DHCP and voice vlan on Cisco 3560 switch

Greetings,
I'm setting up a Cisco 3560 switch for voice and data comms. I'm looking for documentation with best practice guidelines for the following requirements.
1. Using the Cisco 3560 as a DHCP server - Config examples.  Do I need to use different subnets for the voice and data vlans?
2. Layer 2 CoS QoS  - I'm connecting Aastra phones as well as notebooks - I've been told that Aastra also makes use of the voice vlan config through LLDP and that Aastra phones supports CDP.
Your assistance will be appreciated.

Hi ,
Cisco recommends that you have a separate vlan for  voice and data with different ip subnets for voice and data. You will need to configure the dhcp pool accordingly.
Here is the config guide for setting up IOS DHCP server:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html
Here is the LAN qos recommendations:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/netstruc.html#wp1044009

Similar Messages

  • Configure Voice and Data VLAN in CISCO SF 300 8P

    I have a couple of Cisco SF 300 8P and 24 P Switches. I have voice and Data VLAN configured as :
    Data VLAN : Default 145.17.59.0/24
    Voice VLAN : VLAN 20 172.22.20.0/24
    I have different DHCP servers as for Data VLAN we have physical server which is configured for 145.17.59.* IP Scope and Voice VLAN DHCP Server is configured in Gateway router with option 150.
    This configuation works fine with other cisco swiches like 2960 and 3750 etc except CISCO SF 300 8P and 24P. I was trying to configure both voice and Data VLAN in these CISCO Switches so that CISCO phone (Model 6941) shold get IP from Voice VLAN and PC should get IP from Data VLAN DHCP Server. I have tried several techniques like LLDP, Port to VLAN Config etc.
    Can anyone please guide me/help on this.
    Regards,
    A K.M.Sayeed

    Hi A.K.M., with Cisco phones you should be able to simply set auto voice VLAN to be VLAN20. 
    voice vlan id 20
    You should ensure CDP and/or LLDP are enabled as well. I would check this in web GUI. DHCP for the phones can come from the switch, a DHCP server on a VLAN20 access port or you can use dhcp helper to redirect DHCP to server elsewhere.
    If you prefer or have issues with CDP or LLDP you can also program ports as trunks and add tagged VLAN 20 to them.  In this scenario you need to insure inter-vlan routing is working and that phones download config file with corrrect VLAN config.
    These switches do not run ios so they are similar but different than catalyst switches you referred to.
    -- please remember to rate helpful posts --

  • Passing voice and data Vlans on Cisco SG200-08P help

    Hello All,
    I'm struggling with a configuration issue on the Cisco SG200-08P.
    We are using the Cisco SG200-08P on a mobile cart that will go from class room to class room that will have computer and cisco Voip phone plugged into it. The issue is that each of our closets are in differnt VLANS ( 1 voice and 1 data....lets say data vlan 20 and voice vlan 2025 for conversation) and that we route to each closet.
    It would be great if I could just create a generic data and voice vlan to dynamically pick up what the upstream switch has however, it seems that I've been unsuccessful in doing so.
    So far I can pass the data Vlan no probablem. The upstream switch port is set to access port and a switch port access voice vlan (these are 3750x switches)
    If the above is not possible I guess I will take what I can get. Should I just create data vlan 20 and voice vlan2025 on the Cisco SG200-08P and make a trunk port on the Cisco SG200-08P and a trunk on the 3750x? Is there an option on the Cisco SG200-08P to tag voice traffic?
    I'm also concerned with VTP and I did not see an area in the Cisco SG200-08P to set that as a client and transparent mode.
    Thanks for any help,
    Dan

