Voice VLAN vs Data VLAN

Similar Messages

• Voice & Data VLAN Implementation

  Hello,
  We have recently purchased an asterisk based IP PBX, it is hosted in-house which uses Grandstream IP GXP1405 Phones.  We have configured and installed. we are able to receive calls and dial out.  Unfortunately our infrastructure was not up to par with the PBX.  We purchased an SG300 20 port switch, with two RV320 VPN Dual Wan Routers.  We have a total of 4 offices.  this is the current setup:
  HQ 1 - Asterisk Based IP PBX, RV320 VPN router, & SG300
  HQ2 - RV320 VPN Router
  Office 1 - Simple Linksys Router
  Office 2 - Simple Linksys Router
  We have established connectivity using the Tunnels incorporated onto the RV320 Routers, so we are able to connect to the HQ locations.
  However since the RV320 has dual WAN setup's, we have now have 2 Internet Connections independent from each other.  Our goal is to perform the following: 
  WAN 1 = to be used for Data Traffic
  WAN 2 = to be used for Voice Traffic
  We would like to do this by separating the VLAN's and directing the traffic from one VLAN to a specific WAN using the equipment above.
  We are having issues establishing the voice VLAN and redirecting the traffic once created.
  Any help would be appreciated it.
  Thanks,

  Hi Soiser,
  My name is Mehdi from Cisco Technical Support, 
  For the Voice & Data VLAN Implementation we can manage to do it with different way :
  First example hard coding the voice vlan
  1. we can have the switch Layer 2
  2. Configure on the switch Vlan Data and Vlan voice (in this example will have Vlan 1 Data and 100 is Voice vlan) --> under Vlan management --> Create Vlan
  3. Configure the port from where the switch is connected to the Router and change it to Trunk port and add vlan voice (until here we made the data traffic as untagged traffic and voice traffic as tagged) by going under Vlan managemnent --> Port Vlan Membership --> select port 20 --> click on join vlan --> by default you have 1UP in the right so now select vlan 100 and select Tagged and move it to the right
  4. And the same trunk port with both vlan for all the port on the switch where you have voice and data
  5. here we done with the switch
  Second Using Auto-voice Vlan implementation 
  1. We Can have the switch also layer 2
  2. we need to configure the AUTO-Voice Vlan under vlan management--Voice Vlan --> Properties by changing the voice vlan 100 and we have two option to choose
         Dynamic Voice VLAN: Enable Auto Voice VLAN OR  Enable Telephony OUI :  the difference is when you have Cisco Phone enable                                 auto-voice vlan and the phone will take all the informations like (Vlan ,..) via CDP protocol
         if you have 3rd part Phone select Enable Telephony OUI and configure the first 3 bits of the MAC address of the phones by going under voice                 vlan -->Telephony OUI --> add 3 bits of the MAC address of the phone but not for all the phones is by model remember first 3 bits of mac
              address is the model of the device!
   Auto Voice VLAN Activation: select "Immediate"
  3. and enable telephony OUI interface  
  -------> We didn't configure voice vlan the switch will assign voice vlan to the phones when they connect to the switch by CDP or Telephony OUI
  Now going to the router :
  - By default RV320 Has Vlan ID 100 with subnet 192.168.3.1 so we can change only the ip address of vlan interface or if you deleted by some reason we will need to create a voice vlan by going to Setup-->Network--> multiple Subnet Table --> Create the Vlan interface in my example i will put 10.10.10.1 and mask 255.255.255.0
  - Just to check if you going to port management --> Vlan Membership you will see vlan 1 is untagged and vlan voice is tagged this also in our switch !! you can connect the switch from any port of the router since all of them are the same
  - if you wantr to change and coding only port 4 for example as trunk and remove other port the voice vlan you can 
  ---> Now should work the voice vlan and data vlan 
  But we have two WAN and you want to bind the WAN 1 to Data and Wan 2 to Voice
  we need to configure Protocol Binding
  under System management --> Dual WAN --> Protocol Binding 
  there we can choose all traffic , source IP (voice network 10.10.10.1 - 10.10.10.254) , destination 1.0.0.1 to 223.255.255.254, and select WAN 2
  and another rule but the source will be the data network and select WAN 1
  This is it just example and how the Voice vlan work and how to use Protocol binding if you have two WAN 
  Please if you have the switch on L3 by some reason and you have SVI configured in the switch , please call the Cisco Technical Support Center we will be happy to help you to accomplish your need with layer 3 switch is almost the same few change and we need more information's from your topology that's why by phone is better !! :)
  Please rate the post or mark as answered to help other Cisco Customers
  Have a nice day
  Regards
  Mehdi

