Voice and Data Vlan on same port and Vlan Tagging

Published:

Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.
 
Why we need to connect the PC to the phone?
 
Most offices have only one Cat6 data outlet and we don't want to rewire the offices or building to add second outlet for IP phones. However, at the same time we want to split them off in two different VLANs for security reasons. If we keep the keep voice and data traffic on the same VLAN, an intruder can just easily run a packet sniffer tool capture to the voice transmission and easily convert them into WAV files; separating these two forms of traffic also helps maintain a higher quality of service
 
We can achieve by doing below configuration on the Cisco switch
 
int gi0/1
                      switchport mode access ( This command hard code the port into access mode)
                      switchport access vlan 100  ( This command hard code the port into access VLAN for PC )
                      switchport voice vlan 200  (This command hard code the port into access VLAN for Phone)

Open in new window


Important thing to know 
 
The PC by default will send untagged traffic which is why we configure the port as AN access VLAN.
 
The IP phone will send tagged traffic, so we need to confgure the VLAN tagging on the phone and voice VLAN on the switch. If we are using the Cisco IP Phones, the switch will automatically add the tagging to the frame using the CDP (Cisco Discovery Protocol) protocol so there is no need to configure anything on the phone.
 
If we are not using Cisco Phones, such as Avaya or Ipecs phones then, we need to do this hard coding on the IP phones:
 
VLAN Tag - I set value to 200 ( Voice Vlan value)
                      PC Tag - I set this to Zero because I configure the port as access port so the frame will be untagged.

Open in new window


A simple note for explaining the difference between Tagged and Untagged Traffic :
 
If a switch port is configured with more than one VLAN, then we need to tell the switch which packet belongs to which VLAN. Tagged packets are headers comprised of VLAN information. On the other hand, untagged packets are just normal; for example, a packet coming from PC doesn’t contain VLAN information because the PC don’t support 802.1q trunking.

We can also configure the switch port as trunk port with 802.11q encapsulation and just configure the PC tag on IP Phone with a PC VLAN, 100 in my case,
 
int gi0/1
                      switchport mode trunk ( this command hard code the port into access mode)
                      switchport trunk encapsulation dot1q
                      switchport trunk allowed vlan 100,200

Open in new window


​Note: In this article we focusing only on the configuration of the port on Cisco switches. The configuration may differ on other vendor switches.
2
9,121 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.