TroubleShooting Vlan Issues

                         In our last topic, we talked about “following the path from an End-Station” that was having issues to a Destination somewhere on the network and as we were following the path we make sure that the Switch into which our devices was connecting had learned that devices mac-addresses on an appropriate Port, assuming it had something else we can do is following the path is to check for Vlan issue

                         Let’s take a look at some common Vlan Troubleshooting issues we have typically a single subnet associated with the single Vlan, it could be that the host has an incorrect IP Address and Subnet Mask, and you determined weather or not that IP Address belonged to a specific network, you might need to take a look at Network Topology and based on the IP Address and Subnet Mask of the interface in the Router or Multilayer Switch, make sure that device connect of that interface belongs to the same Subnet so.

                      Let’s use our network documentation to confirm that host is in the correct subnet, we could make an IP Address misconfiguration on the Switch or the Multilayer Switch if we have an SVI, a Switched Virtual Interface setup which can route for ports belonging to the Vlan, we assign an IP Addresses much like we would assign an IP Address to a Routed interface, may be that IP Addresses incorrect again we can check Network documentation to make sure that it’s in an appropriate IP Address for that Vlan also as we following the Path we coming into a particular Port on our Multilayer Switch is that Port a member of the appropriate Vlan if not that can be issue or maybe the Vlan that we belong to doesn’t exist on the Switch, we might want to check our Vlan Database to make sure that Vlan actually exists on the Switch

                         And with these things in mind let’s take a look at sample Trouble Ticket, let’s assume that we have a Trouble Ticket tells us that a PC is not able to connect out on the network to any other device

                        And as we following the path we might go to its next Hop Switch and check out the Vlan Configuration for the Port end to which this PC is connecting, now let’s assume we already gone to the PC and checked its IP Address and its IP Address is indeed a member of the Subnet associated with Vlan 300 in this case and now we moved on the Switch and one of the first thing we wanna do is verify the IP Address of the SVI the Virtual interface that’s gonna do Routing for Vlan 300, let’s do a

Ø  Sw1#show ip interface brief

                       Here is our Vlan 300 SVI and we got a IP Address of 10.30.30.1, based on our network documentation that looks good IP Address appears to be correct, there is a bit of concerning it looks like status is UP and DOWN

                         Let remind our self, what would prevent an SVI from being in the UP/UP State, in order to be in the UP/UP State and SVI has to have a Port on that Switch, that is a member of that Vlan also in the UP/UP state, now that Port can be a Trunk Port that’s carrying traffic for that Vlan but if we have at least 1 port on that Switch belonging to that Vlan and it’s the UP/UP state then SVI Should be UP and here it’s not, we are in the UP/DOWN State so, we have an issue let’s next check the Configuration of a fastetherent 1/0/1 the Port into which we think our PC is connected and let’s make sure that it’s assigned to Vlan 300

Ø  Sw1#show run

                     (Switchport access vlan 300) we are telling that Port to belong to Vlan 300, so what’s going on here the Port is not administratively shutdown, we saying you belong to Vlan 300 we can do visualize Inspection to see that the PC is indeed connected into that Port and its Powered on what could be going on, let’s check our Vlan Database to confirm that fastetherent 1/0/1 really does belong to Vlan 300, it looks like we added it to Vlan 300, let’s double check our Vlan Database

Ø  Sw1#show vlan brief

                        Oh! this doesn’t look good, we got Vlan 1 and 100,200 where have a Vlan 300, it seems to been deleted my Vlan Database, well in that case to what Vlan does fastetherent 1/0/1 belong, let’s take a look under are Ports can you find fastetherent1/0/1 i cannot, it doesn’t exist in any of our Vlans and as a result that Port is not gonna be passing any traffic, i think this is our issue somehow Vlan 300 got deleted, let’s re-add it and see our SVI interface status goes to UP/UP

Ø  Sw1(config)#vlan 300

Ø  Sw1(config-if)#end

It says that Vlan 300 changed its status to UP, let’s check it out

Ø  Sw1#show ip interface brief

                     Now Vlan 300 is indeed in the UP/UP state because there is Port belonging to that Vlan which is in the UP/UP state, we can do a

Ø  Sw1#show vlan brief

                            That’s the look at how we can troubleshoot some common Vlan issues, keep in mind things like

Ø  IP addressing, we say that Vlan corresponds to a Subnet does the SVI interface belong to the correct subnet?

