I just want to make sure I understand how PCs and IP phones connect to an external access switch and how they are configured.
Typically, an IP phone has a 3-port internal switch.
One port on the internal IP phone switch is configured as an access port to be placed in the data vlan that is defined in the access switch. The PC connects to this port. The PC is typically configured for DHCP.
Another port on the internal IP phone switch is configured to be placed in the voice vlan that is defined on the access switch. This is the internal port that faces the phone's ASIC. The IP phone will also be configured for DHCP.
Lastly, the 3rd port on the internal IP phone switch, which will be the uplink to the external access switch port, is configured as a dot1q trunk that will carry the voice and data vlan traffic. This port is connected to the external access switch.
I have never configured these ports on an IP phone, but I imagine its done through a scrolling-type drop down menu on the phone itself.
As for the external access switch port, it is configured with a data access vlan and a voice vlan as an MVAP, a multi-vlan access port, which for all intents and purposes is a dot1q trunk, but is not defined as such on the switch to avoid running STP instances for the PC and phone. You know, keep cpu utilization down...
Is all this correct?
Is there a pretty good document out there that covers all this concisely?
your understanding is correct just some details are different
>> I have never configured these ports on an IP phone, but I imagine its done through a scrolling-type drop down menu on the phone itself.
Actually, the IP phone 3 port LAN switch is configured in the case of cisco IP phones by CDP protocol: the LAN switch instructs the switch on how to deal with ethernet frames of Data Vlan and Voice vlan.
the settings of switchport voice vlan command decides how to behave:
switchport voice vlan X ----> voice frames tagged with vlan-id X and appropriate CoS in 802.1p
switchport voice vlan dot1p ----> voice frames tagged with vlan-id 0 to carry the 802.1p field implies a single IP subnet shared for data and voice
there are the options untagged and none.
Clearly the first solution is the best one.
the use of PC port can be disabled from Call manager web pages or using settings on the IP phone.
other options are possible like avoiding to have voice frames replicated to PC port (useful for capturing traffic or for monitoring phone activity with some legal issues for example in a call center) or avoiding to have tagged frames replicated to the PC port.
These options are dependent from Cisco IP phone model and are used for phone hardening.
Also local settings on the phone can be disabled by Call manager interface.
to be more correct when phone first comes up it speaks and listen to native vlan so phone MAC address is first learned on data vlan.
Then after the CDP exchange the phone will restart in the voice vlan
At this point phone MAC address is learned in voice vlan
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...