• Query on Vocie and Data VLan on same Swithc port

  Hi All,
  This is query regarding allowing both Vocie and data Vlans on a single switch port. I knew tehre are different ways to configure and acheive this, but not sure how techncially they are different from each other>
  Way 1:
  interface FastEthernet1/5
  description *** IP Phone/Data Port ***
  switchport trunk native vlan 10
  switchport mode trunk
  switchport voice vlan 16
  no logging event link-status
  no snmp trap link-status
  mls qos trust cos
  spanning-tree portfast
  sh int trunk
  Port      Mode         Encapsulation  Status        Native vlan
  Fa1/5     on           802.1q         trunking      10
  Fa1/7     on           802.1q         trunking      10
  Fa1/12    on           802.1q         trunking      10
  Fa1/13    on           802.1q         trunking      10
  Fa1/14    on           802.1q         trunking      10
  Port      Vlans allowed on trunk
  Fa1/5     1-1005
  Fa1/7     1-1005
  Fa1/12    1-1005
  Fa1/13    1-1005
  Fa1/14    1-1005
  Port      Vlans allowed and active in management domain
  Fa1/5     1,10,16
  Fa1/7     1,10,16
  Fa1/12    1,10,16
  Fa1/13    1,10,16
  Fa1/14    1,10,16
  Port      Vlans in spanning tree forwarding state and not pruned
  Port      Vlans in spanning tree forwarding state and not pruned
  Fa1/5     1,10,16
  Fa1/7     1,10,16
  Fa1/12    1,10,16
  Fa1/13    1,10,16
  Fa1/14    1,10,16
  sh vlan-switch
  VLAN Name                             Status    Ports
  1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                  Fa1/4, Fa1/6, Fa1/8, Fa1/9
                                                  Fa1/10, Fa1/11, Fa1/15
  10  DVLAN                            active
  16  VVLAN                            active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                  Fa1/4, Fa1/6, Fa1/8, Fa1/9
                                                  Fa1/10, Fa1/11, Fa1/15
  In the above config, the port Fa 1/5 which is currnetly up and running( this port is ocnencted with IP phoen and a PC)  is not shown in sh vlan-switch output as assigned to vlan 10 or vlan 16. Not sure it is becuase the output was taken from ISR rotuer with NM 16-ESW module .
  sh int fa 1/5 switchp
  Name: Fa1/5
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: Disabled
  Access Mode VLAN: 0 ((Inactive))
  Trunking Native Mode VLAN: 10 (DVLAN)
  Trunking VLANs Enabled: ALL
  Trunking VLANs Active: 1,10,16
  Priority for untagged frames: 0
  Override vlan tag priority: FALSE
  Voice VLAN: 16
  Appliance trust: none
  In above ocnfig, the port is configured as trunk and hence it can carry multiple vlan traffic on swithcport. As IP phones will have inbuilt switch which runs DTP by default and CDP to reciognize the conencted devcies.  I am not sure how this config works as even it's configured as trunk the DTP negotiation is disabled and how phone switch can differentiate the voice frames and data frames. Please explain in loigcal as it's known that as we have confgiured vlan 10 as native and vocie vlan 16 as trunk it carries the voice traffic.
  Way 2:
  interface FastEthernet1/2
  description *** IP Phone/Data Port ***
  switchport access vlan 10
  switchport mode access
  switchport voice vlan 16
  no logging event link-status
  no snmp trap link-status
  mls qos trust cos
  spanning-tree portfast
  In the above config, even the port is access it's carrying multiple vlan traffic despite of being trunk port. Not sure how the trunk will be formed even DTP neogotiation is off. Isi t because of voice vlan command and if so what it deos exactly.  Please can anyone elaborate in detail. Sorry, if my post is big and confusing
  sh int fa 1/2 switchport
  Name: Fa1/2
  Switchport: Enabled
  Administrative Mode: static access
  Operational Mode: static access
  Administrative Trunking Encapsulation: negotiate
  Operational Trunking Encapsulation: native
  Negotiation of Trunking: Off

