We help IT Professionals succeed at work.

tagged or untagged?

405 Views
Last Modified: 2014-12-08
ports for my voice vlan on my hp 2910al l3?
i have enabled qos rule (ef|46) and added voice on the vlan but still having issues with qos.
So next thing is to tag all my ports on the voice vlan.  Should i, can i test a single tagged port on the vlan for one phone?
phones are directly connected to switch not daisy chained.

thanks
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
even if i have a qos rule in place?

Author

Commented:
here is config:

Why is data vlan no untagged?

ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip default-gateway 172.19.10.15
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 172.19.10.15
ip routing
interface 1
   name "to HP1910 (top)"
   no power-over-ethernet
   exit
interface 2
   name "tp HP1910 (bottom)"
   no power-over-ethernet
   exit
interface 3
   name "to ASA 5505 fe01"
   no power-over-ethernet
   exit
interface 4
   name "Cisco_AP_172.19.3.20"
   exit
interface 5
   no power-over-ethernet
   exit
interface 6
   no power-over-ethernet
   exit
interface 7
   name "Shoretel E1k"
   speed-duplex 100-full
   exit
interface 8
   name "Shoretel SG90"
   speed-duplex 100-full
   exit
interface 9
   name "Shoretel SG90Bri"
   speed-duplex 100-full
   exit
interface 10
   name "chi-Oaisys"
   exit
interface 11
   name "Shoretel HQ"
   exit
interface 12
   name "Ingate"
   exit
interface 19
   name "Test Phone"
   exit
interface 31
   name ""
   exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
   name "DEFAULT_VLAN"
   no untagged 7-48
   untagged 1-6
   ip address 172.19.4.5 255.255.0.0
   exit
vlan 20
   name "Voice"
   untagged 7-48
   ip address 172.16.4.5 255.255.0.0
   ip helper-address 172.19.10.17
   ip helper-address 172.19.10.18
   qos dscp 101110
   voice
   exit
no autorun
password manager

HP-E2910al-48G-PoE(config)#

Author

Commented:
even if i have voice enabled on the vlan?

bottom of page 5-40
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Read this:
Dot1q and Dot1p
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
thanks chaps.
well we have had no tagging enabled for aprox a year after install, and quality has slowly deteriorated (intermittantly).
our link usage has been no more than 20% on average, so bandwidth not an issue.  ISP and Comms providers pointing finger at switch from ping tests.  

tried a qos rule, then enabled voice on the vlan20 (as per the hp manual)
now looking at tagging.  
our phones have been configured with tagging on...

latest config:
Running configuration:

; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
mirror-port 5
power-over-ethernet pre-std-detect
qos type-of-service diff-services
timesync sntp
sntp unicast
sntp server priority 1 87.124.126.49
sntp server priority 2 178.79.165.21
time timezone 60
ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip default-gateway 172.19.10.15
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 172.19.10.15
ip routing
interface 1
   name "to HP1910 (top)"
   no power-over-ethernet
   exit
interface 2
   name "tp HP1910 (bottom)"
   no power-over-ethernet
   exit
interface 3
   name "to ASA 5505 fe01"
   no power-over-ethernet
   exit
interface 4
   name "Cisco_AP_172.19.3.20"
   exit
interface 5
   no power-over-ethernet
   exit
interface 6
   no power-over-ethernet
   exit
interface 7
   name "Shoretel E1k"
   speed-duplex 100-full
   exit
interface 8
   name "Shoretel SG90"
   speed-duplex 100-full
   exit
interface 9
   name "Shoretel SG90Bri"
   speed-duplex 100-full
   exit
interface 10
   name "chi-Oaisys"
   exit
interface 11
   name "Shoretel HQ"
   exit
interface 12
   name "Ingate"
   exit
interface 19
   name "Test Phone"
   exit
interface 21
   name ""
   exit
interface 31
   name ""
   exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
   name "DEFAULT_VLAN"
   no untagged 7-20,22-48
   untagged 1-6,21
   ip address 172.19.4.5 255.255.0.0
   exit
vlan 20
   name "Voice"
   untagged 7-18,20,22-48
   tagged 19,21
   ip address 172.16.4.5 255.255.0.0
   ip helper-address 172.19.10.17
   ip helper-address 172.19.10.18
   qos dscp 101110
   voice
   exit
no autorun
password manager
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
ProCurve(config) # vlan 10 qos priority 7

isnt that the same as my dscp value?
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Yes it is. Just looking at that.
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
What is result of:
show qos queue-config
show qos dscp-map

