Let’s see how we can configure a switchport connected to VoIP phone. Here is my setup for this post.
Here is the SPAN configuration.
monitor session 1 source interface Fa1/0/7 monitor session 1 destination interface Fa1/0/9 encapsulation replicate ! interface FastEthernet1/0/9 description BACKTRACK
First we will configure as a simple access vlan & see what’s happen.
interface FastEthernet1/0/7 description VOIP PHONE switchport mode access switchport access vlan 130 spanning-tree portfast
If you look at a packet capture in this scenario, you would see a CDP packets send by both Phone & Switch.
Here is the CDP information send by Switch.
Here is the information send by phone via CDP. As you can see phone will inform power requirement via CDP. Therefore it is very important to have CDP enable on these switch port where you connect VoIP phones (this applies to any cisco PoE devices like AP, Camera, etc)
Then Phone & PC get IP via DHCP on vlan 130 & start normal communication. Here is SCCP & RTP packets coming from 7965 phone in this scenario. Since switchport is access port no vlan-tag is coming in those frames.
Here is a packet coming from PC.
In the above method both Phone & PC would be on the same vlan. In best practice scenario you would like to put phones & PC in two different vlan. By using “switchport voice vlan x” command you can do this. In that scenario switchport is carry two different VLAN traffic even though we have not configured it as a trunk port.
interface FastEthernet1/0/7 description VOIP PHONE switchport mode access switchport access vlan 140 switchport voice vlan 130 spanning-tree portfas
As you can see below, switch will inform voice vlan information to the phone via CDP. Also note that this time layer 2 vlan tagging is available in these frames
Here is a CDP packet coming from Phone is same as previous time.
Here is the SCCP packet coming from Phone this time. Note that it comes with layer2 vlan tag which include priority.
Here is the RTP traffic coming from the phone. You can see phone will set CoS value 5 for this RTP traffic in layer 2 header.
All traffic coming from PC will be on vlan 140 will be un-tagged (as Phone will only tagged it’s own traffic with layer 2 vlan)
But you can see from switch to Phone still traffic will be tagged on vlan 140.
From QoS perspective you wanted to trust priority set by phone for voice traffic. For PC traffic is “untrusted” in normal scenario you do not want to trust DSCP value of those packets. So best option is to trust CoS at the switchport. You can do this trust relationship conditionally in order to end device directly connect to switchport & sending frame with layer 2 tag. So in this example as long as siwtch detect a Cisco-Phone via CDP it will trust CoS value set by that phone.
C3750-1(config)#int fa1/0/7 C3750-1(config-if)#mls qos trust cos C3750-1(config-if)#mls qos trust device ? cisco-phone Cisco IP Phone cts Cisco-telepresence ip-camera Cisco video surveillance camera C3750-1(config-if)#mls qos trust device cisco-phone
If you want to prioritize voice traffic (EF) over any other traffic, you have to enable priority-queue in 3750/3560/2960 switch platforms as it is not ON by default.
C3750-1(config-if)#priority-queue ? out egress priority queue C3750-1(config-if)#priority-queue out
So final switchport configuration is looks like this.
interface FastEthernet1/0/7 description VOIP PHONE switchport mode access switchport access vlan 140 switchport voice vlan 130 priority-queue out mls qos trust device cisco-phone mls qos trust cos spanning-tree portfast
You can verify switch port configured features by using “show interface x switchport” command.
C3750-1#sh interfaces fa1/0/7 switchport Name: Fa1/0/7 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 140 (MyHome) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: 130 (Voice) Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
Hope this is useful to understand switch port configuration to be done when it comes to VoIP phone connection.
Here is few reference talk about this voice vlan configuration.
switchport mode access