  Switch - Phone - PC
  1. First question:
       # int f0/1
       # switchport mode access
       # spanning-tree portfast
       # switchport access vlan 50
       # switchport voice vlan 10
  This is the ideal way to configure and in all latest IOS Switches and in latest ISR routers, we do this as the command "switch port voice vlan" command  says to switch port that it carries the voice traffic as tagged and PC as untagged.
  As we all know the default switch port of a switch will be either Dynamic auto or Dynamic Desirable which means DTP is on and in turn it means negotiation of trunking is ON. This is as per my understanding.
  The Sub-Questions for 1st Question are below:
  1  Does the trunk negotiation happen between Access Switch switch port and Mini 3 Port Switch within the IP Phone. If mini switch in IP PHone negotiates to form  trunk based on DTP then what’s the default switch port mode of mini switch in the IP Phone.
  2. As in above config we are no where mentioning the port to be trunk. But it’s still allowing multiple vlan’s traffic to carry on access port. The switchport mode is access when you do “ sh int fa 0/1 swithcport.”.  Is it the swithcport voice vlan command does the magic?
  2. Second Question:
       # int f0/1
       # switchport trunk encapsulation dot1q
       # switchport trunk native vlan 10     (data VLAN)
       # switchport mode trunk
       # swichport voice vlan 15
  The Sub-Questions for 2nd Question are below:
  When do we use this configuration.? In my set-up the above config is seen on 2811 ISR routers with NM-16ESW modules.  Can’t we configure the data vlan a switch port access vlan 10 , instead of trunk native vlan.

• Configure Voice and Data VLAN in CISCO SF 300 8P

  I have a couple of Cisco SF 300 8P and 24 P Switches. I have voice and Data VLAN configured as :
  Data VLAN : Default 145.17.59.0/24
  Voice VLAN : VLAN 20 172.22.20.0/24
  I have different DHCP servers as for Data VLAN we have physical server which is configured for 145.17.59.* IP Scope and Voice VLAN DHCP Server is configured in Gateway router with option 150.
  This configuation works fine with other cisco swiches like 2960 and 3750 etc except CISCO SF 300 8P and 24P. I was trying to configure both voice and Data VLAN in these CISCO Switches so that CISCO phone (Model 6941) shold get IP from Voice VLAN and PC should get IP from Data VLAN DHCP Server. I have tried several techniques like LLDP, Port to VLAN Config etc.
  Can anyone please guide me/help on this.
  Regards,
  A K.M.Sayeed

  Hi A.K.M., with Cisco phones you should be able to simply set auto voice VLAN to be VLAN20. 
  voice vlan id 20
  You should ensure CDP and/or LLDP are enabled as well. I would check this in web GUI. DHCP for the phones can come from the switch, a DHCP server on a VLAN20 access port or you can use dhcp helper to redirect DHCP to server elsewhere.
  If you prefer or have issues with CDP or LLDP you can also program ports as trunks and add tagged VLAN 20 to them.  In this scenario you need to insure inter-vlan routing is working and that phones download config file with corrrect VLAN config.
  These switches do not run ios so they are similar but different than catalyst switches you referred to.
  -- please remember to rate helpful posts --

