Well we are on the topic of
Vlans and Trunks, i wanna tell you about the Special type of Vlan, it’s a Voice Vlan let’s imagine that we have a
situation like we have depicted on Picture
Maybe we replacing Traditional IP Telephony PBX Phones with IP Phones,
these IP Phones they are Ethernet devices they
plug into that RJ45 Connector in the wall but if a particular office and Cubical only had one Ethernet Connection
to start with and we had a PC, we have a Laptop plugged into that Connection
and now suddenly we adding a Phone that means we
have to put Switch in this office to accommodate another Ethernet Port.
Well the great news is many of our Cisco IP Phones have a Port on the back labeled
PC Port and it allows us to sort of Daisy chain, the PC into the Phone then go into the Wall, the Phone itself is acting as a little Switch its
technically 3 Ports Switch
Ø One Ports goes to the Wall
Jack
Ø One Port goes to the
internal workings Phone itself and
Ø This other Port can connect
to this PC
We don’t have to run additional cabling we don’t have to add an
another Switch into that office, the Phone will handle that for us, and notice what’s
happening here the PC that attached to the Phone
gets to be in a different Vlan, here on i am saying that the Laptop is in Vlan 300 Data Vlan and the Phone is in
Vlan 400 a Voice Vlan, and that’s gonna give us some benefits it’s gonna give us performance benefits for one thing by having Vlan’s Separation if we had a big Broadcast Storm on the Data Vlan that’s not going to
negatively impact the Voice Vlan and it could also help out from a Security prospective somebody not gonna able to attach a
network sniffer to the network and start sniffing Voice packets that’s the idea behind a Voice Vlan we have a Separate Subnet for Voice traffic,
and there are different ways of we can set up.
This Port into which the Phone
is connecting into the Switch it could be a Single
Vlan Access Port, in which case the PC and the Phone would be a member of the Same Vlan and that’s the least Desirable
of this option by the way.
Another option is it can be
connected into a Special type of Access Port in
Multi-Vlan access Port or it can connect into a Trunk Port, we know the Trunk can carry traffic for Multiple Vlan’s,
and that Trunk between the Phone and Switch could
carry traffic for the Voice Vlan and the Data Vlan let’s take a
look at these one at a time beginning with the Single
Vlan Access Port.
With the Single Vlan Access Port that Port into which that Phone is connected, it is an Access Port and like most Access Ports are it is configured for
only 1 Vlan meaning that the Phone and the PC are the member of the same Vlan
it doesn’t seem like this giving us much more benefits does it, when would we use such a thing?
Well maybe we were using a non-Cisco IP Phone that doesn’t support the concept
of Voice Vlan or maybe we have a Software based Client on our
Laptop on or PC, maybe its Zebra Client maybe its
Cisco IP Communicator but if it’s the same device that’s acting
as a Data Device and the Voice device then we
might need to use a Single Vlan access Port however, even though we
doing that we still can get some Quality of Service benefits from this
Configuration.
Remember when we were talking
about an 802.1Q Trunk, we mentioned that except for the Native Vlan the other Vlans had 4 Bytes added to their frame and inside of 4 Bytes
we had 3 bits called the Priority bits and
those 3 bits could be used to indicate the
Priority of our frame and with 3 bits to work with that gave us 8 Possible values of
Priority because 23=8 but Cisco says do not use values of 6 and 7 those are reserved for Network
use, we can only use values for
Production traffic and the range of 0-5,
and that’s the value to which Voice frames
should be set they should have a marking a COS a Class of Service marking of 5
on a DOT1Q trunk and the great news is Cisco IP Phone do that for us by default, and
we enable DOT1P on our Switch even though we have a single Vlan, it can still accept frames that come in that
have 4 extra Bytes and this is not a Trunk but if we enable the Port for DOT1P
It will
accept the frame that looks similar to a Trunk frames and i say similar because it still going to have 4 extra Bytes added inside of the 4
Bytes, there are 3 Bits that are
gonna be used to mark the Priority marking but we called this a DOT1P marking.
What’s the difference
between DOT1P marking and regular COS marking that we would have on a DOT1Q
Trunk?
