Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
Cisco Catalyst switches can provide three primary features to assist the IP telephony
deployment:
■ In-line power: In-line power capabilities allow a Cisco Catalyst switch to send power
over Ethernet to a Cisco IP Phone or other in-line power-compatible devices (wireless
access points) without the need for an external power supply. In-line power is commonly
referred to as Power over Ethernet (PoE). There are currently two popular types of
PoE delivery used in Cisco IP Telephony (CIPT). IEEE 802.3af-compliant PoE is a
standards-based power-delivery mechanism that any vendor can support. The Cisco
prestandard version was developed by Cisco to accommodate the PoE need in the
marketplace before there was an industry standard. The IEEE 802.3at PoE standard
was ratified in late 2007 and not used in IP telephony as of the writing of this book.
IEEE 802.3at is required for 802.11n access points. Type A phones support only Cisco
power, whereas Type B phones support both Cisco power and IEEE 802.3af power.
Most Cisco IP Phones have two physical connections. One is labeled SW and used to
connect to the switch port; the other is labeled PC and used to connect to the personal
computer. The SW interface can receive in-line power; the PC port cannot.
■ Voice VLAN support: One or more network devices can be connected to the back of
the Cisco IP Phone. Voice VLANs place IP phone traffic into a VLAN separate from
the desktop computers connected to the PC port of the phone.
■ CoS marking: CoS marking is data link layer marking (Layer 2 of the OSI reference
model) that is used to prioritize traffic over switches. Prioritizing voice traffic is critical
in IP telephony networks. If voice traffic is not given priority, poor voice quality may
result. Voice traffic might suffer because it must wait in a queue behind large data
frames during periods of high congestion.
The following switches in the Cisco Catalyst family were shipping as of the writing of
this book:
■ Cisco Catalyst modular switching: The Cisco Catalyst 6500 series delivers up to
96 ports of PoE delivery over Ethernet-based ports. Line card speed capabilities vary
between 10BASE-T/100BASE-T and 10BASE-T/100BASE-T/1000BASE-T connectivity.
The Cisco Catalyst 4500 series delivers up to 48-port 10/100/1000 PoE line
cards. Some line cards support both IEEE 802.3af and Cisco prestandard in-line power,
whereas others support only Cisco prestandard in-line power, and some line cards do
not support in-line power at all. The quality of service (QoS) queuing capabilities
vary by line card on the 6500 series platform. The 6500 has line cards that do not support
QoS, cards that have standard QoS, and cards that have enhanced QoS. The
enhanced QoS cards support more queues than the standard QoS line cards.
Cisco LAN Switches 167
■ Cisco Catalyst stackable switching: The Cisco Catalyst 3750 series offers 48- and
24-port FastEthernet switches that comply with 802.3af and Cisco prestandard PoE.
The Cisco Catalyst 3560 series offers 48- and 24-port FastEthernet switches that
support both the industry standard 802.3af and Cisco standard PoE.
■ Cisco EtherSwitch modules: The Cisco 36- and 16-port 10/100 EtherSwitch modules
for Cisco 2600, 2800, 3700, and 3800 series routers offer branch office customers the
option to integrate switching and routing in one platform. These modules can support
Cisco prestandard PoE and provide straightforward configuration, easy deployment,
and integrated management in a single platform.
Providing Power to Cisco IP Phones
Most Cisco IP Phone models can use the following three options for power:
■ PoE: Power-source equipment (PSE) inserts PoE to the powered device after a
powered device (PD) negotiation phase.
■ Midspan power injection: Some switches and modular switch blades do not support
PoE. A midspan power source may be used instead of an Ethernet switch providing PoE.
The midspan power injector is connected between the LAN switch and the powered
device and inserts power on the Ethernet cable to the powered device. A major technical
difference between the midspan and in-line power mechanism is that midspan power
is delivered on the FastEthernet unused pairs (pins 4, 5, 7, and 8), whereas a PoEcapable
switch delivers power over the used Ethernet and FastEthernet pairs (pins 1, 2,
3, and 6). Gigabit Ethernet uses all four pairs. Cisco sells midspan power injectors.