    On a Catalyst switch, when a port is defined as a trunk without a vlan specified on the port, all vlan pass through the port. On a small business switch it is nearly the opposite. You must specify the vlans on the links. Additionally, ingress filter discards anything not associated to the port.
    802.1q specifies there must be an untagged vlan which is the native vlan (of course you can make exceptions, tagging the default vlan..).
    One thing I did in the past with a 2960, I made an LLDP network policy and it basically "provisioned" the downstream switch connecting link and voice vlan. That may be another idea for you.
    Here's a link that may be useful-
    https://supportforums.cisco.com/message/3811376
    Here is the 2960 config I used to feed a SB switch voice info
    Switch#show run
    Building configuration...
    Current configuration : 2206 bytes
    ! Last configuration change at 00:41:16 UTC Mon Mar 1 1993
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Switch
    boot-start-marker
    boot-end-marker
    no aaa new-model
    system mtu routing 1500
    vtp mode transparent
    network-policy profile 1
    voice vlan 100 cos 4
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    vlan 2
    name test
    vlan 100
    lldp run
    interface FastEthernet0/1
    network-policy 1
    spanning-tree portfast
    interface FastEthernet0/2
    interface FastEthernet0/3
    interface FastEthernet0/4
    interface FastEthernet0/5
    interface FastEthernet0/6
    interface FastEthernet0/7
    interface FastEthernet0/8
    interface FastEthernet0/9
    interface FastEthernet0/10
    interface FastEthernet0/11
    interface FastEthernet0/12
    interface FastEthernet0/13
    interface FastEthernet0/14
    interface FastEthernet0/15
    interface FastEthernet0/16
    interface FastEthernet0/17
    interface FastEthernet0/18
    interface FastEthernet0/19
    interface FastEthernet0/20
    interface FastEthernet0/21
    interface FastEthernet0/22
    interface FastEthernet0/23
    interface FastEthernet0/24
    interface FastEthernet0/25
    interface FastEthernet0/26
    interface FastEthernet0/27
    interface FastEthernet0/28
    interface FastEthernet0/29
    interface FastEthernet0/30
    interface FastEthernet0/31
    interface FastEthernet0/32
    interface FastEthernet0/33
    interface FastEthernet0/34
    interface FastEthernet0/35
    interface FastEthernet0/36
    interface FastEthernet0/37
    interface FastEthernet0/38
    interface FastEthernet0/39
    interface FastEthernet0/40
    interface FastEthernet0/41
    interface FastEthernet0/42
    interface FastEthernet0/43
    interface FastEthernet0/44
    interface FastEthernet0/45
    interface FastEthernet0/46
    interface FastEthernet0/47
    interface FastEthernet0/48
    interface GigabitEthernet0/1
    switchport mode trunk
    interface GigabitEthernet0/2
    interface Vlan1
    no ip address
    interface Vlan100
    no ip address
    ip http server
    ip http secure-server
    logging esm config
    line con 0
    line vty 5 15
    end
    Switch#
    -Tom
    Please mark answered for helpful posts

  • MTU Size Issue on Cisco 3560 Switch

    Could anybody tell me how to change MTU Size on a Cisco 3560 Switch.i mean to say whether it is to be changed on FastEthernet Interfaces or on VLAN 1 or on Global Configuration Mode and with which Command to change it.

    I am using MPLS on my Routers and the MTU size i have set on my Router Interfaces is 1524.
    When i do a normal ping from Customer's one site to another (where my Traffic has to pass through this Switch VLAN)i get a reply , but when a Ping with a Byte Size of 1500 or more the Packets get completely dropped.
    I think due to MTU Mistach bet. Switch and Router the Packets r getting droped,that is why i was trying to change it.
    could the Packets get dropped because of this reason.Please suggest.

