SG 200 50-P Voice Vlan
Hi all,
I am not familiar with the graphical interface of the SG 200-50P but I need to configure a dual data and voice vlan on a port.
I disabled globally the smarport and Auto Voice Vlan feature on the switch.
Data Vlan : 2
Voice Vlan: 3
All ports connected between the switches and to the Virtual Machine DHCP server are configured as trunk with the Vlan 2 and 3 "TAGGED"
If I connect an IP phone to a trunk port (Vlan 2 Untagged and Vlan 3 Tagged) which i think thats the appropriate way to do it, the phone will get an IP from the scope of the data vlan (192.168.1.x/24).
If I connect the IP phone to a trunk port (Vlan 2 Tagged and Vlan 3 Untagged), the phone will get an IP from the Voice vlan scope (192.168.3.x/24) but the PC attached to the phone will also have an IP from the voice vlan scope.
Please advise
For that problem I configured the following:
Port mode to "General":
vlan2 unttaged
vlan3 tagged
At Media VLan I enabled the Application "voice" and "voice signaling" for that port
Similar Messages
-
SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN
Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
- Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
- Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
- I created two vlans, in switch, Data and Voice.
- On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
- On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
- On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
- Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
- Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
- Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
- enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server -
802.1x / dot1x Authentication, including Voice-Vlan and Guest-Vlan
Hello,
i have tried to configure a dot1x based Authentication.
With an single host including guest-vlan, everything works fine.
But i want to use an IP-Phone (wich is every times authenticated) and behind the Phone an Client.
Is there a possible solution? And unfortunately IP-Phones are Avaya-Phones.
i have just tried so...
interface GigabitEthernet0/4
switchport access vlan 121
switchport mode access
switchport voice vlan 200
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 121
authentication event server alive action reinitialize
authentication host-mode multi-host
authentication order dot1x
authentication port-control auto
authentication periodic
authentication violation restrict
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 1
spanning-tree portfast
Thanks, for any possible solution!unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
What are using for a radius server? -
Hi,
I have a call manager connected to switch with three VLANS configured, one voice vlan and two data vlan,
int f0/1-2
switchport mode access
switchport access VLAN 200
int f0/3-23
switchport mode access
switchport access VLAN 300
switchport voice VLAN 100
intf0/24
switchport mode trunk
switchport trunk encapsulation dot1q
int g0/0.100
encapsulation dot1q 100
ip address 172.100.1.1 255.255.255.0
int g0/0.200
encapsulation dot1q 100
ip address 172.200.1.1 255.255.255.0
int g0/0.300
encapsulation dot1q 100
ip address 172.300.1.1 255.255.255.0
I am able to access the call manager if I assign it an IP under data VLAN range, but if I assign IP under voice VLAN( 172.100.1.0/24 ) i am not able to access the call manager, If i assign an IP address to the call manager under voice VLAN I am not able to ping even the default gateway 172.100.1.1
What may be the issue.
Regards,
ShaggyHi,
try this.
int g0/0.100
encapsulation dot1q 100
ip address 172.100.1.1 255.255.255.0
int g0/0.200
encapsulation dot1q 200
ip address 172.200.1.1 255.255.255.0
int g0/0.300
encapsulation dot1q 300
ip address 172.300.1.1 255.255.255.0
hth
Muammer -
802.1x, voice vlan and IP phone
Hi, I reviewed many posts here, and I still need the clarification how 802.1x on the switch works with non-Cisco IP phone (not supporting CDP) and PC connected to the PC port. If I configure 802.1x on a switch port, along with access and voice vlan, next I configure the static voice vlan on the non-Cisco phone, will it be possible to authenticate the user on the PC and bypass authentication for IP phone? Is CDP required in such scenario - (non-Cisco IP phone doesn't support it)?
Regards,
KrzysztofYou need CDP for touchless interop. CDP can of course be spoofed though, so proceed with caustion anyway.
