30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.

com

 
Home 
About
Us Contact Us Blog Home
Shop About
 Us Contact Us Blog Shop

Certi cationKits is your one-stop source for Cisco certi cation lab hardware &
training.

CCNA Voice: Con gure Voice and Data VLANs

  Search ... 

Performance improvement – Reduction in size of broadcast

domain makes network devices run faster
Enhanced Manageability – the logical division of networks into
logical group of users, applications and servers helps to
improve management of network in a better manner
Independence from physical topology – VLANs allow to group
of users regardless of there physical location. When
departments grow in size or relocate to another location we
can simply change the VLAN on their switch ports and there is
no need to make any physical changes in the network
Improved security – VLAN creates a logical boundary and to
reach other subnets or VLANs one must have to pass through a
layer 3 devices where we can add ltering options and
implement other security features.
Cisco CCNA 200-125
VLANs can also transcend switches; in such scenario switches must Standard Kit
carry tra c from multiple VLANs. This kind of port is known as trunk $499.99
port or tagged port because the switches send frames between each
other with a VLAN “tag” in place. The VLAN tag is applied when a
frame crosses a trunk port and it is stripped o when leaving the port
to reach destination.  All managed switched vendors support VLANs
and to operate in a mixed vendor environment, a common Trunking
or tagging is to be supported by all. This standard is known as
802.1Q.  All managed switches support 802.1Q to support Trunking
between switches in any environment.

It is standard practice to separate voice and data tra c using VLANs.

Use of VLANs to separate voice and data tra c provides a security
boundary as voice transmissions are susceptible to interception using
a variety of applications namely wireshark and voice over mis-
con gured internet phones (VOMIT). Apart from this it helps to deploy
other features such as QoS, prioritizing voice tra c over data and so Cisco CCNA 200-125
on. The switching capability built into Cisco IP phones is as par with Premium Kit
https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 1/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

the external cisco switches. The incoming switch port receive and 709.99
Home
sends 802.1QAbout Us packets
tagged Contact Us the capability
and gives Blog toShop
trunk 
between cisco switch and IP phones as depicted in gure 1.

Figure 1: voice and data tra c separation using VLANs

IP phone tags its own packets with the voice VLAN (VLAN 25) in the
above gure , once the switch receives the tagged packets on a
con gured trunk port , the switch will read the tag and place data in
the correct VLAN. The data packets go through the IP phone to switch
untagged. The untagged packets are assigned to VLANs which is
con gured for data tra c on the switchport.

It is a quite tedious process to con gure VLAN for networks for every
switch in the organization so by using VTP (VLAN Trunking protocol)
we can replicate VLANs over trunk links. A cisco switch is already
con gured as VTP server, which facilitate add / remove VLANs and
replicate changes to other switches. Every VTP server has VLAN
database, which contains information about all VLANs in an
organization. The VTP server sends update to other VTP capable
switches. VTP server is supported in three modes: VTP Server, VTP
client and VTP transparent.

This is default mode of cisco switch. A VTP server can create/modify /

delete /replicate VLANs to other switches in a network.

VTP client is not allowed to make any changes to VLAN database; it

can only receive the changes from VTP server and apply them.

VTP transparent – it can create/modify/delete VLANs but replication is

not allowed in this mode.

Now we look into how we con gure VLANs and Trunking

con guration. It involves ve major steps as underline below:

Step 1: con gure and verify VTP

Step 2: con gure and verify 802.1Q trunks

Step 3: create VLANs

Step 4: Assign ports to VLANs

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 2/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

Step 5: con gure routing between VLANs (optional step)

Home About Us Contact Us Blog Shop 
Con gure and verify VTP – before we begin con guration of VTP in a
VOIP network, rst we need to verify the VTP because introducing a
switch into network having existing VTP con guration will overwrite
the existing VLAN database. The command used to verify VTP
operation is:

