SRW2048 Voice VLAN

Similar Messages

• SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

  Hi Everyone,
  Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
  I  just got the new SG-300 28P switches. My Bios ordered for me. I did not  know how it runs until now... not an IOS based. I really do not know  how to configure it.
  I have 2 VLAN are Data and Voice.
  -          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
  -          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
  -          I created two vlans, in switch, Data and Voice.
  -          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
  -          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
  -          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
  -          Port settings No.1
  I set it up as Trunk with Data vlan 2 untagged, and  200  Tagged (voice vlan). I plugged in a phone with a pc attached. But the  PC will get to the vlan 200 to get the DHCP address, but no from vlan 2.  The Phone works with correct vlan ip.
  -          Port settings No.2
  Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
  -          Port settings No.3
  Access  with 200U...of course the phone will work... and the PC could not get  to its own vlan. Instead, the PC got an ip from the voice vlan. Not from  VLAN 2.
  I have Linksys phone I’m not sure if this help.
  For more information I setup in switch,
              - enable voice vlan
  - set the port on auto voice vlan
  - enable LLDP-MED globally
  - create a network policy to assign VLAN 200
  - assign this network policy to the port the phone is connected to.
  I  hope this information help to help me to setup Data and Voice vlans, to  plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from  phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

  I just got done setting up voice VLANs on an SF 300-24P and verified working.  This was working with Cisco 7900 series phones connected to a Cisco UC setup.
  Here's my sample config.
  Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work.  However, this should give you a clue.  Also, don't take this as 100% accurate or correct.  I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years.  I'm a CCNP/CCDP.
  VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
  VLAN 149 is the data/computer VLAN here.
  VLAN 111 is the voice/phone VLAN here.
  VLAN 107 does nothing.
  interface range ethernet e(1-24)
  port storm-control broadcast enable
  exit
  interface ethernet e1
  port storm-control include-multicast
  exit
  interface ethernet e2
  port storm-control include-multicast
  exit
  interface ethernet e3
  port storm-control include-multicast
  exit
  interface ethernet e4
  port storm-control include-multicast
  exit
  interface ethernet e5
  port storm-control include-multicast
  exit
  interface ethernet e6
  port storm-control include-multicast
  exit
  interface ethernet e7
  port storm-control include-multicast
  exit
  interface ethernet e8
  port storm-control include-multicast
  exit
  interface ethernet e9
  port storm-control include-multicast
  exit
  interface ethernet e10
  port storm-control include-multicast
  exit
  interface ethernet e11
  port storm-control include-multicast
  exit
  interface ethernet e12
  port storm-control include-multicast
  exit
  interface ethernet e13
  port storm-control include-multicast
  exit
  interface ethernet e14
  port storm-control include-multicast
  exit
  interface ethernet e15
  port storm-control include-multicast
  exit
  interface ethernet e16
  port storm-control include-multicast
  exit
  interface ethernet e17
  port storm-control include-multicast
  exit
  interface ethernet e18
  port storm-control include-multicast
  exit
  interface ethernet e19
  port storm-control include-multicast
  exit
  interface ethernet e20
  port storm-control include-multicast
  exit
  interface ethernet e21
  port storm-control include-multicast
  exit
  interface ethernet e22
  port storm-control include-multicast
  exit
  interface ethernet e23
  port storm-control include-multicast
  exit
  interface ethernet e24
  port storm-control include-multicast
  exit
  interface range ethernet g(1-4)
  description "Uplink trunk"
  exit
  interface range ethernet g(1-4)
  switchport default-vlan tagged
  exit
  interface range ethernet e(21-24)
  switchport mode access
  exit
  vlan database
  vlan 107,111,149,199
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 107
  exit
  interface range ethernet e(21-24)
  switchport access vlan 111
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 111
  exit
  interface range ethernet e(1-20)
  switchport trunk native vlan 149
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 149
  exit
  interface range ethernet g(1-4)
  switchport trunk native vlan 199
  exit
  voice vlan aging-timeout 5
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  voice vlan oui-table add 108ccf MyCiscoIPPhones1
  voice vlan oui-table add 40f4ec MyCiscoIPPhones2
  voice vlan oui-table add 8cb64f MyCiscoIPPhones3
  voice vlan id 111
  voice vlan cos 6 remark
  interface ethernet e1
  voice vlan enable
  exit
  interface ethernet e1
  voice vlan cos mode all
  exit
  interface ethernet e2
  voice vlan enable
  exit
  interface ethernet e2
  voice vlan cos mode all
  exit
  interface ethernet e3
  voice vlan enable
  exit
  interface ethernet e3
  voice vlan cos mode all
  exit
  interface ethernet e4
  voice vlan enable
  exit
  interface ethernet e4
  voice vlan cos mode all
  exit
  interface ethernet e5
  voice vlan enable
  exit
  interface ethernet e5
  voice vlan cos mode all
  exit
  interface ethernet e6
  voice vlan enable
  exit
  interface ethernet e6
  voice vlan cos mode all
  exit
  interface ethernet e7
  voice vlan enable
  exit
  interface ethernet e7
  voice vlan cos mode all
  exit
  interface ethernet e8
  voice vlan enable
  exit
  interface ethernet e8
  voice vlan cos mode all
  exit
  interface ethernet e9
  voice vlan enable
  exit
  interface ethernet e9
  voice vlan cos mode all
  exit
  interface ethernet e10
  voice vlan enable
  exit
  interface ethernet e10
  voice vlan cos mode all
  exit
  interface ethernet e11
  voice vlan enable
  exit
  interface ethernet e11
  voice vlan cos mode all
  exit
  interface ethernet e12
  voice vlan enable
  exit
  interface ethernet e12
  voice vlan cos mode all
  exit
  interface ethernet e13
  voice vlan enable
  exit
  interface ethernet e13
  voice vlan cos mode all
  exit
  interface ethernet e14
  voice vlan enable
  exit
  interface ethernet e14
  voice vlan cos mode all
  exit
  interface ethernet e15
  voice vlan enable
  exit
  interface ethernet e15
  voice vlan cos mode all
  exit
  interface ethernet e16
  voice vlan enable
  exit
  interface ethernet e16
  voice vlan cos mode all
  exit
  interface ethernet e17
  voice vlan enable
  exit