Ø  Does the hosts IP Address belong to correct Subnet?

Ø  Is the Port assigned to the correct Vlan?

Ø  Does that Vlan exists?

And this Trouble Ticket the Vlan not exits but everything starting to work when we re-edit the Vlan.

Click Here To Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

Read More

Investigating the MAC Address Table and SDM Templates

                  A really common troubleshooting approach we use when we have a device like an End user PC that cannot get to some destination out on the network “is to follow the path” as we following the path during our troubleshooting, the first step along that path is often a wiring clauses Switch to which that End devices connected, what we might want to do is go to that Switch and Verify that the clients mac-address has been learned on the appropriate port on that Switch, let see how to we can take a look at context of Switch Mac-address table, we can do a

Ø  Sw1#show mac address-table

Notice that, we got several Static entries and few dynamic entries and Static entries could be an entry that we made ourselves

Ø  We could of Statically

Ø  We could of manually said, this Mac-Address of this Port

                     However, you notice that all of these ports say CPU these Mac-Addresses associated with the Switches Processor, it looks like we have not statically entered any Mac-Addresses mapping but we have Dynamically learned a few.

                       Different Switches have different capacities to store Mac-Addresses maybe this is because we have just a really really large network with thousands of Mac-Addresses but it could be because of Security issue sometime, an Attacker would send just a flood of frames into a Switch with each of those frames claiming to be from a different Mac-Address and that can fairly quickly fill up Switches Mac Address-Table.

                      If that Table fills to capacity, what happens when we add a new device to the Switch there is no room to learned the Mac-Address of that new Device, so what happens when a frame comes in destined for that device?

                       Well since the Switch has not learned of which port that Mac-Address lives, to make sure gets to the right place, the Switch is going to flood that frame another words, it’s gonna send a copy of that frame out of all other Switchport’s other than the port on which the frame was received and that might allow the attacker to start capturing they could start sniffing the packets coming of the different port, we can prevent that attack by Port Security which is the topic we talked about back in the CCNP Switch Course.

                              If the Mac Address-Table is filling up not because of an Attack because we just have a large network we got lots of Switches that are interconnected, to help prevent that Mac-Address Table from filing to capacity what we could do is make sure that if we have not heard from one of those Devices with one of those Mac-Addresses for a certain period of time, we can age them out we can remove them from the Mac Address-Table, we can simply relearn the Mac-Address, no need keeping Mac-Addresses for Hours and Days or Weeks possibly, what we can do is Time out Mac-Address entry again if don’t heard from that Mac-Address for a while, here is a command we can issue to see how quickly aging out those entries

Ø  Sw1#show mac address-table aging-time

                      On looks like, this Cisco 3750 Series Switch the aging time is 300 Seconds or 5 Minutes, i am aging out Mac-Address entries every 5 Minutes if i am not heard from those Mac-Addresses within the last 5 minutes and Well Layer 2 Switch makes a forwarding decision based on Mac-Mddresses, many our Switches are Multilayer Switches they can make forwarding decision based on other criteria such as Destination IP Addresses, such as Quality of Service Access Control Entries or Qos ACE’s, we might have Security ACE’s, Security Access Control Entries which make up Security ACL an Access Control List, and many of our Switches have a TCAM or Ternary Content Addressable Memory

                       That can help us Switch make a forwarding decision based on criteria like that very very rapidly the TCAM can help us Switch very efficiently make a forwarding decision because it combines Quality of Service Entries, Security Access Control Lists and IPv4 Route information into an area of memory that can be queried when the Switch wants to make a forwarding decision and notice i said IP Version 4, there is a way for the TCAM to support IPv6 Routing but it might not be enabled by default on your Cisco Catalyst Switch, it’s not enabled by default on Cisco Catalyst 3750 Series Switch but depending on what we want our Switch to,

Ø  We want to do IPv4 and IPv6 Routing?

Ø  Do we want to keep track lots of Route?

Ø  Do we want to support multiple Routed interfaces?

