Book now with code EOY2025
networker050184 wrote: » 1. If all the ports on the unmanaged switch will be in the same VLAN then you can just hook it up to an access port. If you hook it up to a trunk then the native VLAN on that trunk will have to match the single VLAN all devices are in. That kind of defeats the whole purpose of a trunk.
networker050184 wrote: » 2. When you do a switchport with a data VLAN and a voice VLAN you are just making it a trunk anyway. It just relies on CDP to form that trunk with the phone. If they are non Cisco phone you made need to hard code a trunk for it to work properly.
networker050184 wrote: » 3. You technically shouldn't see the non broadcast traffic no matter what your native is. Best practices are to set the native to a non used VLAN, but the vast majority of networks I have seen leave the default native and just do not use VLAN 1 for user or management data.
knwminus wrote: » Ok so if I do switchport mode access and specify my user Vlan on the 3560 then on all of the devices of unmanaged switch will be able to interact with devices on other switches in the same vlan (on managed switches or unmanaged switches) correctly?
knwminus wrote: » Then what's the point of changing the naive Vlan? My understanding is the native vlan is a catch all for all non tagged traffic and such. Lets say I have some traffic that isn't tagged and the native vlan between two ports is like 2 or 15 or whatever. Is that just locally significant? What I mean is, wouldn't it just send that traffic to Vlan 2 or 15 AND all ports belonging to 2 or 15 since it is set to an actively used Vlan? Isn't that the whole point of changing it to an unused vlan? Maybe I'm "corn-fused" but that is my understanding.
networker050184 wrote: » Yep. The point of changing the native VLAN to an unused VLAN is to stop VLAN hopping and to prevent user traffic from interfering with management protocols that use VLAN 1. The native VLAN is only significant on that single trunk you assign it on. Traffic that arrives on the trunk untagged will be assumed to be a part of the native VLAN. It won't allow traffic to bleed over or be a part of two VLANs as you suggested. Something to keep in mind is that tags ONLY exist on trunk ports. The point of the tags are to separate the traffic as it traverses the trunk. The CoS bits are only carried in the tag. This is something that confuses people a lot when they try to implement layer 2 QoS schemes.
Nuul wrote: » A lot of the VoIP phone vendors support CDP now. Polycom is one example, we use them instead of Cisco since we're an I3 shop. They work great with the voice vlan command.
knwminus wrote: » I3 as in Interactions gateway?
knwminus wrote: » We don't want users using the switching feature on the phone. We want them using the data jacks which actually terminate into a different set of switches in our Server Room.
knwminus wrote: » The previous admin had basically every port as a trunk port but I just made the phone ports access ports for only the voice vlan
switchport access vlan [voicevlan] switchport trunk encapsulation dot1q switchport trunk native vlan [datavlan] switchport trunk allowed vlan 1,[datavlan],[voicevlan] switchport mode trunk speed 100 duplex full priority-queue out mls qos trust cos
switchport access vlan [datavlan] switchport voice vlan [voicevlan] speed 100 duplex full priority-queue out mls qos trust cos spanning-tree portfast
Nuul wrote: » ...why? You now have to have double the switch ports for no reason.
Nuul wrote: » I think I know what you're saying. Something like this? switchport access vlan [voicevlan] switchport trunk encapsulation dot1q switchport trunk native vlan [datavlan] switchport trunk allowed vlan 1,[datavlan],[voicevlan] switchport mode trunk speed 100 duplex full priority-queue out mls qos trust cos It's essentially the same thing as this but this is cleaner. switchport access vlan [datavlan] switchport voice vlan [voicevlan] speed 100 duplex full priority-queue out mls qos trust cos spanning-tree portfast
Nuul wrote: » Ah, OK. I saw the unmanged switch comment of yours earlier but it didn't click for some reason. Not having enough managed switches to go around makes a big difference. The reason for the mls qos trust cos command is to tell the switch that you trust the qos markings it sees on that port (basically from the phone). I set that on my port channels going back to the core too.
networker050184 wrote: » The CoS is communicated in the 802.1q header. It has nothing to do with CDP. CDP is only there to recognize the device as a phone. I'm not sure why removing CDP affected that command though. I believe CDP is only used for the trust when you have the mls qos trust device cisco-phone. I could be mistaken though.
networker050184 wrote: » I'm not sure why removing CDP affected that command though.
Nuul wrote: » I think the reason it didn't work was because CDP is used in conjunction with the voice vlan command to make a 2 vlan trunk on that port. No CDP, no trunk. I found this out the hard way when I was going through all our switches and converting the configs from trunks (first example I showed in my post above) to using the voice vlan command.
Use code EOY2025 to receive $250 off your 2025 certification boot camp!
