51 APs on voice vlan with 110 802.11 Handsets and 300 VoIP handsets?

There are 51 APs with 110 Symbol 802.11 voip handsets, along with 400+ Mitel VoIP Handsets on one vlan..using mask 255.255.240.0 should I be asking if this is excessive multicast traffic ?
Anyone used the IAPP with Aeronet? Any drawbacks, feedback? Should the APs/802.11 VoIP Phones be on their own vlan rather than the voice vlan?

Jason,
Let me answer your question with another question - RTP streams from your phones would be unicast, unless you were using applications like multicast paging or multicast MOH. Are there any of these applications present?
For seamless roaming, you will want the APs to be located on the same VLAN and use the same SSIDs and addressing scheme across your wireless infrastructure. You could separate it from your voice VLAN for segmentation purposes, so long as DHCP services and QoS is present on your APs and distribution switches on the wireless VLAN.
A quick estimation of the traffic involved is 7.04Mb/s if every phone was being used simultaneously with a G.711 codec. Bandwidth would generally not be an issue, but latency and jitter are your priorities. Depending on how your wireless network is laid out, you shouldn't have more then 8-12 phones associated to a single AP or jitter, latency and retransmissions will become an issue.
Hope this helps.
Pat

Similar Messages

Voice VLANs with Multiple IP Phone Systems

We currently have a legacy TDM ACD system used by the Call Centre running alongside CUCM 8.5 which is used by back office and admin staff.
When we implemented the Call Manager we configured all our access ports with the Voice VLAN to make any office moves and changes straight forward, regardless of whether or not the position would have a Cisco phone i.e. a cisco phone could be plugged into any floor port throughout the building and it would register.
Currently I am in the planning stages of replacing the legacy ACD system with Avaya Aura which will be running side by side with CUCM. My concern is that every time there are office moves, the access ports are going to have to be reconfigured to the Voice VLAN of the relevant system depending on which type of phone is at that desk.
Has anyone had similar experiences and found a solution?
Not ideal I presume, but was wondering if we could use the same Voice VLAN for both systems?

It's just a VLAN. Don't sweat it, stick them all in the same one. Nothing will explode.
Each phone system will have it's own way of locating the call processor.
CUCM = DHCP Option 150
Mitel = Some other DHCP option (128-130, and some others)
Avaya = DHCP option 176
etc...
So you can set all these on your scope, and each phone type will find it's server...
Aaron

Voice VLAN with SRW224G4P

Hi all,
I have been trying to config a voice vlan into this switchs for the last 3 hours and for me this is impossible... I know how to do in a IOS switch but with this switchs is a nightmare...
I have this topology,
PC ---- IP phone ----- SW1 SRW224G4P -------- SWCORE SRW2024 --------- Router 2921 CME
I have this config in my router,
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.1
description LAN
encapsulation dot1Q 1 native
ip address 192.168.5.95 255.255.255.0
ip virtual-reassembly in
interface GigabitEthernet0/0.100
description Voice VLAN
encapsulation dot1Q 100
ip address 192.168.251.1 255.255.255.0
ip virtual-reassembly in
SW1 has created the VLAN 100 and enabled as VOICE VLAN
The first 3 octes of the mac of my phone is inserted into Telephony OUI Table
The Auto Voice VLAN Membership is enabled in the port where phone is attached.
The port that is conected to SWCORE has the vlan 100 configured as tagged.
SWCORE has created the VLAN 100 and enabled as VOICE VLAN
The port that is conected to SW1 has the vlan 100 configured as tagged.
The port that is conected to router CME has the vlan 100 configured as tagged.
If I config other port into SWCORE with VLAN 100 tagged I can ping from CME to that host.
Could be the problem a vlan propagation error?
Somebody could help me? I am desperate...
Thank you in advance.