Ø  Or would we rather it just learned lots of lots Mac-Addresses

                      With that finite amount of resources in our TCAM and we can reallocate there resources depending on what we want to Switch to do, where it’s going to be playing a role of our network but a great news is we got some flexibility and how we allocate these resources we can apply a SDM Templates

                        SDM that stands for Switch Database Management and this templates can tell the TCAM how to allocate its resources for example, let’s say we had a Switch that needed to keep track of lots of Vlan or lots of Mac-Addresses but it didn’t need to do much if any routing or we would probably want the TCAM configure differently than a Switch, we might have at the distribution Layer or the Core Layer we might need to keep track of lots of IP Routes

To see what SDM Templets were running right now we can give this command

Sw1#show sdm prefer

                      And right now, it says we are running Desktop Default that’s the SDM templates we are running and that’s the default on this Switch and notice

Ø  It supports 8 Routed interfaces

Ø  It supports the 1024 Vlans

Ø  And its support certain number of Qos Entries

Ø  A certain number of Security Access Control Entries

Ø  A certain number of IPv4 Unicast Routes

                      Notice this output doesn’t say anything about IPv6 but there is a way i am gonna demonstrated for you to support IPv6 routing on this Cisco Catalyst Switch, infect let’s look at command that lets us select the SDM Templates to use.

Ø  Sw1(config)#sdm prefer ?

We have got 5 options here

Ø  Access: - The Access SDM Templates might be appropriate for an Access Layer Switch where we know about lots of Vlan’s but we are not doing much Routing

Ø  Default: - What we have by default and it gives us mixture of support for some Routing and the ability to know about several Vlans

Ø  Dual IPv4 and IPv6: - is going to add IPv6 Routing support and this is the SDM Templates we going to applying just a movement

Ø  Routing: - A Routing might appropriate for a distribution Layer Switch or Core Layer Switch where we need to keep track of multiple Routes but keep in mind if you just say Routing by itself that only giving you IPv4 support, you are not routing IPv6 traffic.

Ø  Vlan: - If we have a lot of Vlans and those Vlan contain lots of devices, we might need to go with this Templates in order to store all of the Mac-Address

                              Now let’s say that we got a Trouble Ticket that’s indicating this Multi-Layer Switch is unable to Route IPv6 traffic, we might begin by saying what’s is the SDM Templates applied right now and does it gives IPv6 support let’s go to global Configuration mode

Ø  Sw1(config)#sdm prefer dual-ipv4-and-ipv6 default

Now when i do this it doesn’t take effect immediately, let me prove that

Ø  Sw#show sdm prefer

You will see it still in desktop default if i try to configure IPv6 unicast-routing, it will not let me check this out

Ø  Sw1(config)#ipv6 unicast-routing

                        It doesn’t even know about the IPv6 command because this change that i have made doesn’t take effect until we reload, it says next reload the templates is gonna be installed, lets reload the Switch.

All right Switch has been rebooted, let’s see what our SDM Templates is now

Ø  Sw1#show sdm prefer

                  This time it says “desktop ipv4 and IPv6 default”, now we see references IPv6 and this output, let’s see we can now enable IPv6 Routing

Ø  Sw1(config)#ipv6 unicast-routing

                      We now have IPv6 Routing support by changing the SDM templates and that’s one of most common reason would change the SDM Templates another reason, we might change this Templates is we running out of specific resource and we want to reallocate the TCAM resources to see the current usage of the TCAM resources, we can give this command

Ø  Sw1#show platform tcam utilization

                  Notice that, we have columns for the maximum number of values that TCAM can accommodate for things like IPv4 Qos ACE’s, IPv4 Security ACE’s for example it looks like i can support a maximum of 768 Qos Access Control Entries and i am currently using 260 of those 768 available entries, if the number in the used columns are approaching the maximum values that might be a concern to us.

                    One of things that i would encourage you to do first before just changing the SDM Templates is to see if it can more efficient in your Configuration for example, if you running out of entries for IPv4 Unicast Indirectly Connected Routes instead of changing the SDM Templates with if you did Route Summarization that can cut down the number of Route Entries you had, think about ways optimize the current Configuration before changing the SDM template.

