Configuring Voice VLAN

CHAPTERS

1. Overview

2. Voice VLAN Configuration

3. Configuration Example

4. Appendix: Default Parameters

1Overview

The voice VLAN feature is used to prioritize the transmission of voice traffic. Voice traffic is typically more time-sensitive than data traffic, and the voice quality can deteriorate a lot because of packet loss and delay. To ensure the high voice quality, you can configure the voice VLAN and set priority for voice traffic.

Voice VLAN Modes on Ports

A voice VLAN can operate in two modes: manual mode and automatic mode.

Manual mode: This mode is applicable when the switch port forwards voice traffic only. You manually add ports connecting IP phones to the voice VLAN; then the switch will apply priority rules to ensure the high priority of voice traffic.

Figure 1-1 Only Voice Traffic on One Port

Automatic mode: This mode is applicable when voice traffic and data traffic are transmitted on the same switch port. When a port receives a voice packet, the switch automatically adds the port to the voice VLAN and applies priority rules. The switch forwards voice traffic in the voice VLAN and data traffic in other VLANs.

Figure 1-2 Voice Traffic and Data Traffic on the Same Port

OUI Address (Organizationally Unique Identifier Address)

The OUI address is used by the switch to determine whether a packet is a voice packet. An OUI address is the first 24 bits of a MAC address, and is assigned as a unique identifier by IEEE (Institute of Electrical and Electronics Engineers) to a device vendor. If the source MAC address of a packet complies with the OUI addresses in the switch, the switch identifies the packet as a voice packet and prioritizes it in transmission.

2Voice VLAN Configuration

To complete the Voice VLAN configuration, follow these steps:

1)Create a VLAN.

2)Configure OUI addresses.

3)Configure Voice VLAN globally.

4)Configure Voice VLAN mode on ports.

Configuration Guidelines

Before configuring voice VLAN, you need to create a VLAN for voice traffic.

VLAN 1 is a default VLAN and cannot be configured as the voice VLAN.

Only one VLAN can be set as the voice VLAN on the switch.

To apply the voice VLAN configuration, you may need to further configure PVID (Port VLAN ID) and the link type of the port which is connected to voice devices. We recommend that you choose the mode according to your needs and configure the port as the following table shows.

Table 2-1Voice VLAN mode and Link Type of the Port

Traffic on One Port

Voice Traffic Type

Suggested Mode

Suggested Link Type and PVID

Voice traffic and data traffic

Tagged voice traffic

Automatic

PVID cannot be the voice VLAN ID.

Untagged voice traffic

Not supported.

Voice traffic only

Tagged voice traffic

Manual

Tagged; PVID configuration is not required.

Untagged voice traffic

Untagged; PVID should be the voice VLAN ID.

Because the voice VLAN in automatic mode supports only tagged voice traffic, you need to make sure traffic from the voice device is tagged. To do so, there are mainly two ways:

»You can configure the voice device to forward traffic with a voice VLAN tag.

»If your switch provides the LLDP-MED feature, you can also configure it to instruct the voice device to send tagged voice traffic.

2.1Using the GUI

2.1.1Configuring OUI Addresses

If the OUI address of your voice device is not in the OUI table, you need to add the OUI address to the table.

Choose the menu QoS > Voice VLAN > OUI Config to load the following page.

Figure 2-1 Configuring OUI Addresses

Follow these steps to add OUI addresses:

1)Enter an OUI address and the corresponding mask, and give a description about the OUI address.

OUI

Enter the OUI address of your device.

Mask

Specify a mask to determine the depth of the OUI that the switch uses to check source addresses of received packets.

Description

Give an OUI address description for identification. The length is no more than 16 characters.

2)Click Create to add an OUI address to the table.

2.1.2Configuring Voice VLAN Globally

Choose the menu QoS > Voice VLAN > Global Config to load the following page.

Figure 2-2 Configuring Voice VLAN Globally

Follow these steps to configure the voice VLAN globally:

1)Enable the voice VLAN feature, and enter a VLAN ID.

VLAN ID

Specify an existing VLAN as the voice VLAN.

2)Set the aging time for the voice VLAN.

Aging Time

Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet. Aging time works only for ports in automatic voice VLAN mode. The range is 1 to 43200 minutes; the default is 1440 minutes.

3)Specify a priority for the voice VLAN.

