<

Voice and Data Vlan on same port and Vlan Tagging

Published on
7,699 Points
4,499 Views
2 Endorsements
Last Modified:

Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.
 
Why we need to connect the PC to the phone?
 
Most offices have only one Cat6 data outlet and we don't want to rewire the offices or building to add second outlet for IP phones. However, at the same time we want to split them off in two different VLANs for security reasons. If we keep the keep voice and data traffic on the same VLAN, an intruder can just easily run a packet sniffer tool capture to the voice transmission and easily convert them into WAV files; separating these two forms of traffic also helps maintain a higher quality of service
 
We can achieve by doing below configuration on the Cisco switch
 
int gi0/1
switchport mode access ( This command hard code the port into access mode)
switchport access vlan 100  ( This command hard code the port into access VLAN for PC )
switchport voice vlan 200  (This command hard code the port into access VLAN for Phone)

Open in new window


Important thing to know 
 
The PC by default will send untagged traffic which is why we configure the port as AN access VLAN.
 
The IP phone will send tagged traffic, so we need to confgure the VLAN tagging on the phone and voice VLAN on the switch. If we are using the Cisco IP Phones, the switch will automatically add the tagging to the frame using the CDP (Cisco Discovery Protocol) protocol so there is no need to configure anything on the phone.
 
If we are not using Cisco Phones, such as Avaya or Ipecs phones then, we need to do this hard coding on the IP phones:
 
VLAN Tag - I set value to 200 ( Voice Vlan value)
PC Tag - I set this to Zero because I configure the port as access port so the frame will be untagged.

Open in new window


A simple note for explaining the difference between Tagged and Untagged Traffic :
 
If a switch port is configured with more than one VLAN, then we need to tell the switch which packet belongs to which VLAN. Tagged packets are headers comprised of VLAN information. On the other hand, untagged packets are just normal; for example, a packet coming from PC doesn’t contain VLAN information because the PC don’t support 802.1q trunking.

We can also configure the switch port as trunk port with 802.11q encapsulation and just configure the PC tag on IP Phone with a PC VLAN, 100 in my case,
 
int gi0/1
switchport mode trunk ( this command hard code the port into access mode)
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200

Open in new window


​Note: In this article we focusing only on the configuration of the port on Cisco switches. The configuration may differ on other vendor switches.
2
Author:cciedreamer
0 Comments

Featured Post

CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Microsoft Office 365 Backup and Restore Solution by SysTools to export Office 365 mailbox to PST / EML file format on Windows OS. On Mac, tool backup O365 to PST / MBOX / MSG / EML / EMLX file formats. Not only this, restore option helps to import s…
This is the eleventh — and final — video of my Experts Exchange Micro Tutorials on the Xpdf utilities. The first video is an overview of the command line tools (https://www.experts-exchange.com/videos/213/). The next nine videos are tutorials on all…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month