-
Catalyst 6500 Series Software Configuration Guide, 7.6
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2
-
Configuring MLS
-
Configuring NDE
-
Configuring Access Control
-
Configuring GVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Administering the Switch
-
Configuring Switch Access Using AAA
-
Configuring Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring 802.1x Authentication
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN and RSPAN
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Acronyms
-
Table Of Contents
Hardware and Software Requirements
Understanding How a VoIP Network Works
Example 1: Single Cisco IP Phone 7960
Example 3: One Cisco IP Phone 7960 and One PC
Example 4: Two Cisco IP Phone 7960s and One PC
Configuring VoIP on the Switch
Configuring Per-Port Power Management
Using show Commands to Display Module Type and Version Information
Setting the Power Mode of a Port or Group of Ports
Setting the Default Power Allocation
Displaying the Power Status for Modules and Individual Ports
Displaying the Power Status for Modules and Individual Ports
Configuring Auxiliary VLANs on Catalyst LAN Switches
Auxiliary VLAN Configuration Guidelines
Verifying Auxiliary VLAN Configuration
Configuring the Access Gateways
Configuring a Port Voice Interface
Displaying a Port Voice Interface Configuration
Displaying the Port Configuration for Individual Ports
Displaying Active Call Information
Configuring QoS in the Cisco IP Phone 7960
Understanding How QoS Works in the Cisco IP Phone 7960
Configuring QoS in the Cisco IP Phone 7960
Configuring a Trusted Boundary to Ensure Port Security
QoS and Cisco IP Phone Configuration
QoS, Cisco IP Phone, and PC Configuration
Configuring a Trusted Boundary
Using Automatic Voice Configuration
Understanding Automatic Voice Configuration Macros
Automatic Voice Configuration—Cisco IP Phone
Automatic Voice Configuration—Cisco Softphone
Automatic Voice Configuration Guidelines and Restrictions
CLI Interface for Automatic Voice Configuration
Detailed Automatic Voice Configuration Statements
ciscoipphone Configuration Statement
ciscosoftphone Configuration Statement
How to Use Automatic Voice Configuration in Your Network
Configuring a VoIP Network
This chapter describes how to configure a Voice-over-IP (VoIP) network on the Catalyst 6500 series switches.
Note
While this chapter introduces a number of Cisco networking products related to VoIP, the primary focus of the chapter is to provide configuration information for integrating Catalyst 6500 series products into your VoIP network.
Note
This chapter consists of these sections:
•
•
•
•
Hardware and Software Requirements
The hardware and software requirements for the Catalyst 6500 series switches and Cisco CallManager are as follows:
•
•
Understanding How a VoIP Network Works
A telephony system built on an IP network instead of the traditional circuit-switched private branch exchange (PBX) network is called an IP PBX system. See Figure 47-1; the individual components of this system are described in these sections:
Figure 47-1 IP PBX System
Cisco IP Phone 7960
The Cisco IP Phone 7960 provides connectivity to the IP PBX system. The IP phone has two RJ-45 jacks for connecting to external devices, a LAN-to-phone jack and a PC-to-phone jack. The jacks use either Category 3 or Category 5 unshielded twisted-pair (UTP) cable. The LAN-to-phone jack is used to connect the phone to the LAN using a crossover cable; a workstation or a PC can be connected to the PC-to-phone jack using a straight-through cable.
The IP phone is Dynamic Host Configuration Protocol (DHCP) capable. Optionally, the IP phone can be programmed with a static IP address.
The IP phone can be powered by the following sources:
•
•
•
Examples 1 through 4 in Figure 47-2 show how to connect the Cisco IP Phone 7960 and PCs to the Catalyst 6500 series switch.
Figure 47-2 Connecting the Cisco IP Phone 7960 to the Catalyst 6500 Series Switch
Example 1: Single Cisco IP Phone 7960
Example 1 shows one IP phone that is connected to the 10/100 port on the Catalyst 6500 series switch. The PC-to-phone jack on the phone is not used. The phone can be powered through either the 10/100 port or wall powered.
Example 2: Single PC
Example 2 shows one PC that is connected to the 10/100 port on the Catalyst 6500 series switch. The PC is wall powered.
Example 3: One Cisco IP Phone 7960 and One PC
Example 3 shows one IP phone that is connected to the 10/100 port on the Catalyst 6500 series switch and one PC that is connected to the PC-to-phone jack on the phone. The PC behaves as if it is connected directly to the 10/100 port on the Catalyst 6500 series switch. The phone can be powered through the 10/100 port or wall powered. The PC must be wall powered.
Example 4: Two Cisco IP Phone 7960s and One PC
Example 4 shows two IP phones that are connected to the 10/100 port on the Catalyst 6500 series switch and one PC that is connected to the PC-to-phone jack on the phone. The PC behaves as if it is connected directly to the 10/100 port on the Catalyst 6500 series switch. The first phone can be powered through the 10/100 port or wall powered. The second phone and the PC must be wall powered.
Note
Cisco CallManager
Cisco CallManager is an open and industry-standard call processing system; its software runs on a Windows NT server and sets up and tears down calls between phones, integrating traditional PBX functionality with the corporate IP network. Cisco CallManager manages the components of the IP PBX system, the phones, access gateways, and the resources for such features as call conferencing and media mixing. Each Cisco CallManager manages the devices within its zone and exchanges information with the Cisco CallManager in charge of another zone to make calls possible across multiple zones. Cisco CallManager can work with existing PBX systems to route a call over the Public Switched Telephone Network (PSTN).
Note
Access Gateways
Access gateways allow the IP PBX system to talk to existing PSTN or PBX systems. Access gateways consist of analog station gateways, analog trunk gateways, digital trunk gateways, and a converged voice gateway.
These sections describe the gateways:
Analog Station Gateway
The Catalyst 6500 series 24-port Foreign Exchange Station (FXS) analog interface module allows plain old telephone service (POTS) phones and fax machines to connect to the IP PBX network. The analog station gateway behaves like the PSTN side for the POTS equipment. It requires an IP address, is registered with Cisco CallManager in its domain, and is managed by Cisco CallManager.
To configure the analog station interfaces, see the "Configuring VoIP on the Switch" section. The module features are listed in Table 47-1.
Table 47-1 24-Port FXS Analog Interface Module Features
G.711 and G.729 voice encoding
Silence suppression; voice activity detection
Comfort noise generation
Ringer, software programmable frequency and cadence, based on country
DTMF1 detection
Signaling, loop start
Line echo cancellation (32 ms)
Impedance (600 ohms)
Programmable analog gain, signaling timers
Fax passthrough
SPAN2 or port mirroring support
Address signaling formats: In-band DTMF
Signaling formats: Loop start
Ringing tone: Programmable
Ringing voltage: Programmable, based on country
Ringing frequency: Programmable, based on country
Distance: 500-ohms maximum loop
1 DTMF = dual tone multifrequency
2 SPAN = Switched Port Analyzer
Analog Trunk Gateway
Cisco access analog trunk gateways allow the IP PBX to connect to the PSTN or PBX. The gateway supports up to eight trunks to the PSTN and appears like a phone to the trunk lines coming from the PSTN. Using this gateway, the IP PBX places an IP call through the PSTN. Similar to the analog station gateway, the analog trunk gateway provides line echo cancellation and dual tone multifrequency (DTMF) tone generation and detection. The analog trunk gateway does not provide ring voltage as it is not connected to POTS end devices such as POTS phones or fax machines. The analog trunk gateway requires an IP address, is registered with Cisco CallManager in its domain, and is managed by Cisco CallManager.
To configure the analog trunk gateways, refer to the documentation that shipped with the gateway.
