[Asterisk-Users] OT - Cisco IP Phone and PC in diferent
VLANs(with 802.1x)
Joash Herbrink
Joash.Herbrink at Kahuna.nl
Thu Mar 2 11:44:52 MST 2006
Cisco phones act a as a switch.
If you do not use the CDP protocol to "tell" the phone it needs to be in
a special VLAN (802.1q) then it will just use the access port settings
on the switch, and, also allow the PC connected to the 2nd Ethernet port
to have access to the network.
However, if you have an all cisco powered network, with all cisco
phones, I could advise you to use the CDP protocol to allow the phone to
use a special voice vlan.
A config somewhat like this will do that for you.
Make sure the * server has access to the vlan.
This can be done by configuring an access port into the voice vlan, or
to enable 802.1q on the * server.
Anyway, this config will detect (with CDP) that a phone is connected,
and the switchport will go into trunk mode, allow 2 vlan's (802.1q) to
pass through it.
If no phone is detected (or at least no CDP capable device) the switch
will automatically make it an access port, allowing only access to the
native vlan, so, the switch port can be used very dynamically.
Of course you need to define the vlan first, before you can create
configs like this.
Hope this helps,
joash
interface FastEthernet3/1
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
switchport voice vlan 101
qos trust dscp
qos trust extend
spanning-tree portfast trunk
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Greg
Oliver
Sent: Thursday, March 02, 2006 6:24 PM
To: joao.pereira at fccn.pt; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [Asterisk-Users] OT - Cisco IP Phone and PC in diferent
VLANs(with 802.1x)
I have never used a switchport for .1x to a PC connected through a
phone. I would say it probably will not work since it bypasses the idea
of .1x entirely if it does.
You maybe could use it in 802.11 mode, but the phone would probably not
have access until the PC auths (if it would work at all)..
On Thu, 2006-03-02 at 16:51 +0000, Joao Pereira wrote:
> And about the 802.1x ?
> The phones can work as passthrough and force the PC to use 802.1x ?
> What configuration do we put in the switches? Do we put the switch as
> "access" (with 802.1x) or "trunk" (without 802.1x) ?
>
> Thanks
> Joao Pereira
>
>
>
> Greg Oliver wrote:
>
> >It actually depends on the switch model. Some put the port into
> >trunking mode automatically with the sw voi command, and some do not.
> >
> >Hopefully one day Cisco will finally make their own products and
become
> >uniform instead of buying several companies and glue'ing them all
> >together to get an ethernet switch that works. At least they got the
> >routers right :)
> >
> >On Thu, 2006-03-02 at 08:13 -0800, Gary Richardson wrote:
> >
> >
> >>You don't need switchport mode trunk when using switchport voice
> >>vlan..
> >>
> >>On 3/1/06, Nicholas Kathmann
> >><nicholas.kathmann at kathmannconsulting.com> wrote:
> >> Joao Pereira wrote:
> >> > Hello to all
> >> > I would like to know If some of you have already
configured
> >> an Cisco
> >> > IP Phone (7940 or 7960) to work in a different VLAN than
the
> >> PC that
> >> > is connected through the phone switch?
> >> > I know that this can be done with the Skinny firmware, but
I
> >> dont if
> >> > it works with the SIP firmware.
> >> >
> >> > The Cisco technical staff told me that these phones dont
> >> support
> >> > 802.1x but can work as pass-through. This way I can still
> >> use the PCs
> >> > with 802.1x and the phones in the same Ethernet plug.
> >> >
> >> > Did someone made it with the Cisco IP phones? What
> >> configuration do I
> >> > need in the phones and in the switch?
> >> > Thanks
> >> > Joao Pereira
> >> >
> >> If configuring with Cisco switches, I'm pretty sure they
pull
> >> the
> >> information for which VLAN to operate in from the switch.
You
> >> have to
> >> configure the switchports on the Cisco switch like so:
> >>
> >> interface fastethernet 0/1
> >> switchport trunk native vlan <your data vlan>
> >> switchport mode trunk
> >> switchport voice vlan <your voice vlan>
> >> spanning-tree portfast trunk
> >>
> >> etc.
> >>
> >> Thanks,
> >> Nicholas Kathmann, CISSP
> >> Kathmann Consulting, LLC
> >>
> >> _______________________________________________
> >> --Bandwidth and Colocation provided by Easynews.com --
> >>
> >> Asterisk-Users mailing list
> >> To UNSUBSCRIBE or update options visit:
> >> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>_______________________________________________
> >>--Bandwidth and Colocation provided by Easynews.com --
> >>
> >>Asterisk-Users mailing list
> >>To UNSUBSCRIBE or update options visit:
> >> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >
> >_______________________________________________
> >--Bandwidth and Colocation provided by Easynews.com --
> >
> >Asterisk-Users mailing list
> >To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list