Click Here To Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

Read More

Voice Vlan Configuration

                           Now the we talked about the theory of Voice Vlans, let’s take a look at how to configure them and remember that, there are 3 approaches we can do a Single Vlan Access Port that was the least Desirable but in some cases, we said we might need to do a Single Vlan Access Port for both an IPPhone and attached PC, where sending traffic into the same Vlan

                          The second option was a Multi-Vlan Access Port that a special type of Access Port where Cisco says “you can have two Vlans on a single Access Port if and if one of those Vlans is to decleared to be a Voice Vlan” and our third option was to create a Trunk Port and we know that, Trunk Ports can carry traffic for lots of Vlans infect, that could be a challenge for Security reason for Quality of Service reason, we probably don’t want that trunk between the Phone and the Wiring Switch carrying traffic for all of our Vlans, really we wanna carrying traffic for couple of Vlans, the Voice Vlan of course to get the Phone and if we do have an attached PC, we want to be carrying traffic for the Native Vlan remember that, the Native Vlan is the Vlan on a DOT1Q trunk that does not have those 4 extra Tag Bytes we call it an Untagged Vlan that’s the Vlan of PC attached to our IPPhone, first let’s see how to setup a Single Vlan Access Port and we gonna be using this topology on Picture

                     Notice we have got Laptop running a software based IP Phone and it’s plugging into interface fast Ethernet 1/0/10 on Switch SW1, how would we set up a Single Vlan Access Port, let’s go into a global Configuration mode and

Ø  Sw1(config)#interface fastetherent 1/0/10

Ø  Sw1(config-if)#switchport mode access

Ø  Sw1(config-if)#switchport access vlan 300

                             But we said that with a Single Vlan Access Port if maybe we had third party IP Phone that was Plugin to this type of Port and that Third Party Phone did not support the concept of Voice Vlan having a Phone to send traffic to one Vlan and attached PC sending traffic to different Vlan, we said that even though we could not get the Vlan separation, there was still a way if the Phone or the software PC supported it to give Priority marking to that Voice traffic, it was a DOT1P marking, it’s very simple to set that up, we simply say

Ø  Sw1(config-if)#switchport voice vlan dot1p

                        We are saying if any traffic comes in with a DOT1P tag, that traffic is part of our Vlan Voice Vlan and the Priority marking can be embedded inside of those Tag Bytes, let’s setup another port fastetherent 1/0/11, let’s set it up as a Multi-Vlan Access Port, we go into an interface

Ø  Sw1(config)#interface fastetherent 1/0/11

Ø  Sw1(config-if)#switchport mode access

Now we can specify the two different Vlan’s that can be on that Port, that Data Vlan another words the Access Vlan and the Voice Vlan

Ø  Sw1(config-if)#switchport access vlan 300

Ø  Sw1(config-if)#switchport voice vlan 400

                        How does the Phone know that it’s the Voice Vlan, if we using Multi-Vlan Access Port Configuration CDP specifically CDPv2 is going to tell the attached Phone “here is your Voice Vlan you belong to Vlan 400” now when that Phone boots up and it does a DHCP Request out on the network to get it’s IP Address and other information but the way the Phone knows how to make a DHCP Request thanks to CDP Version 2 we said, if we are not running CDP though if we running LLDP-Med, this was not an option for instead we need to have a trunk Connection between our Switch and IP Phone, let’s see how to set that up using

Ø  Sw1(config)#interface fastetherent 1/0/12

Ø  Sw1(config-if)#switchport trunk encapsulation dot1q

Ø  Sw1(config-if)#switchport mode trunk

                         Now the we said this Port is a trunk we need to define what the Native Vlan remember, the Native Vlan that’s the Vlan in to which PC would belong, if we had a PC plugged into that IP Phone and we can specify that Vlan which is going to be Vlan 300 in our Case for the Data Vlan, we can specify that with a command

Ø  Sw1(config-if)#switchport trunk native vlan 300

Now let’s specify the Voice Vlan

Ø  Sw1(config-if)#switchport voice vlan 400

                      And this Configuration by itself would work however, we now have a trunk between this Cisco Catalyst Switch and the IP Phone and that trunk by default is gonna be carrying traffic for all of the Vlan we probably don’t want that let’s do Prun off the unneeded Vlan, remember our discussion of Vlan Pruning on Trunks

Ø  Sw1(config-if)#switchport trunk allowed 300,400

                            We have now configured 3 different Ports to connect out IP Phones and if we want to verify the configuration one of those ports, let’s do fastetherent 1/0/11 of an example

Ø  Sw1#show interfaces fastethernet 1/0/11 switchport

                            This is gonna give us information such as what kind of port is this, we can see this is an Access Vlan or the Data Vlan of 300 that’s not going to have any Tags on it, and we got a Vlan of 400 that’s the Voice Vlan it will be tagged, the Voice frames have 4 extra Bytes added.

