What are reasons to configure a Voice VLAN using the Auxillary VLAN feature instead of a Trunk + Native vLAN
Imagine this topology:
[PC] ------- [VOIP Phone] ------- [eth0/0 on a Switch]
And this configuration on the switch:
vlan 22
name DATA
vlan 33
name VOICE
There are two ways to have both the PC's traffic and the VOIP phone's traffic "arrive" on eth0/0 in distinct VLANs. 1. Use a Trunk port, 2. Use the Auxillary VLAN feature".
Option 1:
int eth0/0
switchport mode trunk
switchport trunk native vlan 22
switchport trunk allowed vlan 22,33
Option 2:
int eth0/0
switchport mode access
switchport access vlan 22
switchport voice vlan 33
The net effect of either of these is the same untagged traffic from the PC arrives and is accepted into VLAN 22 (the data VLAN), and tagged traffic from the VOIP phone arrives and is accepted into VLAN 33.
My question:
What are the benefits of using Option 1 or Option 2? What reasons exist that make either of these better than the other?
switch vlan switching trunk voice
edited yesterday
Ron Maupin♦
64.2k1367120
asked yesterday
rsicrsic
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Imagine this topology:
[PC] ------- [VOIP Phone] ------- [eth0/0 on a Switch]
And this configuration on the switch:
vlan 22
name DATA
vlan 33
name VOICE
There are two ways to have both the PC's traffic and the VOIP phone's traffic "arrive" on eth0/0 in distinct VLANs. 1. Use a Trunk port, 2. Use the Auxillary VLAN feature".
Option 1:
int eth0/0
switchport mode trunk
switchport trunk native vlan 22
switchport trunk allowed vlan 22,33
Option 2:
int eth0/0
switchport mode access
switchport access vlan 22
switchport voice vlan 33
The net effect of either of these is the same untagged traffic from the PC arrives and is accepted into VLAN 22 (the data VLAN), and tagged traffic from the VOIP phone arrives and is accepted into VLAN 33.
My question:
What are the benefits of using Option 1 or Option 2? What reasons exist that make either of these better than the other?
switch vlan switching trunk voice
edited yesterday
Ron Maupin♦
64.2k1367120
asked yesterday
rsicrsic
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
with option 2 you can use "spanning-tree portfast edge" as a global command to enable Portfast on all "switchport mode access" ports. Enabling "spanning-tree portfast trunk" with Option1 will set your edge-ports to portfast, but also the Trunks to your upstream switches which might be an unwanted option.
– gondrom
yesterday
add a comment |
Imagine this topology:
[PC] ------- [VOIP Phone] ------- [eth0/0 on a Switch]
And this configuration on the switch:
vlan 22
name DATA
vlan 33
name VOICE
There are two ways to have both the PC's traffic and the VOIP phone's traffic "arrive" on eth0/0 in distinct VLANs. 1. Use a Trunk port, 2. Use the Auxillary VLAN feature".
Option 1:
int eth0/0
switchport mode trunk
switchport trunk native vlan 22
switchport trunk allowed vlan 22,33
Option 2:
int eth0/0
switchport mode access
switchport access vlan 22
switchport voice vlan 33
The net effect of either of these is the same untagged traffic from the PC arrives and is accepted into VLAN 22 (the data VLAN), and tagged traffic from the VOIP phone arrives and is accepted into VLAN 33.
My question:
What are the benefits of using Option 1 or Option 2? What reasons exist that make either of these better than the other?
switch vlan switching trunk voice
edited yesterday
Ron Maupin♦
64.2k1367120
asked yesterday
rsicrsic
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Imagine this topology:
[PC] ------- [VOIP Phone] ------- [eth0/0 on a Switch]
And this configuration on the switch:
vlan 22
name DATA
vlan 33
name VOICE
There are two ways to have both the PC's traffic and the VOIP phone's traffic "arrive" on eth0/0 in distinct VLANs. 1. Use a Trunk port, 2. Use the Auxillary VLAN feature".
Option 1:
int eth0/0
switchport mode trunk
switchport trunk native vlan 22
switchport trunk allowed vlan 22,33
Option 2:
int eth0/0
switchport mode access
switchport access vlan 22
switchport voice vlan 33
The net effect of either of these is the same untagged traffic from the PC arrives and is accepted into VLAN 22 (the data VLAN), and tagged traffic from the VOIP phone arrives and is accepted into VLAN 33.
My question:
What are the benefits of using Option 1 or Option 2? What reasons exist that make either of these better than the other?
switch vlan switching trunk voice
switch vlan switching trunk voice
edited yesterday
Ron Maupin♦
64.2k1367120
asked yesterday
rsicrsic
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
Ron Maupin♦
64.2k1367120
asked yesterday
rsicrsic
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
Ron Maupin♦
64.2k1367120
edited yesterday
Ron Maupin♦
64.2k1367120
edited yesterday
Ron Maupin♦
64.2k1367120
64.2k1367120
asked yesterday
rsicrsic
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
rsicrsic
232
asked yesterday
rsicrsic
232
232
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
rsic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
with option 2 you can use "spanning-tree portfast edge" as a global command to enable Portfast on all "switchport mode access" ports. Enabling "spanning-tree portfast trunk" with Option1 will set your edge-ports to portfast, but also the Trunks to your upstream switches which might be an unwanted option.
