Configuring Voice VLAN
CHAPTERS
4. Appendix: Default Parameters
The voice VLAN feature is used to prioritize the transmission of voice traffic. Voice traffic is typically more time-sensitive than data traffic, and the voice quality can deteriorate a lot because of packet loss and delay. To ensure the high voice quality, you can configure the voice VLAN and set priority for voice traffic.
Voice VLAN Modes on Ports
A voice VLAN can operate in two modes: manual mode and automatic mode.
Manual mode: This mode is applicable when the switch port forwards voice traffic only. You manually add ports connecting IP phones to the voice VLAN; then the switch will apply priority rules to ensure the high priority of voice traffic.
Figure 1-1 Only Voice Traffic on One Port
Automatic mode: This mode is applicable when voice traffic and data traffic are transmitted on the same switch port. When a port receives a voice packet, the switch automatically adds the port to the voice VLAN and applies priority rules. The switch forwards voice traffic in the voice VLAN and data traffic in other VLANs.
Figure 1-2 Voice Traffic and Data Traffic on the Same Port
OUI Address (Organizationally Unique Identifier Address)
The OUI address is used by the switch to determine whether a packet is a voice packet. An OUI address is the first 24 bits of a MAC address, and is assigned as a unique identifier by IEEE (Institute of Electrical and Electronics Engineers) to a device vendor. If the source MAC address of a packet complies with the OUI addresses in the switch, the switch identifies the packet as a voice packet and prioritizes it in transmission.
To complete the Voice VLAN configuration, follow these steps:
1)Create a VLAN.
2)Configure OUI addresses.
3)Configure Voice VLAN globally.
4)Configure Voice VLAN mode on ports.
Configuration Guidelines
Before configuring voice VLAN, you need to create a VLAN for voice traffic.
VLAN 1 is a default VLAN and cannot be configured as the voice VLAN.
Only one VLAN can be set as the voice VLAN on the switch.
To apply the voice VLAN configuration, you may need to further configure PVID (Port VLAN ID) and the link type of the port which is connected to voice devices. We recommend that you choose the mode according to your needs and configure the port as the following table shows.
Table 2-1Voice VLAN mode and Link Type of the Port
Traffic on One Port |
Voice Traffic Type |
Suggested Mode |
Suggested Link Type and PVID |
Voice traffic and data traffic |
Tagged voice traffic |
Automatic |
PVID cannot be the voice VLAN ID. |
Untagged voice traffic |
Not supported. |
||
Voice traffic only |
Tagged voice traffic |
Manual |
Tagged; PVID configuration is not required. |
Untagged voice traffic |
Untagged; PVID should be the voice VLAN ID. |
Because the voice VLAN in automatic mode supports only tagged voice traffic, you need to make sure traffic from the voice device is tagged. To do so, there are mainly two ways:
»You can configure the voice device to forward traffic with a voice VLAN tag.
»If your switch provides the LLDP-MED feature, you can also configure it to instruct the voice device to send tagged voice traffic.
2.1Using the GUI
2.1.1Configuring OUI Addresses
If the OUI address of your voice device is not in the OUI table, you need to add the OUI address to the table.
Choose the menu QoS > Voice VLAN > OUI Config to load the following page.
Figure 2-1 Configuring OUI Addresses
Follow these steps to add OUI addresses:
1)Enter an OUI address and the corresponding mask, and give a description about the OUI address.
OUI |
Enter the OUI address of your device. |
Mask |
Specify a mask to determine the depth of the OUI that the switch uses to check source addresses of received packets. |
Description |
Give an OUI address description for identification. The length is no more than 16 characters. |
2)Click Create to add an OUI address to the table.
2.1.2Configuring Voice VLAN Globally
Choose the menu QoS > Voice VLAN > Global Config to load the following page.
Figure 2-2 Configuring Voice VLAN Globally
Follow these steps to configure the voice VLAN globally:
1)Enable the voice VLAN feature, and enter a VLAN ID.
VLAN ID |
Specify an existing VLAN as the voice VLAN. |
2)Set the aging time for the voice VLAN.
Aging Time |
Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet. Aging time works only for ports in automatic voice VLAN mode. The range is 1 to 43200 minutes; the default is 1440 minutes. |
3)Specify a priority for the voice VLAN.
Priority |
Specify the priority that will be assigned to voice packets. A bigger value means a higher priority. The range is 0 to 7; the default is 6. This is an IEEE 802.1p priority, and you can further configure its schedule mode if needed. |
4)Click Apply.