Show vtp status

Output of command

VTP version: 2

Con guration revision: 0

Maximum VLANs supported locally: 1005

Number of existing VLANs: 5

VTP operating mode: server

VTP domain name:

VTP pruning mode: disabled

VTP V2 mode: disabled

VTP trap generation: disabled

MD5 digest: oxc4 oxAF oxA4 ox19 ox5F ox50 oxFO

This command shows vtp status and it has some key con guration
items described below:

VTP version/ VTP V2 Mode – Cisco default VTP version is 1. VTP

version 2 supports VLAN on token ring networks.
Con guration revisions – This is the current VTP database
revision number, used by switches to determine current copy
of VLAN database.
VTP operating mode – switch currently set as VTP server,
default mode in cisco switches
VTP domain name – blank eld indicates switch is not
con gured

We will use following parameters example to con gure VTP Server.

Switch A

VTP mode: Server, VTP Domain: VOICE, VTP password: cisco

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 3/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

Switch B
Home About Us Contact Us Blog Shop 
VTP mode: Client, VTP Domain: VOICE, VTP password: cisco

SwitchA#con gure terminal

SwitchA#vtp mode server

SwitchA#vtp domain VOICE

SwitchA#vtp password cisco

SwitchB#con gure terminal

SwitchB#vtp mode server

SwitchB#vtp domain VOICE

SwitchB#vtp password cisco

You can use show vtp status command to verify the settings you have
done on both switches

Con gure and verify 802.1Q trunks – the next step is to con gure
802.1Q trunks between the switches. To con gure Trunking on switch
port, we use switchport mode command. This command comprises of
a set of parameters as described below:

SwitchA(con g)#interface fastethernet 0/24

SwitchA(con g)#switchport mode trunk

Switchport mode access command is required to con gure port as

nontrunking port. This command combats VLAN hopping attack,
wherein a hacker tries to negotiate a trunked interface with a switch.
This command disables this type of attack.

Switchport mode trunk command is required to con gure a port as

trunked connection. Whenever a devices attaches to other side it
must be able to support tagged packets from the switch interface. On
certain interfaces using switchport mode trunk command would
result in an error message:

SwitchA (con g-if)#switchport mode trunk

Command rejected: An interface whose trunk encapsulation is “auto”

cannot be con gured to “trunk” mode.

The error is result of multiple protocols support on switches for

Trunking.

Before existence of 802.1Q cisco used its own proprietary Trunking

protocol, this was slowly phased out by cisco. So until this protocol is

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 4/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

completely phased out we need to add following command before

Home About mode
adding switchport Us Contact
trunk Us
command. Blog Shop 

SwitchA (con g-if)#switchport trunk encapsulation dot1q

SwitchA (con g-if)#switchport mode trunk

These two commands will enable Trunking between switches.

In cisco switches dynamic negotiation of trunk ports is also supported

mode. This is the default mode of all switchport in cisco. This mode
means a switchport can dynamically become access port or trunk as
per the device attached. But this dynamic mode can be used by
hackers to launch a VLAN hopping attack.

The dynamic trunk negotiation mode is supported by a dynamic

Trunking protocol (DTP). Cisco switches support multiple DTP modes
as de ned below:

Switchport mode dynamic desirable – In this default mode, cisco

switches dynamically changes interfaces between access and trunk
modes based on attached device.

Switchport mode dynamic auto – is able to dynamically change

between access and trunk port con gurations. But in case of using
this mode, interface does not attempt to aggressively negotiate a
trunk port connection unlike in dynamic desirable mode.

Switchport mode trunk – once interface is hard coded it cannot

become an access port. But interface will keep on sending DTP
packets and try to change other side of connection to trunk port,
unless switchport negotiate command is given

Switchport mode access – The interface is hard coded as an access

port and cannot become trunk port irrespective of any settings on
other side

Switchport non-negotiate – This command disables DTP messages on

interface

Once the trunk is con gured we can verify the con guration using
show interface command.

