PC Voice VLAN Access

Hi all,
I've just been testing using Cisco IP Phones with the Linksys SRW224P switch (which do not support CDP and automatic voice VLAN assignment). It's all pretty straightforward, however, I found I needed to enable the "PC Voice VLAN Access" setting for the IP phone to get the PC (attached to the phone) communicating on the network. With this setting disabled, the PC cannot communicate on the network, even if the correct data VLAN ID is configured in the "PC VLAN" setting on the phone. This same issue is also replicated if I disable CDP on a Cisco switch and manually configure the voice VLAN ID on the phone.
Any ideas as to why this is the case? My understanding of the PC Voice VLAN Access setting is that it enables an attached PC to access the voice VLAN (i.e. tag frames with the voice VLAN ID and send on the voice VLAN, and receive frames on the voice VLAN). The traditional port mirroring issues associated with this setting aren't an issue nowadays, as you now have the additional "Span to PC Port" setting to control this.

Hi Eric,
Please make sure you are sniffing the correct interface. For example, if you have more than one interface (such as Wireless Ip address or VPN
connection) select the one you want to sniff. Please check the following link, it shows you how to set up a sniffer capture using wireshark:
http://wiki.wireshark.org/CaptureSetup
Regards,
Teresa.
If you find this post helpful, please rate! :)

Similar Messages

Silent Monitor and Call record with voice vlan

We are pretty new to CCX, and want to get silent monitor and call recording working. I've read a bunch of troubleshooting docs, and a bunch of the discussions here, but I am still unable to get it to work the way that I want.
Heres the setup. The phones are all set to the recommended settings, and the agent pc is plugged into the phone. The data vlan is 111 and the voice vlan is 222. When I run the nicq prog on the agent pc, it can not find the phone, but I can enter the ip in , and it sees the phone. The supervisor laptop can not monitor or record.
If I change the voice vlan to 111, nicq still can not find the phone, but the supervisor can record and monitor with no problem. Is is an issue with 802.1q and perhaps my nics do not support it?
CCX Ver:
8.5.1.11004-25

Hi
It could be, but it's pretty rare.
Have you enabled 'PC Port Voice VLAN Access' and 'SPAN to PC Port' on the phone?
Have you tried alternate PCs/laptops on the back of that phone?
Aaron

SUP failed over manually, voice service failed after FAILOVER, started accessing old voice vlan which was removed from config

Hey guys,
I am pretty sure, my subject is kinda confusing. Sorry about that. Here is what happened.
1. 4510r with Supervisor V 1000BaseX, switched over to standby Sup, then reseated Active SUP, once reseat complete, switched again to get the reseated SUP up and running as Active SUP.
2. a simple maintenance which was supposed to cause no outage and it did not cause any outage as well.
3. however, what i did not notice was, even though the voice vlan was configured to access 2353, they were accessing vlan 453.
4. the change was made 2 weeks prior to this maintenance where voice vlans were previously accessing 453 and they were all changed to access 2353. configs were saved.
5. however, after the maintenance, the running config showed that they were acessing 2353 but when checking the mac address on the interface, it was seen accessing 453.
6. the fix was to remove the config and re add it , that fixed it.
Has anyone else experienced the issue ? What really happened there ?
software version: Version 15.0(2)SG5
#sh module
Chassis Type : WS-C4510R
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model
---+-----+--------------------------------------+------------------+-----------
1 2 Supervisor V 1000BaseX (GBIC) WS-X4516
2 2 Supervisor V 1000BaseX (GBIC) WS-X4516
3 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
5 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
6 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
7 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
8 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
9 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V

configs were saved many times prior to the maintenance. i did a " write mem ".

SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
-          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
-          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
-          I created two vlans, in switch, Data and Voice.
-          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
-          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
-          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
-          Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
-          Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
-          Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
            - enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server

802.1x, voice vlan and IP phone

Hi, I reviewed many posts here, and I still need the clarification how 802.1x on the switch works with non-Cisco IP phone (not supporting CDP) and PC connected to the PC port. If I configure 802.1x on a switch port, along with access and voice vlan, next I configure the static voice vlan on the non-Cisco phone, will it be possible to authenticate the user on the PC and bypass authentication for IP phone? Is CDP required in such scenario - (non-Cisco IP phone doesn't support it)?
Regards,
Krzysztof

You need CDP for touchless interop. CDP can of course be spoofed though, so proceed with caustion anyway.
You need multi-domain authentication to appropriately deal with non-Cisco phones and port-based access-control. See here to get started:
<http://www.cisco.com/en/US/products/ps7077/products_configuration_guide_chapter09186a008077a284.html#wp1231964>
Hope this helps,

Potential Security Hole with 802.1x and Voice VLANs?

I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
Has anyone done any research into this potential security hole?
Thanks
Andy

Thanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
Andy

802.1x and Voice VLAN

I had read articles on cco, and I believed for the same switch port we can have 802.1x configure and the voice vlan configure. It mean the IP phone is connect to the switch port with 802.1x configured, but the phone will not autheticate, only the workstation connect to phone data port will get authenticate.
I had configured 802.1x and test with notebook logon and able to access the network. Now I would like to test the notebook attached to IP phone data port, and the phone connect to switch port configure with 802.1x. But I failed to add voice vlan commmand. Why ?
interface GigabitEthernet9/48
description temporary port
switchport
switchport access vlan 12
switchport mode access
no ip address
dot1x port-control auto
spanning-tree portfast
CIG01-ENT-SW1(config-if)#switchport voice vlan 14
Command rejected: Gi9/48 is Dot1x enabled port.

Using IEEE 802.1x Authentication with Voice VLAN Ports
A voice VLAN port is a special access port associated with two VLAN identifiers:
?VVID to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.
?PVID to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.
In single-host mode, only the IP phone is allowed on the voice VLAN. In multiple-hosts mode, additional clients can send traffic on the voice VLAN after a supplicant is authenticated on the PVID. When multiple-hosts mode is enabled, the supplicant authentication affects both the PVID and the VVID.
A voice VLAN port becomes active when there is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When IEEE 802.1x authentication is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
When IEEE 802.1x authentication is enabled on a port, you cannot configure a port VLAN that is equal to a voice VLAN.
Waht kind of switch do you have? In 3550 I can configure the port for both vvid and pvid:
interface FastEthernet0/1
switchport access vlan 3
switchport mode access
switchport voice vlan 2
no ip address
dot1x port-control auto
spanning-tree portfast
end
Nevertheless, as the statement above indicates, the port will need to be configured for multi-host in order the PC behind the phone get autehntication:
under the interface configure "dot1x host-mode multi-host"
Nevermind, I just realized that you might have a 5600 running native, checking the configuration guide and realese notes it does not looks like dot1x and vvlan can play together in that platform.

802.1x / dot1x Authentication, including Voice-Vlan and Guest-Vlan

Hello,
i have tried to configure a dot1x based Authentication.
With an single host including guest-vlan, everything works fine.
But i want to use an IP-Phone (wich is every times authenticated) and behind the Phone an Client.
Is there a possible solution? And unfortunately IP-Phones are Avaya-Phones.
i have just tried so...
interface GigabitEthernet0/4
switchport access vlan 121
switchport mode access
switchport voice vlan 200
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 121
authentication event server alive action reinitialize
authentication host-mode multi-host
authentication order dot1x
authentication port-control auto
authentication periodic
authentication violation restrict
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 1
spanning-tree portfast
Thanks, for any possible solution!

unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
What are using for a radius server?

Setting up a Test Voice VLAN for Lync 2013

I want to set up a second voice vlan to be a test vlan.
In the current situation the customer has voice and data running on vlan1. The customer insist on taking incremental steps to improve QoS. I have advocated separated vlans for voice and data. They just want to move everything (phase 1) to a different
vlan. They want to see how getting all traffic of vlan 1 will improve there performance. Again, I recommended the best practice, they want to try this approach first.
I am conducting a pilot test with just one cx600 IP phone. and a single switchport. I created a new vlan99 using VTP. I configured the switchports on the Cisco 2960-x switch as follows.
#switchport mode access
#switchport access vlan 99
The phone gets its correct vlan id, and pulls its IP from the correct dhcp scope. However the phone displays "connecting with the lync server" for a long time, then "connecting to download its certificates". This takes a long time then fails.
If I change the switchport back to vlan1 it works fine. What can be the problem? Does the vlan99 need to be defined on the lync server? How many vlans can be supported by Lync 2013?
Thank you,
gigiu

