Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
183
Views
0
Helpful
3
Replies

Vlan dot1p

opnineopnine
Level 1
Level 1

‎05-23-2015 05:17 AM - edited ‎03-17-2019 03:06 AM

HI all,

 

I have a customer thats whats to have his switches only with one vlan (voice / data) for this I know we can use "dot1p"  I would like to know 

the pros and cons about this.

 

Thanks.

Labels:
0 Helpful
3 Replies 3

Chris Deren
Hall of Fame
Hall of Fame

‎05-23-2015 06:23 AM

Bad idea for couple of reasons:

QoS - having them in same VLAN would make QoS policies a lot more challenging

Security - no way to separate the networks for any security reasons

Why would customer want it this way? Adding new VLANs and subnets is trivial on any network, so the configuration is minimal (assuming customer is running ip routing protocols properly on their network).

0 Helpful

opnineopnine
Level 1
Level 1
In response to Chris Deren

‎05-24-2015 04:13 AM

Customer has no QoS and no Security.

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to opnineopnine

‎05-24-2015 10:26 AM

Question is why not, especially on Qos front?

From SRND

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/netstruc.html

 

Separate voice and data VLANs are recommended for the following reasons:

  • Address space conservation and voice device protection from external networks

Private addressing of phones on the voice or auxiliary VLAN ensures address conservation and ensures that phones are not accessible directly through public networks. PCs and servers are typically addressed with publicly routed subnet addresses; however, voice endpoints may be addressed using RFC 1918 private subnet addresses. 

  • QoS trust boundary extension to voice devices

QoS trust boundaries can be extended to voice devices without extending these trust boundaries and, in turn, QoS features to PCs and other data devices.

  • Protection from malicious network attacks

VLAN access control, 802.1Q, and 802.1p tagging can provide protection for voice devices from malicious internal and external network attacks such as worms, denial of service (DoS) attacks, and attempts by data devices to gain access to priority queues through packet tagging.

  • Ease of management and configuration

Separate VLANs for voice and data devices at the access layer provide ease of management and simplified QoS configuration.

To provide high-quality voice and to take advantage of the full voice feature set, access layer switches should provide support for:

  • 802.1Q trunking and 802.1p for proper treatment of Layer 2 CoS packet marking on ports with phones connected
  • Multiple egress queues to provide priority queuing of RTP voice packet streams
  • The ability to classify or reclassify traffic and establish a network trust boundary
  • Inline power capability (Although inline power capability is not mandatory, it is highly recommended for the access layer switches.)
  • Layer 3 awareness and the ability to implement QoS access control lists (These features are recommended if you are using certain Unified Communications endpoints such as a PC running a softphone application that cannot benefit from an extended trust boundary.)
0 Helpful
Customers Also Viewed These Support Documents