• Passing voice and data Vlans on Cisco SG200-08P help

  Hello All,
  I'm struggling with a configuration issue on the Cisco SG200-08P.
  We are using the Cisco SG200-08P on a mobile cart that will go from class room to class room that will have computer and cisco Voip phone plugged into it. The issue is that each of our closets are in differnt VLANS ( 1 voice and 1 data....lets say data vlan 20 and voice vlan 2025 for conversation) and that we route to each closet.
  It would be great if I could just create a generic data and voice vlan to dynamically pick up what the upstream switch has however, it seems that I've been unsuccessful in doing so.
  So far I can pass the data Vlan no probablem. The upstream switch port is set to access port and a switch port access voice vlan (these are 3750x switches)
  If the above is not possible I guess I will take what I can get. Should I just create data vlan 20 and voice vlan2025 on the Cisco SG200-08P and make a trunk port on the Cisco SG200-08P and a trunk on the 3750x? Is there an option on the Cisco SG200-08P to tag voice traffic?
  I'm also concerned with VTP and I did not see an area in the Cisco SG200-08P to set that as a client and transparent mode.
  Thanks for any help,
  Dan

  On a Catalyst switch, when a port is defined as a trunk without a vlan specified on the port, all vlan pass through the port. On a small business switch it is nearly the opposite. You must specify the vlans on the links. Additionally, ingress filter discards anything not associated to the port.
  802.1q specifies there must be an untagged vlan which is the native vlan (of course you can make exceptions, tagging the default vlan..).
  One thing I did in the past with a 2960, I made an LLDP network policy and it basically "provisioned" the downstream switch connecting link and voice vlan. That may be another idea for you.
  Here's a link that may be useful-
  https://supportforums.cisco.com/message/3811376
  Here is the 2960 config I used to feed a SB switch voice info
  Switch#show run
  Building configuration...
  Current configuration : 2206 bytes
  ! Last configuration change at 00:41:16 UTC Mon Mar 1 1993
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Switch
  boot-start-marker
  boot-end-marker
  no aaa new-model
  system mtu routing 1500
  vtp mode transparent
  network-policy profile 1
  voice vlan 100 cos 4
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  vlan 2
  name test
  vlan 100
  lldp run
  interface FastEthernet0/1
  network-policy 1
  spanning-tree portfast
  interface FastEthernet0/2
  interface FastEthernet0/3
  interface FastEthernet0/4
  interface FastEthernet0/5
  interface FastEthernet0/6
  interface FastEthernet0/7
  interface FastEthernet0/8
  interface FastEthernet0/9
  interface FastEthernet0/10
  interface FastEthernet0/11
  interface FastEthernet0/12
  interface FastEthernet0/13
  interface FastEthernet0/14
  interface FastEthernet0/15
  interface FastEthernet0/16
  interface FastEthernet0/17
  interface FastEthernet0/18
  interface FastEthernet0/19
  interface FastEthernet0/20
  interface FastEthernet0/21
  interface FastEthernet0/22
  interface FastEthernet0/23
  interface FastEthernet0/24
  interface FastEthernet0/25
  interface FastEthernet0/26
  interface FastEthernet0/27
  interface FastEthernet0/28
  interface FastEthernet0/29
  interface FastEthernet0/30
  interface FastEthernet0/31
  interface FastEthernet0/32
  interface FastEthernet0/33
  interface FastEthernet0/34
  interface FastEthernet0/35
  interface FastEthernet0/36
  interface FastEthernet0/37
  interface FastEthernet0/38
  interface FastEthernet0/39
  interface FastEthernet0/40
  interface FastEthernet0/41
  interface FastEthernet0/42
  interface FastEthernet0/43
  interface FastEthernet0/44
  interface FastEthernet0/45
  interface FastEthernet0/46
  interface FastEthernet0/47
  interface FastEthernet0/48
  interface GigabitEthernet0/1
  switchport mode trunk
  interface GigabitEthernet0/2
  interface Vlan1
  no ip address
  interface Vlan100
  no ip address
  ip http server
  ip http secure-server
  logging esm config
  line con 0
  line vty 5 15
  end
  Switch#
  -Tom
  Please mark answered for helpful posts

• Voice and Data Vlan Routing for CUPC and IP Phones ?