Did you set the VLAN Configuration for Lync Phone Edition?
You can check the following links:
http://blog.schertz.name/2011/01/manual-vlan-configuration-for-lync-phone-edition/
http://www.bricomp.com/blogs/post.cfm/dedicated-voice-vlan-for-lync-devices
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
make sure that you completely understand the risk before retrieving any suggestions from the above link.
Lisa Zheng
TechNet Community Support

Change voice vlan on specific ports

I need to test a new phone system that is running on vlan 120. The problem is my current voice vlan 110 is still in use for my current phone system. How can I assign a different voice vlan for a single port without having it propagate to the rest of the switch or the other sbs switches in my network?

Hello,
In regards to the Small Business Switches, you can only have a single Voice Vlan configured on them.
Now, since what you are trying to do is to test the connectivity on a single phone, I don't think that you will really have to change or Add a new Voice VLAN, maybe you can get it to work by changing the port to an Access Port with VLAN 120 Untagged, and then they should communicate as long as they are on the same VLAN.
Please let us know if this works, I'm not sure it will since the device is meant to only handle a single Voice VLAN as I said before, but it is worth the try.

Anyconnect Vlan access

I have a asa 5505 that we setup up a vpn connection to recently. Everything on our internal vlan (120) works fine when using the VPN. Although VPN clients cannot access the Voice vlan (200). I have added the voice network to the ACL list and mapped it to the anyconnect connection profile. Still a no go. Any ideas? Config below
interface Vlan2
nameif outside
security-level 0
ip address 255.255.255.252
banner login WARNING!!! This is a private network device. Authorized access only. Unauthorized access is not allowed and will be logged, proper action will be taken.
banner motd Don't access this router without proper authorization.
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 75.75.75.75
name-server 75.75.76.76
domain-name valleyview.local
object network obj-10.193.5.248
subnet 10.193.5.248 255.255.255.248
object network obj-10.193.5.0
subnet 10.193.5.0 255.255.255.0
object network obj-10.193.5.230
host 10.193.5.230
object network obj-10.193.5.230-02
host 10.193.5.230
object network obj-10.193.5.230-03
host 10.193.5.230
object network obj-10.193.5.77
host 10.193.5.77
object network obj-10.193.5.77-01
host 10.193.5.77
object network obj-10.193.5.230-04
host 10.193.5.230
object network obj-10.193.5.230-05
host 10.193.5.230
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Exchange
host 10.193.5.230
object network VPN_NETWORK
subnet 192.168.22.0 255.255.255.248
object network Voice_Network
subnet 10.200.1.0 255.255.255.0
description Voice Network
object network VPN_CLIENTS
subnet 192.168.22.0 255.255.255.248
object network NETWORK_OBJ_192.168.22.0_29
subnet 192.168.22.0 255.255.255.248
object-group network DM_INLINE_NETWORK_1
network-object 0.0.0.0 0.0.0.0
network-object object Voice_Network
access-list inside_out extended permit ip host 10.193.5.230 any4
access-list inside_out extended deny tcp 10.193.5.0 255.255.255.0 any4 eq smtp log debugging
access-list inside_out extended permit ip 10.193.5.0 255.255.255.0 any4
access-list inside_out extended permit ip object Voice_Network any
access-list inside_out extended permit ip object VPN_CLIENTS any inactive
access-list extended extended permit gre any4 host 173.163.35.105
access-list oustside_in extended permit gre any4 host 173.163.35.105 inactive
access-list VPNUsers_splitTunnelAcl standard permit 10.193.5.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any4 10.193.5.248 255.255.255.248
access-list inside_nat0_outbound extended permit ip 10.193.5.0 255.255.255.0 10.193.5.248 255.255.255.248
access-list DefaultRAGroup_splitTunnelAcl standard permit any4
access-list VPN_splitTunnelAcl standard permit any4
access-list vvn-vpn_splitTunnelAcl standard permit 10.193.5.0 255.255.255.0
access-list outside_in extended permit tcp any4 host 10.193.5.230 eq www inactive