You need multi-domain authentication to appropriately deal with non-Cisco phones and port-based access-control. See here to get started:
<http://www.cisco.com/en/US/products/ps7077/products_configuration_guide_chapter09186a008077a284.html#wp1231964>
Hope this helps, -
Potential Security Hole with 802.1x and Voice VLANs?
I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
Has anyone done any research into this potential security hole?
Thanks
AndyThanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
Andy -
I had read articles on cco, and I believed for the same switch port we can have 802.1x configure and the voice vlan configure. It mean the IP phone is connect to the switch port with 802.1x configured, but the phone will not autheticate, only the workstation connect to phone data port will get authenticate.
I had configured 802.1x and test with notebook logon and able to access the network. Now I would like to test the notebook attached to IP phone data port, and the phone connect to switch port configure with 802.1x. But I failed to add voice vlan commmand. Why ?
interface GigabitEthernet9/48
description temporary port
switchport
switchport access vlan 12
switchport mode access
no ip address
dot1x port-control auto
spanning-tree portfast
CIG01-ENT-SW1(config-if)#switchport voice vlan 14
Command rejected: Gi9/48 is Dot1x enabled port.Using IEEE 802.1x Authentication with Voice VLAN Ports
A voice VLAN port is a special access port associated with two VLAN identifiers:
?VVID to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.
?PVID to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.
In single-host mode, only the IP phone is allowed on the voice VLAN. In multiple-hosts mode, additional clients can send traffic on the voice VLAN after a supplicant is authenticated on the PVID. When multiple-hosts mode is enabled, the supplicant authentication affects both the PVID and the VVID.
A voice VLAN port becomes active when there is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When IEEE 802.1x authentication is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
When IEEE 802.1x authentication is enabled on a port, you cannot configure a port VLAN that is equal to a voice VLAN.
Waht kind of switch do you have? In 3550 I can configure the port for both vvid and pvid:
interface FastEthernet0/1
switchport access vlan 3
switchport mode access
switchport voice vlan 2
no ip address
dot1x port-control auto
spanning-tree portfast
end
Nevertheless, as the statement above indicates, the port will need to be configured for multi-host in order the PC behind the phone get autehntication:
under the interface configure "dot1x host-mode multi-host"
Nevermind, I just realized that you might have a 5600 running native, checking the configuration guide and realese notes it does not looks like dot1x and vvlan can play together in that platform. -
Setting up a Test Voice VLAN for Lync 2013
I want to set up a second voice vlan to be a test vlan.
In the current situation the customer has voice and data running on vlan1. The customer insist on taking incremental steps to improve QoS. I have advocated separated vlans for voice and data. They just want to move everything (phase 1) to a different
vlan. They want to see how getting all traffic of vlan 1 will improve there performance. Again, I recommended the best practice, they want to try this approach first.
I am conducting a pilot test with just one cx600 IP phone. and a single switchport. I created a new vlan99 using VTP. I configured the switchports on the Cisco 2960-x switch as follows.
#switchport mode access
#switchport access vlan 99
The phone gets its correct vlan id, and pulls its IP from the correct dhcp scope. However the phone displays "connecting with the lync server" for a long time, then "connecting to download its certificates". This takes a long time then fails.
If I change the switchport back to vlan1 it works fine. What can be the problem? Does the vlan99 need to be defined on the lync server? How many vlans can be supported by Lync 2013?
Thank you,
gigiuDid you set the VLAN Configuration for Lync Phone Edition?
You can check the following links:
http://blog.schertz.name/2011/01/manual-vlan-configuration-for-lync-phone-edition/
http://www.bricomp.com/blogs/post.cfm/dedicated-voice-vlan-for-lync-devices
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
make sure that you completely understand the risk before retrieving any suggestions from the above link.