  interface ethernet e17
  voice vlan cos mode all
  exit
  interface ethernet e18
  voice vlan enable
  exit
  interface ethernet e18
  voice vlan cos mode all
  exit
  interface ethernet e19
  voice vlan enable
  exit
  interface ethernet e19
  voice vlan cos mode all
  exit
  interface ethernet e20
  voice vlan enable
  exit
  interface ethernet e20
  voice vlan cos mode all
  exit
  interface ethernet e1
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e2
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e3
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e4
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e5
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e6
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e7
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e8
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e9
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e10
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e11
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e12
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e13
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e14
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e15
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e16
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e17
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e18
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e19
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e20
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e21
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e22
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e23
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e24
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g1
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g2
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g3
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g4
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e1
  lldp med notifications topology-change enable
  exit
  interface ethernet e2
  lldp med notifications topology-change enable
  exit
  interface ethernet e3
  lldp med notifications topology-change enable
  exit
  interface ethernet e4
  lldp med notifications topology-change enable
  exit
  interface ethernet e5
  lldp med notifications topology-change enable
  exit
  interface ethernet e6
  lldp med notifications topology-change enable
  exit
  interface ethernet e7
  lldp med notifications topology-change enable
  exit
  interface ethernet e8
  lldp med notifications topology-change enable
  exit
  interface ethernet e9
  lldp med notifications topology-change enable
  exit
  interface ethernet e10
  lldp med notifications topology-change enable
  exit
  interface ethernet e11
  lldp med notifications topology-change enable
  exit
  interface ethernet e12
  lldp med notifications topology-change enable
  exit
  interface ethernet e13
  lldp med notifications topology-change enable
  exit
  interface ethernet e14
  lldp med notifications topology-change enable
  exit
  interface ethernet e15
  lldp med notifications topology-change enable
  exit
  interface ethernet e16
  lldp med notifications topology-change enable
  exit
  interface ethernet e17
  lldp med notifications topology-change enable
  exit
  interface ethernet e18
  lldp med notifications topology-change enable
  exit
  interface ethernet e19
  lldp med notifications topology-change enable
  exit
  interface ethernet e20
  lldp med notifications topology-change enable
  exit
  interface ethernet e21
  lldp med notifications topology-change enable
  exit
  interface ethernet e22
  lldp med notifications topology-change enable
  exit
  interface ethernet e1
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e2
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e3
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e4
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e5
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e6
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e7
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e8
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e9
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e10
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e11
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e12
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e13
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e14
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e15
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e16
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e17
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e18
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e19
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e20
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e21
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e22
  lldp med enable network-policy poe-pse
  exit
  lldp med network-policy 1 voice vlan 111 vlan-type tagged
  interface range ethernet e(1-22)
  lldp med network-policy add 1
  exit
  interface vlan 199
  ip address 199.16.30.77 255.255.255.0
  exit
  ip default-gateway 199.16.30.3
  interface vlan 1
  no ip address dhcp
  exit
  no bonjour enable
  bonjour service enable csco-sb
  bonjour service enable http  
  bonjour service enable https 
  bonjour service enable ssh   
  bonjour service enable telnet
  hostname psw1
  line console
  exec-timeout 30
  exit
  line ssh
  exec-timeout 30
  exit
  line telnet
  exec-timeout 30
  exit
  management access-list Management1
  permit ip-source 10.22.5.5 mask 255.255.255.0
  exit
  logging 199.16.31.33 severity debugging description mysysloghost
  aaa authentication enable Console local
  aaa authentication enable SSH tacacs local
  aaa authentication enable Telnet local
  ip http authentication tacacs local
  ip https authentication tacacs local
  aaa authentication login Console local
  aaa authentication login SSH tacacs local
  aaa authentication login Telnet local
  line telnet
  login authentication Telnet
  enable authentication Telnet
  password admin
  exit
  line ssh
  login authentication SSH
  enable authentication SSH
  password admin
  exit
  line console
  login authentication Console
  enable authentication Console
  password admin
  exit
  username admin password admin level 15
  power inline usage-threshold 90
  power inline traps enable
  ip ssh server
  snmp-server location in-the-closet
  snmp-server contact [email protected]
  ip http exec-timeout 30
  ip https server
  ip https exec-timeout 30
  tacacs-server host 1.2.3.4 key spaceballz  timeout 3  priority 10
  clock timezone -7
  clock source sntp
  sntp unicast client enable
  sntp unicast client poll
  sntp server 199.16.30.1
  sntp server 199.16.30.2
  ip domain-name mydomain.com
  ip name-server  199.16.5.12 199.16.5.13
  ip telnet server