As requested
Result of the command: "sh run"
: Saved
ASA Version 9.1(4)
hostname vvnrt0
domain-name valleyview.local
enable password encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd Hex3HvOKW72M49oO encrypted
names
ip local pool VPNIPPool 10.193.5.251-10.193.5.254 mask 255.255.255.0
ip local pool VPN_IP_Pool 192.168.22.1-192.168.22.6 mask 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.193.5.193 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 255.255.255.252
banner login WARNING!!! This is a private network device. Authorized access only. Unauthorized access is not allowed and will be logged, proper action will be taken.
banner motd Don't access this router without proper authorization.
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 75.75.75.75
name-server 75.75.76.76
domain-name valleyview.local
object network obj-10.193.5.248
subnet 10.193.5.248 255.255.255.248
object network obj-10.193.5.0
subnet 10.193.5.0 255.255.255.0
object network obj-10.193.5.230
host 10.193.5.230
object network obj-10.193.5.230-02
host 10.193.5.230
object network obj-10.193.5.230-03
host 10.193.5.230
object network obj-10.193.5.77
host 10.193.5.77
object network obj-10.193.5.77-01
host 10.193.5.77
object network obj-10.193.5.230-04
host 10.193.5.230
object network obj-10.193.5.230-05
host 10.193.5.230
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Exchange
host 10.193.5.230
object network VPN_NETWORK
subnet 192.168.22.0 255.255.255.248
object network Voice_Network
subnet 10.200.1.0 255.255.255.0
description Voice Network
object network VPN_CLIENTS
subnet 192.168.22.0 255.255.255.248
object network NETWORK_OBJ_192.168.22.0_29
subnet 192.168.22.0 255.255.255.248
object-group network DM_INLINE_NETWORK_1
network-object 0.0.0.0 0.0.0.0
network-object object Voice_Network
access-list inside_out extended permit ip host 10.193.5.230 any4
access-list inside_out extended deny tcp 10.193.5.0 255.255.255.0 any4 eq smtp log debugging
access-list inside_out extended permit ip 10.193.5.0 255.255.255.0 any4
access-list inside_out extended permit ip object Voice_Network any
access-list inside_out extended permit ip object VPN_CLIENTS any inactive
access-list extended extended permit gre any4 host 173.163.35.105
access-list oustside_in extended permit gre any4 host 173.163.35.105 inactive
access-list VPNUsers_splitTunnelAcl standard permit 10.193.5.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any4 10.193.5.248 255.255.255.248
access-list inside_nat0_outbound extended permit ip 10.193.5.0 255.255.255.0 10.193.5.248 255.255.255.248
access-list DefaultRAGroup_splitTunnelAcl standard permit any4
access-list VPN_splitTunnelAcl standard permit any4
access-list vvn-vpn_splitTunnelAcl standard permit 10.193.5.0 255.255.255.0
access-list outside_in extended permit tcp any4 host 10.193.5.230 eq www inactive
access-list outside_in extended permit tcp any4 host 10.193.5.230 eq https inactive
access-list outside_in extended permit tcp any4 host 10.193.5.230 eq 987 inactive
access-list outside_in extended permit tcp any4 host 10.193.5.230 eq 4125 inactive
access-list outside_in extended permit tcp any4 host 10.193.5.77 eq 8081 inactive
access-list outside_in extended permit tcp any4 host 10.193.5.77 eq 1099 inactive
access-list outside_in extended permit tcp any4 host 10.193.5.230 eq smtp inactive
access-list outside_in extended permit ip any object Voice_Network
access-list outside_in extended permit ip object VPN_CLIENTS 10.200.1.0 255.255.255.0 inactive
access-list All_VPN_Access extended permit ip object NETWORK_OBJ_192.168.22.0_29 object Voice_Network