  • DHCP for Voice VLAN

    Hi,
    I am configuring DHCP pool for voice vlan on cisco 2921 router.
    Here is the setup.
    2921 router -> 3750 -> 2960 PoE -> 7942 IP Phone
    Router Config
    ip dhcp excluded-address 10.146.54.1 10.146.89.50
    ip dhcp pool VoiceVlan
    network 10.146.54.0 255.255.255.0
    subnet prefix-length 24
    dns-server 10.144.68.32 10.144.68.33
    option 150 ip 10.146.68.36
    default-router 10.146.54.1
    netbios-name-server 10.144.68.32 10.144.68.33
    netbios-node-type h-node
    domain-name wft.root.loc
    lease 0 8
    interface GigabitEthernet0/0
    ip address 10.144.54.16 255.255.255.0
    duplex full
    speed 1000
    interface GigabitEthernet0/0.50
    encapsulation dot1Q 50
    ip address 10.146.54.15 255.255.255.0
    3750 Config
    interface GigabitEthernet1/0/3
    description To Router
    switchport access vlan 54
    switchport mode access
    switchport voice vlan 50
    speed 1000
    duplex full
    spanning-tree portfast
    interface Vlan50
    description VoiceVLAN
    ip address 10.146.54.1 255.255.255.0
    interface Vlan54
    ip address 10.144.54.1 255.255.255.0
    2960 Config
    interface FastEthernet0/1
    switchport access vlan 50
    switchport mode access
    spanning-tree portfast
    Troubleshooting
    Trunk is formed
    2960#sh int tru
    Port        Mode             Encapsulation  Status        Native vlan
    Gi0/3       on               802.1q         trunking      1
    Port        Vlans allowed on trunk
    Gi0/3       1-4094
    Port        Vlans allowed and active in management domain
    Gi0/3       1,50,54
    Port        Vlans in spanning tree forwarding state and not pruned
    Gi0/3       1,50,54
    Router received the dhcp discover from IP Phone, but it doesn't issue any IP. Here is the debug log
    875525: Feb 13 15:11:26.167 GMT+8: IP: s=0.0.0.0 (GigabitEthernet0/0.50), d=255.255.255.255, len 576, input feature
    875526: Feb 13 15:11:26.167 GMT+8:     UDP src=68, dst=67, MCI Check(80), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
    875527: Feb 13 15:11:26.167 GMT+8: FIBipv4-packet-proc: route packet from GigabitEthernet0/0.50 src 0.0.0.0 dst 255.255.255.255
    875528: Feb 13 15:11:26.167 GMT+8: FIBfwd-proc: Default:255.255.255.255/32 receive entry
    875529: Feb 13 15:11:26.167 GMT+8: FIBipv4-packet-proc: packet routing failed
    875530: Feb 13 15:11:26.167 GMT+8: IP: s=0.0.0.0 (GigabitEthernet0/0.50), d=255.255.255.255, len 576, rcvd 2
    875531: Feb 13 15:11:26.167 GMT+8:     UDP src=68, dst=67
    875532: Feb 13 15:11:26.167 GMT+8: IP: s=0.0.0.0 (GigabitEthernet0/0.50), d=255.255.255.255, len 576, stop process pak for forus packet
    875533: Feb 13 15:11:26.167 GMT+8:     UDP src=68, dst=67
    875534: Feb 13 15:11:26.167 GMT+8: DHCPD: client's VPN is .
    875535: Feb 13 15:11:26.167 GMT+8: DHCPD: No option 125
    875536: Feb 13 15:11:26.167 GMT+8: DHCPD: DHCPDISCOVER received from client 0110.bd18.0149.5b on interface GigabitEthernet0/0.50.
    Any help is appreciated.
    Cheers!

    Dude, look at your DHCP exclude on your router.
    It is supposed to be low/high IP.
    So basicly you told the router to exclude IP address from 10.146.54.1 to 10.146.89.5.
    This means that DHCP will not hand out 10.146.54.1 through 10.146.89.5
    try 
    ip dhcp excluded-address 10.146.54.1 10.146.54.15
    Hope this helps.  
    Also, I know this is years ago but thought I would throw that out there.  

  • Embeded Event Manager on cisco 3560 switch

    Can someone help me please? I have EEM configured on cisco 3560 switch. The configuration is below. I want that switch inform me through email when device with particilular IP address become unavailable. For some reason this configuration is not good and I can't tell why. I already try to debug this with debug event manager action mail but didn't see any output .
    ip sla 11
    icmp-echo ip address
    frequency 20
    ip sla schedule 11 life forever start-time now
    event manager applet device-TEST
    event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.11 get-type exact entry-op lt entry-val "2" poll-interval 20
    trigger occurs 5 period 120
    action 02.0 mail server "ip address" to "[email protected]" from "[email protected]" subject "device is down"

    The mail part looks good, I'm not sure you are hitting the trigger right.
    Why not do a track on the ip sla instead of the snmp stuff?
    Here's a good example of that.
    https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet

  • Potential Security Hole with 802.1x and Voice VLANs?

