Archive for the ‘Cisco Switch’ Category

One of the more tedious parts of any phone system deployment is configuring the access layer switches to support said phones.  The configuration in and of itself isn’t complicated, but every port that may receive a phone needs to be setup correctly.  In Cisco parlance, this is accomplished with the switchport voice vlan <ID> command.  I’ve typed that into the CLI a thousand times and never really knew what it did besides “make the phones work”.  After a little research, I finally found some answers.  I thought I’d share them with you.

In the old days, before the Catalyst 2950, configuring a switch port for use by a phone involved creating an explicit 802.1q trunk.  This made sense from the perspective that it allowed traffic from multiple VLANs to pass on a single link.  It also allowed the 802.1p priority bits for Quality of Service (QoS) tagging to be sent with the frames.  The downside is that it was very difficult for phone mobility.  You either needed to provision every phone-facing switchport in your organization to be an 802.1q trunk or you had to leave the phones were they were.  While the latter is usually the case in most of my deployments, the mobility provided by the ability to plug a phone in anywhere in the network and not worry about extra configuration is key to some clients.  Thankfully, Cisco fixed this starting in the 2950 with a little concept known as the Auxiliary VLAN.

The Auxiliary VLAN (AUX VLAN) is a specialized VLAN that sits beside a regular access VLAN configured on a switch (sometimes called a “normal” VLAN).  The purpose of the AUX VLAN is to allow IP phones to transmit their payloads along with the untagged data coming from a PC that might be plugged into a switchport on the back of the phone.  The AUX VLAN allows these two devices to transmit on the same port without the need to use an explicit trunk on the link.  In addition, since the port is not configured explicitly as an 802.1q trunk, extraneous VLANs will not be flooded over the port.  In essence, the port becomes a two VLAN trunk.  All the phone traffic is tagged with the ID of the AUX VLAN and the PC traffic is untagged.  Curiously, according to this document, the traffic in the AUX VLAN must also carry a Class of Service (CoS) of 5 along with the AUX VLAN ID.  Otherwise, the traffic is dropped.  So how does the phone get the ID of the AUX VLAN so it can start sending the traffic?  Ah, that’s where CDP comes in.

Cisco Discovery Protocol (CDP) is very crucial in the operation of a Cisco IP phone.  It not only provides the AUX (Voice) VLAN ID for the phone to being sending traffic on the AUX VLAN, it also allows the phone to automatically negotiate power settings.  This allows the phone to use less than the maximum 15.4 watts of power under the 802.3af PoE standard.  If you disable CDP on the port facing the phone/PC you will likely start pulling your hair out.  Even though the phone might have already assigned itself in the Voice VLAN, removing CDP from the switchport in question causes it to forget where to find the voice VLAN.  You’ll need to re-enable CDP and reboot the phone.  You could also statically configure an 802.1q trunk to fix the issue, but where’s the fun in that?

One other curious note is that I’ve always been told that the connection between the phone and the switch when switchport voice vlan is configured is a “special 802.1q trunk”.  Not that I’ve ever been able to see that configuration, as show interface trunk seems to think that the port isn’t trunking and show interface switchport says that it’s an access port.  The key is in Cisco’s documentation.  The correct term for a port with switchport voice vlan configured is a “multi-VLAN access port”.  The distinction between the two is that only the two vlans (voice and access) configured on the switchport will be accepted on the link.  If you were to do something silly like, oh I don’t know, plug another switch into the back of the phone and configure an access port on that switch to be in a different VLAN than the voice or PC access VLAN, traffic will not pass through the phone port to the switch.  Once again, that’s because this isn’t a real trunk.  The switch will only accept tagged frames from the Voice (AUX) VLAN.

Thanks Networking Nerd for this article.

VLAN ID’s & Ranges

Posted: May 13, 2012 in Cisco Switch
Tags: , , , ,

Just some good info I found on VLAN ID’s and Ranges.

Cisco Catalyst switches can have upto 4096 VLANs (IDs 0 to 4095). VLAN IDs 0 and 4095 are system reserved VLANs. VLANs 1 to 1005 are called Normal Range VLANs. From 1006 to 4094 are called Extended Range VLANs.

Normal Range VLANs are identified by VLAN IDs from 1 to 1005. However, not all of them are usable. VLAN IDs from 1002 to 1005 are reserved for Token Ring and FDDI VLANS respectively. VLAN ID 1 (known as Default VLAN) and ID 1002 to 1005 are automatically created and cannot be deleted. Configuration of the Normal Range VLANs is stored in the vlan.dat file stored in the flash. The VLAN Trunking Protocol (VTP), which helps managing the VLAN configurations between switches, can only learn about theNormal Range VLANs, and stores them in the VLAN database file.

Extended Range VLANsfrom ID 1006 to 4094, enable service providers to extend their infrastructure to a greater number of customers. Some global enterprises could be large enough to need/use extended range VLAN IDs in their infrastructure. Instead of vlan.dat file in the flash, the configuration of the Extended Range VLANs is stored in the running-config (and, of course, can be saved into startup-config). Furthermore, VTP doesn’t learn the Extended Range VLANs.

How to configure extended range VLANs in Catalyst 6500 switch running Cisco IOS software

You must be able to extend the system ID to use extended range VLANs. Chassis that support only 64 MAC addresses always use the 12-bit extended System ID. On Chassis that support 1024 MAC Addresses, you can enable the use of the extended system ID. STP uses the VLAN ID as the extended system ID.

Note: You cannot disable the extended system ID on chassis that support 64 MAC addresses or when you have configured extended range VLANs

Complete these steps in order to configure extended range VLAN:

  1. Extended range VLAN must be created in the configuration mode and not from the vlan database mode.
    1 Switch#configure terminal
  2. Enable the extended-system ID feature on chassis that support 1024 MAC addresses:
    1 Switch(config)#spanning-tree extend system-id
  3. VTP does not propagate configuration information for extended-range VLANs (VLAN numbers 1006 to 4094). Hence, configure extended-range VLANs manually.
    1 Switch(config)#vtp mode transparent
  4. Now create the extended range VLAN:
    1 Switch(config)#vlan vlan-id
  5. Use the show vlan command in order to verify the VLAN entries.

Note: When you configure VLANs 1006-1024, ensure that the VLANs do not extend to any switches running Catalyst software since CatOS does not support extended range VLANs.