  The IP Phones are in 10.1.1.0/24 network (Voice Vlan 10) , Desktop Computers are installed with CUPC 8.5 and they are in 11.2.2.0/24 network (DATA VLAN 20) , Unfied Communication Applications like CUCM , Cisco Unified Presence Server, Contact Center Express are in 172.16.10.0/24 network(Vlan 30). When using Clients like Cisco Unified Personal Communicator, How the Communication between  CUPC(DATA Vlan)and IP Phones(VOICE Vlan) is possible?.How network should be configured or designed ? If i make intervlan routing it creates Security problems.what is the best practiced network Configs for these kind of Scenario ? Even if i prefer to configure Intervlan routing, Which all TCP/UDP ports are to be allowed / blocked between VLANS ??

  Hi Mohammed,
  Hosts on separate vlans communicate with each other through routing, as they are not in the same broadcast domain. Some of the systems you mention use a wide range of ports and, depending on system and installed version, documentation is generally available.
  e.g
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/8_5_1/portlist851.html
  or
  http://www.cisco.com/en/US/docs/voice_ip_comm/cupc/8_5/english/release/notes/cupc85.html#wp39407
  Be also aware that RTP communication uses extended ranges of ephemeral ports.

• Change data vlan

  How to change data vlan for PC connected behind ip phone. I've tried with switchport trunk native vlan XXX but it didn't work, here is present config
  interface FastEthernet0/12
  switchport mode dynamic desirable
  switchport voice vlan 10
  mls qos trust device cisco-phone
  mls qos trust cos
  auto qos voip cisco-phone
  wrr-queue bandwidth 20 1 80 1
  wrr-queue min-reserve 1 5
  wrr-queue min-reserve 2 6
  wrr-queue min-reserve 3 7
  wrr-queue min-reserve 4 8
  wrr-queue cos-map 1 0 1 2 4
  wrr-queue cos-map 3 3 6 7
  wrr-queue cos-map 4 5
  priority-queue out
  spanning-tree portfast
  end

  All you need is "switchport accss vlan

• How to configure SGE2000P with CISCO 7900 phones and data VLAN

  Hello all
  I am having problem setting up SGE2000P switches to work with my default data VLAN and additional voice VLAN. I am configuring it to pick IP address for phones from voice VLAN which is working fine but when I connect a PC on phone port it is also picking up an IP from Voice VLAN while default VLAN is data with different scope of IP.
  Is there any good discussion or documents out there to help me resolve this issue before I pack these switches and purchase ESW 500 series. I have ESW 500 at another client and they are working fine out of the box but this guy is giving me hard time.
  Any suggestions help will be appreciated
  Mo

  HI Muhammed,
  I suggest you contact the Small Business Support Center for some help:
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport

• Voice Vlan and Native Vlan

  Dear all,
  I am now reading some information regarding the setup of Voip Phone. It mentioned that the Phone is actually a 3-ports switch:
  Port 1: Connect to upstream switch
  Port 2: Transfer Phone traffic
  Port 3: Connect to a PC
  Actually, what should i configure on the upstream switch port? Should it be a trunk port containing both the voice traffic vlan and pc data vlan?
  Or something else?
  Also, there is a term called 'Voice Vlan', is there any different between 'Voice vlan' and ordinary Vlan ?
  Is there any special usage of 'Native' Vlan in implementing Voip?
  Thanks.
  Br,
  aslnet

  Thanks.
  How about if the PC data should be tagged as another vlan (e.g., Vlan 10)? Then I should change the native vlan to vlan 10?
  But from my understanding, Native Vlan should be the same in the whole network, then I need to change the whole network native vlan? If there are different vlans should be assigned to different PCs that behind different VoIP-phone, then how to do it?
  From my guessing, is it i can assign individual native vlan (vlan10) on that port (connect to voip-phone), and then keep the switch's uplink port as original native vlan (vlan1).
  Therefore, PC data traffic would be untagged when entering from voip to the switch, and then tagged as vlan10 when leaving the switch to other uplink switch, right?
  Thanks.

