IPT Design

Unanswered Question
Jul 2nd, 2009

Hi guys

When do you recommend to use Vlans (for Voice and for Data). A nice link.

Actually the network has almost 400 PC and 250 IP Phones and all these are in a plane network, the network doesn't have vlans to separate the data and voice traffic (hard client) so I think that this is causing a problem with the voice quality, is that there is a lot of noice, a robotic voice in an IP Phone-to IP Phone call in the HQ using G711.

All the access switches are 2960 and the main switch is a 2960G (need to replace for a L3 switch).

Thanks for your suggestion


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
rob.huffman Thu, 07/02/2009 - 06:28

Hi David,

Clients are always tough to convince ;-)

Here is the first line of the SRND for Voice Design;

When you deploy voice, Cisco recommends that you enable two VLANs at the access layer: a native VLAN for data traffic and a voice VLAN under Cisco IOS or Auxiliary VLAN under CatOS for voice traffic.

Separate voice and data VLANs are recommended for the following reasons:

•Address space conservation and voice device protection from external networks

Private addressing of phones on the voice or auxiliary VLAN ensures address conservation and ensures that phones are not accessible directly via public networks. PCs and servers are typically addressed with publicly routed subnet addresses; however, voice endpoints should be addressed using RFC 1918 private subnet addresses.

•QoS trust boundary extension to voice devices

QoS trust boundaries can be extended to voice devices without extending these trust boundaries and, in turn, QoS features to PCs and other data devices.

•Protection from malicious network attacks

VLAN access control, 802.1Q, and 802.1p tagging can provide protection for voice devices from malicious internal and external network attacks such as worms, denial of service (DoS) attacks, and attempts by data devices to gain access to priority queues via packet tagging.

•Ease of management and configuration

Separate VLANs for voice and data devices at the access layer provide ease of management and simplified QoS configuration.

To provide high-quality voice and to take advantage of the full voice feature set, access layer switches should provide support for:

•802.1Q trunking and 802.1p for proper treatment of Layer 2 CoS packet marking on ports with phones connected

•Multiple egress queues to provide priority queuing of RTP voice packet streams

•The ability to classify or reclassify traffic and establish a network trust boundary

•Inline power capability (Although inline power capability is not mandatory, it is highly recommended for the access layer switches.)

•Layer 3 awareness and the ability to implement QoS access control lists (These features are required if you are using certain IP telephony endpoints, such as a PC running a softphone application, that cannot benefit from an extended trust boundary.)


Hope this helps!


david-lima Thu, 07/02/2009 - 07:06

Hi Rob, thanks for your answer, as a clasic client question (that never happends before), but his network grown up with PC and ip telephones, just as a last question. Do the switch 2960 can support all these traffic without VLANS?

I have the switches interfaces (the uplinks to other switch) and the amount of broadcast packets increments every second by 25-30. This behavior can be normal or is an indicator of big traffic?

Thanks again



This Discussion