Confused about VLANs and Cisco 3550 3

[m1esquibel]

Good morning everyone!

Here's the situation, I have hosted VOIP here for roughly 30 users, 2 Cisco 3550s, 1 cisco 2600 (hosted VOIP).

On the 2 cisco 3550s I'm running the SMI IOS.

The phones are supposed to be getting DHCP from 10.10.x.x and the computers are getting DHCP from 192.168.x.x.

I want to create 2 vlans, one for voice, one for data and have the switches split between the two. I would also like to use the switch port on the back of the 7940 IP Phones to connect the computers to.

I keep getting confused as to whether or not this will work on the 3550 SMI IOS or would I need the EMI?

This is the config that I tried to run on a test unit that I have. Unfortunately it wouldn't give the phone any power and the computer I plugged directly into the port (Fa0/23) wouldn't get an IP from DHCP.

Switch Ports:
!
::this will be done for all interfaces (24). Put on Fa0/23 first but didn't work::
interface FastEthernetX/X
description Default setting for all switch ports
switchport mode access
switchport access vlan 10
switchport voice vlan 20
spanning-tree portfast
!

Management VLAN:
!
Interface VLAN1
IP Address 192.168.x.x
IP default-gateway 192.168.x.x
IP host BOS.CISSW1 192.168.x.x
!

DataVLAN:
!
interface Vlan10
description Connection for Data
ip helper-address 192.168.x.x ;internal DHCP Server for computers and other LAN devices.
no shut
!

VoiceVLAN:
!
interface Vlan20
description Connection for IP Phones
ip helper-address 10.20.x.x ;DHCP Server for hosted VOIP
no shut
!


If it helps to have a topology map of this setup to better answer please let me know.

I do apologize for all the questions but I'm rather new at this and when this was installed 4 years ago the purchasers didn't realize that VLANs would be somewhat necessary to split voice/data traffic and I'm seeing a LOT of "bleed over".

Thank you for any and all information.

 

[unclerico]

are these 3550's PoE switches??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[m1esquibel]

Yes, we are currently running 2 of these devices now in a production environment with phones and PCs and the phones are receiving power from the switch(es).

 

[unclerico]

what does your topology look like?? does each switch have ip routing enabled?? which device has the dhcp scopes configured?? maybe you should post scrubbed configs from all of your devices here so we can look.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[theravager]

I suspect if you trunk the two vlans in the 2600 and any routing you need is done there you should be fine.

 

[m1esquibel]

Here are the configs and topology. Unfortunately, I'm only able to get configs for the 3550 and not the 2600. The 2600 was setup originally by the 3rd party and I don't have the username/password to get into the console. I have put in a request to the 3rd party to see if I can get the info.

Until then you can see what I'm working with.

Sorry for the crude topology. I don't have Visio or Dia installed on this laptop.

If this isn't enough information please let me know.

Thanks again for all the help thus far. I spent almost 10 hours Saturday applying configs to the units that I thought would work but when I created the VLANs the phones would get the right IP address from (i'm assuming) the 2600 DHCP but they would stick on "configuring ip" which I'm guessing is because the switches couldn't ping the TFTP server address. So then I just reapplied the backup configs and this is what you'll see in the PDF files.

 

[unclerico]

so the juniper is supplying dhcp services for the native (data) vlan and the 2600 is supplying dhcp services for the voice vlan??

1) be sure to turn off DTP on the trunk links leading to the 2600 and the juniper; add:

interface FastEthernet0/x
 switchport encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate

2) on each switch create your voice vlan (i'm assuming you're sticking with VLAN1 for your native (data) vlan)
3) add your original config back in:

interface FastEthernetX/X 
 switchport mode access
 switchport access vlan 10 
 switchport voice vlan 20 
 spanning-tree portfast

try this and see where you get

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[m1esquibel]

Unclerico,

Thank you for the response. I will give that shot later this afternoon.

so the juniper is supplying dhcp services for the native (data) vlan and the 2600 is supplying dhcp services for the voice vlan??

I know for a fact that the Juniper is dhcp for the data, however, the 2600 supplying DHCP for the phones is only an assumption because I still haven't received word from the 3rd party to look at that unit.