    I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
    If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
    Has anyone done any research into this potential security hole?
    Thanks
    Andy

    Thanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
    As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
    Andy

  • Ipv6 HSRP gloabl unicast address on cisco 3560 switch

    Dear Team,
    We are using cisco 3560 switch. Now we are going to implement ipv6 in our network. But we are not disturbing to existing ipv4. my question is 1) Can we confiure the global unicast ipv6 address in ipv6 HSRP and 2) can cisco 3560 switch will support ipv4 and ipv6 standby group on same SVI ?                 

    YES

  • Configuring rcp on ciscoworks LMS 2.5 and cisco 3560 switch

    Dear All,
    i am having LMS 2.5 and nearly 50 cisco 3560 in my network. And I want to configure rcp. How can I do it. Kindly help
    regards,
    RAHIL KHAN

    Have a look at this link for the server:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.0/user/guide/swmgt.html#wp1328314
    For the device you'll need something like:
    username cwuser password 7 000C1C0A05
    ip rcmd rcp-enable
    ip rcmd remote-host cwuser 172.17.246.221 cwuser enable
    ip rcmd remote-username cwuser

  • 802.1x and Voice VLAN

    I had read articles on cco, and I believed for the same switch port we can have 802.1x configure and the voice vlan configure. It mean the IP phone is connect to the switch port with 802.1x configured, but the phone will not autheticate, only the workstation connect to phone data port will get authenticate.
    I had configured 802.1x and test with notebook logon and able to access the network. Now I would like to test the notebook attached to IP phone data port, and the phone connect to switch port configure with 802.1x. But I failed to add voice vlan commmand. Why ?
    interface GigabitEthernet9/48
    description temporary port
    switchport
    switchport access vlan 12
    switchport mode access
    no ip address
    dot1x port-control auto
    spanning-tree portfast
    CIG01-ENT-SW1(config-if)#switchport voice vlan 14
    Command rejected: Gi9/48 is Dot1x enabled port.

    Using IEEE 802.1x Authentication with Voice VLAN Ports
    A voice VLAN port is a special access port associated with two VLAN identifiers:
    ?VVID to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.
    ?PVID to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.
    In single-host mode, only the IP phone is allowed on the voice VLAN. In multiple-hosts mode, additional clients can send traffic on the voice VLAN after a supplicant is authenticated on the PVID. When multiple-hosts mode is enabled, the supplicant authentication affects both the PVID and the VVID.
    A voice VLAN port becomes active when there is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When IEEE 802.1x authentication is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
    When IEEE 802.1x authentication is enabled on a port, you cannot configure a port VLAN that is equal to a voice VLAN.
    Waht kind of switch do you have? In 3550 I can configure the port for both vvid and pvid:
    interface FastEthernet0/1
    switchport access vlan 3
    switchport mode access
    switchport voice vlan 2
    no ip address
    dot1x port-control auto
    spanning-tree portfast
    end
    Nevertheless, as the statement above indicates, the port will need to be configured for multi-host in order the PC behind the phone get autehntication:
    under the interface configure "dot1x host-mode multi-host"
    Nevermind, I just realized that you might have a 5600 running native, checking the configuration guide and realese notes it does not looks like dot1x and vvlan can play together in that platform.