Lisa Zheng
TechNet Community Support -
Cisco Layer 3, Voice, & VLAN
I have a vSphere 5.5 install and I'm in the process of a network upgrade in preparation for a VOIP implementation. The Switch hardware I'm using is a stack of Cisco 3850 Layer 3 switches and I've been going in circles on getting vlan traffic to work correctly. Hopefully someone can point me in the right direction.
I have one NIC connected to the switch (10GB fiber) that will handle all traffic for the esxi host (except for management). VLAN ID is set to None (0) and load balancing is set to Route based on originating virtual port.
I have 2 subnets, 10.1.0.0/16 (data & management, VLAN 1) and 10.10.1.0/24 (Voice, VLAN 10)
On the host I have a Win 2012 R2 server that will be a VOIP PBX host. It must be able to communicate with the IP phones (VLAN 10) and other servers (VLAN 1).
The switches will do the intervlan routing.
Finally my question - Can anyone give me some hints on how to set up the interface on the Cisco for the 10GB fiber connection from my host? Actual port settings would be extremely helpful. Anything I'm doing at the vmware end that I should be doing differently?In case anyone comes across this in a search, here's what I ended up with, 1st the Cisco switch:
switchport trunk allowed vlan 1,10
switchport mode trunk
switchport nonegotiate
switchport voice vlan 10
macro description cisco-switch
spanning-tree portfast
spanning-tree link-type point-to-point
The virtual switch I set to all vlan IDs and Route based on originating virtual port. -
Change voice vlan on specific ports
I need to test a new phone system that is running on vlan 120. The problem is my current voice vlan 110 is still in use for my current phone system. How can I assign a different voice vlan for a single port without having it propagate to the rest of the switch or the other sbs switches in my network?
Hello,
In regards to the Small Business Switches, you can only have a single Voice Vlan configured on them.
Now, since what you are trying to do is to test the connectivity on a single phone, I don't think that you will really have to change or Add a new Voice VLAN, maybe you can get it to work by changing the port to an Access Port with VLAN 120 Untagged, and then they should communicate as long as they are on the same VLAN.
Please let us know if this works, I'm not sure it will since the device is meant to only handle a single Voice VLAN as I said before, but it is worth the try. -
Hey guys,
I am pretty sure, my subject is kinda confusing. Sorry about that. Here is what happened.
1. 4510r with Supervisor V 1000BaseX, switched over to standby Sup, then reseated Active SUP, once reseat complete, switched again to get the reseated SUP up and running as Active SUP.
2. a simple maintenance which was supposed to cause no outage and it did not cause any outage as well.
3. however, what i did not notice was, even though the voice vlan was configured to access 2353, they were accessing vlan 453.
4. the change was made 2 weeks prior to this maintenance where voice vlans were previously accessing 453 and they were all changed to access 2353. configs were saved.
5. however, after the maintenance, the running config showed that they were acessing 2353 but when checking the mac address on the interface, it was seen accessing 453.
6. the fix was to remove the config and re add it , that fixed it.
Has anyone else experienced the issue ? What really happened there ?
software version: Version 15.0(2)SG5
#sh module
Chassis Type : WS-C4510R
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model
---+-----+--------------------------------------+------------------+-----------
1 2 Supervisor V 1000BaseX (GBIC) WS-X4516
2 2 Supervisor V 1000BaseX (GBIC) WS-X4516
3 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
5 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
6 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
7 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
8 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45V
9 48 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4548-GB-RJ45Vconfigs were saved many times prior to the maintenance. i did a " write mem ".
-
Help w/Voice VLAN on SMB 300-10p
We have purchased serveral new SMB 300 switches to support our VoIP rollout and save cost. I'm use to using the CLI on cisco devices, but now i'm stuck figuring out the GUI that comes with these switches.
I have setup the Voice VLAN to be 100, i have setup the port type as general, and i have added the port to VLAN 4 (data vlan). when i plug the NEC phone into the switchport and the computer into the phone, the computer gets an IP in VLAN 4 but the phone gets an IP from VLAN 1 not VLAN 100.