• 802.1x, voice vlan and IP phone

  Hi, I reviewed many posts here, and I still need the clarification how 802.1x on the switch works with non-Cisco IP phone (not supporting CDP) and PC connected to the PC port. If I configure 802.1x on a switch port, along with access and voice vlan, next I configure the static voice vlan on the non-Cisco phone, will it be possible to authenticate the user on the PC and bypass authentication for IP phone? Is CDP required in such scenario - (non-Cisco IP phone doesn't support it)?
  Regards,
  Krzysztof

  You need CDP for touchless interop. CDP can of course be spoofed though, so proceed with caustion anyway.
  You need multi-domain authentication to appropriately deal with non-Cisco phones and port-based access-control. See here to get started:
  <http://www.cisco.com/en/US/products/ps7077/products_configuration_guide_chapter09186a008077a284.html#wp1231964>
  Hope this helps,

• Potential Security Hole with 802.1x and Voice VLANs?

  I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
  If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
  Has anyone done any research into this potential security hole?
  Thanks
  Andy

  Thanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
  As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
  Andy

• 802.1x and Voice VLAN

  I had read articles on cco, and I believed for the same switch port we can have 802.1x configure and the voice vlan configure. It mean the IP phone is connect to the switch port with 802.1x configured, but the phone will not autheticate, only the workstation connect to phone data port will get authenticate.
  I had configured 802.1x and test with notebook logon and able to access the network. Now I would like to test the notebook attached to IP phone data port, and the phone connect to switch port configure with 802.1x. But I failed to add voice vlan commmand. Why ?
  interface GigabitEthernet9/48
  description temporary port
  switchport
  switchport access vlan 12
  switchport mode access
  no ip address
  dot1x port-control auto
  spanning-tree portfast
  CIG01-ENT-SW1(config-if)#switchport voice vlan 14
  Command rejected: Gi9/48 is Dot1x enabled port.