access-list All_VPN_Access extended permit ip any object Voice_Network
access-list All_VPN_Access extended permit ip any any
access-list global_access extended permit ip object Voice_Network any
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,any) source static any any destination static obj-10.193.5.248 obj-10.193.5.248 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.193.5.0 obj-10.193.5.0 destination static obj-10.193.5.248 obj-10.193.5.248 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.22.0_29 NETWORK_OBJ_192.168.22.0_29 no-proxy-arp route-lookup
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_192.168.22.0_29 NETWORK_OBJ_192.168.22.0_29 no-proxy-arp route-lookup
object network obj-10.193.5.230-02
nat (inside,outside) static interface service tcp 4125 4125
object network obj-10.193.5.230-03
nat (inside,outside) static interface service tcp 987 987
object network obj-10.193.5.77
nat (inside,outside) static interface service tcp 1099 1099
object network obj-10.193.5.77-01
nat (inside,outside) static interface service tcp 8081 8081
object network obj-10.193.5.230-04
nat (inside,outside) static interface service tcp smtp smtp
object network obj-10.193.5.230-05
nat (inside,outside) static interface service tcp pptp pptp
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_out in interface inside
access-group outside_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 173.163.35.106 1
route inside 10.200.1.0 255.255.255.0 10.193.5.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPNUGRP protocol ldap
aaa-server VPNUGRP (outside) host 10.193.5.230
timeout 5
server-type auto-detect
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.193.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.193.5.0 255.255.255.0 inside
telnet timeout 30
ssh 10.193.5.0 255.255.255.0 inside
ssh 255.255.255.255 outside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 75.75.75.75 75.75.76.76
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.06079-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.193.5.230
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vvn-vpn_splitTunnelAcl
default-domain value valleyview.local
address-pools value VPN_IP_Pool
group-policy DfltGrpPolicy attributes
dns-server value 10.193.5.230
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vvn-vpn_splitTunnelAcl
address-pools value VPN_IP_Pool
group-policy GroupPolicy_Valley_View_VPN internal
group-policy GroupPolicy_Valley_View_VPN attributes
wins-server none
dns-server value 10.193.5.230 75.75.75.75
vpn-tunnel-protocol ssl-client ssl-clientless
default-domain value valleyview.local
split-dns value valleyview.local
address-pools value VPN_IP_Pool
username bcleary password encrypted privilege 15
username bcleary attributes
vpn-group-policy DfltGrpPolicy
username test password encrypted
username morefieldcomm password encrypted
username Vendor password encrypted privilege 0
username Vendor attributes
vpn-group-policy DfltGrpPolicy
username swthomas password encrypted
username compugen password encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPNIPPool
default-group-policy GroupPolicy_Valley_View_VPN
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy GroupPolicy_Valley_View_VPN
tunnel-group Valley_View_VPN type remote-access
tunnel-group Valley_View_VPN general-attributes
address-pool VPN_IP_Pool
default-group-policy GroupPolicy_Valley_View_VPN
tunnel-group Valley_View_VPN webvpn-attributes
group-alias Valley_View_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
smtp-server 10.193.5.230
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:
: end