Like i said i set the Voice VLAN to 100, but when i look at the Macro for the smartport it is saying the voice vlan is 1. Do i have to manually change the macro somehow? can i change the macro somehow?
Sorry i don't have a lot of info in this post. If you need to know how anything else is configured just ask i'll post it up.
Thanks
KarlHi Karl,
You can use the serial db9 console cable that came with it for a hardwired connection (I use putty):
Also you can enable telnet and/or ssh: Status and Statistics -> System Summary, look for TCP/UDP services status and then hit Edit, enable what you want, hit apply, and remember to save the config. Also, you can go right to Security -> TCP/UDP services to enable:
Best,
David
Please remember to rate helpful posts and identify correct answers. -
Video conferencing, voice, VLAN and Catalyst 2950, 3500 and 6500 switches
We have a Cat6500 with MSFC in the COre/Distribution, mix of 2950 and 3524XL in the closets in the HQ. Every closet will be on one VLAN. There are 5 remote sites on a Frame with 768 CIR. There will be one Polycom VC station in the HQ per closet, one Polycom per remote site. Additionally, every PC everywhere will be using desktop NetMeeting for VC. CallManager and IP Phones will be everywhere. My questions are:
1. should I put the Polycom on the same VLAN as the PC's with COS set to 4 at layer 2 and IP Precedence set to 4 at layer3? IP Phones are already on a seperate voice VLAN .
2. Should I put Polycom on it's own VLAN and seperate from the PC VLANs? If I do it this way should I set COS and IP precedence for the PC's with NetMeeting?
3. any sample config. for the Catalyst switches?
Thanks!
ChrisChris,
Check out this IP telephony design guide. Hope it is of some help to you:
http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/network/ -
CIPC Doesnt take voice vlan Ip Address
ia have my pc (windows) connected to a 3com switch and its takes the ip address from an active directory. but to apply Voice QoS, i need that the CIPC takes an ip address from the voice vlan. placing a 7911 or 7941 in the network plug they take the voice vlan ip address. how i configure the CIPC to takes the voice vlan ip address?
CIPC is a SW running on a PC and uses the IP address of the PC.
You just have to configure the the IP address of the TFTP server (Callmanager running the TFTP service).
Therefore there is no need for the phone to get a IP address from the Voice VLAN.
Pierre. -
Can someone point me to a link for setting up voice vlan ? we're trying to use Cisco wireless phone 7920 and would like to know about setting up the voice vlan. Thank you very much.
http://www.cisco.com/en/US/products/hw/phones/ps379/products_implementation_design_guide_book09186a00802a029a.html
Maybe you are looking for
-
VIA Raid 0: Red screen of Death - fatal error during boot sequence
I have been using two Maxtor 120GB SATA drives in a RAID 0 array on my Athlon 64 MSI MB. I have occasionally had messages saying "Hard disk error. Can't find drive 0". I've assumed that this has been a driver issue because if I power down, wait a w
-
OK, so basically I've been having this problem where I'm unable to update the apps on my iPad through the App Store. The badge icon of the App Store displays a number 8, which should mean that there are 8 apps with updates, however, upon opening the
-
I just downloaded 30 free apps from Itunes but when I tap on them on my Ipad nothing happens.
I have tried reset but that didn't help either. I have plenty of room according to the Itunes connection to my Ipad so why won't the apps I just downloaded open. Most were free but I may have paid for 2. I also cannot download apps from my Ipad al
-
hallow i doing this select and it take more then 10 minutes and i don't now way because object_key have just 60 entries ? how i can slve this problem? Regards SELECT * FROM covp APPENDING TABLE *covp FOR ALL ENTRIES IN object_key
-
Why is the helpdesk of Adobe unreachable?
Hi there, I bought myself a brand-new Apple Mac Book Pro yesterday, the newest... Superhappy ....until I started downloading programs from CC. Trying for hours, It did not not work. I tried to contact Adobe, but, what a frustrating experience was tha