<

Voice and Data Vlan on same port and Vlan Tagging

Published on
6,878 Points
3,677 Views
2 Endorsements
Last Modified:

Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.
 
Why we need to connect the PC to the phone?
 
Most offices have only one Cat6 data outlet and we don't want to rewire the offices or building to add second outlet for IP phones. However, at the same time we want to split them off in two different VLANs for security reasons. If we keep the keep voice and data traffic on the same VLAN, an intruder can just easily run a packet sniffer tool capture to the voice transmission and easily convert them into WAV files; separating these two forms of traffic also helps maintain a higher quality of service
 
We can achieve by doing below configuration on the Cisco switch
 
int gi0/1
switchport mode access ( This command hard code the port into access mode)
switchport access vlan 100  ( This command hard code the port into access VLAN for PC )
switchport voice vlan 200  (This command hard code the port into access VLAN for Phone)

Open in new window


Important thing to know 
 
The PC by default will send untagged traffic which is why we configure the port as AN access VLAN.
 
The IP phone will send tagged traffic, so we need to confgure the VLAN tagging on the phone and voice VLAN on the switch. If we are using the Cisco IP Phones, the switch will automatically add the tagging to the frame using the CDP (Cisco Discovery Protocol) protocol so there is no need to configure anything on the phone.
 
If we are not using Cisco Phones, such as Avaya or Ipecs phones then, we need to do this hard coding on the IP phones:
 
VLAN Tag - I set value to 200 ( Voice Vlan value)
PC Tag - I set this to Zero because I configure the port as access port so the frame will be untagged.

Open in new window


A simple note for explaining the difference between Tagged and Untagged Traffic :
 
If a switch port is configured with more than one VLAN, then we need to tell the switch which packet belongs to which VLAN. Tagged packets are headers comprised of VLAN information. On the other hand, untagged packets are just normal; for example, a packet coming from PC doesn’t contain VLAN information because the PC don’t support 802.1q trunking.

We can also configure the switch port as trunk port with 802.11q encapsulation and just configure the PC tag on IP Phone with a PC VLAN, 100 in my case,
 
int gi0/1
switchport mode trunk ( this command hard code the port into access mode)
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200

Open in new window


​Note: In this article we focusing only on the configuration of the port on Cisco switches. The configuration may differ on other vendor switches.
2
Comment
Author:cciedreamer
0 Comments

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Join & Write a Comment

Key to your CPU's ability to stay cool is to use the right amount of thermal paste and apply it correctly. In other words you want as much thermal conductivity between CPU and the cooling block. Use a quality thermal paste and apply it in a manner…
Watch this online video tutorial and learn the best way to reduce Outlook mailbox size using Compact Now feature of Outlook. It removes the deletes item's space from Microsoft Outlook 2016, 2013, and 2010 and compresses the PST file size. This will …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month