Voice VLAN is a feature on the PowerConnect 55xx Series switches that utilizes Class of Service (CoS) to automatically prioritize VoIP traffic within the switch. This feature helps to prevent poor call quality when there is a mixed traffic environment and high bandwidth utilization on the switch. It also introduces simplicity to adding VoIP phones to the network with little or no configuration.
To configure the switch the administrator simply adds the phone’s MAC Organizational Unique Identifier (OUI) to the OUI table of the switch and adds the Voice VLAN ID globally once the VLAN has been created in the VLAN database.
In this example 00:03:b5 is the MAC OUI and Joes_VoIP_Phones is the vendor name.
Console(config)# voice vlan oui-table add 0003b5 Joes_VoIP_Phones
VLAN 10 is where the VoIP traffic will reside in this example.
Console(config)# vlan database
Console(config-vlan)# vlan 10
Console(config-vlan)# exit
Console(config)# voice vlan id 10
On a port where a VoIP phone will be connected, in order to enable Voice VLAN the port cannot be a static member of the VLAN.
On port 13 switch unit 1 we are removing VLAN 10 from the trunk and enabling Voice VLAN.
Console(config)# interface gigabitethernet 1/0/13
Console(config-if)# switchport mode trunk
Console(config-if)# switchport trunk allowed vlan remove 10
Console(config-if)# voice vlan enable
At this point the administrator plugs the phone into the switch interface configured for Voice VLAN. When the switch sees the traffic from the phone, containing a VLAN ID that matches the Voice VLAN ID and the MAC OUI previously added to the OUI table, it dynamically assigns the VoIP traffic to the Voice VLAN. By default, the switch automatically assigns the VoIP traffic CoS 6 and prioritizes it ahead of other traffic in lower queues. Any untagged traffic entering the switch port, like PC data, will be assigned to the native VLAN. By default, the native will be VLAN 1 when a port is in trunk mode.
Outside of defaults, it is possible to change the CoS settings for the Voice VLAN and remark traffic on the egress, but not required. Be aware that CoS 6 is the highest priority recommended for VoIP traffic. CoS 7 is the highest priority assignable, but normally only used for control traffic and not recommended for most transit traffic. If the administrator wants to utilize Differentiated Services Code Point (DSCP) for prioritization the default global switch setting of trust CoS can be changed to trust DSCP. This will allow the switch to trust a DSCP value already assigned in the layer 3 header of an incoming packet, and prioritize it based on the value assigned. In most cases DSCP 46 or Expedited Forwarding is the value used for VoIP prioritization. The switch already has a DSCP-to-queue mapping that allows it to map DSCP 46 to high priority queue 6. By default DSCP 46 is assigned to the same switching queue as CoS 6. This mapping table can be changed by an administrator in QoS Advanced Mode. Be aware that the trust DSCP setting affects the switch globally, and accounts for all traffic entering a switch port in trust mode. If other traffic entering the port has a higher DSCP value than the VoIP traffic the higher DSCP value wins, and that traffic will be prioritized first. For more information about QoS settings see the PowerConnect 55xx User Guide at https://support.dell.com/manuals.
Also, be aware that the Voice VLAN Secure setting is not enabled by default. This means that once the Voice VLAN has been activated on the port frames with an unrecognized OUI are allowed access to the Voice VLAN. If the Voice VLAN Secure setting is enabled on a port any frames tagged for the Voice VLAN with an unrecognized OUI will be dropped. It’s kind of like leaving a guard at the gate once the gate has been opened. The guard authorizes who can and can’t enter. This feature can help prevent unauthorized devices or traffic from accessing the Voice VLAN.
Here we are enabling Voice VLAN Secure on port 13 switch unit 1. If a user plugged into the
port tries to tag their PC traffic for VLAN 10, which is the Voice VLAN, the switch will drop the traffic.
Console(config)# interface gigabitethernet 1/0/13
Console(config-if)# voice vlan secure
When configuring interfaces with other VoIP devices connected, like a PBX server or VoIP switch, it is generally best practice to assign the ports to the VLAN statically instead of enabling Voice VLAN. This is because most of these types of devices are VLAN unaware, which means they do not support VLAN tagging. In order for Voice VLAN to be activated on a port or, for a device to be added dynamically, traffic must be tagged for the Voice VLAN. Be aware that when a device is added statically to the VLAN the Voice VLAN feature is not
activated on the port where the statically added device is connected. Traffic from the device will not be prioritized by default. To prioritize this traffic the CoS and DSCP trust modes can be used as long as the ingress traffic from the device already has a CoS or DSCP value assigned. If no CoS or DSCP value has been assigned to the ingress traffic a QoS policy must be defined for the switch to prioritize the traffic.
