Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1930
Views
0
Helpful
3
Replies

Voice VLAN-Portfast & PortSecurity

bapatsubodh
Level 1
Level 1

‎06-20-2009 05:53 AM - edited ‎03-06-2019 06:21 AM

Hi,

If we need to connect Cisco IP phone and the a PC connected to this IP Phone, with Voice VLAN as 10, and Workstation VLAN as 20.

Here is the configuration:

int fa1/1

switchport access vlan 20 ( workstation )

switchport mode dyna desir

switchport voice vlan 10 ( voice VLAN )

msl qos trust cos

msl qos trust device cisco-phone

spanning-tree portfast

If we configure like this, will the interface act as a trunk - so that it will for a trunk with cisco-ip phone and will send and receive tagged frames to cisco-ip-phone and will send untagged frames to workstation connected next to IP phone. ( native VLAN ).

What is the effect of portfast command ?

Or this is an invalid configuration?

Is is possible to apply port security for these interfaces. ( like max-mac, or sticky , voilation)?

Please share the experience.

Any link on cisco.com?

Thanks in advance.

Subodh

Labels:
0 Helpful
3 Replies 3

i.va
Level 3
Level 3

‎06-20-2009 07:49 AM

Hi Subodh,

Here are some Voice VLAN configuration guidelines:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.1_19_ea1/configuration/guide/swvoip.html#wp1002608

The configuration you posted looks good, except that the switchport mode should be set to access, since the port should not negotiate to become a trunk.

spanning-tree portfast will instantly put this port in forwarding mode without waiting for the spanning-tree timers to expire, which is recommended for an access port. Portfast should not be configured on trunk ports however.

The interface configured like this will tell the phone via CDP to send its frames tagged with VLAN 10. The PC will send untagged frames, and these will be put into VLAN 20. With some none-cdp speaking phones it might be necessary to configure a trunk manually.

Check the above link for port-security guidelines.

hth

Ingo

0 Helpful

bapatsubodh
Level 1
Level 1
In response to i.va

‎06-20-2009 03:33 PM

Hi Ingo,

Thanks for you reply that document listed in the link is great and has clarified most of my doubts. But still there is one spike of doubt that is I am not clear about and that is about "access port". If we configure the port to be access port how can it carry tagged frames whcich are destined for cisco IP phone and un-tagged frames for a workstation. Does this form any kind of special port that is not a trunk but can still carry tagged frames and untagged frames. I am not able to understand if someone can help it's really appreciable.

Thanks in advance

Subodh

0 Helpful

prasad.gsmc
Level 1
Level 1
In response to bapatsubodh

‎06-20-2009 10:49 PM

Hi,

due to this reason we care calling voice vlan as "Aux VLAN" or else there should not be any separate config such as voice VLAN and could be left to the phone to tagg and work over a trunk.

In voice vlan the action is not on full fledged trunking but a kind of agreemnet for 2 vlan and not more than that...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card