Digital Trunk Gateway
The Catalyst 6500 series 8-port T1/E1 PSTN interface module can support both digital T1/E1 connectivity to the PSTN or transcoding and conferencing. The module requires an IP address, is registered with Cisco CallManager in its domain, and is managed by Cisco CallManager.
The module software is downloaded from a TFTP server. Depending upon which software you download, the ports can serve as T1/E1 interfaces or the ports support transcoding and conferencing. Transcoding and conferencing functions are mutually exclusive. For every transcoding port in use, one less conferencing port is available and vice versa.
To configure the 8-port T1/E1 PSTN interfaces, see the "Configuring VoIP on the Switch" section. The module features are listed in Table 47-2.
Table 47-2 8-Port T1/E1 PSTN Interface Module Features
G.711 to G.723 and G.729a transcoding (maximum of 8 x 32 channels of transcoding)
Conference bridging, meet-me, and ad-hoc conference modes (maximum of 8 x 16 channels of conferencing)
Comfort noise generation
Fax pass-through
Silence suppression, voice activity detection
Line echo cancellation
Common channel signaling
For T1: 23 DS0 channels for voice traffic; 24th channel is used for signaling
For E1: 29 DS0 channels for voice traffic; 16th channel is reserved for signaling
Any channel can be configured for common channel signaling
ISDN Primary Rate Interface signaling: Each interface supports 23 channels for T1 and 30 channels for E1. The default mode is for the 24th T1 channel or 16th E1 channel to be reserved for signaling. Both network side and user side operation modes are supported.
T1 binary 8-zero substitution/alternate mark inversion (B8ZS/AMI) line coding, u-law or a-law coding
E1 HDB3 line coding
T1 line bit rate: 1.544 Mbps
E1 line bit rate: 2.048 Mbps
T1 line code: AMI, B8ZS
E1 line code: HDB3
Framing format: D4 superframe and extended superframe
FDL1 is a link management protocol that is used to help diagnose problems and gather statistics on T1 lines
1 FDL = Facilities Data Link
Converged Voice Gateway
The Cisco Voice Gateway 200 (VG200) allows you to connect standard POTS phones (connected directly to the gateway or anywhere on the PSTN) with Cisco IP or any H.323-compliant telephony devices. When used with Cisco CallManager, the VG200 functions as a Media Gateway Control Protocol (MGCP) gateway. The Cisco VG200 provides a 10/100BASE-T Ethernet port for connection to the data network. The following telephony connections are also available:
•
•
•
–
–
–
These ports can be used to integrate a VoIP network with POTS devices, PBXs, or the PSTN.
To configure the Cisco VG200, refer to the documentation that shipped with the gateway.
How a Call Is Made
An IP phone connects to a LAN either through a hub port or a switch port. The IP phone boots up and uses DHCP to get its IP address and the IP address of its TFTP file server. The IP phone uses its IP address to talk to the TFTP server and gets its configuration file. The configuration file includes the IP address of the phone's Cisco CallManager(s). The phone then talks with Cisco CallManager and registers itself. Each time a phone boots up, it might get a different IP address. Cisco CallManager knows how to associate a consistent user phone number to a particular phone by using the MAC address of the phone. Cisco CallManager always maintains a table mapping the "phone MAC address" and "phone number." Each time a phone registers, the table is updated with the new IP address. During registration, Cisco CallManager downloads the key pad template and the feature capability for the phone. It tells the phone which run-time image it should use. The phone then goes to the TFTP server to get its run-time image. Each phone has a dedicated TCP connection to Cisco CallManager called the "control channel." All control information, such as key pressing, goes from the phone to Cisco CallManager through this channel. Instructions to generate ring tone, busy tone, and so on comes from Cisco CallManager to the phone through this channel.
Cisco CallManager stores the IP-address-to-phone-number mapping (and vice versa) in its tables. When a user wants to call another user, the user keys in the called party's phone number.
Cisco CallManager translates the phone number to an IP address and generates an IP packet version of ring tone to the called IP phone through the TCP connection. When the called IP phone receives the packet, it generates a ring tone. When the user picks up the phone, Cisco CallManager instructs the called IP phone to start talking with the calling party and removes itself from the loop. From this point on, the call goes between the two IP phones through the Real-Time Transport Protocol (RTP) which runs over the User Datagram Protocol (UDP). Because voice packets are sensitive to delays, TCP is not suitable for voice transmission as timeouts and retries increase the delay between packets. When any change occurs during the call due to a feature being pressed on one of the phones, or one of the users hanging up or pressing the flash button, the information goes to Cisco CallManager through the control channel.If a call is made to a number outside of the IP PBX network, Cisco CallManager routes the call to an analog or digital trunk gateway which in turn routes it to the PSTN.
Understanding How VLANs Work
This section describes native VLANs and auxiliary VLANs. This section uses the following terminology:
•
•
•
•
Note
Figure 47-3 shows how you can connect a Cisco IP Phone 7960 to a Catalyst 6500 series switch.
Figure 47-3 Switch-to-Phone Connections
When the IP phone connects to a 10/100 port on the Catalyst 6500 series switch, the access port (PC-to-phone jack) of the IP phone can be used to connect a PC.
Packets to and from the PC and to and from the phone share the same physical link to the switch and the same port of the switch. Various configurations of connecting the phone and the PC are possible (see the "Cisco IP Phone 7960" section).
Introducing IP-based phones into existing switch-based networks raises the following issues:
•
•
You can resolve these issues by isolating the voice traffic onto a separate VLAN on each of the ports that are connected to a phone. The switch port that is configured for connecting a phone would have separate VLANs configured for carrying the following:
•
•
Isolating the phones on a separate, auxiliary VLAN increases the quality of the voice traffic and allows a large number of phones to be added to an existing network where there are not enough IP addresses. A new VLAN means a new subnet and a new set of IP addresses.
Configuring VoIP on the Switch
This section describes the command-line interface (CLI) commands and the procedures that are used to configure the Catalyst 6500 series switch for VoIP operation:
•
•
•
•
•
•
Note
Note
Voice-Related CLI Commands
Table 47-3 lists the CLI commands that are described in the configuration procedures.
Table 47-3 Voice-Related CLI Command Module and Platform Support
set port inlinepower
X4
set inlinepower defaultallocation
X
show port inlinepower
X
show environment power
X
X
X
set port auxiliaryvlan
X/X
show port auxiliaryvlan
X/X
set port voice interface
X
X
show port voice interface
X
X
show port voice
X
X
X
show port voice fdl
X
show port voice active
X
X
X
set port qos mod/port cos-ext
set port qos mod/port trust-ext
X/X
show port qos
X/X
1 Ethernet Module = Ethernet switching module with voice daughter card.
2 WS-X6608-T1 and WS-X6608-E1 = 8-port T1/E1 ISDN PRI modules.
3 WS-X6624-FXS = 24-port FXS analog station interface module.
4 X = Command supported on Catalyst 6500 series switch only; XX = Command supported on Catalyst 4000, 5000, and 6500 series switches (note that all modules listed in Table 47-3 are supported only on Catalyst 6500 series switches).
Configuring Per-Port Power Management
This section describes per-port power management and the CLI commands that are used to configure power management for IP phones.
Note
Note
For each IP phone that is connected to an Ethernet switching module with the voice daugher card installed, the supervisor engine software allocates part of the available system power to power up and run the phone. The power can be applied on an individual port basis.
Only one IP phone can be powered per port; the phone must be connected directly to the switch port. If a second phone is daisy chained off the phone that is connected to the switch port, the second phone cannot be powered by the switch.
This section describes the following:
•
•
•
•
•
Using show Commands to Display Module Type and Version Information
To determine if an Ethernet switching module has a voice daughter card installed, enter the show module command and look at the "Sub" field. For example, in the following display, the 10/100BASE-TX module in slot 8 does not have a voice daughter card, while the module in slot 9 does have a voice daughter card.