2.1.3Configuring Voice VLAN Mode on Ports
Choose the menu QoS > Voice VLAN > Port Config to load the following page.
Figure 2-3 Configuring Voice VLAN Mode on Ports
Follow these steps to configure voice VLAN mode on ports:
1)Select your desired ports and choose the port mode.
Port Mode |
Choose the way of adding the selected ports to the voice VLAN. Auto: When a port receives a voice packet whose resource MAC address matches an OUI address, the switch automatically adds the port to the voice VLAN. If you choose the Auto mode for the selected ports, make sure traffic from your voice device is tagged. Manual: You manually add the ports connecting voice devices to the voice VLAN. |
Member State |
Displays the current state of the ports that are connected to voice devices. Active: The corresponding port is in the voice VLAN. Inactive: The corresponding port is not in the voice VLAN. |
2)Set the security mode for selected ports.
Security Mode |
For packets that will be forwarded in the voice VLAN, you can configure the security mode to prevent malicious traffic with faked voice VLAN tag. For packets to other VLANs, how the switch processes the packets is determined by whether the selected ports permit the VLAN or not, independent of voice VLAN security mode. Disable: For packets to the voice VLAN, the switch does not check the source MAC address and the selected ports forward all these packets in the voice VLAN. The security mode is disabled by default. Enable: For packets to the voice VLAN, the selected ports forward only voice packets whose source MAC addresses match OUI addresses to the voice VLAN, and discard others. We recommend that you do not mix voice traffic with data traffic in the voice VLAN. If necessary, make sure the security mode is disabled. |
3)Click Apply.
2.2Using the CLI
Follow these steps to configure the voice VLAN:
Step 1 |
configure Enter global configuration mode. |
Step 2 |
show voice vlan oui Check whether the OUI address of your voice device is in the OUI table. |
Step 3 |
voice vlan mac-address mac-addr mask mask [ description descript ] If the OUI address of your voice device is not in the OUI table, add the OUI address to the table. mac-addr: Enter the OUI address of your device. mask: Specify a mask to determine the depth of the OUI that the switch uses to check source addresses of received packets. descript: Give an OUI address description for identification. |
Step 4 |
voice vlan priority pri Set the priority for voice packets. pri: Specify the priority that will be tagged on voice packets. A bigger value means a higher priority. The range is 0 to 7; the default is 6. This is an IEEE 802.1p priority, and you can further configure its schedule mode if needed. |
Step 5 |
voice vlan aging time Set the aging time for ports in automatic voice VLAN mode. time: Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet. Aging time works only for ports in automatic voice VLAN mode. The range is 1 to 43200 minutes; the default is 1440 minutes. |
Step 6 |
voice vlan vid Specify an existing VLAN as the voice VLAN. vid : Enter the VLAN ID that you have created for the voice VLAN. |
Step 7 |
interface { fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | port-channel lag-id | range port-channel lag-list } Enter interface configuration mode. port |port-list: The number or the list of the Ethernet port that you want to configure. lag-id |lag-list: The ID or the list of the LAG that you want to configure. |
Step 8 |
switchport voice vlan mode { auto | manual } Choose the way of adding the specified ports to the voice VLAN. auto: The switch automatically adds the specified ports to the voice VLAN when the ports receive voice packets. If you choose the auto mode for the specified ports, make sure traffic from your voice device is tagged. manual: You need to manually add the specified ports to the voice VLAN. |
Step 9 |
switchport voice vlan security Enable the security feature. For packets to the voice VLAN, the selected ports forward only voice packets whose source MAC addresses match OUI addresses to the voice VLAN, and discard others. For packets to other VLANs, how the switch processes the packets is determined by whether the selected ports permit the VLAN or not, independent of voice VLAN security mode. We recommend that you do not mix voice traffic with data traffic in the voice VLAN. If necessary, make sure the security mode is disabled. |
Step 10 |
switchport general allowed vlan vid { tagged | untagged } (For ports in manual voice VLAN mode) Add the specified ports to the voice VLAN. vid: Enter the voice VLAN ID to add the specified ports to the voice VLAN. tagged | untagged: Set the egress rule as tagged or untagged for the specified ports. |
Step 11 |
show voice vlan Verify the global configuration of voice VLAN. |
Step 12 |
show voice vlan switchport Verify the voice VLAN configuration of the ports. |
Step 13 |
end Return to privileged EXEC mode. |
Step 14 |
copy running-config startup-config Save the settings in the configuration file. |
The following example shows how to set port 1/0/1 in manual voice VLAN mode. Configure the switch to forward voice traffic with an IEEE 802.1p priority of 5 and to transmit only voice traffic whose resource MAC address matches an OUI address in the voice VLAN :
Switch#configure
Switch(config)#vlan 10
Switch(config-vlan)#name VoiceVLAN
Switch(config-vlan)#exit
Switch(config)#voice vlan priority 5
Switch(config)#voice vlan 10
Switch(config)#interface gigabitEthernet 1/0/1
Switch(config-if)#switchport voice vlan mode manual
Switch(config-if)#switchport voice vlan security
Switch(config-if)#switchport general allowed vlan 10 untagged
Switch(config-if)#show voice vlan
Voice VLAN status: Enabled
VLAN ID: 10
Aging Time: 1440
Voice Priority: 5
Switch(config-if)#show voice vlan switchport
Port Auto-mode Security State LAG
------ ------------ ------------ ------------ ------
Gi1/0/1 Manual Enabled Active N/A
Gi1/0/2 Auto Disabled Inactive N/A
Gi1/0/3 Auto Disabled Inactive N/A
......