  • Multilayer Cisco 3560 Switched network

    Hi,
    I have a multilayer Cisco 3560 network. All sites are connected to each other using RIP V2. The area marked in red is what we are having an issue with.
    1. We have remote sites connected by microwave links using Cisco 3560.
    2. In the attached image "Site-1" inherits all the configuration from the Headoffice. They also get their internet connection from the Headoffice over the " 256Kbps DSL-DATALINK".
    3. The area marked in red are the 2 sites, they were connected to each other using a data link.
    4. The 100 Mbps microwave links were commissioned lately so we want to use these links for our Internet + Data connections.
    5. HEAD OFFICE switch is running the VTP Domain.
    Question
    1. I have rip version 2 running how do I get "SITE-1" to share the internet connection from Headoffice over the Wireless Links
    2. Site-1 should get the IP address from the HeadOffice DHCP server over the wireless links.
    3. The "DSL-DATALINK" should work as a backup/redundant link. If my 100 Mbps link is down it should automatically switch to the DSL link.
    Kindly give me your expert comments/suggestions in how do I go about achieving the above.
    Regards
    Sarfaraz

    RIP works on hop-count and it will prefer the DSL connection over the Wireless link (1 hop vs 4 hops).
    You can alter this behavior by creating an offset list on routes incoming the data link.
    router rip
    version 2
    offset-list 0 in 5 [data link interface]
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_rih.htm#wp999452
    You need to this on both routers (site1 and HQ).

  • Arp table and mac table in cisco 4503 switch

    Hi all,
    I have a problem with 4503 switch
    I have 7 highend servers in my lan i.e 5hp and 2dell servers.
    Each server has 4 network interface cards(1g). so 7*4=28 ports.
    I have create vlan 70, ip add is 10.70.70.1
    I have assign ip address to servers like
    first server         10.70.70.2, 10.70.70.12,
    Second server   10.70.70.3, 10.70.70.13,
    Third server        10.70.70.4, 10.70.70.14,
    fourth Server       10.70.70.5, 10.70.70.15, 10.70.70.25, 10.70.70.35
    fifth server           10.70.70.6, 10.70.70.16, 10.70.70.26, 10.70.70.36
    sixth server          10.70.70.7, 10.70.70.17, 10.70.70.27, 10.70.70.37
    seventh server      10.70.70.8, 10.70.70.18, 10.70.70.28, 10.70.70.38
    The problem is in four interfaces each server, only one or two interfaces are pinging, remaining interface are not pinging.
    for example in the first server i can able to ping 10.70.70.12- macid 60eb.69d2.a2aa
                                                i can't able to ping 10.70.70.2- macid 60eb.69d2.a2ab
    second, fourth, fifth, sixth, and seventh continiously pinging successfully.
    for example in fourth server i can able to ping 10.70.70.5 macid -b499.bafe.9c98
                                             i can able to ping 10.70.70.15 macid-b499.bafe.9c98
                                             i can able to ping 10.70.70.25 macid-b499.bafe.9c98
                                             i can able to ping 10.70.70.35 macid-b499.bafe.9c98
    now you understand what is the problem, which server i am not getting pinging that arp table shows each interface separte mac address
                                                       which server i am getting pinging that arp table shows each interface bind with same mac address(dynamically)
    Please give me the solution

    Hi,
    I Think you need to do Teaming on the servers.
    ++ configure etherchannel between switch and the server.
    configuring etherchannel b/w 4503 and server:
    ================================
    http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a008089a821.shtml
    Sample NIC Teaming - HP NICs with Cisco Switches (EtherChannel) :
    ==============================================
    http://support.citrix.com/article/CTX434260
    There are several NIC teaming technologies available today from  switch vendors.  Cisco uses the term “EtherChannel.”  Various switch  vendors use various terms, and these may or may not provide the same  exact functionality. Use of EtherChannel technology requires support  from the server hardware vendor, NIC vendor, and Layer-2 switch vendor.
    Hope this helps
    Cheers
    Somu
    Rate helpful posts