To display module status and information, perform this task in normal mode:
This example shows that there is a submodule field that provides information about submodules. The EARL daughter card is treated as a submodule while the Multilayer Switch Feature Card (MSFC) internal router is not treated as a submodule. The model number for the voice daughter card, as shown in the display, is WS-F6K-VPWR.
Console> (enable) show moduleMod Slot Ports Module-Type Model Sub Status--- ---- ----- ------------------------- ------------------- -----------1 1 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes ok15 1 1 Multilayer Switch Feature WS-F6K-MSFC no ok8 8 48 10/100BaseTX Ethernet WS-X6348-RJ-45 no ok9 9 48 10/100BaseTX Ethernet WS-X6348-RJ-45 yes okMod Module-Name Serial-Num--- ------------------- -----------1 SAD0343605515 SAD034325979 SAD03414268Mod MAC-Address(es) Hw Fw Sw--- -------------------------------------- ------ ------------------------1 00-30-80-f7-a5-06 to 00-30-80-f7-a5-07 1.0 5.2(1) 6.2(0.32-Eng)FTL00-30-80-f7-a5-04 to 00-30-80-f7-a5-0500-30-a3-4a-a0-00 to 00-30-a3-4a-a3-ff15 00-d0-bc-ee-d0-dc to 00-d0-bc-ee-d1-1b 1.2 12.0(3)XE1 12.0(3)XE18 00-d0-c0-c8-83-ac to 00-d0-c0-c8-83-db 1.1 4.2(0.24)V6.1(0.37)FTL9 00-50-3e-7c-43-00 to 00-50-3e-7c-43-2f 0.201 5.3(1)Mod Sub-Type Sub-Model Sub-Serial Sub-Hw--- ----------------------- ------------------- ----------- ------1 L3 Switching Engine WS-F6K-PFC SAD03451187 1.09 Inline Power Module WS-F6K-VPWR 1.0Console> (enable)To display the version of modules and submodules, perform this task in normal mode:
This example shows the version of modules and submodules:
Console> (enable) show version 2Mod Port Model Serial # Versions--- ---- ------------------- ----------- --------------------------------------2 2 WS-X6K-SUP2-2GE SAD04450LF1 Hw : 1.1Fw : 6.1(2)Fw1: 6.1(3)Sw : 6.3(0.62)PANSw1: 6.3(0.62)PANWS-F6K-PFC2 SAD04440HVU Hw : 1.0Console>Power Management Modes
Each port is configured through the CLI, SNMP, or a configuration file to be in one of the following modes (configured through the set port inlinepower CLI command):
•
•
Each port also has a status, defined as one of the following:
•
•
•
•
These sections provide information that is related to IP phone power requirements and management:
Unpowered Phone
When an unpowered phone is discovered on a switching module port, the switching module reports to the supervisor engine that an unpowered phone is present and on which module/port. If the port is configured in Auto mode, the supervisor engine determines if there is enough available system power to allow the switching module to power up and run the phone. If there is sufficient power, the supervisor engine removes the default allocated power that is required by a phone from the total available system power and sends a message to the switching module instructing it to provide power to the port. If there is not enough available power for the phone, the supervisor engine sends a message to the switching module indicating that power is denied to the port.
After power is applied to the port, the supervisor engine monitors the port to ensure that the link comes up. If the link does not come up within 4 seconds, the supervisor engine instructs the switching module to turn off power. The entire cycle is repeated, and the switching module performs discovery and reports to the supervisor engine if a device is present on the port.
Power Requirements
IP phones may have different power requirements. The supervisor engine initially allocates the configured default of 7 W (167 mA at 42 V) to the Cisco IP Phone. When the correct amount of power is determined from the CDP messaging with the Cisco IP Phone, the supervisor engine reduces or increases the allocated power.
For example, the default allocated power is 7 W. A Cisco IP Phone requiring 6.3 W is plugged into a port. The supervisor engine allocates 7 W for the Cisco IP Phone and powers it up. Once the Cisco IP Phone is operational, it sends a CDP message with the actual power requirement to the supervisor engine. The supervisor engine then decreases the allocated power to the required amount.
Wall-Powered Phones
When a wall-powered phone is present on a switching module port, the switching module cannot detect its presence. The supervisor engine discovers the phone through CDP messaging with the port. If the phone supports inline power (the supervisor engine determines this through CDP), and the mode is set to Auto or Off, the supervisor engine does not attempt to power on the port. If a power outage occurs, and the mode is set to Auto, the phone loses power, but the switching module discovers the phone and informs the supervisor engine, which then applies inline power to the phone.
Powering Off the Phone
The supervisor engine can turn off power to a specific port by sending a message to the switching module. That power is then added back to the available system power. This situation occurs only when you power off the phone through the CLI or SNMP.
Phone Removal
The switching module informs the supervisor engine if a powered phone is removed using a link-down message. The supervisor engine then adds the allocated power for that port back to the available system power.
In addition, the switching module informs the supervisor engine if an unpowered phone is removed.
Caution
High-Availability Support
To support high availability during a failover from the active supervisor engine to the standby supervisor engine, the per-port power management and phone status information is synchronized between the active and standby supervisor engines.
The information to be synchronized (on a per-port basis) is the presence of a phone, the phone power status (on, off, denied, or faulty), and the amount of power that is consumed by the phone. The active supervisor engine sends this information to the standby supervisor engine, and the standby supervisor engine updates its internal data structures. When a switchover occurs, the standby supervisor engine allocates power to the modules and ports from the available power, one module at a time. Once the power for each module has been allocated, the supervisor engine allocates power to the phones, beginning with the lowest slot number, until all inline powered ports have been either powered on, off, or denied.
Phone Detection Summary
Figure 47-4 shows how the system detects a phone that is connected to a Catalyst 6500 series switch port.
Figure 47-4 Power Detection Summary
Error Detection and Handling
This section describes how the Catalyst 6500 series switch handles fault detection and errors that are related to per-port power management.
These sections discuss fault detection and power-management error scenarios:
•
•
•
•
•
Device is Powered but Link is Not Up
The supervisor engine detects that the device is powered but the link is not up by setting a timeout when the switching module is directed to power up the device. If the timeout occurs and the supervisor engine has not received a "link up" for the port, this syslog message is displayed:
1999 Jul 14 10:05:58 %SYS-5-PORT_DEVICENOLINK: Device on Port 4/7 powered, no link up.The supervisor engine also directs the switching module to power off the port. The switching module then performs discovery again on the port.
Port is Unable to Provide Inline Power to the Device
The switching module detects if there is a problem providing inline power to the device and reports this problem to the supervisor engine. This syslog message is displayed:
1999 Jul 14 10:05:58 %SYS-5-PORT_INLINEPWRFLTY: Port 4/7 reporting inline power as faulty.Not Enough Available Power to Power the Device
The supervisor engine tracks the available power left in the system and does not power up any ports if no available power remains. This syslog message is displayed:
1999 Jul 14 10:05:58 %SYS-5-PORT_NOPOWERAVAIL: Device on Port 4/7 will remain unpowered.The supervisor engine informs the switching module that power to the port is denied.
Power Supply Configured from Nonredundant to Redundant
Depending upon the number and type of modules in the chassis, you might need to power off some modules to prevent overdrawing power from the power supply. The supervisor engine first powers off and reallocates the power that is supplied by the ports and then starts powering off and reallocating the power that is used by the module.
Power Supply Configured from Redundant to Nonredundant
Once a module that was powered down due to lack of power is powered up and comes online, the module begins discovery on the ports to determine the presence of unpowered connected devices (phones). The module reports discovered devices to the supervisor engine, which then directs the switching module to power up the device (if the port is configured to do so).
For modules that are already powered on but have devices connected that are power denied, the supervisor engine attempts to power on the devices starting with the lowest numbered slot to the highest numbered slot, and from the lowest port number to the highest port number, one module at a time.