Here we’re putting the switch in QoS Advanced Mode which will give us more granular QoS
functionality that allows us to configure the QoS policies.
console(config)# qos advanced
First, we need to configure an ACL that allows the VoIP traffic. We matched the traffic based on the subnet for simplicity. Although, there are many other parameters we could use to match specific traffic that are out of the scope of this discussion.
console(config)# ip access-list extended voip
console(config-ip-al)# permit ip any 192.168.10.0 0.0.0.255
console(config-ip-al)# exit
Now we are creating an ACL to match the LAN data traffic, or any traffic other than VoIP. This is assuming that the VoIP traffic is isolated into a separate subnet and VLAN, which would be best practice in most cases.
console(config)# ip access-list extended LAN
console(config-ip-al)# permit ip any any
console(config-ip-al)# exit
Next, we need to configure a class map named voip that matches the voip ACL and a class map named LAN that matches the LAN ACL we created previously.
console(config)# class-map voip
console(config-cmap)# match access-group voip
console(config-cmap)# exit
console(config)# class-map LAN
console(config-cmap)# match access-group LAN
console(config-cmap)# exit
Now we create a policy map named voice that first matches on class map voip, and then class map LAN.
console(config)# policy-map voice
console(config-pmap)# class voip
Here we give the policy map an action (set queue 6). If the traffic matches class map voip it will prioritize the traffic into switch queue 6.
console(config-pmap-c)# set queue 6
console(config-pmap-c)# exit
In the next action assigned to the policy map if the traffic matches class map LAN the switch is set to trust a CoS or DSCP value already assigned to the inbound packet or frame. If there is no CoS or DSCP value assigned to the inbound traffic the switch will put the traffic into queue 2 by default. Queue 2 is primarily "best effort" which means it forwards traffic on a "first-come first- serve" basis.
console(config-pmap)# class LAN
console(config-pmap-c)# trust cos-dscp
console(config-pmap-c)# exit
console(config-pmap)# exit
Now that the QoS policy has been created we assign it to ports 1 and 2 on switch unit 1. Port 1 is our uplink to another switch or router on the network, and port 2 is connected to our PBX server.
console(config)# interface range gigabitethernet 1/0/1-2
console(config-if-range)# service-policy input voice
console(config-if-range)# exit
Since port 2 is connected to the PBX, which is VLAN unaware, we put the interface in access mode and tell it to send VLAN 10 traffic untagged.
console(config)# interface gigabitethernet 1/0/2
console(config-if)# switchport access vlan 10
console(config-if)# exit
Since port 1 is our uplink it’s going to be sending and receiving traffic on both VLANs. We need to configure this port in trunk mode which adds all VLANs to the interface. VLAN 1 will be untagged because it’s the native by default, and VLAN 10 will be tagged.
console(config)# interface gigabitethernet 1/0/1
console(config-if)# switchport mode trunk
console(config-if)# exit
Last, but not least, we need to talk about Spanning Tree Protocol (STP). When two or more switches are involved in the network topology it is recommended that STP be enabled globally on all switches at the access layer. Preferably, IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) should be used instead of IEEE 802.1d STP in order to achieve faster network convergence times. Please, note that RSTP is enabled as a default setting out of the box on the PowerConnect 55xx series switches. Now, in some environments, like a network with no redundant cabling for example, it may be acceptable to globally disable RSTP or STP in order to free-up switching resources and decrease network complexity. Warning!!! RSTP should not be disabled without first consulting with the network administrator and/or fully assessing the risks of disabling this protocol, especially in a production environment.