Author

Commented:
HP-E2910al-48G-PoE(config)# show qos queue-config

 Outbound Port Queue Configuration



         802.1p
 Queue  Priority
 -----  --------
   1      1,2
   2      0,3
   3      4,5
   4      6,7

HP-E2910al-48G-PoE(config)#

Author

Commented:
and the other thing is, should all the shoretel kit (switches, director (windows box), ingate) ports be tagged?
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
I think this is answer to your question. (From above)
■ Configure all ports in a voice VLAN as tagged members of the VLAN. This ensures retention of the QoS (Quality of Service) priority included in voice VLAN traffic moving through your network.
Otherwise, you need to configure every switch and device separately for prioritize voice traffic.

And what is output  for
show qos dscp-map

Author

Commented:
DSCP -> 802.p priority mappings

  DSCP CodePoint DSCP Value 802.1p tag  DSCP Policy name
  -------------- ---------- ----------- --------------------------------
  000000         0          0           cs0
  000001         1          No-override
  000010         2          No-override
  000011         3          No-override
  000100         4          No-override
  000101         5          No-override
  000110         6          No-override
  000111         7          No-override
  001000         8          1           cs1
  001001         9          No-override
  001010         10         1           af11
  001011         11         No-override
  001100         12         1           af12
  001101         13         No-override
  001110         14         2           af13
  001111         15         No-override
  010000         16         2           cs2
  010001         17         No-override
  010010         18         0           af21
  010011         19         No-override
  010100         20         0           af22
  010101         21         No-override
  010110         22         3           af23
  010111         23         No-override
  011000         24         3           cs3
  011001         25         No-override
  011010         26         4           af31
  011011         27         No-override
  011100         28         4           af32
  011101         29         No-override
  011110         30         5           af33
  011111         31         No-override
  100000         32         4           cs4
  100001         33         No-override
  100010         34         6           af41
  100011         35         No-override
  100100         36         6           af42
  100101         37         No-override
  100110         38         7           af43
  100111         39         No-override
  101000         40         5           cs5
  101001         41         No-override
  101010         42         No-override
  010010         18         0           af21
  010011         19         No-override
  010100         20         0           af22
  010101         21         No-override
  010110         22         3           af23
  010111         23         No-override
  011000         24         3           cs3
  011001         25         No-override
  011010         26         4           af31
  011011         27         No-override
  011100         28         4           af32
  011101         29         No-override
  011110         30         5           af33
  011111         31         No-override
  100000         32         4           cs4
  100001         33         No-override
  100010         34         6           af41
  100011         35         No-override
  100100         36         6           af42
  100101         37         No-override
  100110         38         7           af43
  100111         39         No-override
  101000         40         5           cs5
  101001         41         No-override
  101010         42         No-override
  101011         43         No-override
  101100         44         No-override
  101101         45         No-override
  101110         46         7           ef
  101111         47         No-override
  110000         48         6           cs6
  110001         49         No-override
  110010         50         No-override
  110011         51         No-override
  110100         52         No-override
  110101         53         No-override
  110110         54         No-override
  110111         55         No-override
  111000         56         7           cs7
  111001         57         No-override
  111010         58         No-override
  111011         59         No-override
  111100         60         No-override
  111101         61         No-override
  111110         62         No-override
  111111         63         No-override


HP-E2910al-48G-PoE(config)#

Author

Commented:
i have a phone connected on voice vlan (port 21) that i have managed to tag on vlan1 data by mistake, so i untagged it.
is this ok?  or should i set the port on the data vlan to no?
thanks

Author

Commented:
ignore last msg:

config:

   exit
interface 9
   name "Shoretel SG90Bri"
   speed-duplex 100-full
   exit
interface 10
   name "chi-Oaisys"
   exit
interface 11
   name "Shoretel HQ"
   exit
interface 12
   name "Ingate"
   exit
interface 19
   name "Test Phone"
   exit
interface 21
   name ""
   exit
interface 25
   name ""
   exit
interface 31
   name ""
   exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
   name "DEFAULT_VLAN"
   no untagged 7-48
   untagged 1-6
   ip address 172.19.4.5 255.255.0.0
   exit
vlan 20
   name "Voice"
   untagged 7-18,20,22-24,26-48
   tagged 19,21,25
   ip address 172.16.4.5 255.255.0.0
   ip helper-address 172.19.10.17
   ip helper-address 172.19.10.18
   qos dscp 101110
   voice
   exit
no autorun
password manager