Hi David,
Thank you for the purchase of the switch.
.Like anything, even riding a bike, the switch is actually very easy to configure, if you have a little bit of practice on it..
You mentioned you are using the " Telephony OUI Table" i guess you have a SF300-24P or ordering p/n SRW224G4P-K9-NA. Please be specific with the switch models you are using.
Are you using the older SRW series or the refreshed SRWxxx-K9 (300 series) switch in the core?
Firstly, make sure you are using version 1.1.0.73 of the switch firmware. Do that change now or verify that 1.1.0.73 is the active image on the switch.
The switch has two areas for storing firmware images. It stores the new firmware in the unused image area. Check the administration guide for how to upgrade firmware and select new firmware for the next reboot.
CDP is enabled on the switch when you use the new software, it was not there with older firmware, hence my insistance at upgrading firmware.
( Personally i would prefer you to have a catalyst switch for your ISRG2 CME application, for tech support purposes. But this is the land of the free..)
I found the following when I added my SG300-28P to a VLAN aware UC500.
The UC500 was advertising vlan100 as a voice vlan, configured that by Cisco Configuration Assistant, you might try CCP on your ISR.
I had a IP phone plugged into switch port G7 and a uplink to my UC500 via port Gig27.
The following in blue is a screen copy from my 300 series switch CLI interface.
You will note the switch automatically populated both VLAN and port information, the only command I added was "no passwords complexity enable," and some usernames, which removed from the screen capture below.
the switch basically configured itself.
------------------ show system ------------------
System Description:                       28-port Gigabit PoE Managed Switch
System Up Time (days,hour:min:sec):       00,00:12:04
System Contact:
System Name:                              switch4cf17c
System Location:
System MAC Address:                       d0:d0:fd:4c:f1:7c
System Object ID:                         1.3.6.1.4.1.9.6.1.83.28.2
Fans Status:                              OK
------------------ show version ------------------
SW version   1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version    V01
Gateway IP Address        Activity status       Type
192.168.10.1            Active                  dhcp
    IP Address         I/F       Type       Status
192.168.10.17/24    vlan 1    DHCP        Valid
------------------ show ipv6 interface ------------------
IPv6 is disabled on all interfaces
------------------ show running-config ------------------
interface gigabitethernet7
storm-control broadcast level 10
exit
interface gigabitethernet7
storm-control include-multicast
exit
interface gi27
spanning-tree link-type point-to-point
exit
vlan database
vlan 100
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switch4cf17c
no passwords complexity enable
no snmp-server server
interface gigabitethernet7
macro description ip_phone_desktop
exit
interface gigabitethernet27
macro description "switch | no_switch | switch"
exit
interface gigabitethernet7
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
switchport trunk allowed vlan add 100
exit
interface gigabitethernet27
!next command is internal.
macro auto smartport dynamic_type switch
switchport trunk allowed vlan add 100
exit
switch4cf17c#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - VoIP Phone
                  M - Remotely-Managed Device, C - CAST Phone Port,
                  W - Two-Port MAC Relay
Device ID        Local      Adv Time To Capability   Platform     Port ID
                   Interface Ver. Live
SEP503De50F133A      gi7      2     158      H P     CISCO IP        eth0
                                                     Phone
                                                     SPA525G2
68bdab0fdcfd        gi27      2     169      S I     Cisco SG         gi9
                                                     300-10P
                                                                                           (PID:SRW2008P-K9)-VSD
switch4cf17c#sh vlan
Vlan       Name                   Ports                Type     Authorization
1           1                gi1-28,Po1-8           Default      Required
100         100                 gi7,gi27            permanent    Required
Switch automatically figures which ports should be tagged into VLAN 100.
I did not tell the switch it was connected to VLAN100. I did not add vlan100 to the VLAN database.
So get the ISR router to advertise VLAN100 as a voice vlan.
regards Dave

Voice VLAN with Nortel

I am using 3750 stacks in the access closet with the floor VLANs routed through a 4500. I am trying to determine the best way to get the Nortel IP phone to attach to the voice VLAN and have the internal port default to whatever the floor VLAN is. I am using Microsoft DHCP and I will not initialy trust the port but use a policy to set the trusts. Does anyone use Nortel and what do you believe is the best way to set this? Are there any documents anyone may be aware of to lead me in the right direction?
Thanks

Take a look at the following post.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddbd67a
Hope this helps. If so, please rate the post.
Brandon