Priority

Specify the priority that will be assigned to voice packets. A bigger value means a higher priority. The range is 0 to 7; the default is 6.

This is an IEEE 802.1p priority, and you can further configure its schedule mode if needed.

4)Click Apply.

2.1.3Configuring Voice VLAN Mode on Ports

Choose the menu QoS > Voice VLAN > Port Config to load the following page.

Figure 2-3 Configuring Voice VLAN Mode on Ports

Follow these steps to configure voice VLAN mode on ports:

1)Select your desired ports and choose the port mode.

Port Mode

Choose the way of adding the selected ports to the voice VLAN.

Auto: When a port receives a voice packet whose resource MAC address matches an OUI address, the switch automatically adds the port to the voice VLAN.

If you choose the Auto mode for the selected ports, make sure traffic from your voice device is tagged.

Manual: You manually add the ports connecting voice devices to the voice VLAN.

Member State

Displays the current state of the ports that are connected to voice devices.

Active: The corresponding port is in the voice VLAN.

Inactive: The corresponding port is not in the voice VLAN.

2)Set the security mode for selected ports.

Security Mode

For packets that will be forwarded in the voice VLAN, you can configure the security mode to prevent malicious traffic with faked voice VLAN tag.

For packets to other VLANs, how the switch processes the packets is determined by whether the selected ports permit the VLAN or not, independent of voice VLAN security mode.

Disable: For packets to the voice VLAN, the switch does not check the source MAC address and the selected ports forward all these packets in the voice VLAN. The security mode is disabled by default.

Enable: For packets to the voice VLAN, the selected ports forward only voice packets whose source MAC addresses match OUI addresses to the voice VLAN, and discard others.

We recommend that you do not mix voice traffic with data traffic in the voice VLAN. If necessary, make sure the security mode is disabled.

3)Click Apply.

2.2Using the CLI

Follow these steps to configure the voice VLAN:

Step 1

configure

Enter global configuration mode.

Step 2

show voice vlan oui

Check whether the OUI address of your voice device is in the OUI table.

Step 3

voice vlan mac-address mac-addr mask mask [ description descript ]

If the OUI address of your voice device is not in the OUI table, add the OUI address to the table.

mac-addr: Enter the OUI address of your device.

mask: Specify a mask to determine the depth of the OUI that the switch uses to check source addresses of received packets.

descript: Give an OUI address description for identification.

Step 4

voice vlan priority pri

Set the priority for voice packets.

pri: Specify the priority that will be tagged on voice packets. A bigger value means a higher priority. The range is 0 to 7; the default is 6. This is an IEEE 802.1p priority, and you can further configure its schedule mode if needed.

Step 5

voice vlan aging time

Set the aging time for ports in automatic voice VLAN mode.

time: Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet. Aging time works only for ports in automatic voice VLAN mode. The range is 1 to 43200 minutes; the default is 1440 minutes.

Step 6

voice vlan vid

Specify an existing VLAN as the voice VLAN.

vid : Enter the VLAN ID that you have created for the voice VLAN.

Step 7

interface { fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | port-channel lag-id | range port-channel lag-list }

Enter interface configuration mode.

port |port-list: The number or the list of the Ethernet port that you want to configure.

lag-id |lag-list: The ID or the list of the LAG that you want to configure.

Step 8

switchport voice vlan mode { auto | manual }

Choose the way of adding the specified ports to the voice VLAN.

auto: The switch automatically adds the specified ports to the voice VLAN when the ports receive voice packets. If you choose the auto mode for the specified ports, make sure traffic from your voice device is tagged.

manual: You need to manually add the specified ports to the voice VLAN.

Step 9

switchport voice vlan security

Enable the security feature.

For packets to the voice VLAN, the selected ports forward only voice packets whose source MAC addresses match OUI addresses to the voice VLAN, and discard others. For packets to other VLANs, how the switch processes the packets is determined by whether the selected ports permit the VLAN or not, independent of voice VLAN security mode.

We recommend that you do not mix voice traffic with data traffic in the voice VLAN. If necessary, make sure the security mode is disabled.

Step 10

switchport general allowed vlan vid { tagged | untagged }

(For ports in manual voice VLAN mode) Add the specified ports to the voice VLAN.

vid: Enter the voice VLAN ID to add the specified ports to the voice VLAN.

tagged | untagged: Set the egress rule as tagged or untagged for the specified ports.