  Using IEEE 802.1x Authentication with Voice VLAN Ports
  A voice VLAN port is a special access port associated with two VLAN identifiers:
  ?VVID to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.
  ?PVID to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.
  In single-host mode, only the IP phone is allowed on the voice VLAN. In multiple-hosts mode, additional clients can send traffic on the voice VLAN after a supplicant is authenticated on the PVID. When multiple-hosts mode is enabled, the supplicant authentication affects both the PVID and the VVID.
  A voice VLAN port becomes active when there is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When IEEE 802.1x authentication is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
  When IEEE 802.1x authentication is enabled on a port, you cannot configure a port VLAN that is equal to a voice VLAN.
  Waht kind of switch do you have? In 3550 I can configure the port for both vvid and pvid:
  interface FastEthernet0/1
  switchport access vlan 3
  switchport mode access
  switchport voice vlan 2
  no ip address
  dot1x port-control auto
  spanning-tree portfast
  end
  Nevertheless, as the statement above indicates, the port will need to be configured for multi-host in order the PC behind the phone get autehntication:
  under the interface configure "dot1x host-mode multi-host"
  Nevermind, I just realized that you might have a 5600 running native, checking the configuration guide and realese notes it does not looks like dot1x and vvlan can play together in that platform.

• 802.1x / dot1x Authentication, including Voice-Vlan and Guest-Vlan

  Hello,
  i have tried to configure a dot1x based Authentication.
  With an single host including guest-vlan, everything works fine.
  But i want to use an IP-Phone (wich is every times authenticated) and behind the Phone an Client.
  Is there a possible solution? And unfortunately IP-Phones are Avaya-Phones.
  i have  just tried so...
  interface GigabitEthernet0/4
  switchport access vlan 121
  switchport mode access
  switchport voice vlan 200
  authentication event fail action authorize vlan 99
  authentication event server dead action authorize vlan 121
  authentication event server alive action reinitialize
  authentication host-mode multi-host
  authentication order dot1x
  authentication port-control auto
  authentication periodic
  authentication violation restrict
  dot1x pae authenticator
  dot1x timeout quiet-period 10
  dot1x timeout tx-period 1
  spanning-tree portfast
  Thanks, for any possible solution!

  unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
  I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
  Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
  What are using for a radius server?

• Setting up a Test Voice VLAN for Lync 2013

  I want to set up a second voice vlan to be a test vlan.
  In the current situation the customer has voice and data running on  vlan1. The customer insist on taking incremental steps to improve QoS. I have advocated separated vlans for voice and data. They just want to move everything (phase 1) to a different
  vlan. They want to see how getting all traffic of vlan 1 will improve there performance. Again, I recommended the best practice, they want to try this approach first.
  I am conducting a pilot test with just one cx600 IP phone. and a single switchport. I created a new vlan99 using VTP.  I configured the switchports on the Cisco 2960-x switch as follows.
  #switchport mode access
  #switchport access vlan 99
  The phone gets its correct vlan id, and pulls its IP from the correct dhcp scope. However the phone displays "connecting with the lync server" for a long time, then "connecting to download its certificates". This takes a long time then fails.
  If I change the switchport back to vlan1 it works fine. What can be the problem? Does the vlan99 need to be defined on the lync server? How many vlans can be supported by Lync 2013?
  Thank you,
  gigiu

  Did you set the VLAN Configuration for Lync Phone Edition?
  You can check the following links:
  http://blog.schertz.name/2011/01/manual-vlan-configuration-for-lync-phone-edition/
  http://www.bricomp.com/blogs/post.cfm/dedicated-voice-vlan-for-lync-devices
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
  make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Lisa Zheng
  TechNet Community Support

• Cisco Layer 3, Voice, & VLAN

  I have a vSphere 5.5 install and I'm in the process of a network upgrade in preparation for a VOIP implementation.  The Switch hardware I'm using is a stack of Cisco 3850 Layer 3 switches and I've been going in circles on getting vlan traffic to work correctly.  Hopefully someone can point me in the right direction.
  I have one NIC connected to the switch (10GB fiber) that will handle all traffic for the esxi host (except for management).  VLAN ID is set to None (0) and load balancing is set to Route based on originating virtual port.
  I have 2 subnets, 10.1.0.0/16 (data & management, VLAN 1) and 10.10.1.0/24 (Voice, VLAN 10)
  On the host I have a Win 2012 R2 server that will be a VOIP PBX host.  It must be able to communicate with the IP phones (VLAN 10) and other servers (VLAN 1).
  The switches will do the intervlan routing.
  Finally my question - Can anyone give me some hints on how to set up the interface on the Cisco for the 10GB fiber connection from my host?  Actual port settings would be extremely helpful.  Anything I'm doing at the vmware end that I should be doing differently?