How do I add a Subnet and vlan with a catalyst 3550 and RV120

Hello Friends.
I have a scenario that i'm hoping i can get some help with. I'll be as detailed and descriptive as i can.
This is for a business with 100 employees nodes and 100 camera nodes all needing IP internet through private addressing and public gateway.
I have a business class gateway with a private range of 12 public addresses. Ther modem does nothing but act as a gateway since i have disabled the firewall and DHCP.
In place of the firewall and DCHP from the modem i have installed a RV120 Firewall with VPN. When installing i replicated the IP scheme of the modem as to not disturb and distrup the devices assigned addresses from that scheme from the modem. I did this because the owner could not have any down time or any disruption to the business operations.
The RV120 now acts as firewall , DHCP , and VPN. I'll address the subnet first. I's using 10.0.0.0/24 subnet range.
DHCP is assigning 10.1.10.50 - 10.1.10.100 the rest are static and i plan to use static DHCP with the IP and MAC assigned to each static DHCP address.
There are 100 cameras with static IP addresses in the range of 10.1.10.11 - 10.1.10.40, and 10.1.0.1.101 - 10.1.10.170.
VPN uses PPTP assigned address 10.1.10.6 - 10.1.10.10.
There are no layer 3 switches that i know of. Just a layer two that is the primary swith and ports have run out, and various out of the box switches and wireless access points connected to the primary switch.
I want to implement subnets into the network and VLANS as well on a new Layer 3 switche from cisco. Thinking 3550 from Cisco or one of the older layer 2 switches with layer three capabilities.
I also want to introduce a 192.168.0.0/24 IP range for the existing wireless network and segment the traffic from the rest of the traffic on other ranges.
I want to replace the 10.0.0.0/24 DHCP alltogether and the static addresses for end user nodes on the same network, but keep that range just for camera nodes segmented.
I want to implement a NEW end user IP range and VLAN for employee/guest networks using the 172.16.0.0/24 range.
Iv'e thought of replacing all the wireless nodes with RV120's and use VLAN. Dont know if that strategy works. Need to think it through.
I want the 192.168.0.0/24 IP range comunicate to with the 172.16.0.0/24 and possibly the 10.0.0.0/24 range.
Any advice on how to do this?
As a side note the next step after this is to install a server domain controller as all the computers are all stand alones in their own workgroups. It's a simultaneous project that will introdue a DCHP, WINS, DNS server.

Hi Omid, it sounds like you're proposing the 3550 switch but you're not decided yet. The 3550 switch is a pretty old device and needs enhanced multilayer image. It may be more prudent to use a more current switch such as small business SG300 or SG500 as the feature set is more rich and it supports around 480 LAN connections.
To answer the inquiry, the RV120W, when you create a VLAN it will automatically create an IP interface. From this you may assign subnet as you like along with 'enable or disable' for inter vlan routing. Since the RV120W has this feature, a layer 3 switch is not required unless you are looking to keep the routing load smaller by routing locally with the switch.
With Catalyst or a small business switch you would need to create a VLAN. After creating the VLAN, on a Catalyst you can simply issue "switchport trunk encapsulation dot1q" on the desired interface and all VLAN will passage without issue. For a port connecting a user "switchport mode access" "native vlan xx" This will assign the port as untag member of the desired VLAN.
If using a small business switch, it is slightly different, you still create the VLAN but the command issue is a bit different "switchport trunk allowed vlan add xx" for the link to the router, where xx = the VLAN ID to tag to the router. For access client it remains the same as Catalyst.

Bridging multiple VLAN with sg 200-08 and wap321

Hi all
Equipment:
ASA 5505
2x gs 200-08
2x wap321
Is there a possibility, to bridge 2 VLAN between one and another side with two WAP 321 and use the AP's also as WDS Bridge to extend the Wireless Network?
I need to extend the Range of the WLAN but also want to use 2 different VLAN on both sides of the network. There is no Possibility to establish a wired Connection, so i try to use the AP's in "workgroup bridge" mode, but i always can use only one VLAN on the other side.
Thanks for any help