Setting the Power Mode of a Port or Group of Ports
To set the power mode of a port or group of ports, perform this task in normal mode:
Set the power mode of a port or group of ports.
set port inlinepower mod/port {off | auto}
This example shows how to set the power mode of a port or group of ports:
Console> (enable) set port inlinepower 2/5 offInline power for port 2/5 set to off.Console> (enable) set port inlinepower 2/3-9 autoInline power for ports 2/3-9 set to auto.Console> (enable)Setting the Default Power Allocation
The set inlinepower defaultallocation command is global and only affects Cisco IP phones. The inline power threshold notification generates a syslog message when inline power usage exceeds the specified threshold. To set the default power allocation, perform this task in privileged mode (the default allocation value is 15400 milliwatts):
Caution
Note
This example shows how to set the default power allocation:
Console> (enable) set inlinepower defaultallocation 9500Default inline power allocation set to 9500 mWatt per applicable port.Console> (enable)Displaying the Power Status for Modules and Individual Ports
To display the power status for modules and individual ports, perform this task in normal mode:
Display the power status for modules and individual ports.
show port inlinepower [mod[/port]]
This example shows how to display the power status for modules and individual ports:
Console> show port inlinepower 3/2-6Default Inline Power allocation per port: 9.500 Watts (0.22 Amps @42V)Total inline power drawn by module 3: 0 WattPort InlinePowered PowerAllocatedAdmin Oper Detected mWatt mA @42V----- ----- ------ -------- ----- --------3/2 auto on yes 10.00 0.2503/3 auto on yes 9.8 0.1983/4 auto denied yes 0 03/5 off off no 0 03/6 off off yes 0 0Console> (enable)The Operational (Oper) status field descriptions in the display are as follows:
•
•
•
•
Displaying the Power Status for Modules and Individual Ports
To display the power status for modules and individual ports, perform this task in privileged mode:
Display the power status for modules and individual ports.
show environment power [mod]
This example shows how to display the power status for modules and individual ports:
Console> (enable) show environment power 5Feature not supported on module 5.Console> (enable) show environment power 9Module 9:Default Inline Power allocation per port: 9.500 Watts (0.22 Amps @42V)Total inline power drawn by module 9: 0 WattSlot power Requirement/Usage :Slot Card Type PowerRequested PowerAllocated CardStatusWatts A @42V Watts A @42V---- ------------------- ------- ------ ------- ------ ----------9 WS-X6348 123.06 2.93 123.06 2.93 okDefault Inline Power allocation per port: 9.500 Watts (0.22 Amps @42V)Port InlinePowered PowerAllocatedAdmin Oper Detected mWatt mA @42V----- ----- ------ -------- ----- --------9/1 auto off no 0 09/2 auto off no 0 09/3 auto off no 0 09/4 auto off no 0 09/5 auto off no 0 09/6 auto off no 0 09/7 auto off no 0 09/8 auto off no 0 0.(display text omitted).9/48 auto off no 0 0Console> (enable)Console> (enable) show environment powerPS1 Capacity: 1153.32 Watts (27.46 Amps @ 42V)PS2 Capacity: nonePS Configuration : PS1 and PS2 in Redundant Configuration.Total Power Available: 1153.32 Watts (27.46 Amps @ 42V)Total Power Available for Line Card Usage: 1153.32 Watts (27.46 Amps @ 42V)Total Power Drawn From the System: 289.80 Watts (6.90 Amps @ 42V)Remaining Power in the System: 863.52 Watts (20.56 Amps @42V)Default inline power allocation: 10.5 Watts/port (0.25 Amps @ 42V)Slot power Requirement/Usage :Slot Card-Type Power-Requested Power-Allocated Card-StatusWatts A @ 42V Watts A @ 42V---- ------------------- ------- ------- ------- ------- ------------1 0.00 0.00 126.42 3.01 none2 WS-X6K-SUP1-2GE 138.60 3.30 138.60 3.30 ok3 WS-X6348-RJ-45 114.24 2.72 151.20 3.60 ok5 WS-X6348-RJ-45 109.20 2.60 100.88 2.40 partial-deny6 Unknown 112.98 2.69 0 0 unknown7 WS-X6248-RJ-45 84.84 2.02 0 0 power-bad9 WS-X6416-GE-MT 105.00 2.50 0 0 power-denyConsole> (enable)A partial-deny status indicates that some module ports are inline powered but not all the ports on the module are inline powered.
Configuring Auxiliary VLANs on Catalyst LAN Switches
These sections describe how to configure auxiliary VLANs:
•
•
•
Understanding Auxiliary VLANs
You can configure switch ports to send CDP packets that instruct an attached Cisco IP Phone 7960 to transmit voice traffic to the switch in these frame types:
•
–
–
Note
•
•
Note
Auxiliary VLAN Configuration Guidelines
This section describes the guidelines for configuring auxiliary VLANs:
•
•
–
–
–
–
•
•
•
Configuring Auxiliary VLANs
To configure auxiliary VLANs, perform this task in privileged mode:
Configure auxiliary VLANs.
set port auxiliaryvlan mod[/ports] {vlan | untagged | dot1p | none}
This example shows how to add voice ports to auxiliary VLANs, specify an encapsulation type, or specify that the VLAN will not send or receive CDP messages with voice-related information:
Console> (enable) set port auxiliaryvlan 2/1-3 222Auxiliaryvlan 222 configuration successful.AuxiliaryVlan AuxVlanStatus Mod/Ports------------- ------------- -------------------------222 active 1/2,2/1-3Console> (enable) set port auxiliaryvlan 5/7 untaggedPort 5/7 allows the connected device send and receive untagged packets and without 802.1p priority.Console> (enable) set port auxiliaryvlan 5/9 dot1pPort 5/9 allows the connected device send and receive packets with 802.1p priority.Console> (enable) set port auxiliaryvlan 5/12 nonePort 5/12 will not allow sending CDP packets with Voice VLAN information.Console> (enable)The default setting is none. Table 47-4 lists the set port auxiliaryvlan command keywords and their descriptions.
Verifying Auxiliary VLAN Configuration
To verify auxiliary VLAN configuration status, perform this task in privileged mode:
Verify auxiliary VLAN configuration status.
