LLDP Voice VLAN
I'm setting up a Switchvox PBX with Digium D40 phones and Cisco SG200 switches. The PBX doesn't do any CDP or LLDP advertizing so I do not expect the switch to automatically determine the voice VLAN ID and I need to manually set it. How can I configure the switch manually to publis the voice VLAN via LLDP-MED? I've been tinkering for hours and can't make it include the voice TLV in the packets. Any able to help?
Thanks in advance,
Paul
I'm using SG200's, not SG300's so that won't work for this. I'll make a note of it though for the future.
Circling back though, I believe your "illogical" comment was in reguard to a port providing both tagged and untagged access to the same VLAN. I get that and am not suggesting that. I have a internal LAN using VLAN 100 and another WiFi network using 101. I am using VLAN ID 1 for my "default" VLAN for the management interface on the switches and WAPs as well as unused switch ports. I have the "used" switch ports configured for untagged access to one or the other VLAN. One switch port for on each VLAN is connected to the corrsponding interface in the router. I have the PBX on an untagged VLAN 1 switch port. I have added VLAN 1 tagged to switch ports for phones; the ports are also set for untagged access to VLAN 100. I can manually configure the phones to use VLAN 1 for voice. All this works and will be the way I deploy it unless I can figure out this LLDP.
I had hoped for two (new for me) features:
automatic addition of the tagged voice vlan to switch ports where phones were detected
automatic vlan configuration on the phones
I have yet to see a single LLDP packet from these Digium phones so I believe the first item above is a non-started. I'm exploring the second in order to simplify the process of deploying the phones but there are only 40 of them to start with so it shouldn't be that big a deal.
Once again, thank much for the time.
P
Similar Messages
-
SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN
Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
- Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
- Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
- I created two vlans, in switch, Data and Voice.
- On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
- On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
- On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
- Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
- Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
- Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
- enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server -
Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper
Hope that somebody can help me with the setup in the screenshot.
Planning to use Auto-Voice VLAN and Smartports to configure VOIP
LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right?
Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
Normal data should pass the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
Still confused on how to set it up, hope that someone can point me in the right directionIf you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS. -
My customer has 2 SG300-52P and 5 SG300-28P. We installed a VoIP phone system earlier this year. At the time of install we placed the phone system on the native VLAN 1. Now they want to move the phone system to a new VLAN because their class C subnet is running out of addresses. DHCP is handled by their Active Directory and their router/firewall is an Untangle Box. The SG300 switches have a basic configuration only.
To move the phone system to a new VLAN I created VLAN 20 on every switch. I then turned Auto Voice VLAN on. I have every port on every switch set to trunk. Computers are plugged into back of phones. I then created a virtual interface on the Untangle Box for VLAN 20. The Untangle Box is also handling DHCP for the new VLAN. Active Directory is still handling DHCP for native VLAN.
From each switch I can ping the gateway of the new VLAN. From each computer I can ping the gateway and the phone system on the new VLAN. However, the phones will not grab an address on the VLAN and when they are set to static, they cannot communicate with other devices on the VLAN.
Any help would be highly appreciated. I am not sure what I am overlooking.Here is an example of part of a working switch config with Zultys phones where voice VLAN is 100 and data VLAN is 10:
vlan database
vlan 10,20,100
exit
voice vlan id 100
interface fastethernet1
description "RCP and Voice"
switchport trunk allowed vlan add 100
switchport trunk native vlan 10
interface fastethernet2
description "RCP and Voice"
switchport trunk allowed vlan add 100
switchport trunk native vlan 10
In your case you need a trunk port with VLAN 20 tagged on your firewall (or an access port to a separate physical port on VLAN 20. The default gateway served to the phone (or put there statically) should be the interface on the IP. Then you may also want to allow inter-vlan routing for admin access or MXIE if you are using it.
One thing to note on Zultys is by default I think the device profile disables LLDP, but on the phones it is enabled out of the box. So the first time a phone downloads its config from the Zultys it may turn of LLDP unless you checked the box to keep it on. -
DHCP and voice vlan on Cisco 3560 switch
Greetings,
I'm setting up a Cisco 3560 switch for voice and data comms. I'm looking for documentation with best practice guidelines for the following requirements.