  In case anyone comes across this in a search, here's what I ended up with, 1st the Cisco switch:
  switchport trunk allowed vlan 1,10
  switchport mode trunk
  switchport nonegotiate
  switchport voice vlan 10
  macro description cisco-switch
  spanning-tree portfast
  spanning-tree link-type point-to-point
  The virtual switch I set to all vlan IDs and Route based on originating virtual port.

• Change voice vlan on specific ports

  I need to test a new phone system that is running on vlan 120. The problem is my current voice vlan 110 is still in use for my current phone system. How can I assign a different voice vlan for a single port without having it propagate to the rest of the switch or the other sbs switches in my network?

  Hello, 
  In regards to the Small Business Switches, you can only have a single Voice Vlan configured on them.
  Now, since what you are trying to do is to test the connectivity on a single phone, I don't think that you will really have to change or Add a new Voice VLAN, maybe you can get it to work by changing the port to an Access Port with VLAN 120 Untagged, and then they should communicate as long as they are on the same VLAN.
  Please let us know if this works, I'm not sure it will since the device is meant to only handle a single Voice VLAN as I said before, but it is worth the try.

• SUP failed over manually, voice service failed after FAILOVER, started accessing old voice vlan which was removed from config

  Hey guys, 
  I am pretty sure, my subject is kinda confusing. Sorry about that. Here is what happened. 
  1. 4510r with Supervisor V 1000BaseX, switched over to standby Sup, then reseated Active SUP, once reseat complete, switched again to get the reseated SUP up and running as Active SUP. 
  2. a simple maintenance which was supposed to cause no outage and it did not cause any outage as well. 
  3. however, what i did not notice was, even though the voice vlan was configured to access 2353, they were accessing vlan 453. 
  4. the change was made 2 weeks prior to this maintenance where voice vlans were previously accessing 453 and they were all changed to access 2353. configs were saved. 
  5. however, after the maintenance, the running config showed that they were acessing 2353 but when checking the mac address on the interface, it was seen accessing 453. 
  6. the fix was to remove the config and re add it , that fixed it. 
  Has anyone else experienced the issue ? What really happened there ?  
  software version: Version 15.0(2)SG5
  #sh module 
  Chassis Type : WS-C4510R
  Power consumed by backplane : 40 Watts
  Mod Ports          Card Type                                            Model             
  ---+-----+--------------------------------------+------------------+-----------
   1     2  Supervisor V 1000BaseX (GBIC)                 WS-X4516            
   2     2  Supervisor V 1000BaseX (GBIC)                  WS-X4516           
   3    48  10/100/1000BaseT (RJ45)V, Cisco/IEEE   WS-X4548-GB-RJ45V  
   5    48  10/100/1000BaseT (RJ45)V, Cisco/IEEE   WS-X4548-GB-RJ45V   
   6    48  10/100/1000BaseT (RJ45)V, Cisco/IEEE   WS-X4548-GB-RJ45V   
   7    48  10/100/1000BaseT (RJ45)V, Cisco/IEEE   WS-X4548-GB-RJ45V  
   8    48  10/100/1000BaseT (RJ45)V, Cisco/IEEE   WS-X4548-GB-RJ45V   
   9    48  10/100/1000BaseT (RJ45)V, Cisco/IEEE   WS-X4548-GB-RJ45V   

  configs were saved many times prior to the maintenance. i did a " write mem ". 

• Help w/Voice VLAN on SMB 300-10p

  We have purchased serveral new SMB 300 switches to support our VoIP rollout and save cost. I'm use to using the CLI on cisco devices, but now i'm stuck figuring out the GUI that comes with these switches.
  I have setup the Voice VLAN to be 100, i have setup the port type as general, and i have added the port to VLAN 4 (data vlan). when i plug the NEC phone into the switchport and the computer into the phone, the computer gets an IP in VLAN 4 but the phone gets an IP from VLAN 1 not VLAN 100.
  Like i said i set the Voice VLAN to 100, but when i look at the Macro for the smartport it is saying the voice vlan is 1. Do i have to manually change the macro somehow? can i change the macro somehow?
  Sorry i don't have a lot of info in this post. If you need to know how anything else is configured just ask i'll post it up.
  Thanks
  Karl                  

  Hi Karl,
  You can use the serial db9 console cable that came with it for a hardwired connection (I use putty):
  Also you can enable telnet and/or ssh: Status and Statistics -> System Summary, look for TCP/UDP services status and then hit Edit, enable what you want, hit apply, and remember to save the config. Also, you can go right to Security -> TCP/UDP services to enable:
  Best,
  David
  Please remember to rate helpful posts and identify correct answers.