Step 11

show voice vlan

Verify the global configuration of voice VLAN.

Step 12

show voice vlan switchport

Verify the voice VLAN configuration of the ports.

Step 13

end

Return to privileged EXEC mode.

Step 14

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set port 1/0/1 in manual voice VLAN mode. Configure the switch to forward voice traffic with an IEEE 802.1p priority of 5 and to transmit only voice traffic whose resource MAC address matches an OUI address in the voice VLAN :

Switch#configure

Switch(config)#vlan 10

Switch(config-vlan)#name VoiceVLAN

Switch(config-vlan)#exit

Switch(config)#voice vlan priority 5

Switch(config)#voice vlan 10

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#switchport voice vlan mode manual

Switch(config-if)#switchport voice vlan security

Switch(config-if)#switchport general allowed vlan 10 untagged

Switch(config-if)#show voice vlan

Voice VLAN status: Enabled

VLAN ID: 10

Aging Time: 1440

Voice Priority: 5

Switch(config-if)#show voice vlan switchport

Port Auto-mode Security State LAG

------ ------------ ------------ ------------ ------

Gi1/0/1 Manual Enabled Active N/A

Gi1/0/2 Auto Disabled Inactive N/A

Gi1/0/3 Auto Disabled Inactive N/A

......

Switch(config-if)#end

Switch#copy running-config startup-config

3Configuration Example

3.1Network Requirements

The company plans to install IP phones in the office area and the meeting room, and has requirements as follows:

In the office area

»IP phones share switch ports used by computers, because no more ports are available for IP phones.

»Transmit voice traffic in an exclusive path with high quality.

»Avoid attacks from malicious data flows.

In the meeting room

»Transmit voice traffic in an exclusive path with high quality.

»Avoid attacks from malicious data flows.

3.2Configuration Scheme

In the office area, IP phones share the same ports of the switch with computers and therefore occupy no more ports. To separate voice traffic from data traffic, configure LLDP-MED to instruct IP Phones to send traffic with the voice VLAN tag. Voice traffic is transmitted in the voice VLAN, and data traffic is transmitted in the default VLAN. Set ports that are connected to IP phones in automatic voice VLAN mode. Meanwhile, configure the voice VLAN to work in security mode and to forward only legal voice packets.

In the meeting room, the switch provides dedicated connections to IP phones. In this situation, IP phones do not need to send traffic with the voice VLAN tag. Set ports that are connected to IP phones in manual voice VLAN mode. Meanwhile, configure the voice VLAN to work in security mode and to forward only legal voice packets.

To ensure the high quality of voice traffic, configure all devices along the path to keep the priority of voice traffic and to coordinate with the voice VLAN configuration.

3.3 Network Topology

In the office area, IP phones are added to ports that are connected to computers on Switch A. These ports use the voice VLAN for voice traffic, and the default VLAN for data traffic.

In the meeting room, computers and IP phones are connected to different ports of Switch B. Ports connected to IP phones use the voice VLAN for voice traffic, and ports connected to computers use the default VLAN for data traffic.

Voice traffics from Switch A and Switch B are forwarded to voice gateway and Internet through Switch C.

Figure 3-1 Network Topology

Demonstrated with T2600G-28TS, this chapter provides configuration procedures in two ways: using the GUI and using the CLI.

3.4Using the GUI

Configurations for Switch A

1)Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of port1/0/1-2 as General, and click Apply.

Figure 3-2 Configuring the Link Type of port 1/0/1-2

2)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10, and click Apply.

Figure 3-3 Creating a VLAN

3)Choose the menu QoS > Voice VLAN > Global Config to load the following page. Enable voice VLAN, enter 10 in the VLAN ID field and set aging time as 1440 minutes and priority as 6. Then click Apply.

Figure 3-4 Configuring Voice VLAN Globally

4)Choose the menu QoS > Voice VLAN > Port Config to load the following page. Select port 1/0/1, choose auto mode and enable security mode. Select port 1/0/2 and choose manual mode. Click Apply.

Figure 3-5 Configuring Voice VLAN Mode on Port 1/0/1

Figure 3-6 Configuring Voice VLAN Mode on Port 1/0/2

5)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and edit VLAN 10 to load the following page. Add port 1/0/2 to the voice VLAN.

Figure 3-7 Adding Port 1/0/2 to the Voice VLAN

6)Choose the menu LLDP > Basic Config> Global Config to load the following page. Enable LLDP globally.

