actually we have both services on the same native vlan (1). A Cisco IP phone connected to a floor switch acts as a switch too for the PC directely connected.
We have implemented QoS, but we like to migrate the Voice into a new different Vlan.
My question is:
if data stay on native vlan and Voice into a new one... no problem.
If we want to remove the native vlan and create two new vlans, each for a different service, is it a problem for the IP phone to manage 2 tagged traffic? one for its and one for the PC (and for shure remove the tag).
Here are some good Cisco Voice SRND recommendations that support splitting Voice and Data onto separate VLAN's;
When you deploy voice, Cisco recommends that you enable two VLANs at the access layer: a native VLAN for data traffic and a voice VLAN under Cisco IOS or Auxiliary VLAN under CatOS for voice traffic.
Separate voice and data VLANs are recommended for the following reasons:
Address space conservation and voice device protection from external networks
Private addressing of phones on the voice or auxiliary VLAN ensures address conservation and ensures that phones are not accessible directly via public networks. PCs and servers are typically addressed with publicly routed subnet addresses; however, voice endpoints should be addressed using RFC 1918 private subnet addresses.
QoS trust boundary extension to voice devices
QoS trust boundaries can be extended to voice devices without extending these trust boundaries and, in turn, QoS features to PCs and other data devices.
Protection from malicious network attacks
VLAN access control, 802.1Q, and 802.1p tagging can provide protection for voice devices from malicious internal and external network attacks such as worms, denial of service (DoS) attacks, and attempts by data devices to gain access to priority queues via packet tagging.
Ease of management and configuration
Separate VLANs for voice and data devices at the access layer provide ease of management and simplified QoS configuration.
The Cisco Unified IP Phone has an internal Ethernet switch, enabling it to switch incoming traffic to the phone, to the access port, or to the network port.
If a computer is connected to the access port, the computer and the phone share the same physical link to the switch and share the same port on the switch. This shared physical link has the following implications for the VLAN configuration on the network:
Data traffic present on the VLAN supporting phones may reduce the quality of Voice-over-IP traffic.
You can resolve these issues by isolating the voice traffic onto a separate VLAN on each of the ports connected to a phone. The switch port configured for connecting a phone would have separate VLANs configured for carrying:
Voice traffic to and from the IP phone (auxiliary VLAN)
Data traffic to and from the PC connected to the switch through the access port of the IP phone (native VLAN)
Isolating the phones on a separate, auxiliary VLAN increases the quality of the voice traffic and allows a large number of phones to be added to an existing network where there are not enough IP addresses.
Cisco VLAN technology, built into Cisco routers, Cisco Catalyst switches, and Cisco Aironet wireless access points, separate the physical network into multiple logical networks - for example, one each for a company's HR, sales, marketing, engineering, and finance organizations. A basic technique for voice security is to create a separate VLAN for voice. One advantage is that traffic sent over the voice VLAN is not visible to insiders or outsiders connected to data VLANs, and data traffic cannot cross over to the voice VLAN. Another advantage is that IT can assign a unique class of service for the voice VLAN to ensure that voice traffic receives priority over data traffic.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...