HP-E2910al-48G-PoE(config)# write memory
HP-E2910al-48G-PoE(config)#

Author

Commented:
this is another document that keeps getting pushed down my neck http://www.baysidemedia.com/ShoreTel/best_practices_vlan.pdf

Author

Commented:
and does anyone know if the cisco asa 5505 and/or cisco 1921 can prioritise voice?
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
sure.
i assume more than just phones can be tagged e.g. windows 2008 servers, shoretel switches etc?
ta

Author

Commented:
slight o/t, would the ports on the L3 HP switch that connect to my layer 2 switches need to be set as trunks?
The layer 2s just run vlan1 (data)?

Author

Commented:
Sorry to add more slightly o/t info at this, but my comms co are saying (with regards to enabling tagging on the voice vlan ports):

What do you mean by tagging ? If it is V-LAN tagging that you are referring to, it is only the handsets that have a V-LAN tag configured.

The ShoreTel Server and switches, would be plugged into an Access (Cisco) / Un-tagged ports (HP), configured with the same V-LAN as the phone tag.

There is nothing to show on the ShoreTel system for this.

and

You don’t configure the Shoretel switches to tag, you plug them into a Access Port (Cisco) or Un-tagged Port (HP), hardcoded with the voice v-lan id.
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
On that link that you gave you can see that
ports to ShoreTel Phones are configured as trunks

ports to ShoreTel Server and ShoreTel ShoreGear Switch are configured as access
////(I have never worked with ShoreTel equipment)

So all other infrastructure to  phones and between switches should be trunks, except PC-s and ShoreTel Server and ShoreTel ShoreGear Switch.

Sorry, my crystal ball didn't saw those ShoreTel servers and Switches. :)

Author

Commented:
im going to tag all voice vlan ports and see how we get on

Author

Commented:
well tagging all the ports on voice failed and i lost connection to the shoretel kit
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
That probably  means that phones are set to send untagged frames.
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
That probably  means that phones are set to send untagged frames.
+1 for that!

As well as tagging ports, you need to tell the kit to tag too, otherwise all of its traffic will be dropped onto the untagged VLAN.

Author

Commented:
the shoretel phones are set, tagging - on in dhcp 'layer2tagging=1'
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
the shoretel phones are set, tagging - on in dhcp 'layer2tagging=1'
That's a bit different.  That means the phones go into the data (untagged) VLAN first, get told via DHCP to tag packets, then tag in the Voice VLAN.  You need to make sure LLDP isn't running on the switch where the phone plugs in then or it may never drop into the data VLAN to actually receive the DHCP info.

Author

Commented:
the ports in vlan20 have lldp dot3 tlv enabled, the poe lldp-med is disabled.

Author

Commented:
phones still get ips from helper/dhcp...
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
phones still get ips from helper/dhcp...
Do the phones get an IP on the data VLAN?

Author

Commented:
no voice
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
So how do they get on the Voice VLAN if you're not telling them what VLAN ID to use?  You must be putting them on the Voice VLAN untagged.  That would explain why when you set them to tagged they stop working.

What's supposed to happen is this...

1] Phone powers up and sends untagged DHCP request on data VLAN.
2] Phone receives IP with DHCP option 176 or 242 (usually) which includes option to tag L2 and the VLAN ID.
3] Phone tags packets on VLAN ID received from DHCP and issues new DHCP request.
4] Phone obtains IP on Voice VLAN.

Can you indicate which port a phone is connected to right now, and show us the VLAN config on the switch please?

Author

Commented:
its only the shoretel server, switches that failed to work, the phone were/are ok.

sure:
Running configuration:

; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
mirror-port 5
power-over-ethernet pre-std-detect
qos type-of-service diff-services
timesync sntp
sntp unicast
sntp server priority 1 87.124.126.49
sntp server priority 2 178.79.165.21
time timezone 60
ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip default-gateway 172.19.10.15
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 172.19.10.15
ip routing
interface 1
   name "to HP1910 (top)"
   no power-over-ethernet
   exit
interface 2
   name "tp HP1910 (bottom)"
   no power-over-ethernet
   exit
interface 3
   name "to ASA 5505 fe01"
   no power-over-ethernet
   exit
interface 4
   name "Cisco_AP_172.19.3.20"
   exit
interface 5
   no power-over-ethernet
   exit
interface 6
   no power-over-ethernet
   exit
interface 7
   name "Shoretel E1k"
   speed-duplex 100-full
   exit
interface 8
   name "Shoretel SG90"
   speed-duplex 100-full
   exit
interface 9
   name "Shoretel SG90Bri"
   speed-duplex 100-full
   exit
interface 10
   name "chi-Oaisys"
   exit
interface 11
   name "Shoretel HQ"
   exit
interface 12
   name "Ingate"
   exit
interface 19
   name "Test Phone"
   exit
interface 21
   name ""
   exit
interface 25
   name ""
   exit
interface 31
   name ""
   exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
   name "DEFAULT_VLAN"
   no untagged 7-48
   untagged 1-6
   ip address 172.19.4.5 255.255.0.0
   exit
vlan 20
   name "Voice"
   untagged 7-12
   tagged 13-48
   ip address 172.16.4.5 255.255.0.0
   ip helper-address 172.19.10.17
   ip helper-address 172.19.10.18
   qos dscp 101110
   voice
   exit
no autorun
password manager

Author

Commented:
would the 'primary' vlan setting be an issue?
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
so your saying untag the windows server and tag the other shoretel kit ?
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
all the [phones are working with or without tagging at present.  its more a case of trying to improve quality of the intermittent calls.
so now i have all phones tagged on voice.  all other devices on the voice vlan are untagged.
how do i know if the qos is working?
and why am i getting c150 ping sometimes?
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
ONLY phones should be tagged in the Voice VLAN - everything else that needs to be in the Voice VLAN should be untagged in the Voice VLAN.

Author

Commented:
as it is now then..
still had one complaint earlier though..
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
its calls external over the wan not internal.
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
qos to be setup on wan links.
still not sure if the internal qos and tagging required (especially when losing the shoretel servers/switches) when tagging)
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You don't need to tag packets as they entering port. You can, but it is not needed to do so.
You can set cos or dscp value to packets as they entering a switch (it is recommended to do so, although you still don't need to), to make easier for router to use QoS. You can save some CPU cycles by marking packets on switches, and prioritize traffic related to values that you previously assigned to packets entering switch.

Author

Commented:
okay thanks, all seems a bit 'hit and miss'.
example our remote site with shoretel switch, phones and l3 poe switch hasn't had qos setup since day one.
They route to our HQ over VPN, and they tell me they haven't had any issues with quality.
Our HQ had qos enabled on the switch since the qos issues and it got better (or at least users say it has - since the changes).
Im now in process of getting qos setup on the wan links by our ISP to sure it up...

Doesn't really explain to me why our remote site is working fine...
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
I reviewed my QoS for a few last days (it is incredible how things are fast forgotten). :)
Best way to setup QoS is that you prioritize voice traffic through all of you network (you can enable QoS and tag frames to ensure priority, this is one of the best ways to do that since it is easy for routers to keep track of traffic to prioritize). But, as already is said, place where you need it most is WAN port since there is congestion and you need to have way to prioritize voice traffic.
Your ISP can prioritize your voice traffic if they want to, but  usually ISP don't trust priority markings from companies. On internet there is no guaranties that your traffic will be prioritized, it is best effort traffic.

Don't having problems between HQ and branch office in this case can be type of connection between those two offices. If you have metro ethernet your traffic could be prioritized by ISP between your offices.

I would still tag voice traffic as traffic enters switches (it is Cisco recommendation also), since it it much easier to apply QoS rules when it comes to applying rules. Rule of marking traffic for priority is simple, mark traffic as trusted as close to devices as you can. And most phones usually have its way to mark traffic as CoS 5, so if you trust phone's CoS markings - it is easiest way to implement QoS on LAN (And on LAN usually you have no congestion - so usually QoS is not needed for LAN. And also this is why I said tagged traffic from phones is better CoS (802.1p) is implemented in 802.1q (tagging). There is QoS mechanism for layer 3 (DiffServ), but it is not actually done by phone, so you need to manually mark traffic as criteria on which QoS will later prioritize traffic.). But when traffic leave your network rules are changing since inside your network you have much more throughput than WAN connection has. So, on WAN you need to prioritize voice traffic to other type of traffic that is forwarded from your network (this means a lot of traffic is simply dropped - usually it is best to drop tcp traffic).

PS
At first moment as I read question I thought that you have problem with voice traffic in your office between phones. Later .........  much later .....  I realized that that maybe I don't have good viewing angle, and maybe problem is appearing only when WAN  traffic is involved. After that, when knowing that problem is happening only when calls leave your office solution was obvious.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.