PC is attached to the IP phone. So switch instructs IP phone to tag all voice traffic to vlan 3 and all untagged traffic (coming from PC) falls into the native vlan on that port namely vlan 2.

#interface configuration (AA)

switchport voice vlan 3

switchport trunk native vlan 2

switchport mode access

switchport access vlan 30

Again same as above, IP phones tags all voice traffic with vlan 3 and untagged pc traffic gets tagged with vlan 30. Here the native vlan statement is of no use.

2)what is access vlan? My book says" suppose that a switch port is configured with access vlan 10,voice vlan 110 and native vlan 99".

Think of frame ingressing or egressing a port as being part of those VLANS depending on whether the port is trunk or access, rather than the port as a whole. If it's as per example (AA), voice traffic falls into 10 and untagged PC traffic falls into the access vlan. Otherwise (BB), untagged PC traffic falls into the native vlan configured.

HTH

Lejoe

View solution in original post

lejoe.thomas · ‎12-29-2008

Hi Sarah,

When switchport voice vlan x is configured, the switch is informing the phone to tag (voice frames with vlan x).The phone is tagging and sending voice frames tagged as vlan x. It could also send untagged frames (PC connected to phone), which the switchport tags to be in the access-vlan.

Think of it this way, when we're setting switch port access vlan y. We're informing the switchport to tag untagged frames, those without 802.1q header with vlan y.

When we say access-vlan, we just think all frames from that port will belong to the access-vlan. But that means, all untagged frames. The IOS is smart enough to allow frames which match the voice vlan configured (already tagged by the phone) through the port.

Yes at times, it can get confusing, if we sort of hard code in our mind access-vlan only allows frames from one vlan. But thats not the case here, when switchport voice vlan is configured. It's going allow traffic sourced from two MACs (pc + phone).

I hope it makes sense.

Lejoe

View solution in original post

lejoe.thomas · ‎12-29-2008

Hi Sarah,

The concept of native vlan pertains to a switchport rather than the switch as a whole.

#interface configuration

switchport voice vlan 3

switchport trunk native vlan 2

--For this port the native vlan is 2, i.e all untagged traffic on this port should be put into this vlan.

The switch port is normally in one of the operation modes either access or trunk.

#interface configuration (BB)

switchport voice vlan 3

switchport trunk native vlan 2

switchport mode trunk

Now lets assume the port is a trunk port with following options. A PC is attached to the IP phone. So switch instructs IP phone to tag all voice traffic to vlan 3 and all untagged traffic (coming from PC) falls into the native vlan on that port namely vlan 2.

#interface configuration (AA)

switchport voice vlan 3

switchport trunk native vlan 2

switchport mode access

switchport access vlan 30

Again same as above, IP phones tags all voice traffic with vlan 3 and untagged pc traffic gets tagged with vlan 30. Here the native vlan statement is of no use.

2)what is access vlan? My book says" suppose that a switch port is configured with access vlan 10,voice vlan 110 and native vlan 99".

Think of frame ingressing or egressing a port as being part of those VLANS depending on whether the port is trunk or access, rather than the port as a whole. If it's as per example (AA), voice traffic falls into 10 and untagged PC traffic falls into the access vlan. Otherwise (BB), untagged PC traffic falls into the native vlan configured.

HTH

Lejoe

sarahr202 · ‎12-29-2008

Thanks for your reply Lejoe!

Your post answered all my questions. However, i want to confirm if my understanding is correct

#interface configuration (AA)

switchport voice vlan 3

switchport trunk native vlan 2

switchport mode access

here is excerp from my book

switch# show running-config int fastethernet 1/0/1

interface fastethernet 1/0/1

switchport trunk native vlan 99

switchport access vlan 10

switchport voice vlan 110

But the following command does not show native vlan

switch# show spanning-tree int fastethernet 1/0/1

vlan 0010 desg fwd 19 128.51 p2p

vlan 0110 desg fwd 19 128.51 p2p

Is it mistake ?

thanks a lot!

switchport access vlan 30

1)Here in traffic from pc will use vlan 30. Since vlan 30 is not the native vlan , therefore 802.1q header will be inserted in the frame. Is it correct?

thanks a lot!

lejoe.thomas · ‎12-29-2008

Hi Sarah,

interface fastethernet 1/0/1

switchport trunk native vlan 99

switchport access vlan 10

switchport voice vlan 110

But the following command does not show native vlan

switch# show spanning-tree int fastethernet 1/0/1

vlan 0010 desg fwd 19 128.51 p2p

vlan 0110 desg fwd 19 128.51 p2p

It seems the port is configured in access mode, in which case two vlans should be active (access vlan:110 and voice vlan :10). So it's correct.

switchport access vlan 30

1)Here in traffic from pc will use vlan 30. Since vlan 30 is not the native vlan , therefore 802.1q header will be inserted in the frame. Is it correct?