1. Using the Cisco 3560 as a DHCP server - Config examples. Do I need to use different subnets for the voice and data vlans?
2. Layer 2 CoS QoS - I'm connecting Aastra phones as well as notebooks - I've been told that Aastra also makes use of the voice vlan config through LLDP and that Aastra phones supports CDP.
Your assistance will be appreciated.Hi ,
Cisco recommends that you have a separate vlan for voice and data with different ip subnets for voice and data. You will need to configure the dhcp pool accordingly.
Here is the config guide for setting up IOS DHCP server:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html
Here is the LAN qos recommendations:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/netstruc.html#wp1044009 -
SG300 voice vlan problem with UC520
Hi Forumers'
My problem statement:
- refere to attached topology.png, this is how my network structure look like
- the IP phone after boot cannot get connected, so it can't download the XML config file from UC520. suspicious switching problem.
- my configuration shown at topology.png and my vlan voice config show as voice vlan setting.png
- My requirement is SG300 switch single switchport to carry vlan data and vlan voice.
- what is the trunking mode for voice VLAN siwth a IP phone+data should i configure? is it switchport voice vlan vvid, switchport voice vlan dot1p, switchport voice vlan untagged or switchport voice vlan none to suite above requirement?
thanks
NoelHello Noel,
Sorry for the late reply, things have been quite hectic around here lately
1. Why use trunk? the UC520 only have vlan voice (vlan 20)
Do you mean that the data VLAN is handled by another device ? Still I would leave it as a trunk in order to be able manage the UC through the data VLAN. (Unless for security or other reasons you would choose otherwise of course)
2. The UC520 got CUE (voice messaging), how should i design the service module uplink to the core switch?
Nothing in particular has to be done for this, CUE is handled and routed inside the UC520, the CUE vlan (default ID =90) is only used if you have another CUE in the network
1. i guess i did this: swithcport tagged vlan 20, untagged vlan 10. is it ok for this setting?
If the Voice Vlan on the switch and on the UC520 has been defined as VLAN 20 (default = VLAN 100) this is perfect. Verify if both on the UC and on the switch, the voice VLAN ID is set to 20.
1. so if i just point the phone to vlan 20 (vlan voice), should i create the LLDP network policy?
If you are ready to configure the VLAN manually on the phone, you don't need the LLDP policy, that is correct.
The LLDP policy is being used for having the phones automatically choose the VLAN you defined, so you don't need to set it manually.
Hope this answers your questions ?
Best regards,
Nico Muselle
Sr. Network Engineer - CCNA -
9951 phone - voice vlan connectivity lost
Hello,
I've 9951 phones that sometimes get the error LastOutOfServiceInformation=26 (close TCP due to a reconfiguration on a new voice Vlan).
I've checked the switch port status and modifications but nothing has been done that could lead to this issue. The user says it has no impact on the PC behaviour linked behind the phone. Phone is located on the LAN, close to the Cluster.
CUCM is 8.6.2
Phone firmware is sip9951.9-2-4-19
According to the logs, waht could be the reason ? DHCP renewal ? SIP fw bug ? Catalyst bug ?
Here are a few line console logs from the phone
6318 NOT 09:57:54.726464 CDP-cdpCacheClear(): vlan lost: proto: 1
6319 NOT 09:57:55.731141 CDP-configSelectVLAN(): 3 OP_USE_ADMIN_DFLT:5 oper:4096 cdp:4096 lldp:4096 admin:4096 mac:d4:a0:2a:83:b1:26