Figure 3-8 Enabling LLDP Globally

7)Choose the menu LLDP > LLDP-MED> Global Config to load the following page. Set fast start count as 4.

Figure 3-9 Configuring LLDP-MED Globally

8)Choose the menu LLDP > LLDP-MED> Port Config to load the following page. Enable LLDP-MED on port 1/0/1.

Figure 3-10 Configuring LLDP-MED on Ports

Click Detail of port1/0/1 to load the following page. Configure the TLV information which will be carried in LLDP-MED frames and sent out by port 1/0/1. Select all TLVs, and configure location identification parameters.

Figure 3-11 Configuring TLVs

9)Click Save Config to save the settings.

Configurations for Switch B

1)Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the link type of ports 1/0/1-3 as General.

Figure 3-12 Configuring the Link Type of port 1/0/1-3

2)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10.

Figure 3-13 Creating a VLAN

3)Choose the menu QoS > Voice VLAN > Global Config to load the following page. Enable voice VLAN, enter 10 in the VLAN ID field and set priority as 6.

Figure 3-14 Configuring Voice VLAN Globally

4)Choose the menu QoS > Voice VLAN > Port Config to load the following page. Select ports 1/0/1-3, choose manual mode and enable security mode. Click Apply.

Figure 3-15 Configuring Voice VLAN Mode on Ports

5)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and edit VLAN 10 to load the following page. Add ports 1/0/1-3 to the voice VLAN. Click Apply.

Figure 3-16 Adding Ports to the Voice VLAN

6)Click Save Config to save the settings.

Configurations for Switch C

1)Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the link type of ports 1/0/1-3 as General. Click Apply.

Figure 3-17 Configuring the Link Type of port 1/0/1-3

2)Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10 and add ports 1/0/1-3 as tagged ports to the VLAN. Click Apply.

Figure 3-18 Creating a VLAN and Adding Ports to the VLAN

3)Click Save Config to save the settings.

3.5Using the CLI

Configurations for Switch A

1)Configure the link type of ports 1/0/1-2 as General.

Switch_A#configure

Switch_A(config)#interface range gigabitEthernet 1/0/1-2

Switch_A(config-if-range)#switchport mode general

Switch_A(config-if-range)#exit

2)Create VLAN 10.

Switch_A(config)#vlan 10

Switch_A(config-vlan)#name VoiceVLAN

Switch_A(config-vlan)#exit

3)Configure the aging time as 1440 minutes for port in automatic voice VLAN mode, and set the 802.1p priority of voice packets as 6. Set VLAN 10 as the voice VLAN.

Switch_A(config)#voice vlan aging 1440

Switch_A(config)#voice vlan priority 6

Switch_A(config)#voice vlan 10

4)Configure port 1/0/1 to automatic voice VLAN mode and enable security mode.

Switch_A(config)#interface gigabitEthernet 1/0/1

Switch_A(config-if)#switchport voice vlan mode auto

Switch_A(config-if)#switchport voice vlan security

Switch_A(config-if)#exit

5)Configure port 1/0/2 to manual voice VLAN mode, and add it to the voice VLAN as a tagged port.

Switch_A(config)#interface gigabitEthernet 1/0/2

Switch_A(config-if)#switchport voice vlan mode manual

Switch_A(config-if)#switchport general allowed vlan 10 tagged

Switch_A(config-if)#exit

6)Enable LLDP globally and set the fast start count of LLDP-MED frame as 4.

Switch_A(config)#lldp

Switch_A(config)# lldp med-fast-count 4

7)Enable the LLDP-MED feature on port 1/0/1.

Switch_A(config)#interface gigabitEthernet 1/0/1

Switch_A(config-if)#lldp med-status

8)Select all MED TLVs to be carried in LLDP frames and sent out by port 1/0/1.

Switch_A(config-if)#lldp med-tlv-select all

9)Configure the location identification parameters for the IP phone on port 1/0/1.

Switch(config-if)#lldp med-location civic-address language English lci-city Vancouver street X _east_hastings_street postal-zipcode V6A1P9

Switch_A(config-if)#end

Switch_A#copy running-config startup-config

Configurations for Switch B

1)Create VLAN 10.

Switch_B#configure

Switch_B(config)#vlan 10

Switch_B(config-vlan)#name VoiceVLAN

Switch_B(config-vlan)#exit

2)Set the 802.1p priority of voice packets as 6 and VLAN 10 as the voice VLAN.

