01-03-2009 10:44 AM - edited 03-04-2019 03:19 AM
Hi every body!
According to my book vlans1 through 1005 are automatically created and set aside for special uses.
When we use the command switchport voice vlan dot1p, It will cause voice traffic to use vlan 0
But the question is vlan 0 is not created by default on switches but yet the command assume this vlan 0 is created by default.
Any suggestion ?
thanks a lot!
Solved! Go to Solution.
01-03-2009 12:42 PM
Hello Sarah,
the automatically created Vlans should be only the following:
1 : ethernet default vlans
1002-1005 : legacy Vlans for token ring switching and FDDI switching cannot be used.
Sometimes this can create some issue on trunks to modules like WISM (not VOIP related)
Second note:
a vlan-id of 0 is just a placeholder to send an 802.1Q 4 bytes header and the meaningful three bits of CoS = 802.1p that is inside it.
That's all vlan 0 does not exist and you cannot create it
In my understanding an 802.1p marking cannot be sent alone but only as the CoS field of an 802.1Q vlan tag so the vlan-id 0 can just mean this field is unused
Happy New Year
Hope to help
Giuseppe
01-03-2009 12:48 PM
Sarah
My understanding is the same as Giuseppe's, ie. you must have a vlan ID but because you want to just use the tag for 802.1p markings you use a "dummy" vlan as such.
I have to admit though that the documentation is a little confusing. From the 3750 configuration guide about the dot1p option -
dot1p-Configure the phone to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1p priority of 5.
Not sure what it means by native vlan 0 as i always though the default native vlan is 1 unless it is different for an IP Phone ?
Jon
01-03-2009 03:37 PM
Hi Sarah,
Just to add a small note to Guiseppe's post
The IP phones understand 802.lq, we all agree on that.
The IP phone's access port is thus capable of sending and receiving tagged or untagged frames (from PC). It need not be in access mode or trunk to be capable of simply relaying frames back and forth (switch to pc or pc to switch).
HTH
Lejoe
01-03-2009 12:42 PM
Hello Sarah,
the automatically created Vlans should be only the following:
1 : ethernet default vlans
1002-1005 : legacy Vlans for token ring switching and FDDI switching cannot be used.
Sometimes this can create some issue on trunks to modules like WISM (not VOIP related)
Second note:
a vlan-id of 0 is just a placeholder to send an 802.1Q 4 bytes header and the meaningful three bits of CoS = 802.1p that is inside it.
That's all vlan 0 does not exist and you cannot create it
In my understanding an 802.1p marking cannot be sent alone but only as the CoS field of an 802.1Q vlan tag so the vlan-id 0 can just mean this field is unused
Happy New Year
Hope to help
Giuseppe
01-03-2009 03:02 PM
Thanks a lot Giuseppe!
Devices in same vlan can communicate with each other. Communication between vlans require router or mulilayer switch.
please consider the layer 2 network for the following scenario
sw is connectedted to ip- phone1 via f0/1 and ip- phone2 via 2
Both phone must be in same vlan or they can not talk to each other.
So if ip- phone1 uses vlan 0 and the other ip- phone2 must also use vlan 0 . Is it correct?
Alternatively we can use vlan0 for ip phone1 and vlan 2 for ip phone2 and use layer 3 switch to provide communication between these two switches. Is it correct ?
thanks a lot and happy new year as well!
01-03-2009 12:48 PM
Sarah
My understanding is the same as Giuseppe's, ie. you must have a vlan ID but because you want to just use the tag for 802.1p markings you use a "dummy" vlan as such.
I have to admit though that the documentation is a little confusing. From the 3750 configuration guide about the dot1p option -
dot1p-Configure the phone to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1p priority of 5.
Not sure what it means by native vlan 0 as i always though the default native vlan is 1 unless it is different for an IP Phone ?
Jon
01-03-2009 01:02 PM
Hello Jon, Sarah
Vlan 0 and vlan 4095 are reserved for internal use of catalyst switches
see
the section VTP and Extended VLANs the table provides that info.
But I still think that the usage of vlan-id 0 in IP phones is just a placeholder.
My guess is that routed ports (with no switcport command) in multilayer switches can be seen as in vlan0 or vlan4095 from the point of view of L2 switching logic and this tell that are not usable (at LAN layer2)
Hope to help
Giuseppe
01-03-2009 01:07 PM
Giuseppe
Agree with what you are saying just a bit confused about it saying the default native vlan is 0 which is not my understanding ie. i always though the default native vlan was 1.
Jon
01-03-2009 01:41 PM
Giuseppe
As a further point that Sarah and me have been discussing.