Click Here To Download The PDF File

                    If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

Read More

Voice Vlan Theory

                 Well we are on the topic of Vlans and Trunks, i wanna tell you about the Special type of Vlan, it’s a Voice Vlan let’s imagine that we have a situation like we have depicted on Picture

                      Maybe we replacing Traditional IP Telephony PBX Phones with IP Phones, these IP Phones they are Ethernet devices they plug into that RJ45 Connector in the wall but if a particular office and Cubical only had one Ethernet Connection to start with and we had a PC, we have a Laptop plugged into that Connection and now suddenly we adding a Phone that means we have to put Switch in this office to accommodate another Ethernet Port.

                     Well the great news is many of our Cisco IP Phones have a Port on the back labeled PC Port and it allows us to sort of Daisy chain, the PC into the Phone then go into the Wall, the Phone itself is acting as a little Switch its technically 3 Ports Switch

Ø  One Ports goes to the Wall Jack

Ø  One Port goes to the internal workings Phone itself and

Ø  This other Port can connect to this PC

                             We don’t have to run additional cabling we don’t have to add an another Switch into that office, the Phone will handle that for us, and notice what’s happening here the PC that attached to the Phone gets to be in a different Vlan, here on i am saying that the Laptop is in Vlan 300 Data Vlan and the Phone is in Vlan 400 a Voice Vlan, and that’s gonna give us some benefits it’s gonna give us performance benefits for one thing by having Vlan’s Separation if we had a big Broadcast Storm on the Data Vlan that’s not going to negatively impact the Voice Vlan and it could also help out from a Security prospective somebody not gonna able to attach a network sniffer to the network and start sniffing Voice packets that’s the idea behind a Voice Vlan we have a Separate Subnet for Voice traffic, and there are different ways of we can set up.

                 This Port into which the Phone is connecting into the Switch it could be a Single Vlan Access Port, in which case the PC and the Phone would be a member of the Same Vlan and that’s the least Desirable of this option by the way.

                    Another option is it can be connected into a Special type of Access Port in Multi-Vlan access Port or it can connect into a Trunk Port, we know the Trunk can carry traffic for Multiple Vlan’s, and that Trunk between the Phone and Switch could carry traffic for the Voice Vlan and the Data Vlan let’s take a look at these one at a time beginning with the Single Vlan Access Port.

                With the Single Vlan Access Port that Port into which that Phone is connected, it is an Access Port and like most Access Ports are it is configured for only 1 Vlan meaning that the Phone and the PC are the member of the same Vlan it doesn’t seem like this giving us much more benefits does it, when would we use such a thing?

                Well maybe we were using a non-Cisco IP Phone that doesn’t support the concept of Voice Vlan or maybe we have a Software based Client on our Laptop on or PC, maybe its Zebra Client maybe its Cisco IP Communicator but if it’s the same device that’s acting as a Data Device and the Voice device then we might need to use a Single Vlan access Port however, even though we doing that we still can get some Quality of Service benefits from this Configuration.

                         Remember when we were talking about an 802.1Q Trunk, we mentioned that except for the Native Vlan the other Vlans had 4 Bytes added to their frame and inside of 4 Bytes we had 3 bits called the Priority bits and those 3 bits could be used to indicate the Priority of our frame and with 3 bits to work with that gave us 8 Possible values of Priority because 2³=8 but Cisco says do not use values of 6 and 7 those are reserved for Network use, we can only use values for Production traffic and the range of 0-5, and that’s the value to which Voice frames should be set they should have a marking a COS a Class of Service marking of 5 on a DOT1Q trunk and the great news is Cisco IP Phone do that for us by default, and we enable DOT1P on our Switch even though we have a single Vlan, it can still accept frames that come in that have 4 extra Bytes and this is not a Trunk but if we enable the Port for DOT1P

                  It will accept the frame that looks similar to a Trunk frames and i say similar because it still going to have 4 extra Bytes added inside of the 4 Bytes, there are 3 Bits that are gonna be used to mark the Priority marking but we called this a DOT1P marking.

What’s the difference between DOT1P marking and regular COS marking that we would have on a DOT1Q Trunk?

                    Well a DOT1Q trunk uses 12 bits in those 4 Bytes to indicate a Vlan ID, DOT1P does not do that DOT1P is not tagging a frame it belonging to a particular Vlan, infect if you were take a look at these bits representing the Vlan Field, they would all be the set to 0, that’s the big difference between a DOT1P marking and a COS marking which is part of DOT1Q Trunk and we see on few movement how to configure that Switchport to accept DOT1P marking

                 Another option we have is to configure the Switchport as a Multi-Vlan Access Port, Cisco gives an exception here, Cisco says we can have a couple of Vlans appearing on an Access Port if and only, if we say that one of those Vlans is a Voice Vlan, what a great solution this way we can go to this Port and plug in a Laptop and it’s gonna just fine like an Access Port because it is an Access Port but if we have a Phone plugged in maybe we got a PC plugged into that Phone, the Phone will automatically learn that it belong to the Voice Vlan and the PC is belong the a Data Vlan how does this work?

                 Like we said this truly is an Access Port, we set the Switchport Mode to Access Port however, it can support two Vlans if we say one of those Vlans is an Access Vlan or Data Vlan and the other Vlan is the Voice Vlan, the way Phone learns which Vlan is the Voice Vlan is thanks to CDP a Cisco Discovery Protocol, the Switch is going to send a CDP message by the way it has to be CDP Version 2 this doesn’t work with CDP Version 1 but the Switch is gonna send a CDP Version 2 message to the Phone to say “here is your Voice Vlan and now when the Phone sends out a DHCP Request to get it’s IP Address and Subnet Mask and it’s Default Gateway and IP Address of TFTP Server that it needs, when it does that it not gonna be able to do that as a member of appropriate Vlan, it’s gonna be asking for an IP Address belonging to in this case Vlan 400

                  Remember we talk earlier about CDP the Cisco Discovery Protocol vs LLDP the Link Layer Discovery Protocol, this approach of having a Multi-Vlan Access Port this does not work with LLDP-Med, Link Layer Discovery Layer Protocol-Media Endpoint Discovery

                      If we relying on LLDP, instead of CDP we can only run one or other on your Switch then the Phone is not automatically learn it’s Vlan assignments gonna be able to, if we have a situation like that if we using LLDP-Med we should probably make that Port a Trunk Port and we talk about that in just a movement if we are using CDP this is great way to go and we do a Packet Capture on frame Flowing between that Phone and that Switch, it would look like a DOT1Q trunk frame, infect i were to use a Packet Capturing say “can you tell me, is this frame going into a Multi-Vlan Access Port or it’s going into a Trunk Port” you would not able to tell me difference because it is identical to a Trunk frame that we would find on a DOT1Q Trunk.

                   It specifically frame coming from the Phone are going to be tagged, they are going to have those 4 extra Bytes and those 4 extra Bytes do contain a Vlan Tag in this Case Vlan 400 we gonna have 3 bits on those Bytes they gonna marked the COS Class of Service Priority marking for Phones traffic and Phone automatically sets those to a COS of 5 and remember on DOT1Q Trunk we have 1 Vlan that we say it’s Untagged Vlan, well the Data Vlan in this case is gonna be untagged Vlan the PC’s frame is going into the Switch they do not have these extra 4 Bytes, those are 2 options for connecting an IP Phone to our Cisco Catalyst Switch, let’s take a look at another option.

                 And that other option is to use a Trunk Port and in this case the Port is a Trunk Port that’s gonna be a DOT1Q Trunk Port and we know that, the Trunk can carry traffic for Multiple Vlans and if we already using LLDP-Med or we using CDP this is gonna be compatible because we are not using that Special exception Cisco gives us for a Multi-Vlan Access Port and the frames truly are DOT1Q Trunk frames they look identical frames but here we do technically have a Trunk the switchport itself is configured in a Trunk Mode but that in self brings up bit a challenge because think about for movement by default traffic for what Vlan’s flow over a Trunk?

                    And the answer is all of our Vlans that means

Ø  That depending on how you have your Phone setup

Ø  You could have in some cases depending on your Phone Model

Ø  Depending on your Configuration

                 But in some cases, you could have the attached PC, attached Laptop runs some sort of Packet Capture utility and capture traffic not just for Data Vlan but for all the Vlans appearing on that Trunk you could see unknow uncast frames, broadcast and multicast frames from a security prospective that’s not good therefore Cisco strongly advises though as to Prun off any unneeded Vlans from that Trunk

Those are the 3 option for connecting and IP Phone into the Switch, that the look at the Theory of Voice Vlans.

 In our next session, we wanna see how to Configure Voice Vlan

Click Here To Download The PDF File

                     If You Like the Post. Don’t forget 

            to “Subscribe/Share/Comment”. Thank You.

Read More