Published On: April 12ᵗʰ, 2021 06:01

VLAN Configuration Guide, Cisco IOS XE Amsterdam 17.3.x (Catalyst 9500 Switches)

Contents

Prerequisites for Voice VLANs

The following are the prerequisites for voice VLANs:

  • Voice VLAN configuration is only supported on device access ports; voice VLAN configuration is not supported on trunk ports.


    Note

    Trunk ports can carry any number of voice VLANs, similar to regular VLANs. The configuration of voice VLANs is not supported on trunk ports.


  • Before you enable voice VLAN, enable QoS on the device by entering the trust device cisco-phone interface configuration command. If you use the auto QoS feature, these settings are automatically configured.

  • You must enable CDP on the device port connected to the Cisco IP Phone to send the configuration to the phone. (CDP is globally enabled by default on all device interfaces.)

Restrictions for Voice VLANs

You cannot configure static secure MAC addresses in the voice VLAN.

Information About Voice VLAN

The following sections provide information about Voice VLAN:

Voice VLANs

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the device is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the device supports quality of service (QoS) based on IEEE 802.1p CoS. QoS uses classification and scheduling to send network traffic from the device in a predictable manner.

The Cisco 7960 IP Phone is a configurable device, and you can configure it to forward traffic with an IEEE 802.1p priority. You can configure the device to trust or override the traffic priority assigned by a Cisco IP Phone.

Cisco IP Phone Voice Traffic

You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on the device to send Cisco Discovery Protocol (CDP) packets that instruct an attached phone to send voice traffic to the device in any of these ways:

  • In the voice VLAN tagged with a Layer 2 CoS priority value

  • In the access VLAN tagged with a Layer 2 CoS priority value

  • In the access VLAN, untagged (no Layer 2 CoS priority value)


Note

In all configurations, the voice traffic carries a Layer 3 IP precedence value (the default is 5 for voice traffic and 3 for voice control traffic).


Cisco IP Phone Data Traffic

The device can also process tagged data traffic (traffic in IEEE 802.1Q or IEEE 802.1p frame types) from the device attached to the access port on the Cisco IP Phone. You can configure Layer 2 access ports on the device to send CDP packets that instruct the attached phone to configure the phone access port in one of these modes:

  • In trusted mode, all traffic received through the access port on the Cisco IP Phone passes through the phone unchanged.

  • In untrusted mode, all traffic in IEEE 802.1Q or IEEE 802.1p frames received through the access port on the Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default.


Note

Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged, regardless of the trust state of the access port on the phone.


Voice VLAN Configuration Guidelines

  • Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the device to a Cisco IP Phone can carry mixed traffic. You can configure a port to decide how the Cisco IP Phone carries voice traffic and data traffic.

  • The voice VLAN should be present and active on the device for the IP phone to correctly communicate on the voice VLAN. Use the show vlan privileged EXEC command to see if the VLAN is present (listed in the display). If the VLAN is not listed, create the voice VLAN.

  • The Power over Ethernet (PoE) devices are capable of automatically providing power to Cisco pre-standard and IEEE 802.3af-compliant powered devices if they are not being powered by an AC power source.

  • The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.

  • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN:

    • They both use IEEE 802.1p or untagged frames.

    • The Cisco IP Phone uses IEEE 802.1p frames, and the device uses untagged frames.

    • The Cisco IP Phone uses untagged frames, and the device uses IEEE 802.1p frames.

    • The Cisco IP Phone uses IEEE 802.1Q frames, and the voice VLAN is the same as the access VLAN.

  • The Cisco IP Phone and a device attached to the phone cannot communicate if they are in the same VLAN and subnet but use different frame types because traffic in the same subnet is not routed (routing would eliminate the frame type difference).

  • Voice VLAN ports can also be these port types:

    • Dynamic access port.

    • IEEE 802.1x authenticated port.


      Note

      If you enable IEEE 802.1x on an access port on which a voice VLAN is configured and to which a Cisco IP Phone is connected, the phone loses connectivity to the device for up to 30 seconds.


    • Protected port.

    • A source or destination port for a SPAN or RSPAN session.

    • Secure port.


      Note

      When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP Phone, the phone requires up to two MAC addresses. The phone address is learned on the voice VLAN and might also be learned on the access VLAN. Connecting a PC to the phone requires additional MAC addresses.