• Video conferencing, voice, VLAN and Catalyst 2950, 3500 and 6500 switches

  We have a Cat6500 with MSFC in the COre/Distribution, mix of 2950 and 3524XL in the closets in the HQ. Every closet will be on one VLAN. There are 5 remote sites on a Frame with 768 CIR. There will be one Polycom VC station in the HQ per closet, one Polycom per remote site. Additionally, every PC everywhere will be using desktop NetMeeting for VC. CallManager and IP Phones will be everywhere. My questions are:
  1. should I put the Polycom on the same VLAN as the PC's with COS set to 4 at layer 2 and IP Precedence set to 4 at layer3? IP Phones are already on a seperate voice VLAN .
  2. Should I put Polycom on it's own VLAN and seperate from the PC VLANs? If I do it this way should I set COS and IP precedence for the PC's with NetMeeting?
  3. any sample config. for the Catalyst switches?
  Thanks!
  Chris

  Chris,
  Check out this IP telephony design guide. Hope it is of some help to you:
  http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/network/

• CIPC Doesnt take voice vlan Ip Address

  ia have my pc (windows) connected to a 3com switch and its takes the ip address from an active directory. but to apply Voice QoS, i need that the CIPC takes an ip address from the voice vlan. placing a 7911 or 7941 in the network plug they take the voice vlan ip address. how i configure the CIPC to takes the voice vlan ip address?

  CIPC is a SW running on a PC and uses the IP address of the PC.
  You just have to configure the the IP address of the TFTP server (Callmanager running the TFTP service).
  Therefore there is no need for the phone to get a IP address from the Voice VLAN.
  Pierre.

• Wireless voice vlan

  Can someone point me to a link for setting up voice vlan ? we're trying to use Cisco wireless phone 7920 and would like to know about setting up the voice vlan. Thank you very much.

  http://www.cisco.com/en/US/products/hw/phones/ps379/products_implementation_design_guide_book09186a00802a029a.html

• ISA550 Voice VLAN cannot connect to WAN?

  Hi,
  I just bought ISA550 and used the configuration wizatrd to set it up, mostly with defaults.
  I mapped GE2 to VOICE VLAN/Zone, and although the SPA122 I connected to this port now gets an IP adress (10.1.1.100),it fails to register with SIP provider.
  I have LB WAN set up (bandwidth), WAN1(GE1) Primary, WAN2(GE7) secondary, but not conecting WAN2 yet until I have configuration working.
  I set ALG on for SIP (and tried it 'off') but nothing seems to work.
  I also checked Firewall settings and added rule to 'permit' WAN to VOICE. There was only the other direction by default.
  I have also not yet updated firmware, as I have only just elevated my access to allow encrypted downloads, biut will try that later this evening, out of hours.
  Otherwise, any other suggestions gratefully received.
  MTIA

  I have now been able to get most of this working, but had to connect SPA122 to DEFAULT VLAN (GE3).
  Added traffic selectors for this and some high priority (Q2) devices. Added QoS rules for these but if I added these to the default WAN_POLICY only those explicitly mentioned could access the WAN.
  I then created a a new WAN POLICY without the default QoS rules, just the new ones, and this works!
  However, I need to prioritise incoming traffic but only Q1 seems to be available for incoming, so currently only SPA122 has a rule (to mark Cos). Everything else is a free for all.
  I have three devices I need to give Q2 on incoming traffic, so is there a way to do this, or is the traffic precedence 'inherited' from outgoing rules?
  The documentation, both shipped CD and ESD, is not very clear on this. In fact, there are places where it is just plain wrong.
  Otherwise, all seems to be going well. It is handling marginal circuits and LB better than my old router.
  One last point. I need to report on WAN availability. I am remote logging to a Linux system to analyse syslog, but cannot find definitive log entries to determine WAN State (DNS LInk detection). Only physical port availability is shown explicitly (Line status - which also correctly triggers email alerts). I can see nothing similar for WAN State.
  I use Splunk to analyse the logs, so could use fairly complex search pattern, if necessary.
  MTIA
  P