show port auxiliaryvlan {vlan | untagged | dot1p | none}
This example shows how to verify auxiliary VLAN configuration status:
Console> show port auxiliaryvlan 123AuxiliaryVlan AuxVlanStatus Mod/Ports------------- ------------- -------------------------222 active 1/2,2/1-3Console>Configuring the Access Gateways
This section describes the commands that are used to configure the following Catalyst 6500 series access gateway modules:
•
•
Configuring a Port Voice Interface
If DHCP is enabled for a port, the port obtains all other configuration information from the TFTP server. When disabling DHCP on a port, you must specify some mandatory parameters as follows:
•
•
To configure a port voice interface for DHCP, TFTP, and DNS servers, perform this task in privileged mode:
These examples show how to configure the port voice interface for DHCP, TFTP, and DNS servers:
Console> (enable) set port voice interface 7/1 dhcp enablePort 7/1 DHCP enabled.Console> (enable) set port voice interface 7/3 dhcp disable 171.68.111.41/24 tftp 173.32.43.11 dns 172.20.34.204 cisco.comPort 7/3 dhcp disabled.System DNS configurations applied.Console> (enable) set port voice interface 7/4-6 dhcp enable vlan 3Vlan 3 configuration successfulPorts 7/4-6 DHCP enabled.Console> (enable)Displaying a Port Voice Interface Configuration
To display a port voice interface configuration, perform this task in privileged mode:
This example shows how to display the port voice interface configuration (this display is from the 24-port FXS analog interface module):
Console> show port voice interface 5Port DHCP MAC-Address IP-Address Subnet-Mask-------- ------- ----------------- --------------- ---------------5/1-24 disable 00-10-7b-00-13-ea 10.6.15.158 255.255.255.0Port Call-Manager(s) DHCP-Server TFTP-Server Gateway-------- ----------------- --------------- --------------- ---------------5/1-24 10.6.15.155 - 10.6.15.155 -Port DNS-Server(s) Domain-------- ----------------- -------------------------------------------------5/1-24 12.2.2.1* cisco.cisco.com7.7.7.7(*): PrimaryConsole> (enable)Displaying FDL Statistics
Note
To display FDL statistics for the specified ports, perform this task in privileged mode:
This example shows how to display FDL statistics for the specified ports:
Console> (enable) show port voice fdl 7/1-3Port ErrorEvents ErroredSecond SeverlyErroredSecondLast 15' Last 24h Last 15' Last 24h Last 15' Last 24h----- -------- -------- -------- -------- -------- -----------7/1 17 18 19 20 21 227/2 17 18 19 20 21 227/3 17 18 19 20 21 22Port FailedSignalState FailedSignalSecondLast 15' Last 24h Last 15' Last 24h----- -------- -------- -------- ---------7/1 37 38 39 407/2 37 38 39 407/3 37 38 39 40Port LES BES LCVLast 15' Last 24h Last 15' Last 24h Last 15' Last 24h----- -------- -------- -------- -------- -------- --------7/1 41 48 49 50 53 547/2 41 48 49 50 53 547/3 41 48 49 50 53 54Console> (enable)Table 47-5 describes the possible fields (depending on the port type queried) in the show port voice fdl command output.
Displaying the Port Configuration for Individual Ports
To display the port configuration for individual ports, perform this task in normal mode:
This section provides the show port command displays for the following gateway modules:
•
•
•
8-Port T1/E1 PSTN Interface Module
The Status field shows the Layer 2 status of the ports. The possible values are notconnect, connected, disabled, and faulty. The following display is for the T1 module. The E1 module display would be the same except the port speed for the E1 module would be 2.048.
Console> show port 7Port Name Status Vlan Duplex Speed Type----- ------------------ ---------- ---------- ------ ----- ------------7/1 connected 123 full 1.544 T17/2 connected 2 full 1.544 T17/3 disable 1 full 1.544 T17/4 connected 11 full 1.544 T17/5 connected 123 full 1.544 T17/6 connected 1 full 1.544 T17/7 faulty 2 full 1.544 T17/8 faulty 2 full 1.544 T1Port DHCP MAC-Address IP-Address Subnet-Mask-------- ------- ----------------- --------------- ---------------7/1 enable 00-10-7b-00-0a-58 172.20.34.68 255.255.255.07/2 enable 00-10-7b-00-0a-59 172.20.34.70 255.255.255.07/3 enable 00-10-7b-00-0a-5a 172.20.34.64 255.255.255.07/4 enable 00-10-7b-00-0a-5b 172.20.34.66 255.255.255.07/5 enable 00-10-7b-00-0a-5c 172.20.34.59 255.255.255.07/6 enable 00-10-7b-00-0a-5d 172.20.34.67 255.255.255.07/7 enable 00-10-7b-00-0a-5e (Port host processor not online)7/8 enable 00-10-7b-00-0a-5f (Port host processor not online)Port Call-Manager(s) DHCP-Server TFTP-Sever Gateway-------- ----------------- --------------- --------------- ---------------7/1 172.20.34.207* 172.20.34.207 172.20.34.207 -callm.cisco.com7/2 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207/3 172.20.34.207 172.20.34.207 172.20.34.207 -7/4 172.20.34.207 172.20.34.207 172.20.34.207 -7/5 172.20.34.207 172.20.34.207 172.20.34.207 -7/6 172.20.34.207 172.20.34.207 172.20.34.207 -7/7 (Port host processor not online)7/8 (Port host processor not online)Port DNS-Server(s) Domain-------- --------------- -------------------------------------------------7/1 172.20.34.207 cisco.com7/2 172.20.34.207* int.cisco.com171.69.45.34172.78.111.1327/3 172.20.34.207 -7/4 172.20.34.207 -7/5 172.20.34.207 -7/6 172.20.34.207 -7/7 (Port host processor not online)7/8 (Port host processor not online)Port CallManagerState DSP-Type-------- ---------------- --------7/1 registered C5497/2 registered C5497/3 registered C5497/4 registered C5497/5 registered C5497/6 notregistered C5497/7 (Port host processor not online)7/8 (Port host processor not online)Port NoiseRegen NonLinearProcessing----- ---------- -------------------7/1 disabled disabled7/2 disabled disabled7/3 disabled disabled7/4 disabled disabled7/5 enabled disabled7/6 disabled enabled7/7 (Port host processor not online)7/8 (Port host processor not online)(*): PrimaryConsole>8-Port T1/E1 PSTN Interface Module Configured for Trancoding/Conferencing
MTP (media termination point) and Conf Bridge (conference bridge) are types of ports. Transcoding applies to a call on an MTP port.
This example shows a transcoding port as MTP and a conference port as Conf Bridge:
Console> (enable) show port 7Port Name Status Vlan Duplex Speed Type----- ------------------ ---------- ---------- ------ ----- ------------7/1 notconnect 1 full 1.544 T17/2 notconnect 1 full 1.544 T17/3 connected 1 full 1.544 T17/4 connected 1 full 1.544 T17/5 connected 1 full 1.544 T17/6 connected 1 full 1.544 T17/7 enabled 1 full - Conf Bridge7/8 enabled 1 full - MTPPort DHCP MAC-Address IP-Address Subnet-Mask-------- ------- ----------------- --------------- ---------------7/1 enable 00-10-7b-00-12-08 10.6.15.165 255.255.255.07/2 enable 00-10-7b-00-12-09 10.6.15.166 255.255.255.07/3 enable 00-10-7b-00-12-0a 10.6.15.167 255.255.255.07/4 enable 00-10-7b-00-12-0b 10.6.15.168 255.255.255.07/5 enable 00-10-7b-00-12-0c 10.6.15.169 255.255.255.07/6 enable 00-10-7b-00-12-0d 10.6.15.170 255.255.255.07/7 enable 00-10-7b-00-12-0e 10.6.15.171 255.255.255.07/8 enable 00-10-7b-00-12-0f 10.6.15.172 255.255.255.0Port Call-Manager(s) DHCP-Server TFTP-Server Gateway-------- ----------------- --------------- --------------- ---------------7/1 10.6.15.155 10.6.15.155 10.6.15.155 -7/2 10.6.15.155 10.6.15.155 10.6.15.155 -7/3 10.6.15.155 10.6.15.155 10.6.15.155 -7/4 10.6.15.155 10.6.15.155 10.6.15.155 -7/5 10.6.15.155 10.6.15.155 10.6.15.155 -7/6 10.6.15.155 10.6.15.155 10.6.15.155 -7/7 10.6.15.155 10.6.15.155 10.6.15.155 -7/8 10.6.15.155 10.6.15.155 10.6.15.155 -Port DNS-Server(s) Domain-------- ----------------- -------------------------------------------------7/1 - -7/2 - -7/3 - -7/4 - -7/5 - -7/6 - -7/7 - -7/8 - -Port CallManagerState DSP-Type-------- ---------------- --------7/1 registered C5497/2 registered C5497/3 registered C5497/4 registered C5497/5 registered C5497/6 registered C5497/7 registered C5497/8 registered C549Port NoiseRegen NonLinearProcessing----- ---------- -------------------7/1 enabled enabled7/2 enabled enabled7/3 enabled enabled7/4 enabled enabled7/5 enabled enabled7/6 enabled enabled7/7 disabled disabled7/8 disabled disabledConsole> (enable)24-Port FXS Analog Interface Module