Switch(config-if)#end
Switch#copy running-config startup-config
3.1Network Requirements
The company plans to install IP phones in the office area and the meeting room, and has requirements as follows:
In the office area
»IP phones share switch ports used by computers, because no more ports are available for IP phones.
»Transmit voice traffic in an exclusive path with high quality.
»Avoid attacks from malicious data flows.
In the meeting room
»Transmit voice traffic in an exclusive path with high quality.
»Avoid attacks from malicious data flows.
3.2Configuration Scheme
In the office area, IP phones share the same ports of the switch with computers and therefore occupy no more ports. To separate voice traffic from data traffic, configure LLDP-MED to instruct IP Phones to send traffic with the voice VLAN tag. Voice traffic is transmitted in the voice VLAN, and data traffic is transmitted in the default VLAN. Set ports that are connected to IP phones in automatic voice VLAN mode. Meanwhile, configure the voice VLAN to work in security mode and to forward only legal voice packets.
In the meeting room, the switch provides dedicated connections to IP phones. In this situation, IP phones do not need to send traffic with the voice VLAN tag. Set ports that are connected to IP phones in manual voice VLAN mode. Meanwhile, configure the voice VLAN to work in security mode and to forward only legal voice packets.
To ensure the high quality of voice traffic, configure all devices along the path to keep the priority of voice traffic and to coordinate with the voice VLAN configuration.
3.3 Network Topology
In the office area, IP phones are added to ports that are connected to computers on Switch A. These ports use the voice VLAN for voice traffic, and the default VLAN for data traffic.
In the meeting room, computers and IP phones are connected to different ports of Switch B. Ports connected to IP phones use the voice VLAN for voice traffic, and ports connected to computers use the default VLAN for data traffic.
Voice traffics from Switch A and Switch B are forwarded to voice gateway and Internet through Switch C.
Figure 3-1 Network Topology
Demonstrated with T2600G-28TS, this chapter provides configuration procedures in two ways: using the GUI and using the CLI.
3.4Using the GUI
Configurations for Switch A
1)Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of port1/0/1-2 as General, and click Apply.
Figure 3-2 Configuring the Link Type of port 1/0/1-2
2)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10, and click Apply.
Figure 3-3 Creating a VLAN
3)Choose the menu QoS > Voice VLAN > Global Config to load the following page. Enable voice VLAN, enter 10 in the VLAN ID field and set aging time as 1440 minutes and priority as 6. Then click Apply.
Figure 3-4 Configuring Voice VLAN Globally
4)Choose the menu QoS > Voice VLAN > Port Config to load the following page. Select port 1/0/1, choose auto mode and enable security mode. Select port 1/0/2 and choose manual mode. Click Apply.
Figure 3-5 Configuring Voice VLAN Mode on Port 1/0/1
Figure 3-6 Configuring Voice VLAN Mode on Port 1/0/2
5)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and edit VLAN 10 to load the following page. Add port 1/0/2 to the voice VLAN.
Figure 3-7 Adding Port 1/0/2 to the Voice VLAN
6)Choose the menu LLDP > Basic Config> Global Config to load the following page. Enable LLDP globally.