How to Configure Voice VLANs

The following sections provide information about configuring Voice VLANs:

Configuring Cisco IP Phone Voice Traffic

You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value. It can use IEEE 802.1p priority tagging to give voice traffic a higher priority and forward all voice traffic through the native (access) VLAN. The Cisco IP Phone can also send untagged voice traffic or use its own configuration to send voice traffic in the access VLAN. In all configurations, the voice traffic carries a Layer 3 IP precedence value (the default is 5).

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:


Device# configure terminal


Enters global configuration mode.

Step 2

interface interface-id

Example:


Device(config)# interface gigabitethernet1/0/1


Specifies the interface connected to the phone, and enters interface configuration mode.

Step 3

trust device cisco-phone

Example:

Device(config-if)# trust device cisco-phone


Configures the interface to trust incoming traffic packets for the Cisco IP phone.

Step 4

switchport voice vlan {vlan-id | dot1p | none | untagged}

Example:


Device(config-if)# switchport voice vlan dot1p


Configures the voice VLAN.

  • vlan-id —Configures the phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1Q priority of 5. Valid VLAN IDs are 1 to 4094.

  • dot1p —Configures the device to accept voice and data IEEE 802.1p priority frames tagged with VLAN ID 0 (the native VLAN). By default, the device drops all voice and data traffic tagged with VLAN 0. If configured for 802.1p the Cisco IP Phone forwards the traffic with an IEEE 802.1p priority of 5.

  • none —Allows the phone to use its own configuration to send untagged voice traffic.

  • untagged —Configures the phone to send untagged voice traffic.

Step 5

end

Example:


Device(config-if)# end


Returns to privileged EXEC mode.

Step 6

Use one of the following:

  • show interfaces interface-id switchport
  • show running-config interface interface-id

Example:


Device# show interfaces gigabitethernet1/0/1 switchport


or


Device# show running-config interface gigabitethernet1/0/1


Verifies your voice VLAN entries or your QoS and voice VLAN entries.

Step 7

copy running-config startup-config

Example:


Device# copy running-config startup-config


(Optional) Saves your entries in the configuration file.

Configuring the Priority of Incoming Data Frames

You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in IEEE 802.1Q or IEEE 802.1p frames), you can configure the device to send CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone. The PC can generate packets with an assigned CoS value. You can configure the phone to not change (trust) or to override (not trust) the priority of frames arriving on the phone port from connected devices.

Follow these steps to set the priority of data traffic received from the non-voice port on the Cisco IP Phone:

Procedure

  Command or Action Purpose
Step 1

enable

Example:


Device> enable


Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal


Enters global configuration mode.

Step 3

interface interface-id

Example:


Device(config)# interface gigabitethernet1/0/1


Specifies the interface connected to the Cisco IP Phone, and enters interface configuration mode.

Step 4

switchport priority extend {cos value | trust}

Example:


Device(config-if)# switchport priority extend trust


Sets the priority of data traffic received from the Cisco IP Phone access port:

  • cos value —Configures the phone to override the priority received from the PC or the attached device with the specified CoS value. The value is a number from 0 to 7, with 7 as the highest priority. The default priority is cos 0.

  • trust —Configures the phone access port to trust the priority received from the PC or the attached device.

Step 5

end

Example:


Device(config-if)# end


Returns to privileged EXEC mode.

Step 6

show interfaces interface-id switchport

Example:


Device# show interfaces gigabitethernet1/0/1 switchport


Verifies your entries.

Step 7

copy running-config startup-config

Example:


Device# copy running-config startup-config


(Optional) Saves your entries in the configuration file.

Monitoring Voice VLAN

To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport privileged EXEC command.

Where to Go Next

After configuring voice VLANs, you can configure the following:

  • VLANs

  • VLAN Trunking

  • VTP

  • Private VLANs

Additional References

Related Documents

Related Topic Document Title

For complete syntax and usage information for the commands used in this chapter.

Command Reference (Catalyst 9500 Series Switches)

Standards and RFCs

Standard/RFC Title

RFC 1573

Evolution of the Interfaces Group of MIB-II

RFC 1757

Remote Network Monitoring Management

RFC 2021

SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2

Feature History and Information for Voice VLAN

Release

Modification

Cisco IOS XE Everest 16.5.1a

This feature was introduced.