– gondrom
yesterday
add a comment |
1
with option 2 you can use "spanning-tree portfast edge" as a global command to enable Portfast on all "switchport mode access" ports. Enabling "spanning-tree portfast trunk" with Option1 will set your edge-ports to portfast, but also the Trunks to your upstream switches which might be an unwanted option.
– gondrom
yesterday
1
1
with option 2 you can use "spanning-tree portfast edge" as a global command to enable Portfast on all "switchport mode access" ports. Enabling "spanning-tree portfast trunk" with Option1 will set your edge-ports to portfast, but also the Trunks to your upstream switches which might be an unwanted option.
– gondrom
yesterday
with option 2 you can use "spanning-tree portfast edge" as a global command to enable Portfast on all "switchport mode access" ports. Enabling "spanning-tree portfast trunk" with Option1 will set your edge-ports to portfast, but also the Trunks to your upstream switches which might be an unwanted option.
– gondrom
yesterday
add a comment |
1 Answer
1
active
oldest
votes
Option 1 carries some security risk because broadcast and flooded traffic for the VoIP VLAN will be sent to the interface, even if there is no phone attached. Also, most PCs do not understand VLAN tags (some can be configured to do so, which is the security risk), and they will receive what appears to be garbage, wasting bandwidth on the link.
Option 2 is preferred because the switch interface will automatically optimize for what is, or is not, attached to it.A Cisco phone and switch will use CDP to negotiate a trunk.
In some cases with a non-Cisco phone, you may be forced to use Option 1, or you may be able to use LLDP instead of CDP to negotiate the trunk.
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
rsic is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56546%2fwhat-are-reasons-to-configure-a-voice-vlan-using-the-auxillary-vlan-feature-inst%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Option 1 carries some security risk because broadcast and flooded traffic for the VoIP VLAN will be sent to the interface, even if there is no phone attached. Also, most PCs do not understand VLAN tags (some can be configured to do so, which is the security risk), and they will receive what appears to be garbage, wasting bandwidth on the link.
Option 2 is preferred because the switch interface will automatically optimize for what is, or is not, attached to it.A Cisco phone and switch will use CDP to negotiate a trunk.
In some cases with a non-Cisco phone, you may be forced to use Option 1, or you may be able to use LLDP instead of CDP to negotiate the trunk.
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
add a comment |
Option 1 carries some security risk because broadcast and flooded traffic for the VoIP VLAN will be sent to the interface, even if there is no phone attached. Also, most PCs do not understand VLAN tags (some can be configured to do so, which is the security risk), and they will receive what appears to be garbage, wasting bandwidth on the link.
Option 2 is preferred because the switch interface will automatically optimize for what is, or is not, attached to it.A Cisco phone and switch will use CDP to negotiate a trunk.
In some cases with a non-Cisco phone, you may be forced to use Option 1, or you may be able to use LLDP instead of CDP to negotiate the trunk.
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
add a comment |
Option 1 carries some security risk because broadcast and flooded traffic for the VoIP VLAN will be sent to the interface, even if there is no phone attached. Also, most PCs do not understand VLAN tags (some can be configured to do so, which is the security risk), and they will receive what appears to be garbage, wasting bandwidth on the link.
Option 2 is preferred because the switch interface will automatically optimize for what is, or is not, attached to it.A Cisco phone and switch will use CDP to negotiate a trunk.
In some cases with a non-Cisco phone, you may be forced to use Option 1, or you may be able to use LLDP instead of CDP to negotiate the trunk.
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
Option 1 carries some security risk because broadcast and flooded traffic for the VoIP VLAN will be sent to the interface, even if there is no phone attached. Also, most PCs do not understand VLAN tags (some can be configured to do so, which is the security risk), and they will receive what appears to be garbage, wasting bandwidth on the link.
Option 2 is preferred because the switch interface will automatically optimize for what is, or is not, attached to it.A Cisco phone and switch will use CDP to negotiate a trunk.
In some cases with a non-Cisco phone, you may be forced to use Option 1, or you may be able to use LLDP instead of CDP to negotiate the trunk.
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
answered yesterday
Ron Maupin♦Ron Maupin
64.2k1367120
64.2k1367120
add a comment |
add a comment |
rsic is a new contributor. Be nice, and check out our Code of Conduct.
rsic is a new contributor. Be nice, and check out our Code of Conduct.
rsic is a new contributor. Be nice, and check out our Code of Conduct.
rsic is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56546%2fwhat-are-reasons-to-configure-a-voice-vlan-using-the-auxillary-vlan-feature-inst%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
with option 2 you can use "spanning-tree portfast edge" as a global command to enable Portfast on all "switchport mode access" ports. Enabling "spanning-tree portfast trunk" with Option1 will set your edge-ports to portfast, but also the Trunks to your upstream switches which might be an unwanted option.
– gondrom
yesterday