• Default/native vlan- voip data question- cisco sf300

  hi everybody,
  I have to set up voip and data vlans on cisco sf 300-24P. I will set up phones over LLDP and
  on the same port (on switch) I will have untagged vlan 10 for data, so PC will be connected
  through IP phones on network.
  So what confuses me that on SF 300 under VLAN mgmt--> Default VLAN settings you got
  options to change default VLAN id (which is of course VLAN1) which will be active after reboot.
  How come that you can change default vlan? Isnt that default vlan is always vlan 1 and you can
  change native vlan to be something else- let say vlan 10 which will be untagged vlan for data?
  So what is best practise- should I just leave default vlan 1 and use it for data also or I sholud
  change it to let say VLAN 10 to be native and use it for data.
  And what will be with default VLAN 1 if I change it with above mentioned procedure?
  Thx!

  Hi,
  Best Practice is to leave Vlan 1 for management purposes only. Create yourself a DATA and VOICE vlan. Usually Management vlan does not have DHCP enabled and have to static assigned pc within your management vlan for access. I would say that it really depends on how the rest of your network is configured depending on configuration of switch now. Unless this is a clean install. 
  Hope this helps,
  Jasbryan

• Switchport comparision, "trunk native vlan" versus "access vlan"

  I want to understand the logic when I install IP phone with PC attached. Is there any difference between two configurations. for exmaple, consideration to handle QoS.
  switchport access vlan 100
  switchport voice vlan 200
  versus
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 100
  switchport voice vlan 200
  switchport mode trunk
  Thanks in adance,

  The difference is that these applies to two different set of switches.
  The first set of configuration applies to the new series switches, Cisco 3550, 3560, 3750 series.
  The second set applies to the olders series Cisco 2900, Cisco 3500XL etc. In these switches, you need to configure the port as a trunk before the port can take both voice and data vlan.
  In the newer series, the port can take both voice and data vlan and still not run in trunk mode.
  Regards,
  Anup

• VLAN trunking, native vlan and management vlan

  Hello all,
  In our situation, we have 3 separate vlans: 100 for management vlan and 101 for data and 102 for voice.
  We have an uplink which is trunked using .1Q. Our access ports has the data vlan as the native. Based on our design, what should be the native vlan for this uplink trunk? Should it be the management vlan or the data vlan? Thanks for your help.

  To answer this question you must remember what the native vlan is. Native is where untagged packets are sent, i.e. packets without a dot1Q tag. It is there mainly for compatibility. On an access port it has no function while normal traffic is not tagged and sent to the vlan that is configured for the port. Traffic for the voice vlan is an exception to this general rule.
  Native vlan setting only plays a role on trunk links where most of the traffic carries a tag. As explained, it is then used as the vlan for untagged traffic.
  When you do not consider this a security breach, you may configure the data-vlan as native. Use another vlan (why not vlan1?) in the case where you want to isolate this traffic.
  I find it good design practice to use the same native vlan throughout the network. This keeps things clear and it's better for anyone who is not completely obsessed with security. The latter kind of people can always find a reason to mess things up, both for themselves and for others;-)
  Regards,
  Leo

• Community VLAN or Isolated VLAN (determine type)

  Hello,
  How to determine if a VLAN should be Community or Isolated ?
  I know what they are and do, but not sure how to choose for one to another.
  VLAN for students...Isolated or Community ?
  VLAN for Teachers...Isolated or Community ?
  VLAN for administration...Isolated or Community ?
  VLAN for Servers (mail, backup, etc...)
  etc...
  I am new as a network IT and need some help for a school project.
  TOPO:
  School = Private VLAN; segmentation = secondary VLANs (Isolated or Community...what to choose ?)....
  TY,
  Bhastiann

  Hi Bhastiann
  It entirely depends on your requirements :)
  Admins are generally considered to have access everywhere so maybe best as promiscuous.
  If the other groups need to connect to each other then they need to be in a community.
  Infrastructure generally do, and you could say they are trusted so why not place them in a single community.
  If you don't want students to connect directly, place them in an isolated. I'd trust teachers even less :) The method to share files should be by file server.
  Don't forget, subnetting and access control. I wouldn't recommend placing all devices in a single subnet. depends on how many you have, but certainly a subnet for end users (teachers, students) and infrastructure would be a good idea.
  HTH