■ Wall power: Wall power requires a DC converter to connect the IP phone to a wall
outlet.
NOTE Overall power calculation has to be performed when power supply redundancy
is desired. When too many PoE ports are used, power supply redundancy might fail
because of excessive load caused by PoE ports. To aid in power calculations, check out
the Power Calculator at http://www.cisco.com/go/powercalculator. You must be a
registered user of Cisco.com to access the Power Calculator.
NOTE Cisco IP Phones do not ship with a wall power supply. The wall power supply
must be ordered separately from the Cisco IP Phone.
168 Chapter 8: Cisco Catalyst Switches
Cisco provides two types of in-line power delivery:
■ Cisco original implementation of PoE: Cisco was the first to develop PoE. The
original Cisco (prestandard) implementation supports the following features:
—Provides –48 V DC at up to 6.3 to 7.7 watts (W) per port over data pins
1, 2, 3, and 6.
—Supports most Cisco devices (IP phones and wireless access points).
—Uses a Cisco proprietary method of determining whether an attached device
requires power. Power is delivered only to devices that require power.
■ 802.3af PoE: Cisco has been driving the evolution of PoE technology toward
standardization by working with the IEEE and IEEE member vendors to create a
standards-based means of providing power from an Ethernet switch port. The IEEE
802.3af standard supports the following features:
—Specifies –48 V DC at up to 15.4 W per port over data pins 1, 2, 3, and 6
or the spare pins 4, 5, 7, and 8. Cisco Catalyst switches provide 802.3af
PoE using pins 1, 2, 3, and 6.
—Enables a new range of Ethernet-powered devices.
—Standardizes the method of determining whether an attached device
requires power. Power is delivered only to devices that require it. The
IEEE 802.3af standard supports power classification, which allows a
powered device to communicate a signature that defines the maximum
power requirement. The PSE reads the power signature and budgets the
correct amount of power for the powered device. This is less than the full
15.4 W that class 3–powered devices require.
A switch without power classification reserves the maximum 15.4 W of power for every
port. This behavior may result in oversubscription of the available power supplies. Oversubscription
will cause a condition in which devices requiring power will be denied because
all the switch power has been preallocated.
Power classification defines these five classes:
■ 0 (default): 15.4 W reserved
■ 1: 4 W
■ 2: 7 W
■ 3: 15.4 W
■ 4: Reserved for future expansion
All Cisco 802.3af-compliant switches support power classification.
Cisco LAN Switches 169
Cisco Prestandard Power over Ethernet Device Detection
A 147-Hz tone is sent to the phone, and the phone hardware loops back the signal to the
switch port. This process occurs using the same fast link pulse (FLP) process used to autonegotiate
port speed and duplex settings on FastEthernet interfaces. The switch detects the
147-Hz tone and begins delivering the default power allocation (10 W by default) configured
power to the IP phone or other in-line power-capable endpoint. The Cisco IP Phone
then sends a Cisco Discovery Protocol (CDP) Version 2 trigger message with the Power field
set to the phone’s power requirement (6.3 W for the 7960 phone). Figure 8-1 shows Cisco
prestandard device detection.
Figure 8-1 Cisco Prestandard Device Detection
IEEE 802.3af Device Detection
The PSE detects a powered device by applying a voltage in the range of –2.8 V to –10 V
on the transmit pins of the Category 5 (or higher) cable. The switch will receive this tone
back only if the PD is IEEE 802.3af compliant. The Cisco IP Phone (PD) has a 25-k ohm
signature resistor that allows it to loop back this tone. Compliant PDs must support this
resistance method. If the appropriate resistance is found, the Cisco Catalyst switch delivers
power. Figure 8-2 shows the IEEE 802.3af PoE device-detection process.
IP IP IP
170 Chapter 8: Cisco Catalyst Switches
Figure 8-2 IEEE 802.3af Device Detection
As demonstrated in Example 8-1, the set port inlinepower command can be used on a
switch that is running Cisco Catalyst Operating System (CatOS) software. The two modes
are auto and off. All switch ports are set to auto negotiate (auto) by default. In the off mode,
the switch does not provide power on the port even if an in-line power-capable device is
connected. In auto mode, the switch provides power on the port only if an IP phone was
discovered on the port. Examples of devices running Cisco CatOS include the Cisco
Catalyst 6500 and earlier Supervisor modules on the 4500 platform (Supervisor I and II).
Most companies have converted their Catalyst 6500 switches to Native IOS mode and no
longer use CatOS. CatOS feature development has been discontinued.
Use the following interface configuration command on switches that are running native
Cisco IOS Software to change the default in-line power configuration (Catalyst 6500, 4500,
3550, 3750, and 3560 switches):
CSCOIOS(config-if)# power inline {auto | never}
The PD discovery algorithm is set to auto mode by default. The PD discovery algorithm is
disabled if the power inline command is configured to never.
Example 8-1 CatOS Power Configuration Command
CatOS>(enable) set port inlinepower mod/ports ?
auto Port inline power auto mode
off Port inline power off mode
Cisco Catalyst 6500
Cisco Catalyst 4500
Cisco Catalyst 3750
Cisco EtherSwitch Network Module
Cisco Catalyst 3560
Cisco LAN Switches 171
Use the commands shown in Example 8-2 and 8-3 to display a view of the power allocated
on Cisco Catalyst switches. The switch shows the default allocated power as 10 W in
addition to the in-line power status of every port.
Voice VLAN Support on Cisco IP Phones
The Cisco IP Phone contains an integrated three-port 10/100 or 10/100/1000 switch depending
on the phone model. The ports are illustrated in Figure 8-3 and used as follows:
■ Port 0 is an internal interface that carries the Cisco IP Phone traffic.
■ Port 1 connects to a PC or other Ethernet device.
■ Port 2 connects to the access layer switch. In-line power can be used at port 2.
NOTE The Cisco Catalyst 6500 series can run either Cisco CatOS software or native
Cisco IOS Software if the switch Supervisor Engine has a Multilayer Switch Feature
Card (MSFC). The Cisco Catalyst 4500 and 4000 series can also run Cisco Catalyst
software or native Cisco IOS Software, depending on the Supervisor Engine. Most
Supervisor modules run native Cisco IOS Software.
Example 8-2 CatOS Power Display Command
CatOS>(enable) show port inline power 7
Default Inline Power allocation per port: 10.000 Watts (0.23 Amps @42V)
Total inline power drawn by module 7: 75.60 Watts (1.80 Amps @42V)
Port InlinePowered PowerAllocated
Admin Oper Detected mWatt mA @42V
---- ----- ---- -------- --------- -----------
7/1 auto off no 0 0
7/2 auto on yes 6300 150
7/3 auto on yes 6300 150
7/4 auto off no 0 0
7/5 auto off no 0 0
7/6 auto off no 0 0
7/7 auto off no 0 0
Example 8-3 Native Cisco IOS Power Display Command
Switch# show power inline
Interface Admin Oper Power ( mWatt ) Device
---------- ----- ---- --------------- ------
FastEthernet9/1 auto on 6300 Cisco 6500 IP Phone
FastEthernet9/2 auto on 6300 Cisco 6500 IP Phone
FastEthernet9/3 auto off 0 n/a
172 Chapter 8: Cisco Catalyst Switches
Figure 8-3 Cisco IP Phone Ports
The switch port states can be configured in one of the following trust states:
■ Trusted: The IP phone sends IEEE 802.1q tagged frames with IEEE 802.1p
prioritizations to indicate Layer 2 CoS priority value, and the switch port trusts
the CoS markings of the IP phone.
■ Untrusted (default): The switch does not trust the IP phone CoS marking and rewrites
the priority value to 0.
■ Configured CoS priority level: The IP phone changes the 802.1p header with a new
CoS priority value if the PC used 802.1p with a different CoS priority level than the
new priority value. The IP phone is capable of re-marking only Layer 2 CoS. If the PC
is not doing 802.1q trunking, the IEEE 802.1p CoS values will never be marked.
The trust boundary is configured at the switch port with the mls qos trust command
options.
The traffic that is sent by the IP phone should normally be trusted, but the switch port must
be configured for this trust level. The trust configuration can be one of the following:
■ 802.1q: In the voice VLAN, tagged with a Layer 2 CoS priority value
■ 802.1p: In the access VLAN, tagged with a Layer 2 CoS priority value
■ Untagged: In the access VLAN, untagged, with no Layer 2 CoS priority value
If CDP is enabled on the switch port, the switch instructs the IP phone to use one of the
three listed options based on the voice vlan command.
Switch
Pin3
Pin6
Pin1
Pin2
It is an in-line
device.
Rx
FLP
FLP
Tx
IP
Cisco LAN Switches 173
Single VLAN Access Port
All Cisco Catalyst switch ports are configured as single-VLAN access ports by default. A
single-VLAN access port is typically used for third-party IP phones or IP softphones. It is
not recommended to configure Cisco Catalyst switch ports connected to Cisco IP Phones
in this way. A single-VLAN access port should be configured with the voice VLAN.
It is not recommended to put both the IP phone and attached PC into the same VLAN.
Separating voice and data services into different VLANs allows IP subnets to be treated
separately for QoS and network security applications. The single-VLAN access point
concept is illustrated in Figure 8-4.
A single-VLAN access port
■ Can be configured as a secure port
■ Allows physical separation of voice and data traffic
■ Works with both Cisco and non-Cisco IP Phones
■ Supports IP phones to leverage 802.1p for CoS
Non-Cisco switches are typically configured as single-VLAN access ports because they
usually do not support the voice VLAN feature. Cisco Catalyst switches connected to thirdparty
IP phones are also configured in this way because of the lack of the voice VLAN
feature.
Figure 8-4 Single-VLAN Access Port
IP
IEEE 802.3af PSE IEEE 802.3af-Powered Device
25K Ohm
Resistor
Switch
Pin3
Pin6
Pin1
Pin2
It is an IEEEpowered
device.
Rx
Tx
Detect Voltage
2.8V to 10V
174 Chapter 8: Cisco Catalyst Switches
Multi-VLAN Access Port
Multi-VLAN access ports are supported by almost all Cisco Catalyst switches. All data
devices connected to the PC port of the phone reside on the access (data) VLAN. A separate
voice VLAN is normally used when combining voice and data on the same network
infrastructure. Catalyst switches running CatOS software refer to the voice VLAN as an
auxiliary VLAN.
The placement of IP phones in a separate voice VLAN makes it easier for customers to
automate the process of deploying IP phones. IP phones boot and reside in the voice VLAN
if the switch is configured to support them. The switch provides the IP phone with the
appropriate VLAN ID through CDP Version 2 announcements at boot time.
Administrators can implement multiple VLANs on the same port by configuring an access
port with two VLANs configured. An Ethernet frame-tagging mechanism must exist to
distinguish among VLANs. 802.1q is the IEEE standard for tagging frames with a VLAN
ID number. The IP phone sends tagged 802.1q frames with the VLAN ID that the switch
communicated to it. The PC sends untagged frames (native Ethernet frames), and the switch
ASIC tags the frame with an 802.1q trunk header, which has the configured access VLAN.
When the switch receives a frame from the network destined for the PC, it removes the
802.1q trunk header and forwards a native untagged Ethernet frame to the PC. The IP phone
marks all phone traffic in the voice VLAN. Figure 8-5 shows a multi-VLAN access port.
Figure 8-5 Multi-VLAN Access Port
The following are some advantages in implementing multi-VLAN access ports:
■ The Voice VLAN ID can be either discovered using CDPv2 or configured on the IP
phone.
■ This solution creates a scalable IP addressing scheme that can be easily accomplished
via additional DHCP scopes. Most IP subnets have more than 80 percent of their
available IP addresses leased. The voice VLAN (IP subnet) allows the introduction
of a large number of new devices into the network without modifying the existing
IP addressing scheme.
IP
V
P0
IP
P P2 P1
Integrated 3-
Port Switch
Cisco LAN Switches 175
■ Dual-VLAN access ports allow for the logical separation of data and voice traffic. The
voice and data VLAN segregation creates an environment where security and QoS
policy can be tailored for the voice network.
■ This solution allows the connection of multiple devices on a single-switch access port.
802.1q Trunk Port
An 802.1q trunk port can be used to connect to an IP phone. The multi-VLAN access port
is the best practice for connecting a Cisco IP Phone to a Cisco Catalyst switch. 802.1q trunk
ports provide a solution for connecting Cisco IP Phones to third-party vendor switches.
802.1q trunk ports can also be used when connecting third-party IP phones to Cisco Catalyst
switches. Some older Cisco switches do not support a multi-VLAN access port (3524-PWR).
Frames of the native VLAN on a .1q trunk port are always transmitted and received as
untagged. Personal computers send their Ethernet frames untagged even though most
network interface cards (NIC) support .1q trunking. When an IP phone is inserted between
the PC and the switch port, the PC frames will be untagged, whereas the IP phone frames
will be tagged with the voice VLAN. Figure 8-6 displays the logical connectivity achieved
when an 802.1q trunk port is connected to an IP phone with a PC.
Figure 8-6 802.1q Trunk Port
If the voice VLAN feature is enabled on a trunk port, the port will not allow any other tagged
frames on the port. 802.1q trunk ports allow all VLANs by default, unless configured to do
otherwise.
Cisco IP Phones trunk port considerations include the following:
■ Spanning-tree PortFast cannot be enabled on trunk ports of some very old Cisco
Catalyst switches. This causes a condition where the IEEE 802.1d Spanning Tree
Protocol (STP) must run on the port connected to the IP phone. STP can take up to
50 seconds before it allows traffic to be forwarded on the port.
■ 802.1q trunk ports cannot be configured as a secure port.
Untagged 802.3
Untagged or 802.1p
IP
176 Chapter 8: Cisco Catalyst Switches
Native Cisco IOS VLAN Configuration
Example 8-4 shows the configuration of a single-VLAN access port. The switch is configured
to transmit and receive CDPv2 frames to enable the Cisco IP Phone to transmit voice
traffic in the IEEE 802.1p (Layer 2 CoS or Priority bits) field of the 802.1q trunk header,
tagged with VLAN ID 0 (VLAN field). The switch inserts the 802.1p voice traffic into the
configured access VLAN of 261.
Example 8-5 shows a multi-VLAN access port configuration where the voice traffic is sent
on VLAN 261 and the data traffic is sent on access VLAN 262.
The switchport mode access command configures the switch port to be an access
(nontrunking) port. Table 8-1 provides a switch command reference that shows many of
the commands that are used in the configuration examples.
Example 8-4 Single-VLAN Access Port Configuration
Console(config)# interface FastEthernet0/1
Console(config-if)# switchport mode access
Console(config-if)# switchport voice vlan dot1p
Console(config-if)# switchport access vlan 261
Console(config-if)# spanning-tree portfast
Example 8-5 Multi-VLAN Access Port Configuration
Console(config)# interface FastEthernet0/1
Console(config-if)# switchport mode access
Console(config-if)# switchport voice vlan 261
Console(config-if)# switchport access vlan 262
Console(config-if)# spanning-tree portfast
Table 8-1 Switch Command Reference
Command Description
switchport mode access Configures the switch port to be an access (nontrunking) port.
spanning-tree portfast Causes a port to enter the spanning-tree forwarding state immediately,
bypassing the listening and learning states. You can use PortFast on
switch ports that are connected to a single workstation or server (as
opposed to another switch or network device) to allow those devices
to connect to the network immediately.
Cisco LAN Switches 177
In Example 8-6, VLAN 261 is used for voice traffic, whereas VLAN 262 is used for data
traffic. The voice VLAN will be tagged by the ASIC in the Cisco IP Phone, and the switch
ASIC will tag the native VLAN traffic from the PC into VLAN 262. All other VLANs are
explicitly blocked from the trunk interface.
switchport access vlan
data_VLAN_ID
Configures the interface as a static access port with the access VLAN ID
(262 in this example). The VLAN range is 1 to 4094. All untagged traffic
received on the port will be colored into this VLAN by the ASIC.
switchport voice vlan
{voice_vlan_ID | dot1p |
none | untagged}
When configuring the way in which the Cisco IP Phone transmits voice
traffic, note the following syntax information:
• Enter a voice VLAN ID to send CDPv2 packets that configure the
Cisco IP Phone to transmit voice traffic in 802.1q frames, tagged with
the voice VLAN ID and a Layer 2 CoS value. (The default is 5.) Valid
VLAN IDs are from 1 to 4094. The switch puts the 802.1q voice traffic
into the voice VLAN.
• Enter the dot1p keyword to send CDPv2 packets that configure the
Cisco IP Phone to transmit voice traffic in 802.1p frames, tagged with
VLAN ID 0 and a Layer 2 CoS value. (The default is 5 for voice traffic
and 3 for voice control traffic.) The switch puts the 802.1p voice traffic
into the access VLAN.
• Enter the untagged keyword to send CDPv2 packets that configure the
Cisco IP Phone to transmit untagged voice traffic. The switch puts the
untagged voice traffic into the access VLAN.
• Enter the none keyword to allow the Cisco IP Phone to use its own
configuration and transmit untagged voice traffic. The switch puts the
untagged voice traffic into the access VLAN.
Example 8-6 802.1q Trunk Port Configuration
Console(config)# interface FastEthernet0/1
Console(config-if)# switchport trunk encapsulation dot1q
Console(config-if)# switchport mode trunk
Console(config-if)# switchport trunk native vlan 262
Console(config-if)# switchport voice vlan 261
Console(config-if)# switchport trunk allowed vlan 261
Table 8-1 Switch Command Reference (Continued)
Command Description
178 Chapter 8: Cisco Catalyst Switches
Example 8-7 displays the output from a Native Cisco IOS switch trunk verification
command. The show interface trunking command is useful, too.
CatOS VLAN Configuration
Example 8-8 shows the configuration of a single-VLAN access port. The switch is configured
to transmit and receive CDPv2 frames, enabling the Cisco IP Phone to transmit voice traffic
in 802.1p frames, tagged with VLAN ID 0. The switch inserts the 802.1p voice traffic into
the configured access VLAN of 261, which is used for voice traffic.
Example 8-9 shows a multi-VLAN access port configuration where the voice traffic is sent
to voice VLAN 261 (auxiliary VLAN) and the data is using the access VLAN 262.
In 802.1q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN
packets. The native VLAN packets are sent untagged on the trunk link. Therefore, the native
VLAN is used for the data traffic coming in from the workstation attached to the Cisco IP
Phone. By default, VLAN 1 is the native VLAN on all switches.
Example 8-7 Trunk Port Verification
Class-1-Switch# show interfaces fastethernet 0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 262 (VLAN0262)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: 261 (VLAN0261)
Example 8-8 Single-VLAN Access Port
Console>(enable) set port auxiliaryvlan 2/1-3 dot1p
Console>(enable) set vlans 262 2/1-3
Console>(enable) set trunk 2/1-3 off
Example 8-9 Multi-VLAN Access Port
Console>(enable) set port auxiliaryvlan 2/1-3 261
Console>(enable) set vlans 262 3/1-3
Console>(enable) set trunk 2/1-3 off
Cisco LAN Switches 179
In Example 8-10, VLAN 262 is set as the native VLAN, is untagged, and will be used by
the data traffic. VLAN 261 is tagged with 802.1q tagging and will be used by the voice
traffic.
In Cisco CatOS, you can change the native VLAN by issuing the set vlan vlan-id mod/port
command, where mod/port is the trunk port. The set trunk command enables you to
configure trunk ports and to add VLANs to the allowed VLAN list for existing trunks.
The voice VLAN is configured with the set port auxiliary vlan command.
The status of the auxiliary VLAN on a port or module can be verified in two ways:
■ The show port auxiliaryvlan vlan-id command enables you to show the status of
that auxiliary VLAN with the module and ports where it is active, as demonstrated
in Example 8-11.
The show port [module/port] command enables you to show the module, port, and
auxiliary VLAN with the status of the port, as demonstrated in Example 8-12.
No comments:
Post a Comment