Hi Luis
The Problem is, there is no wired connection between the WAP321.
The topology is like this:
VLAN1------ASA5505-- --SG200-08---------WAP321             WAP321--------SG200-8-------VLAN1
                                             I                                                                                                 I
VLAN2---------------------------                                                                                               -----------VLAN2
VLAN1 and VLAN2 are also available in the WLAN on 2 Different SSID's:
SSID: inside -> VLAN1
SSID: outside -> VLAN2
If i understand the Cluster mode right,there is a wired connection required between the WAP321 .
In meantime i tried to connect the WAP321 over WDS, but always only VLAN1 is available on the "right" side of the Network.
Is there a Possibility, to Bridge multiple VLAN's over a WDS connection?
Best Regards
Dominique

Vlans with ESX 3.5 and Cat6509

have Esx 3.5 with 6 physical NICs. It connects to my Cat6509 running 12.x IOS code. Have downloaded the Vmware/cisco whitepaper and several vmKB articles. Still have some confusion here.
1) Plan to run ESX in VST (vlan Tagging) mode.
2) What is the deal with Native Vlan ID in Esx VST can't be the same as the native VlanID of the physical switch? Huh? Is this a fancy way of saying change the native Vlan from 1 to "anything" when handing off trunks to ESX?
The vmkb articls 1004048 which outline etherchannel, but doesn't specify changing the native vlan to something else.
Is it possible to etherchannel and trunk over the same nics with ESX?

In ESX Virtual Switch Tagging (VST Mode) mode, you provision one port group on a virtual switch for each VLAN, and then attach the virtual machine's virtual adapter to the port group instead of the virtual switch directly. The virtual switch port group tags all outbound frames and removes tags for all inbound frames. It also ensures that frames on one VLAN do not leak into a different VLAN.
Native VLAN ID on ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with VLAN ID on the out going traffic toward ESX host. Therefore, if ESX is set VST mode, it drops the packets that are lacking a VLAN tag.

VLAN With secondary IP address and it's HSRP configuration.

Switch-1
interface Vlan200
ip address 10.X.X.1 255.255.254.0 secondary
ip address 192.X.X.1 255.255.255.0
standby 200 ip 192.X.X.7
standby 200 priority 110
standby 200 preempt
standby 66 ip 10.X.X.7
standby 66 priority 95
standby 66 preempt
Switch-2
interface Vlan200
ip address 10.X.X.4 255.255.254.0 secondary
ip address 192.X.X.2 255.255.255.0
standby 200 ip 192.X.X.7
standby 200 priority 95
standby 200 preempt
standby 66 ip 10.X.X.7
standby 66 priority 110
standby 66 preempt
is the above HSRP configuration correct.

Hi Veera,
I have not tried it before, but the configuration does not seem to work since the syntax seems to wrong as you cannot type an ip address after secondary keyword. An example below.
(config-if)#standby 85 ip 10.127.1.130 secondary ?
<cr>
But your idea seems to work with exception of the above syntax mistake. A useful post can be seen below.
https://supportforums.cisco.com/discussion/9912176/hsrp-secondary-address
Hope this helps. Please always remeber to rate all useful posts.
Thanks
Madhu.

SUP failed over manually, voice service failed after FAILOVER, started accessing old voice vlan which was removed from config

Hey guys,
I am pretty sure, my subject is kinda confusing. Sorry about that. Here is what happened.
1. 4510r with Supervisor V 1000BaseX, switched over to standby Sup, then reseated Active SUP, once reseat complete, switched again to get the reseated SUP up and running as Active SUP.
2. a simple maintenance which was supposed to cause no outage and it did not cause any outage as well.
3. however, what i did not notice was, even though the voice vlan was configured to access 2353, they were accessing vlan 453.
4. the change was made 2 weeks prior to this maintenance where voice vlans were previously accessing 453 and they were all changed to access 2353. configs were saved.
5. however, after the maintenance, the running config showed that they were acessing 2353 but when checking the mac address on the interface, it was seen accessing 453.
6. the fix was to remove the config and re add it , that fixed it.
Has anyone else experienced the issue ? What really happened there ?
software version: Version 15.0(2)SG5
#sh module
Chassis Type : WS-C4510R
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model
---+-----+--------------------------------------+------------------+-----------
1 2 Supervisor V 1000BaseX (GBIC) WS-X4516
2 2 Supervisor V 1000BaseX (GBIC) WS-X4516
3 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
5 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
6 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
7 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
8 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
9 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V

configs were saved many times prior to the maintenance. i did a " write mem ".