Figure 3-8 Enabling LLDP Globally
7)Choose the menu LLDP > LLDP-MED> Global Config to load the following page. Set fast start count as 4.
Figure 3-9 Configuring LLDP-MED Globally
8)Choose the menu LLDP > LLDP-MED> Port Config to load the following page. Enable LLDP-MED on port 1/0/1.
Figure 3-10 Configuring LLDP-MED on Ports
Click Detail of port1/0/1 to load the following page. Configure the TLV information which will be carried in LLDP-MED frames and sent out by port 1/0/1. Select all TLVs, and configure location identification parameters.
Figure 3-11 Configuring TLVs
9)Click Save Config to save the settings.
Configurations for Switch B
1)Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the link type of ports 1/0/1-3 as General.
Figure 3-12 Configuring the Link Type of port 1/0/1-3
2)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10.
Figure 3-13 Creating a VLAN
3)Choose the menu QoS > Voice VLAN > Global Config to load the following page. Enable voice VLAN, enter 10 in the VLAN ID field and set priority as 6.
Figure 3-14 Configuring Voice VLAN Globally
4)Choose the menu QoS > Voice VLAN > Port Config to load the following page. Select ports 1/0/1-3, choose manual mode and enable security mode. Click Apply.
Figure 3-15 Configuring Voice VLAN Mode on Ports
5)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and edit VLAN 10 to load the following page. Add ports 1/0/1-3 to the voice VLAN. Click Apply.
Figure 3-16 Adding Ports to the Voice VLAN
6)Click Save Config to save the settings.
Configurations for Switch C
1)Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the link type of ports 1/0/1-3 as General. Click Apply.
Figure 3-17 Configuring the Link Type of port 1/0/1-3
2)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10 and add ports 1/0/1-3 as tagged ports to the VLAN. Click Apply.
Figure 3-18 Creating a VLAN and Adding Ports to the VLAN
3)Click Save Config to save the settings.
3.5Using the CLI
Configurations for Switch A
1)Configure the link type of ports 1/0/1-2 as General.
Switch_A#configure
Switch_A(config)#interface range gigabitEthernet 1/0/1-2
Switch_A(config-if-range)#switchport mode general
Switch_A(config-if-range)#exit
2)Create VLAN 10.
Switch_A(config)#vlan 10
Switch_A(config-vlan)#name VoiceVLAN
Switch_A(config-vlan)#exit
3)Configure the aging time as 1440 minutes for port in automatic voice VLAN mode, and set the 802.1p priority of voice packets as 6. Set VLAN 10 as the voice VLAN.
Switch_A(config)#voice vlan aging 1440
Switch_A(config)#voice vlan priority 6
Switch_A(config)#voice vlan 10
4)Configure port 1/0/1 to automatic voice VLAN mode and enable security mode.
Switch_A(config)#interface gigabitEthernet 1/0/1
Switch_A(config-if)#switchport voice vlan mode auto
Switch_A(config-if)#switchport voice vlan security
Switch_A(config-if)#exit
5)Configure port 1/0/2 to manual voice VLAN mode, and add it to the voice VLAN as a tagged port.
Switch_A(config)#interface gigabitEthernet 1/0/2
Switch_A(config-if)#switchport voice vlan mode manual
Switch_A(config-if)#switchport general allowed vlan 10 tagged
Switch_A(config-if)#exit
6)Enable LLDP globally and set the fast start count of LLDP-MED frame as 4.
Switch_A(config)#lldp
Switch_A(config)# lldp med-fast-count 4
7)Enable the LLDP-MED feature on port 1/0/1.
Switch_A(config)#interface gigabitEthernet 1/0/1
Switch_A(config-if)#lldp med-status
8)Select all MED TLVs to be carried in LLDP frames and sent out by port 1/0/1.
Switch_A(config-if)#lldp med-tlv-select all
9)Configure the location identification parameters for the IP phone on port 1/0/1.
Switch(config-if)#lldp med-location civic-address language English lci-city Vancouver street X _east_hastings_street postal-zipcode V6A1P9
Switch_A(config-if)#end
Switch_A#copy running-config startup-config
Configurations for Switch B
1)Create VLAN 10.
Switch_B#configure
Switch_B(config)#vlan 10
Switch_B(config-vlan)#name VoiceVLAN
Switch_B(config-vlan)#exit
2)Set the 802.1p priority of voice packets as 6 and VLAN 10 as the voice VLAN.