• Smart Install - vstack vlan other then vlan 1

  Hello people
  Has anybody managed to get smart install working on a vlan other then vlan 1?
  Our setup would be:
  DHCP  - Local director
  TFTP  - ekstern server
  Management vlan 209
  My issue is that when I connect the client switch to a normal trunk "sw mode trunk" we use vlan 1 as native per default and obviously no traffic is comming from vlan 209 to the new switch. It just works (downloads IOS and startup-config) when I connect the client switch to an access port on vlan 209.
  I have gone through several docs and videos but all show vlan 1 as the vstack vlan .
  According to this guide should be possible to use a different vlan then 1 as management for the vstack.
  http://www.cisco.com/en/US/docs/switches/lan/smart_install/configuration/guide/smart_install.pdf
  Anyone could help me? I am kinda stuck here..
  Best regards
  Isaac

  Yeah I'm not sure how big the STP thing will be, I'm racking my brain trying to remember, I think when VLAN_Inconsistencies are detected on a trunk the VLAN isn't allowed to enter forwarding state or something, but my memory of that is fuzzy at best. I think you can stop that, maybe with something like BPDUFilter on the upstream side of the trunk. In that case you could turn it on to allow Zero Touch to configure and upgrade the switch, then as soon as the switch is configured you could have native vlan matching on both sides and the BPDUFilter could be disabled. I sort of see that as something like a join window, it does make it not true zero touch, but includes a security feature where you have to intervene before a smart install can occure. For me that's a good thing, but for others it might be a pain in the ass. Obviously in either case be careful when playing with anything that can interfear with STP, BPDUFilter is an obvious exclimation point for that warning.
  I think you would have trouble with L3 as the defaut config on a blank switch will have all ports in switchport mode and you can't zero touch the switch and also set the port into no switchport mode at the same time. Unless you are refering to having the L3 SVI for VLAN 1 on the director. Obviously that solves all your problems with Smart Install needing vlan 1, but then you need routing back to your TFTP Server and to DHCP, possibly to TACACS and to your management station so in my mind you are basically starting to actively use VLAN 1 for management. In my case this is unacceptable as all our switches have a low numbered VLAN (never 1) as their management interface and that is the only interface I let LMS contact them on. Since LMS does discovery through CDP and CDP always finds the IP of the lowest numbered VLAN on your neighbouring switch, creating VLAN 1 would be very bad for us. It also goes against all the security principals regarding the use and appropriate pruning of vlan 1.

• Migrate Default VLAN to another vlan

  Hi
  We are replacing our core stack of 3750 with a new core setup as a VSS. As part of this migration I want to connect the new core to the old core via trunk links as I migrate the configs over and connections. 
  My management vlan is currently vlan 1 but want to move this to vlan 5 as part of the change. I want to keep the same management subnet tho. How can I co-exist management IPs on both switches as part of the same subnet but different vlan. Is this possible or is there an easier way.
  I know I can configure the new switch without connecting to the exisiting but the plan is that during the migration, I want to migrate the L2 links first and test and then migrate the L3 links which is why I want to connect the new core to the existing core
  Thanks

  Hi,
  Since you need to trunk the new vss to the old 3750 stack, you need to have the same vlan tags on both side of the link.  So, on the old core the mgmt vlan is 1 (tagged) and if you change it to vlan 5  (tagged) on the link between vss and 3750 stack than even though both vlans are in the same subnet they will not be able to communicate with each other because the tags are different. Also, if you have specified vlan 1 as native on your current trunks and when you connect the new core to the old core and if your native vlan is 5, you will see mismatch native vlan.  So, what you can do it use vlan 1 on the trunk connecting vss to the old core with unused IPs (if you have any available) than once you migrate to the new core you can have a maintenance window and change vlan 1 to 5.
  HTH