  • Trouble with Windows7 and Gigabit link on Cisco 3560X switch

    Hello,
    In my company, we are using Cisco IP Phones 7945G (with 2 gigabit network ports) and Cisco 3560X-48P (1GB ports) switches for our users.
    Our client computers are running on Windows 7 SP1 (64bit - Enterprise edition) and are connected behind the IP Phone. We use a "Boradcom
    Xtreme Gigabit" onboard network card on the computers. All ports (on the switch site and IP Phone side) and on the network card of the computer are configured in "auto negotiation". Duplex and speed are set to "auto".
    We tried now to deploy a new engineering software and we are facing a very strange problem. This means that the engineer software fails to download some files from the server. We are using a flat network, all the servers and computers are on the same network segment with no firewall inbetween.
    The firewall and Anti-virus on the computers are configured to allow all incoming/outing connections.
    To troubleshoot, I tried to change all the network cables but I still get same result --> download fails.
    I connected the client computer directly to the Cisco 3560X switch, without the IP Phone and I get the same result.
    I installed a separate network card from INTEL (Intel PRO1000 PT) but I get the same result.
    As last test, I have connected to same client computer directly to a Cisco 2960-8TC switch (100Mbit; auto negotiate) and here is working fine. The software successfully downloads all the files from the server.
    If I connect the computer behind the Cisco 7945 IP Phone, set the speed and duplex of the PC-Port on the Cisco IP Phone 7945G to "100MBit/full duplex" is also working fine.
    Is there any know issue with Windows7 and Gigabit network connections?
    Do I need to set any Registry key on my Windows 7?
    The firmware version of my Cisco 3560X-48P switch is 12.2(53)SE2; do I need to update it?
    The firmware version of the IP Phone 7945G is 9.2.1.
    Thanks in advanced for your help.
    Marc Hoffmann

    Hello, Thanks for your answers. First of all, I have updated the firmware of my Cisco Catalyst 3560X-48P switch to the version 12.2(55)SE5. Unfortunately, this did not solve my problem. As second step, I ran an TDR test on my 3560X switch but I do not get any result. The "Pair status" always says "not completed". Even if I wait for 5 minutes, the status remains at "Not completed". Am I doing something wrong ? To do the TDR test, I use the commande "test cable-diagnostics tdr interface gigabitEthernet 0/XY". For your information, the port gigabitEthernet 0/XY is in a "Connected" status when I run the "show int status" command. Jeff, I think there is no issue on the server side, because if I connect my workstation on a 100MB switch (example Cisco Catalyst 2960-8TC-L) the application works absolutely fine. Also, if I run the application locally on the server, it works fine. As next step, I will connect the workstation directly on our backbone switch and try the same test. Is there perhaps any Registry key in our Windows7 which could cause this trouble? If you have any other ideas or options, please let me know. Thanks a lot, Marc Hoffmann

  • Cisco 3560 switch| mls qos trust dscp question

    Hi everybody
    Hi everybody .
    Please consider the following example:
    3560 sw f1/1--------trunk---SW2
    3560 sw
    f1/1
    mls qos trust dscp
    3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
    1) will it use its default cos --dscp map  ( cos 4--.dscp 32) and rewrite 32 in dscp field  of the packet in the frame and provide PHB for dscp 32 ?
    Much appreciated!!
    Have  a great weekend.

    Hi
    No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
    /Mikael

  • Physical position of backup Cisco 3560 switch in relation to other produciton switches

    We currently have three 3560 switches connected to each other using SPF interconnect cables. I have a backup switch ready in the event one of the three switches fails. I'd like to keep the backup switch configured and in the rack connected to the three switches. If a switch fails, do the interconnect cables have to be routed in the same way they're currently setup or can they be connected in any order. In other words, if I have the replacement switch in the rack at the bottom with the other three switches and the top switch fails, after loading the config of the top switch onto the replacement switch, can I keep the cables from the second switch connected to the third switch and run the interconnect cables from the failed switch, now switch 1, to the third switch, which is situated in the rack just above the replacement switch? 
    Thanks in advance. 

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    For 3560s, what SPF ports you use doesn't really matter.
    If the backup will be a cold spare, you may need to worry about port configurations, before you connect it.
    If the backup will be warm spare, again, you can interconnect the SPF ports however you like.  If, though, you create any L2 loops, you need something to break the loop, e.g. STP, FlexLink.
    If you want intentional redundancy, the simplest configuration would be a ring, and assuming the backup is just a warm spare, a root switch defined with the other two non-backup switches connected to it (on the ring).  (The backup would connect to the two non-root switches.)
    Besides a ring topology for redundancy, you might setup a dual star topology, or as you only have four switches, even a full mesh.

Maybe you are looking for