 

[m4ilm4n]

If you're running your computers out of the switchport on the phone, you need to trunk both VLANs to the phone (which requires dot1q encapsulation):

interface FastEthernetX/X
   switch trunk encapsulation dot1q
   switch mode trunk
   switch trunk allow vlan 10,20
   switch voice vlan 20

 

[VinceWhirlwind]

Actually, you seem to have mixed up your config a bit (m4ilm4n)

If they run CDP (which Cisco phones do) then it understands how to trunk the Voice VLAN to the phone without you having to define it as a .1q trunk.

So, your interfaces should be:
sw mo access
sw acc vlan 10
sw voice vlan 20
spanning-tree portfast

OR
sw mo tr
sw tr en do
sw tr all vlan 10,20
sw tr nat vlan 10
spanning-tree portfast trunk

Both should give the same result for a phone that runs CDP.

 

[m4ilm4n]

Thanks Vince. We run Avaya phones (they're not running CDP), so I posted a config that I know worked with those. Should've paid closer attention to the OP's description....

 

[m1esquibel]

I appreciate all the feedback everyone, unfortunately I've run into many more problems then just the switches which are more important. I have scheduled a server maintenance period on October 3rd and will be able to apply the configs later. I really do appreciate the effort and apologize for the late reply.

 

[meneerB]

hi M1,
doesn't the 3550 state 'Inline Power'? thats no PoE and can't be used for Avaya phones.
Its a proprietary pre PoE implementatio of Cisco and is for (some) cisco only phones.

hope this helpes.

 

[m1esquibel]

MeneerB,

I think you're confusing other posts with mine. I'm running Cisco 7940 IP phones, not avaya.

-M1

 

[meneerB]

yes... it was M4

 

[meneerB]

M1,
your running config looks like a layer 2 network.
So, the phones should get ip addresses from the same dhcp server as the pc's: the netscreen. or do I miss something?

Its important to uplink the 3550 to the 2600 switch with the following settings:
sw mode access
sw access vlan 20 (!)
this way you put the uplinkport untagged to the voice vlan

and if the dhcp server is on the netscreen (...), the netscreen is only able to provide dhcp in the data subnet.
not the voice subnet.
check this:
- if the phones don't get a IP address, you'll see 'configuring ip'.
Put a pc on the uplink port of the 2600 to the 3550, and/or an other port on the 2600. you should get the correct ipaddress phones would get.
is option 150 (tftp) okay?
- put a temp. dhcp server in vlan 20 to check if your phones work.

But I still don't understand the 2 dhcp servers running in the same vlan/subnet!

 

[m1esquibel]

I am (we are) so close I can taste it. I was finally able to get some changes made to the configs (please see updated attachments for a better topology map) and have VLANs working (for the most part).

However, I am now seeing on SW1 and SW2
3w5d: %IP-4-DUPADDR: Duplicate address 10.20.x.x on Vlan20, sourced by 000e.xxxx.xxxx

I've tracked down the MAC to the switchport and it is switchport Fa0/24 on both switches which is my connection to link both cisco 3550s.

What did I do wrong??? What am I missing??? I've also enabled VTP on both switches which I thought would take care of this.

Special thanks to meneerB and unclerico for their input as they are the ones that actually got me to the point I am at now. meneerB's last post was actually the last piece that actually made my phones finally get on the network and receive an IP address!!

...
Its important to uplink the 3550 to the 2600 switch with the following settings:
sw mode access
sw access vlan 20 (!)
this way you put the uplinkport untagged to the voice vlan
...

I appreciate the patience and the sharing of knowledge!

-M1

 

[unclerico]

are the VLAN20 SVI's on both 3550's the same IP??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[m1esquibel]

Yes, this has been corrected. Thanks again unclerico.

 

[meneerB]

great, so all works?
Thanks for the star

to get the pc's working, you should add this on each interface, then the switch nows which port it's 'accessing' untagged:
switchport access vlan 10

on sw1, fast0/2:
remove switchport voice vlan 20 (only vlan20 untagged needed)
remove switchport trunk allowed vlan 1,20 (its no trunk)
fast0/24: also add switchport trunk allowed vlan 1,20 (like you did on sw2)

I'm not that good with spanning tree, maybe someone else?
Both switches should be configured the same if you use spanning tree.
The manual states that you should ONLY use portfast on single end stations.

BTW: If you need some more work... for security reasons, you should connect the hosted VOIP router to a free interface of the netscreen.
+ create a rule only allow VOIP traphic to the hosting provider (voip ports, tftp, callmanagers etc etc)