This example shows that all ports should have a Type of FXS, and all ports in the same module should belong to one VLAN:
Console> (enable) show port 3Port Name Status Vlan Duplex Speed Type----- ------------------ ---------- ---------- ------ ----- ------------3/1 onhook 1 full 64k FXS3/2 onhook 1 full 64k FXS3/3 onhook 1 full 64k FXS3/4 onhook 1 full 64k FXS3/5 onhook 1 full 64k FXS3/6 onhook 1 full 64k FXS3/7 onhook 1 full 64k FXS3/8 offhook 1 full 64k FXS3/9 offhook 1 full 64k FXS3/10 onhook 1 full 64k FXS3/11 onhook 1 full 64k FXS3/12 onhook 1 full 64k FXS3/13 onhook 1 full 64k FXS3/14 onhook 1 full 64k FXS3/15 onhook 1 full 64k FXS3/16 onhook 1 full 64k FXS3/17 onhook 1 full 64k FXS3/18 onhook 1 full 64k FXS3/19 onhook 1 full 64k FXS3/20 onhook 1 full 64k FXS3/21 onhook 1 full 64k FXS3/22 onhook 1 full 64k FXS3/23 onhook 1 full 64k FXS3/24 onhook 1 full 64k FXSPort DHCP MAC-Address IP-Address Subnet-Mask-------- ------- ----------------- --------------- ---------------3/1-24 enable 00-10-7b-00-13-e4 172.20.34.50 255.255.255.0Port Call-Manager(s) DHCP-Server TFTP-Sever Gateway-------- ----------------- --------------- --------------- ---------------3/1-24 172.20.34.207 172.20.34.207 172.20.34.207 -Port DNS-Server(s) Domain-------- ----------------- -------------------------------------------------3/1-24 172.20.34.207* cisco.com172.34.23.111Port CallManagerState DSP-Type-------- ---------------- --------3/1-24 registered C549Port ToneLocal Impedance InputGain(dB) OutputAtten(dB)-------- ------------- --------- ------------- ---------------3/1-24 northamerica 0 0 0Port RingFreq Timing Timing Timing Timing(Hz) Digit(ms) InterDigit(ms) Pulse(ms) PulseDigit(ms)-------- -------- --------- -------------- --------- --------------3/1-24 20 100 100 0 0(*): PrimaryConsole> (enable)Displaying Active Call Information
Enter the show port voice active command to display active call information on a port. There are up to 8 calls per port for the 8-port T1/E1 PSTN interface module but only one call per port for the 24-port FXS analog station interface module.
To display active call information, perform this task in normal mode:
Display active call information.
show port voice active [mod/port]
[all | call | conference | transcode] [ipaddr]
Entering the show port voice active command without any parameters shows all the calls in the system (regular calls, conference calls, and transcoding calls). Display field descriptions are as follows:
•
When you configure 8-port T1/E1 PSTN interfaces for transcoding and/or conferencing, the Type field displays "conferencing" for conferencing calls and "transcoding" for transcoding calls.
•
This example shows all active calls in the system:
Console> show port voice activePort Type Total Conference-ID/ Party-ID IP-AddressTranscoding-ID----- ------------ ----- -------------- -------- ---------------3/1 call 1 - - 199.22.25.2543/2 call 1 - - 172.225.25.544/5 call 3 - - 165.34.234.111172.32.34.12198.96.23.1113/8 conferencing 2 1 1 255.255.255.2412 173.23.13.423 198.97.123.985 182.34.54.262 1 199.22.25.253 182.34.54.26 121.43.23.433/2 call 1 - - 172.225.25.543/8 transcoding 1 1 1 255.255.255.2412 183.32.43.3This example shows how to display detailed call information for a port (specifying the module only, this example shows detailed call information for all ports on the module):
Console> show port voice active 3/2Port 3/2:Channel #1:Remote IP address : 165.34.234.111Remote UDP port : 124Call state : RingingCodec Type : G.711Coder Type Rate : 35243Tx duration : 438543 secVoice Tx duration : 34534 secACOM Level Current : 123213ERL Level : 123 dBFax Transmit Duration : 332433Hi Water Playout Delay : 23004 msLogical If index : 4Low water playout delay : 234 msReceive delay : 23423 msReceive bytes : 2342342332423Receive packets : 23423423402384Transmit bytes : 23472377Transmit packets : 94540Channel #2:Remote IP address : 165.34.234.112Remote UDP port : 125Call state : RingingCodec Type : G.711Coder Type Rate : 35243Tx duration : 438543 secVoice Tx duration : 34534 secACOM Level Current : 123213ERL Level : 123 dBFax Transmit Duration : 332433Hi Water Playout Delay : 23004 msLogical If index : 4Low water playout delay : 234 msReceive delay : 23423 msReceive bytes : 2342342332423Receive packets : 23423423402384Transmit bytes : 23472377Transmit packets : 94540Channel #3:.(display text omitted).Console>This example shows how to display a specific call at a specified IP address:
Console> show port voice active 3/2 171.69.67.91Remote IP address : 171.69.67.91Remote UDP port : 125Call state : RingingCodec Type : G.711Coder Type Rate : 35243Tx duration : 438543 secVoice Tx duration : 34534 secACOM Level Current : 123213ERL Level : 123 dBFax Transmit Duration : 332433Hi Water Playout Delay : 23004 msLogical If index : 4Low water playout delay : 234 msReceive delay : 23423 msReceive bytes : 2342342332423Receive packets : 23423423402384Transmit bytes : 23472377Transmit packets : 94540Console>Configuring QoS in the Cisco IP Phone 7960
These sections describe QoS in the Cisco IP Phone 7960:
•
•
Note
Note
Understanding How QoS Works in the Cisco IP Phone 7960
Note
You can configure the Cisco IP Phone 7960 access port (see Figure 47-5) to either trusted or untrusted mode.
In untrusted mode, all the traffic in 802.1Q or 802.1p frames that are received through the access port is marked with a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default when the phone is connected to a Cisco LAN switch.
In trusted mode, all traffic that is received through the access port passes through the phone switch unchanged. Trusted mode is the default when the phone is not connected to a Cisco LAN switch.
Traffic in frame types other than 802.1Q or 802.1p passes through the phone switch unchanged, regardless of the access port trust state.
Figure 47-5 Configuring QoS on the IP Phone Ports
Configuring QoS in the Cisco IP Phone 7960
These sections describe how to configure QoS in the Cisco IP Phone 7960:
•
•
•
Setting the Phone Access Port Trust Mode
To set the phone access port trust mode, perform this task in privileged mode:
Set the phone access port trust mode.
set port qos mod/ports...trust-ext {trusted |
untrusted}
This example shows how to set the phone access port to the trusted mode:
Console> (enable) set port qos 3/7 trust-ext trustedPort in the phone device connected to port 3/7 is configured to be trusted.Console> (enable)This example shows how to set the phone access port to the untrusted mode:
Console> (enable) set port qos 3/7 trust-ext untrustedPort in the phone device connected to port 3/7 is configured to be untrusted.Console> (enable)Setting the Phone Access Port CoS Value
To set the phone access port CoS value, perform this task in privileged mode:
This example shows how to set the Layer 2 CoS value that is used by a phone access port in untrusted mode:
Console> (enable) set port qos 2/1 cos-ext 3Port 2/1 qos cos-ext set to 3.Console> (enable)Verifying the Phone Access Port QoS Configuration
To verify the phone access port QoS configuration, perform this task in normal mode:
This example shows how to verify the phone access port QoS configuration:
Console> (enable) show port qos 3/4<...Output Truncated...>Port Ext-Trust Ext-Cos----- --------- -------3/4 untrusted 0<...Output Truncated...>Configuring a Trusted Boundary to Ensure Port Security
•
•
•
Supported Cisco IP Phones
These Cisco IP phones are supported with the trusted boundary feature:
•
•
•
•
QoS and Cisco IP Phone Configuration
Cisco IP Phones are directly attached to the Catalyst 6500 series switch ports. Traffic coming from the phone entering the switch is typically marked with a tag using the 802.1Q header. The header contains the VLAN information as well as the class of service (CoS) 3-bit field. The CoS determines the priority of the packet. For most Cisco IP Phone configurations, the traffic coming from the phone and entering the switch is trusted to ensure that the voice traffic is properly prioritized over other types of traffic in the network. The port on the switch where the phone is attached is configured to trust-cos, which means that the port trusts the CoS labeling of all packets arriving on that port.