6320 NOT 09:57:55.750901 DHCP-dhcpRelease(): activeInterface: WIRED
6321 NOT 09:57:55.751044 DHCP-dhcpSendRel(): sending RELEASE...
6322 NOT 09:57:55.751173 DHCP-createSocket(): cesw0
6323 NOT 09:57:55.753565 CDP-Cfg_Idle_EvlldpDone_XIdle(): VVLAN [LLDP-IDLE] change: DHCP released
6324 NOT 09:57:55.757093 CDP-setVVLanConfig(): tmpVvlanId: 4096 dbgOldVvlan: 11 dscryProcInfo.vvlan: 4096
6325 NOT 09:57:55.760366 CDP-setVLanConfig(): tmpVlanId: 4096 dbgOldVlan: 41 dscryProcInfo.vlan: 4096
6326 NOT 09:57:55.762038 NETSD-netsdSignal(): EV_DHCP
6327 NOT 09:57:55.762169 NETSD-netsdSignal(): EV_VLAN
6328 NOT 09:57:55.762259 NETSD-netsdSignal(): forceDhcp= 1
6329 NOT 09:57:55.762342 PAE: -paeNetsdRcvMsg(1540): VLAN change: status: 0x0 : No such file or directory 6318 NOT 09:57:54.726464 CDP-cdpCacheClear(): vlan lost: proto: 1
6319 NOT 09:57:55.731141 CDP-configSelectVLAN(): 3 OP_USE_ADMIN_DFLT:5 oper:4096 cdp:4096 lldp:4096 admin:4096 mac:d4:a0:2a:83:b1:26
6320 NOT 09:57:55.750901 DHCP-dhcpRelease(): activeInterface: WIRED
6321 NOT 09:57:55.751044 DHCP-dhcpSendRel(): sending RELEASE...
6322 NOT 09:57:55.751173 DHCP-createSocket(): cesw0
6323 NOT 09:57:55.753565 CDP-Cfg_Idle_EvlldpDone_XIdle(): VVLAN [LLDP-IDLE] change: DHCP released
6324 NOT 09:57:55.757093 CDP-setVVLanConfig(): tmpVvlanId: 4096 dbgOldVvlan: 11 dscryProcInfo.vvlan: 4096
6325 NOT 09:57:55.760366 CDP-setVLanConfig(): tmpVlanId: 4096 dbgOldVlan: 41 dscryProcInfo.vlan: 4096
6326 NOT 09:57:55.762038 NETSD-netsdSignal(): EV_DHCP
6327 NOT 09:57:55.762169 NETSD-netsdSignal(): EV_VLAN
6328 NOT 09:57:55.762259 NETSD-netsdSignal(): forceDhcp= 1
6329 NOT 09:57:55.762342 PAE: -paeNetsdRcvMsg(1540): VLAN change: status: 0x0 : No such file or directory
Thanks,
JCHi Jean,
Could be hitting the bug
CSCuf93609 Bug Details
9951 loses audio on active call when link with pc port is disconnected
Symptom:
When the cable between 9951 and the pc connected to the pc port gets disconnected during an active call there is no audio anymore, the call stays active.
Conditions:
Running firmware version 9.3(2)ES10 or ES12, does not happen with 9.3(2)
regds,
aman -
Dear Team
I am using sg300 for voip. i have created 5 voice vlans for different departments in my office.
but my voip is not working. only 1 voice vlan is working out of 5 voice vlans. The voice vlan working is agreed voice vlan in sh voice vlan commad
Kindly suggest
Regards
ABHINAVHi Ankur, this switch only supports 1 voice vlan. If you genuinely require 5 different voice vlan then you should manually set the ports or create LLDP policies for each voice VLAN you need.
-
802.1x, voice vlan and IP phone
Hi, I reviewed many posts here, and I still need the clarification how 802.1x on the switch works with non-Cisco IP phone (not supporting CDP) and PC connected to the PC port. If I configure 802.1x on a switch port, along with access and voice vlan, next I configure the static voice vlan on the non-Cisco phone, will it be possible to authenticate the user on the PC and bypass authentication for IP phone? Is CDP required in such scenario - (non-Cisco IP phone doesn't support it)?
Regards,
KrzysztofYou need CDP for touchless interop. CDP can of course be spoofed though, so proceed with caustion anyway.