Out of switchport mode command as follows:

Switchport: Enabled

Administrative mode: trunk

Operational mode: trunk

Administrative Trunking encapsulation: dot1q

Operational Trunking encapsulation: dot1q

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 5/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

Negotiation of Trunking: ON
Home About Us Contact Us Blog Shop 
 

Administrative modes indicates what switch is con gured to do and

operational mode shows what actually it is doing.

Create VLANs- Once trunk is con gured we can create VLANs, as VTP
is con gured, so when VLANs are created on switch A they will
automatically replicated to switch B.

To create VLAN on switch A we issue following commands:

SwitchA#con gure terminal

SwitchA(con g)#vlan 10

SwitchA con g-vlan)#name VOICE

SwitchA(con g)#exit

SwitchA(con g)#vlan 50

SwitchA(con g-vlan)#name DATA

To verify VLAN con guration give command

Show vlan brief

Assign ports to VLANs – Now we can assign ports to each VLAN.

SwitchB#con gure terminal

SwitchB(con g)#interface range fa0/1 – 4

SwitchB(con g-if-range)#switchport mode access

SwitchB(con g-if-range)#switchport access vlan 50

SwitchB(con g-if-range)#switchport voice vlan 10

The ports are con gured to support a voice VLAN of 10 and a data
VLAN of 50.

Con gure routing between VLANs – With the current setup all data
devices on VLAN 50 can reach each other but they cannot reach other
networks. To con gure inter VLAN routing we can go for three
possible scenarios or designs:

Separate router ports con gured per VLAN

Router connected to trunk port
Layer 3/multiplayer switching

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 6/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

Separate ports on VLAN – We can use this design and plug a router
Home About
interface into eachUs
VLAN. PCs Contact UsVLAN will
on that Blog Shop
use router as the 
default gateway. This is a costly proposition because each VLAN
requires a unique router port.

Router connected to trunk port – design enable to route between

VLANs using a single router interface connected to a switch trunk
port.

Layer 3/multiplayer switching – This type of inter VLAN routing uses a

router integrated into a switch. Here the router is internal to the
switch. To facilitate routing within the switch we have to con gure
switched virtual interfaces (SVIs). Once SVI is created all users in the
SVI VLAN will be able to reach the interface. This design is considered
superior as there is no bandwidth constraints for the hosts assigned
to the VLAN to reach the router.

In a voice and data network design, a CME router can also act as
router connected to port to route between voice and data VLANs. We
can con gure a trunk to the CME router using following commands:

SwitchA#con gure terminal

SwitchA(Con g)#interface fa0/20

SwitchA(con g-if)#description CONNECTION TO ROUTER-ON-A-

STICK CME ROUTER

SwitchA(con g-if)#switchport trunk encapsulation dot1q

SwitchA(con g-if)#switchport mode trunk

This concludes the lesson of CCNA voice exam on con guring

switched infrastructure for voice and data networks VLANs.

 Shop  Extended Certi cationKits is not CONNECT

Certi cationKits Warranties a liated or endorsed
in any way by Cisco    
 Why  Trade-up Program Systems Inc. Cisco,
Certi cationKits? CCNA, CCENT, CCNP,
 Returns & CCSP, CCVP, CCIE are
 Cisco Resources Exchanges trademarks of Cisco
Systems Inc.
 Wall of Fame  Shipping Visit Cisco Systems Inc.
Information at: www.cisco.com.

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 7/8
30/09/2019 CCNA Voice: Configure Voice and Data VLANs – CertificationKits.com

 Blog
Home About Us Contact
 TermsUs Blog
& Conditions Shop 

 Privacy & Security

Copyright 2017 Certi cationKits.com | All Rights Reserved    

https://www.certificationkits.com/cisco-certification/ccna-voice-certification-topics-a-labs/ccna-voice-configuring-and-supporting-voip/ccna-voice-co… 8/8