QoS, Cisco IP Phone, and PC Configuration
A PC or workstation can be attached to the Cisco IP Phone. The phone has a built-in hub that mixes the traffic coming from the PC, the phone, and the switch port. To distinguish traffic coming from the PC from traffic coming from the phone, use the 3-bit CoS labels.
You need to configure QoS features on the phone for proper labeling to occur. QoS configuration information is sent to the phone using the Cisco Discovery Protocol (CDP) from the switch. The QoS configuration determines the trust state of the phone and the classification information (Ext-Cos). The phone supports two trust states:
•
•
If the phone is in trusted mode, all the labels that are produced by the PC are sent directly through the phone toward the switch, untouched. If the phone is in untrusted mode, all traffic coming from the PC is marked with the Ext-Cos value before it is sent to the switch.
For most setups, the PC or workstation that is attached to the phone is unable to tag its packets. In these cases, all the traffic that comes from the PC and enters the switch through the phone, is marked with the "default ext-cos" configured on the phone.
In some cases, the PC can tag its own packets. A PC running Windows 2000 can be configured to send dot1q frames of any priority. To solve this problem, the phones should be configured to be untrusted, which marks all the traffic coming from the PC to the appropriate priority.
The trusted boundary feature prevents users from taking advantage of the trust-cos setting on the switch by disconnecting their phone from the network and plugging their PC directly into the switch port. It uses CDP to detect the phone's presence on a port. If the phone leaves the port, the feature automatically configures the port to be untrusted, which solves the security issue.
The trusted boundary feature is implemented using a configuration command to create a new type of trust. The command allows you to configure port trust based on the presence of a given device on a port. For Cisco IP Phones, you configure the trust as "trust-device ciscoipphone."
Configuration Guidelines
This section describes the guidelines for configuring the trusted boundary feature:
•
COPS directly affects how QoS parameters are applied. A port may have either a local policy or a COPS policy. This setting specifies whether the port should get its QoS configuration information from the local configuration or through a COPS server. If COPS is enabled on a port and is also globally enabled, the policy that is specified by the COPS server applies. If COPS is disabled and/or the run-time policy is local, the local configuration QoS policy applies. The extended trust boundary feature overrides the "local" policy on a port.
•
All QoS port trust configuration settings are supported (trust-cos, trust-ipprec, trust-dscp) but you should use trust-cos for the Cisco IP Phone networks.
•
New QoS syslogs were added for the trusted boundary feature to notify you of changes to a port's trust state and to warn of improper configuration. To see these syslogs, set the QoS logging level to 5 (set logging level qos 5). The default is 3. Refer to the Catalyst 6500 Series, Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches System Message Guide publication for descriptions of the syslogs.
•
The final run-time port trust on any port is dependent on the following:
–
–
–
–
To enable the trusted boundary feature, you must enable QoS and you must enable CDP globally and on the port, running in version 2 mode. You must set COPS to local policy (the COPS default) or to disabled (the COPS default). When ciscoipphone is configured as the trust-device on the port, the feature is enabled and detects the presence of a Cisco IP Phone and sets the trust values.
See Figure 47-6 to determine the final trust value on a port.
Figure 47-6 Determining the Final Trust Value of a Port
Configuring a Trusted Boundary
These sections describe how to configure the trusted boundary feature:
•
•
Default Configuration
The default setting for all ports is trust-device none.
Specifying a Cisco IP Phone as the Trust Device
To specify a Cisco IP Phone as the trust device, perform this task in privileged mode:
Specify a Cisco IP Phone as the trust device.
set port qos mod/ports...trust-device [ciscoipphone | none]
This example shows how to trust only Cisco IP phones on port 4/1:
Console> (enable) set port qos 4/1 trust-device ciscoipphonePort 4/1 set to only trust device of type ciscoIPPhone.Console> (enable)This example shows how to disable the device trust on port 4/1:
Console> (enable) set port qos 4/1 trust-device nonePort 4/1 trust device feature disabled.Console> (enable)Verifying a Port's Trust-Device State
To verify a port's trust-device state, perform this task in normal mode:
When the trusted boundary feature is active, the run-time trust state of the port changes depending on the presence of the phone.
Note
This example shows how to verify the trust-device state and trust state on port 4/1:
Console> (enable) show port qos 4/1<truncated ...>Port TxPort Type RxPort Type Trust Type Trust Type Def CoS Def CoSconfig runtime config runtime----- ------------ ------------ ------------ ------------- ------- -------4/1 1p3q1t 1p1q0t trust-cos trust-cos* 0 0Port Ext-Trust Ext-Cos Trust-Device----- --------- ------- ------------4/1 untrusted 0 ciscoIPPhone(*)Runtime trust type set to untrusted.Config:Port ACL name Type----- -------------------------------- ----No ACL is mapped to port 4/1.Runtime:Port ACL name Type----- -------------------------------- ----No ACL is mapped to port 4/1.Console> (enable)Using Automatic Voice Configuration
Automatic voice configuration consists of two macros that simplify voice configuration on the Catalyst 6500 series switches. The automatic voice configuration macros cover all the voice configuration tasks required for implementing the recommended Architecture for Voice, Video, and Integrated Data (AVVID) settings for a voice port.
Automatic voice configuration focuses on the voice networks that are built using the Cisco IP Phone 79xx series and the Cisco SoftPhone. With automatic voice configuration, you use the ciscoipphone or ciscosoftphone keywords to initiate macros that specify the type of voice parameters that you desire on a particular port.
Automatic voice configuration is described in these sections:
•
•
•
•
•
•
•
Understanding Automatic Voice Configuration Macros
When you execute the automatic voice configuration macros on a port using the ciscoipphone or ciscosoftphone keywords, the following features are implemented:
•
•
•
•
•
•
When you execute the ciscoipphone keyword on a port, in addition to the previous features, the following features are also implemented:
•
•
•
•
•
When you execute the ciscosoftphone keyword on a port, in addition to the previous features, the following features are also implemented:
•
•
Automatic Voice Configuration—Cisco IP Phone
In most configurations, the Cisco IP Phone 79xx is connected directly to the Catalyst switch port. Optionally, you can attach a PC to the phone and use the phone as a hop to the switch.
Typically, the traffic that comes from the phone and enters the switch is marked with a tag using the 802.1Q/p header. The header contains the VLAN information and the CoS 3-bit field. The CoS determines the priority of the packet. The switch uses the CoS field to distinguish the PC traffic from the phone traffic. The switch can also use the DSCP field for the same purpose.
In most Cisco IP Phone 79xx configurations, the traffic that comes from the phone and enters the switch is trusted. You set the port trust to trust-cos to properly prioritize the voice traffic over other types of traffic in the network.
The Cisco IP Phone 79xx has a built-in switch that mixes the traffic that comes from the PC, the phone, and the switch port. The Cisco IP Phone 79xx has trust and classification capabilities that you need to configure.
Ports that connect the IP phones need to have several features enabled or disabled. Automatic voice configuration ensures that the necessary features are enabled. Most of these features are implemented when you execute the set port host command (such as disabling channels, enabling PortFast, and so on). A VLAN and an auxiliary VLAN must be configured on the port for QoS to work. Inline power needs to be enabled (if available) and CDP must be enabled for the trusted boundary feature to work. QoS configuration is handled by the automatic QoS feature (see Chapter 44, "Using Automatic QoS").
Automatic Voice Configuration—Cisco Softphone
The Cisco SoftPhone is a software product that runs on a standard PC and emulates an IP phone. The main difference between the Cisco SoftPhone and the Cisco IP Phone 79xx is that the Cisco SoftPhone marks its voice traffic through a DSCP, while the Cisco IP Phone 79xx marks its traffic through a CoS. The QoS settings on the switch accommodate this behavior by trusting the Layer 3 marking of the traffic entering the port. All other behavior is similar to the Cisco IP Phone 79xx. Features such as CDP do not need to be enabled because the trusted boundary feature does not support Cisco SoftPhone.
Automatic Voice Configuration Guidelines and Restrictions
These sections provide the configuration guidelines and restrictions for automatic voice configuration:
Supported Phones
When you use automatic voice configuration with the ciscoipphone keyword, some of the QoS configuration requires phone-specific configuration (trust-ext, ext-cos) which is supported only on the following phones: Cisco IP Phone 7910, Cisco IP Phone 7940, Cisco IP Phone 7960, and Cisco IP Phone 7935. However, the ciscoipphone keyword is not exclusive to these models only; any phone can benefit from all the other QoS settings that are configured on the switch.
Cisco SoftPhone is supported through the ciscoipsoftphone keyword.
CDP Dependencies
To configure the QoS settings and the trusted boundary feature on the Cisco IP Phone, you must enable Cisco Discovery Protocol (CDP) version 2 or later on the port.
You need to enable CDP only for the ciscoipphone QoS configuration; CDP does not affect the other components of the automatic voice configuration feature.
EtherChannel Considerations
The automatic voice configuration commands do not support channeling.
PFC/PFC2 Support
No PFC or PFC2 is required for the ciscoipphone keyword. A PFC or PFC2 is required for the ciscosoftphone keyword.
Module Support
The ciscoipphone keyword is only supported on 10/100- and 10/100/1000-Ethernet ports.
The ciscosoftphone keyword is supported on all Ethernet ports.
CLI Interface for Automatic Voice Configuration
These sections describe the CLI interface for automatic voice configuration:
•
Command Description
You must specify either the ciscoipphone or ciscosoftphone keywords and a data VLAN. Specifying an auxiliary VLAN is optional for the ciscoipphone keyword. RSPAN and private VLANs are not supported. The command syntax for automatic voice configuration is as follows:
Console> (enable) set port macroUsage: set port macro <mod/ports..> ciscoipphone vlan <vlan> [auxvlan <auxvlan>]set port macro <mod/ports..> ciscosoftphone vlan <vlan>Console> (enable)ciscoipphone Command Output
When you execute the ciscoipphone keyword, the following displays (specifying the auxiliary VLAN is optional):
Console> (enable) set port macro 3/1 ciscoipphone vlan 2 auxvlan 3Port 3/1 enabled.Layer 2 protocol tunneling disabled for CDP STP VTP on port(s) 3/1.Port 3/1 vlan assignment set to static.Spantree port fast start option set to default for ports 3/1.Port(s) 3/1 channel mode set to off.Warning: Connecting Layer 2 devices to a fast start port can causetemporary spanning tree loops. Use with caution.Spantree port 3/1 fast start enabled.Dot1q tunnel feature disabled on port(s) 3/1.Port(s) 3/1 trunk mode set to off.VLAN Mod/Ports---- -----------------------2 2/13/116/1AuxiliaryVlan Status Mod/Ports------------- --------------------------------------------------------------3 inactive 3/1Vlan 3 is not active.Inline power for port 3/1 set to auto.CDP enabled globallyCDP enabled on port 3/1.CDP version set to v2........All ingress and egress QoS scheduling parameters configured on all ports.CoS to DSCP, DSCP to COS, IP Precedence to DSCP and policed dscp mapsconfigured. Global QoS configured.Port 3/1 ingress QoS configured for Cisco IP Phone.Macro completed on port 3/1.Console> (enable)If you do not specify an auxiliary VLAN, the following warning message displays:
Console> (enable) set port macro 3/1 ciscoipphone vlan 2Warning: All inbound QoS tagging information will be lost as no auxiliary vlan was specified.Do you want to continue (y/n) [n]?ciscosoftphone Command Output
When you execute the ciscosoftphone keyword, the following displays:
Console> (enable) set port macro 3/1 ciscosoftphone vlan 32Port 3/1 enabled.Layer 2 protocol tunneling disabled for CDP STP VTP on port(s) 3/1.Port 3/1 vlan assignment set to static.Spantree port fast start option set to default for ports 3/1.Port(s) 3/1 channel mode set to off.Warning: Connecting Layer 2 devices to a fast start port can causetemporary spanning tree loops. Use with caution.Spantree port 3/1 fast start enabled.Dot1q tunnel feature disabled on port(s) 3/1.Port(s) 3/1 trunk mode set to off.Vlan 32 configuration successfulVLAN 32 modified.VLAN 2 modified.VLAN Mod/Ports---- -----------------------32 3/116/1Port 3/1 will not send out CDP packets with AuxiliaryVlan information.Executing autoqos........All ingress and egress QoS scheduling parameters configured on all ports.CoS to DSCP, DSCP to COS, IP Precedence to DSCP and policed dscp mapsconfigured. Global QoS configured.Port 3/1 ingress QoS configured for Cisco Softphone.Macro completed on port 3/1.Console>> (enable)Detailed Automatic Voice Configuration Statements
These sections provide detailed automatic voice configuration statements:
•
•
ciscoipphone Configuration Statement
The ciscoipphone automatic voice configuration command results in the following configuration:
set port macro mod/port ciscoipphone vlan vlan [auxvlan auxvlan]----------------------------------------------------------set port enable mod/portset port l2protocol-tunnel mod/port cdp stp vtp disableset port membership mod/port staticset port host mod/portset vlan mod/port vlanset port auxiliaryvlan mod/port auxvlan (set to none if not specified)set port inlinepower mod/port auto (if supported by module)set cdp enableset cdp enable mod/portset cdp version v2set qos autoqosset port qos mod/port autoqos voip ciscoipphoneciscosoftphone Configuration Statement
The ciscosoftphone automatic voice configuration command results in the following configuration:
set port macro mod/port ciscosoftphone vlan vlan----------------------------------------------------------set port enable mod/portset port l2protocol-tunnel mod/port cdp stp vtp disableset port membership mod/port staticset port host mod/portset vlan mod/port vlanset port auxiliaryvlan mod/port noneset qos autoqosset port qos mod/port autoqos voip ciscosoftphoneHow to Use Automatic Voice Configuration in Your Network
Depending on the interface and what is connected to it, you will need to execute different automatic voice macros. For each port, execute the port-based macro command with the appropriate keyword as shown in Table 47-6:
Table 47-6 Using Automatic Voice Configuration Keywords
ciscoipphone
Ports that connect only a Cisco IP Phone 79xx.
ciscoipphone
Ports that connect a Cisco IP Phone 79xx with a PC connected to the 79xx.
ciscoipphone
Ports that connect a Cisco IP Phone 79xx with a PC connected to the 79xx running Cisco SoftPhone1 .
ciscosoftphone
Ports that connect a PC running Cisco SoftPhone without a Cisco IP Phone 79xx.
1 For cases where ports connect a Cisco IP Phone 79xx with a PC running Cisco SoftPhone, the control traffic through CTI communication with the Cisco CallManager is tagged but is remarked to DSCP 0.