You need multi-domain authentication to appropriately deal with non-Cisco phones and port-based access-control. See here to get started:
<http://www.cisco.com/en/US/products/ps7077/products_configuration_guide_chapter09186a008077a284.html#wp1231964>
Hope this helps, -
Potential Security Hole with 802.1x and Voice VLANs?
I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
Has anyone done any research into this potential security hole?
Thanks
AndyThanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
Andy -
I had read articles on cco, and I believed for the same switch port we can have 802.1x configure and the voice vlan configure. It mean the IP phone is connect to the switch port with 802.1x configured, but the phone will not autheticate, only the workstation connect to phone data port will get authenticate.
I had configured 802.1x and test with notebook logon and able to access the network. Now I would like to test the notebook attached to IP phone data port, and the phone connect to switch port configure with 802.1x. But I failed to add voice vlan commmand. Why ?
interface GigabitEthernet9/48
description temporary port
switchport
switchport access vlan 12
switchport mode access
no ip address
dot1x port-control auto
spanning-tree portfast
CIG01-ENT-SW1(config-if)#switchport voice vlan 14
Command rejected: Gi9/48 is Dot1x enabled port.Using IEEE 802.1x Authentication with Voice VLAN Ports
A voice VLAN port is a special access port associated with two VLAN identifiers:
?VVID to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.
?PVID to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.
In single-host mode, only the IP phone is allowed on the voice VLAN. In multiple-hosts mode, additional clients can send traffic on the voice VLAN after a supplicant is authenticated on the PVID. When multiple-hosts mode is enabled, the supplicant authentication affects both the PVID and the VVID.
A voice VLAN port becomes active when there is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When IEEE 802.1x authentication is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
When IEEE 802.1x authentication is enabled on a port, you cannot configure a port VLAN that is equal to a voice VLAN.
Waht kind of switch do you have? In 3550 I can configure the port for both vvid and pvid:
interface FastEthernet0/1
switchport access vlan 3
switchport mode access
switchport voice vlan 2
no ip address
dot1x port-control auto
spanning-tree portfast
end
Nevertheless, as the statement above indicates, the port will need to be configured for multi-host in order the PC behind the phone get autehntication:
under the interface configure "dot1x host-mode multi-host"
Nevermind, I just realized that you might have a 5600 running native, checking the configuration guide and realese notes it does not looks like dot1x and vvlan can play together in that platform. -
802.1x / dot1x Authentication, including Voice-Vlan and Guest-Vlan
Hello,
i have tried to configure a dot1x based Authentication.
With an single host including guest-vlan, everything works fine.
But i want to use an IP-Phone (wich is every times authenticated) and behind the Phone an Client.
Is there a possible solution? And unfortunately IP-Phones are Avaya-Phones.
i have just tried so...
interface GigabitEthernet0/4
switchport access vlan 121
switchport mode access
switchport voice vlan 200
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 121
authentication event server alive action reinitialize
authentication host-mode multi-host
authentication order dot1x
authentication port-control auto
authentication periodic
authentication violation restrict
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 1
spanning-tree portfast
Thanks, for any possible solution!unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
What are using for a radius server? -
Setting up a Test Voice VLAN for Lync 2013
I want to set up a second voice vlan to be a test vlan.
In the current situation the customer has voice and data running on vlan1. The customer insist on taking incremental steps to improve QoS. I have advocated separated vlans for voice and data. They just want to move everything (phase 1) to a different
vlan. They want to see how getting all traffic of vlan 1 will improve there performance. Again, I recommended the best practice, they want to try this approach first.
I am conducting a pilot test with just one cx600 IP phone. and a single switchport. I created a new vlan99 using VTP. I configured the switchports on the Cisco 2960-x switch as follows.
#switchport mode access
#switchport access vlan 99
The phone gets its correct vlan id, and pulls its IP from the correct dhcp scope. However the phone displays "connecting with the lync server" for a long time, then "connecting to download its certificates". This takes a long time then fails.