The command "switchport priority extend trust" tells the switch to instruct the IP phone to trust the CoS value in packets received by the phone from an attached PC (attached meaning the PC is connected to the IP phone switch).
But as Sarah quite rightly points out the port on the IP phone built in switch is configured as an access port. So how can a PC set 802.1p markings in an untagged packet ?
My understanding, based on one of your posts actually !, is that an access port on a switch will accept packets that are either
1) untagged
2) tagged with the vlan ID that the access port is a member of
So i'm assuming that is how a PC can set 802.1p markings in the packet when connected to an IP Phone.
So
1) Have you confirmed this behaviour of an access port receiving frames tagged with the vlan ID of the vlan the access port is a member of
2) Would this be your interpretation of how a PC could send tagged traffic to an IP Phone.
Apologies Sarah for hi-jacking thread but another viewpoint would be very useful.
Jon
01-03-2009 02:46 PM
Hello Jon,
1) when I made L2 security tests I've seen exactly that behaviour: in modern switches frames are accepted on an access port if untagged or with a vlan-id = access vlan id (PVID)
The voice vlan vlan-id allows also frames with vlan = voice vlan
if voice vlan dot1p vlan id 0 tagged frames are accepted
2) I agree that a PC can send tagged frames only inside an 802.1Q header as every device.
To be noted the PC could also send untagged frame with a non zero DSCP byte.
Could be the phone to add an 802.1Q tag for the PC and in doing this can trust or untrust.
see
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m2.html#wp1016079
Otherwise if the phone cannot add the vlan tag on behalf of the PC to support qos trust extend the voice vlan vlan-id is a needed command.
And this can be the case and why the voice vlan vlan-id option is recommended for real end-to-end QoS support.
Depending on the phone model the PC port can allow or block tagged frames so the PC port is not limited to untagged ports.
For example in our customer network some workstations with two VMware instances have been deployed : the 802.1Q capable NIC is connected to the phone PC port one instance uses the native vlan but the other uses a tagged vlan
in this case the switch port is configured as a trunk carrying three vlans.
But we use the voice vlan vlan-id option for the voice vlan.
Hope to help
Giuseppe
01-03-2009 03:18 PM
Thanks for your reply Giuseppe!
Let me quote from your post for easy reference
"Depending on the phone model the PC port can allow or block tagged frames so the PC port is not limited to untagged ports.
For example in our customer network some workstations with two VMware instances have been deployed : the 802.1Q capable NIC is connected to the phone PC port one instance uses the native vlan but the other uses a tagged vlan
in this case the switch port is configured as a trunk carrying three vlans.
My point is even if pc has dot1q capable of nic but the pc port on phone is in access mode.
Being an access port, how can pc port on ip phone will form trunk with pc 'nic?
01-03-2009 03:37 PM
Hi Sarah,
Just to add a small note to Guiseppe's post
The IP phones understand 802.lq, we all agree on that.
The IP phone's access port is thus capable of sending and receiving tagged or untagged frames (from PC). It need not be in access mode or trunk to be capable of simply relaying frames back and forth (switch to pc or pc to switch).
HTH
Lejoe
01-03-2009 05:25 PM
thanks Lejoe for your reply,
By the same logic , a switch that understand 802.1q , should be able to unesranand tagged or untagged frames on acess port.
01-03-2009 05:45 PM
Thanks a lot Giuseppe!
I quote you for easy reference below:
"To be noted the PC could also send untagged frame with a non zero DSCP byte.
Could be the phone to add an 802.1Q tag for the PC and in doing this can trust or untrust".
please consider the following configuration
switch------ip phone------pc
switch has following configuration:
switch(config-if) mls qos trust cos
switch (config-if) switchport priority extend trust.
The above configuration tells the switch to instruct the ip phone to trust cos calue in pc frame. Had i used the command
switch(config-if) mls qos trust dscp instead of " mls qos trust cos". , the switch would have told the ip phone to trust dscp value in pc frame.
thanks a lot!
01-03-2009 02:53 PM
thanks Jon and Giuseppe!
Here is another scenario , i thought over my lunch:-)
switch--------pc(running cisco smart soft phone)
The link between switch and pc could only be access link because pc's nic is not capable of trunking.
Now cdp will be of no use either
The pc set dscp value but not cos
It raises the same questions that Jon pointed out.
Thanks a lot!
01-03-2009 03:23 PM
Jon If pc(NIC capable of trunking) can use the tag frame, it implies that trunking is use between ip phone 'access port and pc. My question how is it possible?
thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide