Data and Voice Vlans on Switch Ports


Userlevel 1
Currently we have both data and voice vlans configured on the switch ports, however the only IPs being distributed to a laptop and a VOIP phone are coming from the data vlan. They are both plugged into their own individual switch ports, however there will be situations (later) when the phone and laptop will be plugged into one another and then up to a switch port.
With that being said, we need for the laptop to pull a data IP and the VOIP phone to pull a voice IP in either situation.
Vlan1832 is for voice and vlan1800 is for data, the rest of the configs are below.
Thanks.

% for i in range(1, 48):
auto swp${i}
iface swp${i}
alias Network DATA-VOICE
bridge-vids 1832
bridge-pvid 1800
mstpctl-bpduguard yes
mstpctl-portadminedge yes
% endfor

auto bridge
iface bridge
bridge_ageing 28800
bridge-mcsnoop 1
bridge-vlan-aware yes
bridge-ports glob swp1-48 bond0
bridge-vids 499 1832 1800
bridge-pvid 1000
bridge-stp on

8 replies

Userlevel 2
B,

I passed the following conversion on to someone, and I believe he confirmed that it worked.

Cisco access port
interface GigabitEthernet1/0/47
switchport access vlan 1280
switchport mode access
switchport voice vlan 1400
spanning-tree portfast

For Cumulus, should be something like this:
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports glob swp1-2
bridge-pvid 1280
bridge-vids 1280 1400
bridge-stp on
mstpctl-portadminedge yes
mstpctl-portautoedge yes
auto swp1
iface swp1
bridge-access 1280
bridge-vids 1400
mstpctl-bpduguard yes
mstpctl-portadminedge yes

Just be aware that even though you're configuring the voice VLAN, it's not going to operate in the same manner as Cisco's voice VLAN. The above config assumes that the phone's voice traffic is tagged with VLAN 1400.

If you do give it a try, please post up the results so I have multiple data points on it working or not.

Thanks!
Kevin Witherstine wrote:

B,

I passed the following conversion on to someone, and I believe he confirmed that it worked.
...

Seems you can not configure "bridge-vids" when the "bridge-access" keyword is present.
Userlevel 1
Hey Kevin,
The following configuration yielded the below error for all the swps. I was unable to pull neither data nor voice vlan IPs. I'm not sure how the one person got it to work, since the OS didn't seem to like the "bridge-access" command alongside the "bridge-vids" command.
warning: swpx: bridge-access given, bridge-vids and bridge-pvid will be ignored

% for i in range(1, 48):
auto swp${i}
iface swp${i}
alias Network DATA-VOICE
bridge-access 1800
bridge-vids 1832
mstpctl-bpduguard yes
mstpctl-portadminedge yes
% endfor

auto bridge
iface bridge
bridge_ageing 28800
bridge-mcsnoop 1
bridge-vlan-aware yes
bridge-ports glob swp1-48 bond0
bridge-vids 1832 1800
bridge-pvid 1800
bridge-stp on
Userlevel 3
The bridge-vids is roughly the same as "switchport trunk allowed", while the bridge-access is the same as "switchport access vlan". These should not work together. The "switchport voice vlan" command actually creates what cisco documents as a “multi-VLAN access port”. So since this is a single-VLAN trunk (voice VLAN with untagged), the configuration would be:
auto swp${i}
iface swp${i}
alias Network DATA-VOICE
bridge-pvid 1800
bridge-vids 1832
Looking under the hood though, the "voice-vlan" is basically just a mechanism used by CDP to dynamically configure a VLAN for the 3-port switch, inside a cisco phone, to use for the voice traffic. By tagging the voice traffic, the phone can use the 802.1p bits to mark the traffic with a CoS=5. The traffic traversing the phone's "computer" port will be sent to the switch untagged. It also configures the PoE settings.

The PoE part via LLDP will work on a PoE-capable switch. The advertisement of the voice-vlan via LLDP or CDP is being discussed in another thread about LLDP-MED:
sudo su
echo "configure med policy application voice tagged vlan 1832" >> /etc/lldp.d/README.conf
systemctl restart lldpd
That should work.
Jason Guy wrote:

The bridge-vids is roughly the same as "switchport trunk allowed", while the bridge-access is the...

the "configure med policy application voice tagged vlan 1832" by itself does not continuously update the LLDP_Multicast network policy, it seems LLDP falls back to the default value. we tested by swapping the IP-PHONE swp and reloading, it was a hit-and-miss game.
This is what seems to work for us now,
cat /etc/lldpd.conf

configure med policy application voice tagged vlan 1832
configure med fast-start enable
cat /etc/default/lldpd
DAEMON_ARGS="-c -x -l"

Jason Guy wrote:

The bridge-vids is roughly the same as "switchport trunk allowed", while the bridge-access is the...

Userlevel 1
It seems as though the voice vlan worked for a brief period of time, but then converted back to pulling a data vlan IP. We've noticed that after shutting down the port for approximately 2 minutes and reenabling it, it would default back to the data vlan.
The "systemctl restart lldpd" command would immediately issue it a voice IP, but bouncing the switch port would trigger it back over to the data side.
There seems to be some sort of timer that is expiring.
Any thoughts?
Thanks.

LLDP PDUs have a time to live (as seen in the Wireshark screenshot above) and need to be sent continuously (usually once every minute) to not expire. You could check via Wireshark if they are sent often enough or not.

Reply