CH A P T E R

14

Configuring Voice VLAN

This chapter describes how to configure the voice VLAN feature on the Catalyst 2960 switch. Voice
VLAN is referred to as an auxiliary VLAN in some Catalyst 6500 family switch documentation.

Note

For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release.
This chapter consists of these sections:

Understanding Voice VLAN, page 14-1

Configuring Voice VLAN, page 14-3

Displaying Voice VLAN, page 14-6

Understanding Voice VLAN

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch
is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and
Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of
an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS)
based on IEEE 802.1p CoS. QoS uses classification and scheduling to send network traffic from the
switch in a predictable manner. For more information on QoS, see Chapter 28, Configuring QoS.
The Cisco 7960 IP Phone is a configurable device, and you can configure it to forward traffic with an
IEEE 802.1p priority. You can configure the switch to trust or override the traffic priority assigned by a
Cisco IP Phone.
The Cisco IP Phone contains an integrated three-port 10/100 switch as shown in Figure 14-1. The ports
provide dedicated connections to these devices:

Port 1 connects to the switch or other voice-over-IP (VoIP) device.

Port 2 is an internal 10/100 interface that carries the IP Phone traffic.

Port 3 (access port) connects to a PC or other device.

Catalyst 2960 Switch Software Configuration Guide

OL-8603-04

14-1

Chapter 14

Configuring Voice VLAN

Understanding Voice VLAN

Figure 14-1 shows one way to connect a Cisco 7960 IP Phone.

Figure 14-1

Cisco 7960 IP Phone Connected to a Switch

Cisco IP Phone 7960

Phone
ASIC

P2
3-port
switch

P3
Access
port
101351

P1

PC

Cisco IP Phone Voice Traffic

You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and
another VLAN for data traffic from a device attached to the phone. You can configure access ports on
the switch to send Cisco Discovery Protocol (CDP) packets that instruct an attached phone to send voice
traffic to the switch in any of these ways:

Note

In the voice VLAN tagged with a Layer 2 CoS priority value

In the access VLAN tagged with a Layer 2 CoS priority value

In the access VLAN, untagged (no Layer 2 CoS priority value)

In all configurations, the voice traffic carries a Layer 3 IP precedence value (the default is 5 for voice
traffic and 3 for voice control traffic).

Cisco IP Phone Data Traffic

The switch can also process tagged data traffic (traffic in IEEE 802.1Q or IEEE 802.1p frame types) from
the device attached to the access port on the Cisco IP Phone (see Figure 14-1). You can configure Layer 2
access ports on the switch to send CDP packets that instruct the attached phone to configure the phone
access port in one of these modes:

In trusted mode, all traffic received through the access port on the Cisco IP Phone passes through
the phone unchanged.

In untrusted mode, all traffic in IEEE 802.1Q or IEEE 802.1p frames received through the access
port on the Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value
is 0. Untrusted mode is the default.

Catalyst 2960 Switch Software Configuration Guide

14-2

OL-8603-04

Chapter 14

Configuring Voice VLAN

Configuring Voice VLAN

Note

Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged,
regardless of the trust state of the access port on the phone.

Configuring Voice VLAN

These sections contain this configuration information:

Default Voice VLAN Configuration, page 14-3

Voice VLAN Configuration Guidelines, page 14-3

Configuring a Port Connected to a Cisco 7960 IP Phone, page 14-4

Default Voice VLAN Configuration

The voice VLAN feature is disabled by default.
When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS
priority of the port.
The CoS value is not trusted for IEEE 802.1p or IEEE 802.1Q tagged traffic.

Voice VLAN Configuration Guidelines

These are the voice VLAN configuration guidelines:

You should configure voice VLAN on switch access ports; voice VLAN is not supported on
trunk ports.

Note

Voice VLAN is only supported on access ports and not on trunk ports, even though the
configuration is allowed.

The voice VLAN should be present and active on the switch for the IP phone to correctly
communicate on the voice VLAN. Use the show vlan privileged EXEC command to see if the
VLAN is present (listed in the display). If the VLAN is not listed, see Chapter 12, Configuring
VLANs, for information on how to create the voice VLAN.

Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the
mls qos global configuration command and configure the port trust state to trust by entering the mls
qos trust cos interface configuration command. If you use the auto-QoS feature, these settings are
automatically configured. For more information, see Chapter 28, Configuring QoS.

You must enable CDP on the switch port connected to the Cisco IP Phone to send the configuration
to the phone. (CDP is globally enabled by default on all switch interfaces.)

The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable
voice VLAN, the Port Fast feature is not automatically disabled.

If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the
same IP subnet. These conditions indicate that they are in the same VLAN:
They both use IEEE 802.1p or untagged frames.

Catalyst 2960 Switch Software Configuration Guide

OL-8603-04

14-3

Chapter 14

Configuring Voice VLAN

Configuring Voice VLAN

The Cisco IP Phone uses IEEE 802.1p frames, and the device uses untagged frames.
The Cisco IP Phone uses untagged frames, and the device uses IEEE 802.1p frames.
The Cisco IP Phone uses IEEE 802.1Q frames, and the voice VLAN is the same as the access

VLAN.

The Cisco IP Phone and a device attached to the phone cannot communicate if they are in the same
VLAN and subnet but use different frame types because traffic in the same subnet is not routed
(routing would eliminate the frame type difference).

You cannot configure static secure MAC addresses in the voice VLAN.

Voice VLAN ports can also be these port types:

Dynamic access port. See the Configuring Dynamic-Access Ports on VMPS Clients section

on page 12-26 for more information.

