Voice VLAN on 3550

Jul 2nd, 2006
Does anyone know the correct way to configure a voice port on Cisco 3550? Cisco seem to use different config on every switch family.. it is a bit confusing..

eg: Voice vlan:100 with 802.1Q Frames, data vlan: 50.

it this the correct config??


interface FastEthernet0/10

switchport access vlan 50

switchport mode access

switchport voice vlan 100

spanning-tree portfast


also, how do config the switch if voice vlan use 802.1p Priority-Tagged Frames?




SCOTT JORDAN Mon, 07/03/2006 - 05:31
Try this

Configure auto QOS to use correct DSCP values

This has voice vlan in 100 and data in default vlan(1)

interface FastEthernet0/10

switchport mode access

switchport voice vlan 100

duplex full

speed 100

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

fred.s.mollenkopf Mon, 07/03/2006 - 05:40
Here is the link for configuring the 3550 with Priority-Tagged Frames. Above configuration is correct with the exception of the QoS in the below link. Also as a precaution I usually turn on Portfast BPDUguard on all portfast ports to insure I have no rogue switches plug in.


Here is the command for BPDUGuard

Spanning-tree bpduguard enable

ekhoo Mon, 07/03/2006 - 06:51
Many Thanks Jordan and Fred... i finally understand the way to configure voice port on dot1 voice port.

however, the "dot1p" voice port use native VLAN (VLAN 0) to carry all traffic..

what would be the config if we need to run the voice & data on different vlan eg, vlan 100 instead of native.

many thanks


fred.s.mollenkopf Mon, 07/03/2006 - 08:15
I'm kinda lost with what you are trying to achieve but I'm gonna throw out my thoughts.

1. When configured with switchport access command and switchport voice command, dot1q and dot1p should work in tandem. Phones will tag COS 3 & 5 based off CM configuration and will be trusted by the switchport with the appropriate command. Access port will mark down to 0. Policy-maps can be used on the 3550 to match and set traffic from the PC. See QoS SRND. link below.


2. If your goal is to have PC & Voice on the same vlan then possible try this. Create a trunk port on switch. Native vlan will be 1. Prune or restrict only 1 vlan (or different native if allowed). See if both PC and Voice will come over on the single vlan. Alternatively set the native vlan to 100. Not sure if 3550 allows change of Native vlan. Apply trust cos statement to trunk port. I know for a fact that an Ip phone will come up on a trunk port but I've never really researched much into how the vlans ultimately were configured as it was a lab test awhile back.

Hope this helps


Daniele Giordano Sat, 07/08/2006 - 00:52
This is my configuration:

interface FastEthernet0/10

switchport trunk native vlan 50 ****(data vlan)

switchport trunk allowed vlan 50,100

switchport mode trunk

switchport voice vlan 100 ****(vocie vlan)

service poliy input .......

mls qos cos override

spanning-tree portfast

spanning-tree bpdufilter disable

spanning-tree bpduguard enable

This config work with device that support 802.1Q trunk and CDP protocol like CISCO ATA or CISCO IP Phone.

ekhoo Sat, 07/08/2006 - 09:45
Thanks Giordano. I have poked around and i think I got the the correct config for "dot1q" frame type voice config with "switchport mode access"...

As you can see the show parser below.. Cisco has the template for voice port configuration and it has been set to "mode access" instead of trunk.

I think you only use the "mode trunk" configuration on the old Cisco switches....

SW1#sh parser macro name cisco-phone

Macro name : cisco-phone

Macro type : default interface

# Cisco IP phone + desktop template

# macro keywords $access_vlan $voice_vlan

# VoIP enabled interface - Enable data VLAN

# and voice VLAN

# Recommended value for access vlan should not be 1

switchport access vlan $access_vlan

switchport mode access

# Update the Voice VLAN value which should be

# different from data VLAN

# Recommended value for voice vlan should not be 1

switchport voice vlan $voice_vlan

# Enable port security limiting port to a 3 MAC

# addressess -- One for desktop and two for phone

switchport port-security

switchport port-security maximum 3

# Ensure port-security age is greater than one minute

# and use inactivity timer

switchport port-security violation restrict

switchport port-security aging time 2

switchport port-security aging type inactivity

# Enable auto-qos to extend trust to attached Cisco phone

auto qos voip cisco-phone

# Configure port as an edge network port

spanning-tree portfast

spanning-tree bpduguard enable