ISA550 Voice VLAN cannot connect to WAN?

Hi,
I just bought ISA550 and used the configuration wizatrd to set it up, mostly with defaults.
I mapped GE2 to VOICE VLAN/Zone, and although the SPA122 I connected to this port now gets an IP adress (10.1.1.100),it fails to register with SIP provider.
I have LB WAN set up (bandwidth), WAN1(GE1) Primary, WAN2(GE7) secondary, but not conecting WAN2 yet until I have configuration working.
I set ALG on for SIP (and tried it 'off') but nothing seems to work.
I also checked Firewall settings and added rule to 'permit' WAN to VOICE. There was only the other direction by default.
I have also not yet updated firmware, as I have only just elevated my access to allow encrypted downloads, biut will try that later this evening, out of hours.
Otherwise, any other suggestions gratefully received.
MTIA

I have now been able to get most of this working, but had to connect SPA122 to DEFAULT VLAN (GE3).
Added traffic selectors for this and some high priority (Q2) devices. Added QoS rules for these but if I added these to the default WAN_POLICY only those explicitly mentioned could access the WAN.
I then created a a new WAN POLICY without the default QoS rules, just the new ones, and this works!
However, I need to prioritise incoming traffic but only Q1 seems to be available for incoming, so currently only SPA122 has a rule (to mark Cos). Everything else is a free for all.
I have three devices I need to give Q2 on incoming traffic, so is there a way to do this, or is the traffic precedence 'inherited' from outgoing rules?
The documentation, both shipped CD and ESD, is not very clear on this. In fact, there are places where it is just plain wrong.
Otherwise, all seems to be going well. It is handling marginal circuits and LB better than my old router.
One last point. I need to report on WAN availability. I am remote logging to a Linux system to analyse syslog, but cannot find definitive log entries to determine WAN State (DNS LInk detection). Only physical port availability is shown explicitly (Line status - which also correctly triggers email alerts). I can see nothing similar for WAN State.
I use Splunk to analyse the logs, so could use fairly complex search pattern, if necessary.
MTIA
P

CONFIGURE VOICE DATA ACCESS PORT SW SF500-48

Hi Everybody,
I have a SW SF500 small business and i need configure one port how access for Voice and data VLan. I need help with any configuration that can apply por this requirement. I attach the design that i hope to work
Thanks in advance

Here is a link to a detailed document on configuring auto voice vlan:
http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=14906e97e0c24e14836144529c214b87_Voice_VLAN_Properties_on_Sx500_Series_Managed_Switches.xml&pid=2&respid=0&snid=4&dispid=0&cpage=search
Here is a link to the admin guide(p252):
http://www.cisco.com/en/US/docs/switches/lan/csbms/Sx500/administration_guide/500_Series_Admin_Guide.pdf

Window DHCP Server is not allocting IP to Voice Vlan

Hi,
I HAVE 3560 Switch, Over that two vlan configure Data & Voice respectively. Voice id Vlan 1 and Data Id Vlan 2.Routing is done on this switch and work as L3
DHCP Server is member of Data Vlan which is connected to another 3560 Switch L2. DHCP Server is reachable.On that both vlan configured.
Switch Port configure fr both Vlan ( Switchport access vlan 2 , Switchport voice vlan 1, Switchport mode access)
WHILE Connect any pc to port DHCP server assign ip frm Data Pool while Cisco Ip phones are not getting IP. OPTION 150 is configured in DHCP.
Over both interface IP Helper is configured and pointing to DHCP Server.
For testing point configure DHCP service on switch with voice pool range ;at that moment Cisco IP phone got the IP fron switch DHCP.
Now not able to understand why window dhcp server not assigning ip for Voice.
Both Vlan are in different subnet and having / 24.
Please guide

Hi,
Checked all configuration in network,apply packet tracer and found DHCP not responding on DHCP Req.
Replace DHCP server and now working fine. :)

Voice VLAN config with multiple IP Phone systems

We currently have a legacy TDM ACD system used by the Call Centre running alongside CUCM 8.5 which is used by back office and admin staff.
When we implemented the Call Manager we configured all our access ports with the Voice VLAN to make any office moves and changes straight forward, regardless of whether or not the position would have a Cisco phone i.e. a cisco phone could be plugged into any floor port throughout the building and it would register.
Currently I am in the planning stages of replacing the legacy ACD system with Avaya Aura which will be running side by side with CUCM. My concern is that every time there are office moves, the access ports are going to have to be reconfigured to the Voice VLAN of the relevant system depending on which type of phone is at that desk.
Has anyone had similar experiences and found a solution?
Not ideal I presume, but was wondering if we could use the same Voice VLAN for both systems?

It's just a VLAN. Don't sweat it, stick them all in the same one. Nothing will explode.
Each phone system will have it's own way of locating the call processor.
CUCM = DHCP Option 150
Mitel = Some other DHCP option (128-130, and some others)
Avaya = DHCP option 176
etc...
So you can set all these on your scope, and each phone type will find it's server...
Aaron

PC Voice VLAN Access

Similar Messages

Maybe you are looking for