Cisco SWITCH Campus VoIP Refresh. Part 2 – Voice VLANs

Voice VLANs

Back in the day, folks used to configure trunks out all the access ports in the switch to provide the ability for the IP Phones to push their voice VLAN data up the link along with the downstream access VLAN data from the PC.

This is a bad thing. I won’t go into it here, but those days are gone. You now use Dual VLANs, Voice VLANs, however you want to describe two VLAN’s only being accepted on an access port.

The idea is that ‘default’ compute data traffic is just assigned to the access VLAN configured on that switch port, and all the voice traffic which is sourced from the phone is punched into the voice VLAN that’s been configured on that switch port thanks to some clever CDP/LLDP communication where amongst other things like power negotiation, the switch informs the phone what it needs to do in terms of 802.1q tagging.

Configuration is particularly simple.

Ensure your switchport is an access port and configure a data VLAN which I hope is not VLAN 1.

SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 22
SW3(config-if)#switchport voice vlan ?
  <1-4094>  Vlan for voice traffic
  dot1p     Priority tagged on PVID
  none      Don't tell telephone about voice vlan
  untagged  Untagged on PVID

To set the voice VLAN, specify a VLAN number, this is by FAR the most common configuration use, and it ends there.

Other options are :
The dot1p option tells the phone to set CoS bits in voice packets while using the data VLAN.
The untagged option tells the phone to use the data VLAN without setting any CoS values.
The none option does what it says on the tin.

There is one other voice VLAN command which is a little obscure but seems to be a protection mechanism

SW3(config-if)#switchport voice detect cisco-phone full-duplex

This command can be entered without the full-duplex keyword.
The best description I can find about this command is that it appears if a device wants to communicate on the voice VLAN is has to have drawn PoE from the switch, speak CDP and be full-duplex.
Without the full-duplex keyword, I think it simply must just have to communicate on the voice VLAN and have drawn PoE from the switch, half-duplex is acceptable.
If these criteria aren’t met, the switchport goes into err-disable.
I guess the summary of that command is that you can’t go plugging anything into the port other than a CDP speaking PoE phone on either half or full duplex.

*Update* I haven’t been able to recreate this using an 1130AG Access Point, an ESXi host and a Switch to Switch link as test devices plugged into access ports.
What does happen however is you get a log message

*Mar  1 00:03:59.066: %CPDE-6-DETECT: Cisco IP Phone 7940 detected on FastEthernet0/24 in full duplex mode

Perhaps this is all it is? You can then use this information to track device usage, deployment from your log aggregation systems. Still, not a feature I’m going to lose sleep over.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s