Switch_B(config)#voice vlan priority 6
Switch_B(config)#voice vlan 10
3)Configure ports 1/0/1-3 to manual voice VLAN mode and enable security mode.
Switch_B(config)#interface range gigabitEthernet 1/0/1-3
Switch_B(config-if-range)#switchport voice vlan mode manual
Switch_B(config-if-range)#switchport voice vlan security
Switch_B(config-if-range)#exit
4)For ports 1/0/1-2, set the link type as General and the egress rule as Untagged, and add them to the Voice VLAN.
Switch_B(config)#interface range gigabitEthernet 1/0/1-2
Switch_B(config-if-range)#switchport mode general
Switch_B(config-if-range)#switchport general vlan 10 untagged
Switch_B(config-if-range)#exit
5)For ports 1/0/3, set the link type as General and the egress rule as Tagged, and add them to the Voice VLAN.
Switch_B(config)#interface gigabitEthernet 1/0/3
Switch_B(config-if)#switchport mode general
Switch_B(config-if)#switchport general allowed vlan 10 tagged
Switch_B(config-if)#end
Switch_B#copy running-config startup-config
Configurations for Switch C
1)Create VLAN 10.
Switch_C#configure
Switch_C(config)#vlan 10
Switch_C(config-vlan)#name VoiceVLAN
Switch_C(config-vlan)#exit
2)For ports 1/0/1-3, set the link type as General and the egress rule as Tagged, and add them to the Voice VLAN.
Switch_C(config)#interface range gigabitEthernet 1/0/1-3
Switch_C(config-if-range)#switchport mode general
Switch_C(config-if-range)#switchport general allowed vlan 10 tagged
Switch_C(config-if-range)#end
Switch_C#copy running-config startup-config
Verify the Configurations
Switch A
Verify the global configuration of voice VLAN:
Switch_A#show voice vlan
Voice VLAN status: Enabled
VLAN ID: 10
Aging Time: 1440
Voice Priority: 6
Verify the voice VLAN configuration on the ports:
Switch_A#show voice vlan switchport
Port Auto-mode Security State LAG
------ ------------ ---------- ---------- ------
Gi1/0/1 Auto Enabled Inactive N/A
Gi1/0/2 Manual Disabled Active N/A
Gi1/0/3 Auto Disabled Inactive N/A
......
Switch B
Verify the global configuration of voice VLAN:
Switch_B#show voice vlan
Voice VLAN status: Enabled
VLAN ID: 10
Aging Time: 1440
Voice Priority: 6
Verify the voice VLAN configuration on the ports:
Switch_B#show voice vlan switchport
Port Auto-mode Security State LAG
------ ---------- ------------ --------- ------
Gi1/0/1 Manual Enabled Active N/A
Gi1/0/2 Manual Enabled Active N/A
Gi1/0/3 Manual Enabled Active N/A
......
Switch C
Verify the voice VLAN configuration for VLAN 10:
Switch_C#show vlan id 10
VLAN Name Status Ports
----- ---------------- --------- ---------------------------------
10 VoiceVlan active Gi1/0/1, Gi1/0/2, Gi1/0/3
Default settings of voice VLAN are listed in the following tables.
Table 4-1Default Settings of Global Configuration
Parameter |
Default Setting |
Voice VLAN |
Disable |
VLAN ID |
None |
Aging Time |
1440 minutes |
Priority |
6 |
Table 4-2Default Settings of Port Configuration
Parameter |
Default Setting |
Port Mode |
Auto |
Security Mode |
Disable |
Member State |
Inactive |
Table 4-3Entries in the OUI Table
OUI |
MASK |
Description |
00-01-e3-00-00-00 |
ff-ff-ff-00-00-00 |
Siemens Phone |
00-03-6b-00-00-00 |
ff-ff-ff-00-00-00 |
Cisco Phone |
00-04-0d-00-00-00 |
ff-ff-ff-00-00-00 |
Avaya Phone |
00-60-b9-00-00-00 |
ff-ff-ff-00-00-00 |
Philips Phone |
00-d0-1e-00-00-00 |
ff-ff-ff-00-00-00 |
Pingtel Phone |
00-e0-75-00-00-00 |
ff-ff-ff-00-00-00 |
PolyCom Phone |
00-e0-bb-00-00-00 |
ff-ff-ff-00-00-00 |
3Com Phone |