Applying command switchport voice vlan

Hi everyone,
At customer setup they have implemented VOIP and as they have to meet the deadlines for this project and they are in rush they want all the switch ports where users are connected should be configured for voice vlan.
As we have server,printers and other devices also connected to these switches.
if i configure int range fa0/1 - 48 with voice vlan command will it cause any issue to devices connected to the switch other than user PC?
Regards
MAhesh

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Any issues to ports w/o a VoIP phone but configured with a voice VLAN? Well, broadcast traffic on the VoIP VLAN will go to each port configured with a voice VLAN, but on a VoIP VLAN I wouldn't expect there to be too much of this traffic. So it shouldn't be significant.

Any idea how to voice chat with yahoo users ?

Hi,
I need to voice chat with my brother. He uses yahoo messenger and he refuses to use skype for some reason
I have tried :
1. Gyache : I did not manage to install it. Moreover, some people on the forums are saying it supports voice chat rooms not voice call.
2. Skype : My brother won't use this.
3. Ekiga tweak to call yahoo : http://ubuntuforums.org/showthread.php?t=414121
This is not ok too.
I need something which will let me voice chat with my brother . And it is also required that my brother need not do anything ( like accepting buddy for the ekiga case ).
4. Empathy : Wha. How to install it properly ?
5. Kopete : Are you sure it has voice chat ? I did not find anywhere that kopete supports voice chat.
6. Meebo : I clicked audio call after logging in. But the page keeps saying pudding media is loading. It actually never loads.
Please help. This is the only thing i am missing in linux and only reason i still have to use windows :(:(:(:(
I am using OSS 4.1 and opera web browser and flash version is 9.

Hi Furi0us.Bee,
As has been said AIM 5.9
There is also Trillian that works for Audio only in it's Basic version and does Video for it's $25 Pro version.
Moving away from the AIM based service there are other options.
12:13 AM Tuesday; July 11, 2006

Compatibility 802.1X and mac-filter from ACS

If the clients identities and mac address are stored in the same ACS server.
In WLC,could a wlan be configured layer2 security with both 802.1x and mac-filtering?
this is really a critical problem for me!
Thanks~

Hi,
I am assuming you are asking if you configure a x mac of wlan client in MAC filer and the same as user naem in 802.1x ACS database as user name , could you configure it ? what is the effect?
If my understading of your queston is correct the answer is
Any wlan client will not be allowed to associate to the network unless a match is seen in mac filter in wlc.
But once that is done it will not able to access network resources unless 802.1x authentication is completed by ACS against the wlan clients user name which is again a mac address of client.
i dont see a value for doing this. except that you will block unnecessary authentication request getting to ACS by filtering it in the 1st instance.
another scenario is if you are using mac filtering also on ACS , it should be preceeded by mac filtering and then ACS authentication , as above as far as ssequence goes hence the same logic applies here.
Thanks

Potential Security Hole with 802.1x and Voice VLANs?

I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
Has anyone done any research into this potential security hole?
Thanks
Andy

Thanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
Andy

SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
-          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
-          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
-          I created two vlans, in switch, Data and Voice.
-          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
-          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
-          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
-          Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
-          Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
-          Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
            - enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server

802.1x, voice vlan and IP phone

Hi, I reviewed many posts here, and I still need the clarification how 802.1x on the switch works with non-Cisco IP phone (not supporting CDP) and PC connected to the PC port. If I configure 802.1x on a switch port, along with access and voice vlan, next I configure the static voice vlan on the non-Cisco phone, will it be possible to authenticate the user on the PC and bypass authentication for IP phone? Is CDP required in such scenario - (non-Cisco IP phone doesn't support it)?
Regards,
Krzysztof

You need CDP for touchless interop. CDP can of course be spoofed though, so proceed with caustion anyway.
You need multi-domain authentication to appropriately deal with non-Cisco phones and port-based access-control. See here to get started:
<http://www.cisco.com/en/US/products/ps7077/products_configuration_guide_chapter09186a008077a284.html#wp1231964>
Hope this helps,

51 APs on voice vlan with 110 802.11 Handsets and 300 VoIP handsets?

Similar Messages

Maybe you are looking for