If I change the switchport back to vlan1 it works fine. What can be the problem? Does the vlan99 need to be defined on the lync server? How many vlans can be supported by Lync 2013?
Thank you,
gigiuDid you set the VLAN Configuration for Lync Phone Edition?
You can check the following links:
http://blog.schertz.name/2011/01/manual-vlan-configuration-for-lync-phone-edition/
http://www.bricomp.com/blogs/post.cfm/dedicated-voice-vlan-for-lync-devices
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
make sure that you completely understand the risk before retrieving any suggestions from the above link.
Lisa Zheng
TechNet Community Support -
I have a vSphere 5.5 install and I'm in the process of a network upgrade in preparation for a VOIP implementation. The Switch hardware I'm using is a stack of Cisco 3850 Layer 3 switches and I've been going in circles on getting vlan traffic to work correctly. Hopefully someone can point me in the right direction.
I have one NIC connected to the switch (10GB fiber) that will handle all traffic for the esxi host (except for management). VLAN ID is set to None (0) and load balancing is set to Route based on originating virtual port.
I have 2 subnets, 10.1.0.0/16 (data & management, VLAN 1) and 10.10.1.0/24 (Voice, VLAN 10)
On the host I have a Win 2012 R2 server that will be a VOIP PBX host. It must be able to communicate with the IP phones (VLAN 10) and other servers (VLAN 1).
The switches will do the intervlan routing.
Finally my question - Can anyone give me some hints on how to set up the interface on the Cisco for the 10GB fiber connection from my host? Actual port settings would be extremely helpful. Anything I'm doing at the vmware end that I should be doing differently?In case anyone comes across this in a search, here's what I ended up with, 1st the Cisco switch:
switchport trunk allowed vlan 1,10
switchport mode trunk
switchport nonegotiate
switchport voice vlan 10
macro description cisco-switch
spanning-tree portfast
spanning-tree link-type point-to-point
The virtual switch I set to all vlan IDs and Route based on originating virtual port. -
Change voice vlan on specific ports
I need to test a new phone system that is running on vlan 120. The problem is my current voice vlan 110 is still in use for my current phone system. How can I assign a different voice vlan for a single port without having it propagate to the rest of the switch or the other sbs switches in my network?
Hello,
In regards to the Small Business Switches, you can only have a single Voice Vlan configured on them.
Now, since what you are trying to do is to test the connectivity on a single phone, I don't think that you will really have to change or Add a new Voice VLAN, maybe you can get it to work by changing the port to an Access Port with VLAN 120 Untagged, and then they should communicate as long as they are on the same VLAN.
Please let us know if this works, I'm not sure it will since the device is meant to only handle a single Voice VLAN as I said before, but it is worth the try.
Maybe you are looking for
-
Balance carried forward for New GL
Hi Expert, I would like understand about the balance carried forward for AP and AR in the New GL. When executing the program in test run mode, user will download the balances and try to tie to the recon accts in trial balance. The openning balance ge
-
How do I make an app store purchase with a different credit card?
I have a credit card for one of my companies that I used to buy the iPhone and create an Apple ID for purchases on the app store. Subsequent to that I created a new company, with its own credit card, and created a new Apple ID specifically for purcha
-
Web Catalog Publishing using MDM RPCM scenario
Hi Experts Is it possible to do web catalog publishing using MDM Publisher or Publisher APIs? if yes, where can i get the information on how to proceed with it? I came across this[thread|Re: Web Catalog Publishing] where Markus has stated that web ca
-
Java logging API (1.4) -- where's the file?
Where on God's green earth does the log file get written to? I am doing some very simple code: import java.util.logging.*; public class SimpleLogging { static Logger jcfeLog = Logger.getLogger("test1"); static Logger sampleLog = Logger.getLogge
-
I am having problems opening some PDF docs on my Mac Book Pro?
I am having problems opening PDF documents, I have already checked and I do not have my pop up blocker on, Is there an app that I need to get? I just bought my MacBook Pro and love it but need to get it set up and this is on of the things I am having