Switch_B(config)#voice vlan priority 6

Switch_B(config)#voice vlan 10

3)Configure ports 1/0/1-3 to manual voice VLAN mode and enable security mode.

Switch_B(config)#interface range gigabitEthernet 1/0/1-3

Switch_B(config-if-range)#switchport voice vlan mode manual

Switch_B(config-if-range)#switchport voice vlan security

Switch_B(config-if-range)#exit

4)For ports 1/0/1-2, set the link type as General and the egress rule as Untagged, and add them to the Voice VLAN.

Switch_B(config)#interface range gigabitEthernet 1/0/1-2

Switch_B(config-if-range)#switchport mode general

Switch_B(config-if-range)#switchport general vlan 10 untagged

Switch_B(config-if-range)#exit

5)For ports 1/0/3, set the link type as General and the egress rule as Tagged, and add them to the Voice VLAN.

Switch_B(config)#interface gigabitEthernet 1/0/3

Switch_B(config-if)#switchport mode general

Switch_B(config-if)#switchport general allowed vlan 10 tagged

Switch_B(config-if)#end

Switch_B#copy running-config startup-config

Configurations for Switch C

1)Create VLAN 10.

Switch_C#configure

Switch_C(config)#vlan 10

Switch_C(config-vlan)#name VoiceVLAN

Switch_C(config-vlan)#exit

2)For ports 1/0/1-3, set the link type as General and the egress rule as Tagged, and add them to the Voice VLAN.

Switch_C(config)#interface range gigabitEthernet 1/0/1-3

Switch_C(config-if-range)#switchport mode general

Switch_C(config-if-range)#switchport general allowed vlan 10 tagged

Switch_C(config-if-range)#end

Switch_C#copy running-config startup-config

Verify the Configurations

Switch A

Verify the global configuration of voice VLAN:

Switch_A#show voice vlan

Voice VLAN status: Enabled

VLAN ID: 10

Aging Time: 1440

Voice Priority: 6

Verify the voice VLAN configuration on the ports:

Switch_A#show voice vlan switchport

Port Auto-mode Security State LAG

------ ------------ ---------- ---------- ------

Gi1/0/1 Auto Enabled Inactive N/A

Gi1/0/2 Manual Disabled Active N/A

Gi1/0/3 Auto Disabled Inactive N/A

......

Switch B

Verify the global configuration of voice VLAN:

Switch_B#show voice vlan

Voice VLAN status: Enabled

VLAN ID: 10

Aging Time: 1440

Voice Priority: 6

Verify the voice VLAN configuration on the ports:

Switch_B#show voice vlan switchport

Port Auto-mode Security State LAG

------ ---------- ------------ --------- ------

Gi1/0/1 Manual Enabled Active N/A

Gi1/0/2 Manual Enabled Active N/A

Gi1/0/3 Manual Enabled Active N/A

......

Switch C

Verify the voice VLAN configuration for VLAN 10:

Switch_C#show vlan id 10

VLAN Name Status Ports

----- ---------------- --------- ---------------------------------

10 VoiceVlan active Gi1/0/1, Gi1/0/2, Gi1/0/3

4Appendix: Default Parameters

Default settings of voice VLAN are listed in the following tables.

Table 4-1Default Settings of Global Configuration

Parameter

Default Setting

Voice VLAN

Disable

VLAN ID

None

Aging Time

1440 minutes

Priority

6

Table 4-2Default Settings of Port Configuration

Parameter

Default Setting

Port Mode

Auto

Security Mode

Disable

Member State

Inactive

Table 4-3Entries in the OUI Table

OUI

MASK

Description

00-01-e3-00-00-00

ff-ff-ff-00-00-00

Siemens Phone

00-03-6b-00-00-00

ff-ff-ff-00-00-00

Cisco Phone

00-04-0d-00-00-00

ff-ff-ff-00-00-00

Avaya Phone

00-60-b9-00-00-00

ff-ff-ff-00-00-00

Philips Phone

00-d0-1e-00-00-00

ff-ff-ff-00-00-00

Pingtel Phone

00-e0-75-00-00-00

ff-ff-ff-00-00-00

PolyCom Phone

00-e0-bb-00-00-00

ff-ff-ff-00-00-00

3Com Phone