Correct.

HTH

Lejoe

sarahr202 · ‎12-29-2008

Thanks a lot Lejoe!

My book says " Use the following interface configuration command to select the voice vlan mode that will be used:

switch#(config-if) switchport voice vlan{ vlan-id/dot1p/untaggged/none}

The default condition for every switch port is 'none',where a trunk is not used.All other modes except for 'none' use the special-case 802.1q trunk."

Based on above, the command "switchport voice vlan 110 " means 802.1q trunk will be used.

Besides if port is configured in access mode, it can't carry more than one vlan.

I really appreciate your help !

Could you please explain that?

thanks a lot!

lejoe.thomas · ‎12-29-2008

Hi Sarah,

When switchport voice vlan x is configured, the switch is informing the phone to tag (voice frames with vlan x).The phone is tagging and sending voice frames tagged as vlan x. It could also send untagged frames (PC connected to phone), which the switchport tags to be in the access-vlan.

Think of it this way, when we're setting switch port access vlan y. We're informing the switchport to tag untagged frames, those without 802.1q header with vlan y.

When we say access-vlan, we just think all frames from that port will belong to the access-vlan. But that means, all untagged frames. The IOS is smart enough to allow frames which match the voice vlan configured (already tagged by the phone) through the port.

Yes at times, it can get confusing, if we sort of hard code in our mind access-vlan only allows frames from one vlan. But thats not the case here, when switchport voice vlan is configured. It's going allow traffic sourced from two MACs (pc + phone).

I hope it makes sense.

Lejoe

sarahr202 · ‎12-29-2008

thanks for your reply!

To sum it up, i could say the command" switchport access vlan 3" instructs the port to put any untagged frame recieved on the port, in vlan 3. It does not mean the if port receives frame with tag such voice vlan 4, it should not let them through.

viyuan700 · ‎12-30-2008

When you connect an IP phone to a switch using a trunk link, it can cause high CPU utilization in the switches. As all the VLANs for a particular interface are trunked to the phone, it increases the number of STP instances the switch has to manage. This increases the CPU utilization. Trunking also causes unnecessary broadcast / multicast / unknown unicast traffic to hit the phone link.

In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic

I thought following lines will be useful for better understanding.

sarahr202 · ‎12-30-2008

Thanks for your reply. I have some problems with your reply. I quoted below from your post.

"Think of it this way, when we're setting switch port access vlan y. We're informing the switchport to tag untagged frames, those without 802.1q header with vlan y."

My understanding is switchport itself does not add any vlan id. The simple operation is when switch receives frame on a port, it records the source mac address and the port on which , the frame is received and vlan the port belongs to.

switch builds mac table for each vlan though when we use show mac command , it merge them in one table.

After recording soucre address that would be the case if source address is not present in table, switch check the destination mac in the corresponding mac address table of vlan,

In nutshell, no vlan id is added to the frame received on the port( access port).

thanks a lot !

lejoe.thomas · ‎12-30-2008

Hi Sarah,

I do agree that as soon as frame is recieved on port assigned to a specific vlan (access vlan) destined to a PC for instance, the dot1.q header is stripped.

But when the frame egresses the port (originating from the pc). It is tagged with the vlan ID, which means the frame sourced from the PC is tagged. If you do a packet capture, you'll see this. I would also say all traffic on the switch is tagged or those that originated from a PC and is tagged, except those destined to go through native vlan at a trunk.

HTH

Lejoe

sarahr202 · ‎12-30-2008

thanks for your reply!

"I do agree that as soon as frame is recieved on port assigned to a specific vlan (access vlan) destined to a PC for instance, the dot1.q header is stripped."

my understanding is 802.1q header is stripped at trunk port on the destination switch not at the port the destination is connected to.

The question is regular pc does not understand vlan. Vlan is for switches .

As you mentioned as switch receives the frame , 802.1q header is removed from the frame before it get forwarded to pc for obvious reason, pc does not undestand vlan or 802.1q header.

Based on your reply, consider the following case.

sw1 f0/1-------------pc1

fo/1 is in vlan 2

According to your reply, Pc1 sends frame with vlan id which is 2.

My reasoning is how could pc adds something it does not understand.

It comes down to one thing as you mentioned, a frame capture to verify if theory matches the reality.

Thanks a lot!

It was wonderful discussion with you.

I wish you a very happy new year!

lejoe.thomas · ‎12-30-2008

Hi Sarah,

I am sorry I did not mean PC is sending a tagged frame, the switch is doing the tagging for the switchport. You're absolutely right PC does set any vlan ID.

HTH

Lejoe