IEEE 802.1x authenticated port. See the Configuring IEEE 802.1x Authentication section on

page 9-22 for more information.

Note

If you enable IEEE 802.1x on an access port on which a voice VLAN is configured and
to which a Cisco IP Phone is connected, the phone loses connectivity to the switch for
up to 30 seconds.

Protected port. See the Configuring Protected Ports section on page 19-5 for more

information.
A source or destination port for a SPAN or RSPAN session.
Secure port. See the Configuring Port Security section on page 19-8 for more information.

Note

When you enable port security on an interface that is also configured with a voice
VLAN, you must set the maximum allowed secure addresses on the port to two plus the
maximum number of secure addresses allowed on the access VLAN. When the port is
connected to a Cisco IP Phone, the phone requires up to two MAC addresses. The phone
address is learned on the voice VLAN and might also be learned on the access VLAN.
Connecting a PC to the phone requires additional MAC addresses.

Configuring a Port Connected to a Cisco 7960 IP Phone

Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the
switch to a Cisco IP Phone can carry mixed traffic. You can configure a port to decide how the Cisco IP
Phone carries voice traffic and data traffic.
These sections contain this configuration information:

Configuring Cisco IP Phone Voice Traffic, page 14-4

Configuring the Priority of Incoming Data Frames, page 14-6

Configuring Cisco IP Phone Voice Traffic

You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure
the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames
for a specified voice VLAN with a Layer 2 CoS value. It can use IEEE 802.1p priority tagging to give

Catalyst 2960 Switch Software Configuration Guide

14-4

OL-8603-04

Chapter 14

Configuring Voice VLAN

Configuring Voice VLAN

voice traffic a higher priority and forward all voice traffic through the native (access) VLAN. The Cisco
IP Phone can also send untagged voice traffic or use its own configuration to send voice traffic in the
access VLAN. In all configurations, the voice traffic carries a Layer 3 IP precedence value (the default
is 5).
Beginning in privileged EXEC mode, follow these steps to configure voice traffic on a port:
Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface-id

Specify the interface connected to the phone, and enter interface

configuration mode.

Step 3

mls qos trust cos

Configure the interface to classify incoming traffic packets by using the

packet CoS value. For untagged packets, the port default CoS value is used.
Note

Step 4

switchport voice vlan {vlan-id |

dot1p | none | untagged}}

Before configuring the port trust state, you must first globally enable
QoS by using the mls qos global configuration command.

Configure how the Cisco IP Phone carries voice traffic:

vlan-idConfigure the phone to forward all voice traffic through the

specified VLAN. By default, the Cisco IP Phone forwards the voice
traffic with an IEEE 802.1Q priority of 5. Valid VLAN IDs are 1 to
4094.

dot1pConfigure the phone to use IEEE 802.1p priority tagging for

voice traffic and to use the default native VLAN (VLAN 0) to carry all
traffic. By default, the Cisco IP Phone forwards the voice traffic with an
IEEE 802.1p priority of 5.

noneAllow the phone to use its own configuration to send untagged

voice traffic.

untaggedConfigure the phone to send untagged voice traffic.

Step 5

end

Return to privileged EXEC mode.

Step 6

show interfaces interface-id

switchport or

Verify your voice VLAN entries.

show running-config interface

interface-id

Verify your QoS and voice VLAN entries.

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Step 7

This example shows how to configure a port connected to a Cisco IP Phone to use the CoS value to
classify incoming traffic, to use IEEE 802.1p priority tagging for voice traffic, and to use the default
native VLAN (VLAN 0) to carry all traffic:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# mls qos trust cos
Switch(config-if)# switchport voice vlan dot1p
Switch(config-if)# end

To return the port to its default setting, use the no switchport voice vlan interface configuration
command.

Catalyst 2960 Switch Software Configuration Guide

OL-8603-04

14-5

Chapter 14

Configuring Voice VLAN

Displaying Voice VLAN

Configuring the Priority of Incoming Data Frames

You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in
IEEE 802.1Q or IEEE 802.1p frames), you can configure the switch to send CDP packets to instruct the
phone how to send data packets from the device attached to the access port on the Cisco IP Phone. The
PC can generate packets with an assigned CoS value. You can configure the phone to not change (trust)
or to override (not trust) the priority of frames arriving on the phone port from connected devices.
Beginning in privileged EXEC mode, follow these steps to set the priority of data traffic received from
the nonvoice port on the Cisco IP Phone:
Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface-id

Specify the interface connected to the Cisco IP Phone, and enter interface
configuration mode.

Step 3

switchport priority extend

{cos value | trust}

Set the priority of data traffic received from the Cisco IP Phone access port:

cos valueConfigure the phone to override the priority received from the
PC or the attached device with the specified CoS value. The value is a
number from 0 to 7, with 7 as the highest priority. The default priority is
cos 0.

trustConfigure the phone access port to trust the priority received from
the PC or the attached device.

Step 4

end

Return to privileged EXEC mode.

Step 5

show interfaces interface-id

switchport

Verify your entries.

Step 6

copy running-config
startup-config

(Optional) Save your entries in the configuration file.

This example shows how to configure a port connected to a Cisco IP Phone to not change the priority of
frames received from the PC or the attached device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport priority extend trust
Switch(config-if)# end

To return the port to its default setting, use the no switchport priority extend interface configuration
command.

Displaying Voice VLAN

To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport
privileged EXEC command.

Catalyst 2960 Switch Software Configuration Guide

14-6

OL-8603-04