Users Guide
VLANs 835
console#configure
console(config)#vlan 25
console(config-vlan25)#exit
2
Globally enable the Voice VLAN feature on the switch.
console(config)#switchport voice vlan
3
Configure a rate-limiting ACL to ensure that the Voice VLAN does not
present a denial-of-service threat. A G.711 voice stream generates 64 Kbps,
which translates to 80 bytes of uncompressed voice every 10 ms. Overhead
adds 40 bytes, so the phone will generate 100 to 120 byte packets every
second per voice stream, or about 96 Kbps. The rate limit below will
permit a single voice stream.
console(config)#mac access-list extended dot1p-limit
console(config-mac-access-list)#permit any any cos 5 rate-
limit 100 64
console(config-mac-access-list)#permit any any
console(config-mac-access-list)#exit
4
Configure port 10 to be in access mode.
These ports use the default
802.1X auto mode authentication. Only one IP phone per port may
authenticate into the Voice VLAN. By default, access mode ports use
VLAN 1 for the data VLAN.
console(config)#interface gi1/0/10
console(config-if-Gi1/0/10)#switchport mode access
5
Configure the switch to tell the IP phone to use VLAN 25 for voice traffic,
and to tag the voice packets with 802.1p priority 5. By default, priority 5 is
mapped into CoS queue 2. The RADIUS server must also be configured to
identify the phone as a voice device and to send the Voice VLAN in the
RADIUS Access-Accept.
console(config-if-Gi1/0/10)#switchport voice vlan 25
console(config-if-Gi1/0/10)#switchport voice vlan dot1p 5
6
Enable IEEE 802.1p trust mode for the Voice VLAN-tagged packets. The
802.1p priority in the tagged voice packets will be honored.
console(config-if-Gi1/0/10)#switchport voice vlan priority
extend trust
7
Configure internal CoS queue 2 as strict priority to ensure that egressing
voice traffic is transmitted first on this interface. This reduces latency for
transmitted voice traffic.
console(config-if-Gi1/0/10)#cos-queue strict 2