Well a DOT1Q trunk uses 12 bits in those 4 Bytes to indicate a Vlan
ID, DOT1P does not do that DOT1P
is not tagging a frame it belonging to a particular Vlan, infect
if you were take a look at these bits representing
the Vlan Field, they would all be
the set to 0, that’s the big
difference between a DOT1P marking and a COS
marking which is part of DOT1Q Trunk and
we see on few movement how to configure that Switchport to accept DOT1P marking
Another option we have is to configure the Switchport as a Multi-Vlan Access Port, Cisco gives an
exception here, Cisco says we can have a couple
of Vlans appearing on an Access Port if and only, if we say that one of those
Vlans is a Voice Vlan, what a great solution this way we can go to this Port and plug in a Laptop and it’s gonna
just fine like an Access Port because
it is an Access Port but if we have a Phone
plugged in maybe we got a PC plugged into that Phone, the Phone will automatically learn that it belong to the Voice
Vlan and the PC is belong the a Data Vlan how does this
work?
Like we said this truly is an Access Port, we set the
Switchport Mode to Access Port however, it can
support two Vlans if we say one of those Vlans is an Access Vlan or Data Vlan and the other Vlan is
the Voice Vlan, the way Phone
learns which Vlan is the Voice Vlan is thanks to
CDP a Cisco Discovery Protocol,
the Switch is going to send a CDP message by the way it has to be CDP Version 2 this doesn’t work with CDP Version
1 but the Switch is gonna send a CDP Version 2 message to the Phone to say “here is your Voice Vlan and now when the Phone sends out a
DHCP Request to get it’s IP
Address and Subnet Mask and it’s Default Gateway and IP Address of TFTP Server
that it needs, when it does that it not gonna be
able to do that as a member of appropriate Vlan, it’s gonna be
asking for an IP Address belonging to in this
case Vlan 400
Remember we talk earlier
about CDP the Cisco Discovery Protocol vs LLDP
the Link Layer Discovery Protocol, this approach of having a Multi-Vlan Access Port this does not work with
LLDP-Med, Link Layer Discovery Layer Protocol-Media Endpoint Discovery
If we relying on LLDP, instead of CDP we can only run one or other on your Switch then the Phone is not automatically learn it’s Vlan assignments gonna
be able to, if we have a situation like that if we using LLDP-Med we should probably make that Port a
Trunk Port and we talk about that
in just a movement if we are using CDP this is
great way to go and we do a
Packet Capture on frame Flowing between that Phone
and that Switch, it would look like
a DOT1Q trunk frame, infect i were to use a Packet Capturing say
“can you tell me, is this frame going into a
Multi-Vlan Access Port or it’s going into a Trunk Port” you
would not able to tell me difference because it
is identical to a Trunk frame that
we would find on a DOT1Q Trunk.
It specifically frame coming from the Phone are going to be
tagged, they are going to have
those 4 extra Bytes and those 4 extra Bytes do contain a Vlan Tag in this Case Vlan 400 we gonna have 3 bits
on those Bytes they gonna marked the COS Class of Service Priority marking for
Phones traffic and Phone automatically sets those to a COS of 5
and remember on DOT1Q Trunk we have 1 Vlan that
we say it’s Untagged Vlan, well the
Data Vlan in this case is gonna be untagged Vlan the PC’s frame is going into
the Switch they do not have these extra 4 Bytes, those are 2
options for connecting an IP Phone to our Cisco Catalyst Switch, let’s take a
look at another option.
And that other option
is to use a Trunk Port and in
this case the Port is a Trunk Port that’s gonna
be a DOT1Q Trunk Port and we know
that, the Trunk can carry traffic for Multiple
Vlans and if we already using LLDP-Med or we using CDP this is gonna be compatible because we are not using that Special exception Cisco gives us for a Multi-Vlan Access Port and the frames truly
are DOT1Q Trunk frames they look identical frames but here we do
technically have a Trunk the switchport itself is configured in a Trunk Mode but that in self brings up bit a challenge because think about for movement by default traffic for what Vlan’s
flow over a Trunk?
And the answer is all of our Vlans that means
Ø That depending on how you have your
Phone setup
Ø You could have in some cases
depending on your Phone Model
Ø Depending on your Configuration
But in some cases, you could have the attached PC, attached Laptop runs some
sort of Packet Capture utility and capture traffic not just for Data Vlan but
for all the Vlans appearing on that Trunk you could see unknow uncast frames,
broadcast and multicast frames from
a security prospective that’s not good therefore Cisco
strongly advises though as to Prun off any unneeded Vlans from that Trunk
Those are the 3 option for
connecting and IP Phone into the Switch, that the look at the Theory of Voice
Vlans.
In our next session, we
wanna see how to Configure Voice Vlan
If You Like the Post. Don’t forget
to “Subscribe/Share/Comment”. Thank You.
0 comments:
Post a Comment