When dealing with a network running RSTP or STP it is recommended that all edge-ports (ports with end devices or STP unaware devices connected) should at least have Spanning Tree Portfast enabled. Portfast allows a switch port to converge immediately, without connectivity delay, during a network topology change as well as prevent the port from triggering a topology change when its link status changes from down to up. In some environments it may be preferable to disable STP on the edge-ports instead. For example, this could be because the IP phone connected to the port doesn’t operate at optimal standards when STP Bridge Protocol Data Units (BPDU’s) are being transmitted or flooded out of the switch interface. Disabling STP on a switch port prevents it from transmitting BPDU’s. Although, it does not necessarily prevent the port from flooding BPDU’s received from other network devices. To prevent a port from flooding BPDU’s the BPDU Filtering option must be enabled on the switch globally. Be aware that BPDU Filtering is enabled by default. This setting does not affect ports that have Spanning Tree enabled. To disable BPDU Filtering the global switch setting can be changed to BPDU Flooding which allows Spanning Tree disabled ports to flood BPDU’s received from other devices, as explained previously.
Here we are disabling STP on port 13 switch unit 1 which is connected to a VoIP phone.
console(config)# interface gigabitethernet 1/0/13
console(config-if)# spanning-tree disable
console(config-if)# exit
On port 2 switch unit 1, connected to the PBX server, we are enabling STP Portfast.
console(config)# interface gigabitethernet 1/0/2
console(config-if)# spanning-tree portfast
console(config-if)# end
This sums up the basic configuration of Voice VLAN on the PowerConnect 55xx Series switches. Please, keep in mind that the above configurations are only examples, and may not be necessary for all network environments. There are also ways other than Voice VLAN to prioritize VoIP traffic on the 55xx series switch and throughout the network. This feature was meant to prioritize traffic locally within the switch, and may not resolve all quality of service issues throughout the network. In the section below there is a list of commands useful for troubleshooting the Voice VLAN as well as an example configuration reflecting the commands we entered throughout this document.
Note: This documentation was written for PowerConnect 55xx firmware code 4.0.1.0. Future firmware releases could possibly change device functionality, command syntax, and other things in regards to the scope of this document.
Troubleshooting Commands Available:
console#show voice vlan console#show interfaces switchport
console#show qos map dscp-queue console#show interfaces access-lists counters
console#show qos interface buffers console#show interfaces access-lists
console#show qos interface queuing console#show mac address-table
console#show access-lists console#show mac address-table count
console#show policy-map console#show vlan
console#show spanning-tree detail console#show cpu utilization
console#show spanning-tree bpdu console#show logging
console#show rmon statistics <interface> console#show tech-support
console#show interfaces status console#show tech-support memory
console#show interfaces configuration console#show tech-support config
Example Switch Configuration:
vlan database vlan 10 exit
voice vlan oui-table add 000181 Nortel
voice vlan oui-table add 0001e3 Siemens_AG_phone
voice vlan oui-table add 00036b Cisco_phone
voice vlan oui-table add 0003b5 Joes_VoIP_Phones
voice vlan oui-table add 00096e Avaya
voice vlan oui-table add 000fe2 H3C_Aolynk
voice vlan oui-table add 001049 Shoretel
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00907a Polycom/Veritel_phone
voice vlan oui-table add 00e0bb 3Com_phone
voice vlan id 10
iscsi target port 860 address 0.0.0.0 iscsi target port 3260 address 0.0.0.0 iscsi target port 9876 address 0.0.0.0 iscsi target port 20002 address 0.0.0.0 iscsi target port 20003 address 0.0.0.0 iscsi target port 25555 address 0.0.0.0
qos advanced
ip access-list extended voip
permit ip any 192.168.10.0 0.0.0.255
exit
ip access-list extended LAN
permit ip any any exit
class-map voip
match access-group voip
exit
class-map LAN
match access-group LAN
exit
policy-map voice
class voip
set queue 6
exit
class LAN
trust cos-dscp exit
exit
!
interface gigabitethernet1/0/1
service-policy input voice
switchport mode trunk
!
interface gigabitethernet1/0/2
spanning-tree portfast
service-policy input voice
switchport access vlan 10
!
interface gigabitethernet1/0/13
spanning-tree disable
switchport mode trunk
switchport trunk allowed vlan remove 10
voice vlan enable
voice vlan secure
!
Default settings: Service tag:
SW version 4.0.1.0 (date 12-Apr-2011 time 17:40:25) Gigabit Ethernet Ports
=============================
no shutdown speed 1000 duplex full
negotiation
flow-control on
mdix auto
no back-pressure interface vlan 1
interface port-channel 1 - 32
spanning-tree
spanning-tree mode RSTP qos basic
qos trust cos
eee enable