Table of Contents

Configuring Ethernet Switching
Configuring the Catalyst 4224 for Cisco IP Telephony
Configuring Ethernet Ports to Support IP Phones and a Daisy-Chained Workstation
Configuring Ethernet Ports to Support IP Phones with Multiple Ports
Managing the Catalyst 4224 Access Gateway Switch

Configuring Ethernet Switching

---

This section describes the Ethernet switching capabilities of the Catalyst 4224. These capabilities are designed to work as part of the Cisco IP Telephony solution.

This section also outlines how to configure Ethernet ports on the Catalyst 4224 to support IP phones in a branch office on your network.

This section contains the following topics:

Configuring the Catalyst 4224 for Cisco IP Telephony

The Catalyst 4224 has 24 10/100 switched Ethernet ports with integrated inline power and Quality of Service (QoS) features. These features allow you to extend Voice-over-IP (VoIP) networks to small branch offices.

As an access gateway switch, the Catalyst 4224 can be deployed as a component of a centralized call processing network using a centrally deployed Cisco CallManager. Instead of deploying and managing key systems or PBXs in small branch offices, applications are centrally located at the corporate headquarters or data center and are accessed via the IP WAN.

Default Switch Configuration

By default, the Catalyst 4224 provides the following settings with respect to Cisco IP Telephony:

Connecting IP Phones to Your Campus Network

There are three ways to connect an IP phone to a campus network. You can use a single cable, multiple cables, or the Cisco IP SoftPhone application running on a PC. (See Figure 3-1.)

Figure 3-1   Ways to Connect IP Phones to the Network

For more information about Option 1, see the "Configuring Ethernet Ports to Support IP Phones and a Daisy-Chained Workstation" section .

For more information about Option 2, see the "Configuring Ethernet Ports to Support IP Phones with Multiple Ports" section.

For more information about Option 3, which entails the Cisco IP SoftPhone application, see the Cisco IP SoftPhone documentation library. The Cisco IP SoftPhone application was developed to provide clients with a phone that runs on software. This application can be installed on any PC that connects to an IP telephony network.

Configuring Ethernet Ports to Support IP Phones and a Daisy-Chained Workstation

Figure 3-2 shows the topology of a centralized Cisco CallManager deployment model used to enable converged networks.

Figure 3-2   Catalyst 4224 with IP Phone and Workstation

The configurations described in this section use the model shown in Figure 3-2. In this model, voice traffic is given a higher priority (CoS=5) than data traffic (CoS=0). Hence, voice traffic is placed in a high-priority queue that gets serviced first, and data traffic is placed in a low-priority queue that gets serviced later.

This section describes the following configuration schemes:

For details on the commands used in the following configuration examples, refer to "Command Reference for Voice VLAN."

---

Note   In the following configurations, the powerinline command is set to auto by default.

---

Configuring Separate Voice and Data Subnets

For ease of network administration and increased scalability, network managers can configure the Catalyst 4224 to support Cisco IP phones such that the voice and data traffic reside on separate subnets. You should always use separate VLANs when you are able to segment the existing IP address space of your branch office.

User priority bits in the 802.1p portion of the 802.1Q standard header are used to provide prioritization in Ethernet switches. This is a vital component in designing Cisco IP Telephony networks.

The Catalyst 4224 provides the performance and intelligent services of Cisco IOS software for branch office applications. The Catalyst 4224 can identify user applications—such as voice or multicast video—and classify traffic with the appropriate priority levels. QoS policies are enforced using Layer 2 and 3 information such as 802.1p, IP precedence, and DSCP.

---

Note   Refer to the Cisco AVVID QoS Design Guide for more information on how to implement end-to-end QoS as you deploy Cisco IP Telephony solutions.

---

The following exit procedure shows how to automatically configure Cisco IP phones to send voice traffic on the voice VLAN ID (VVID). (See the "Voice Traffic and VVID" section.)

Voice Traffic and VVID

The Catalyst 4224 can automatically configure voice VLAN. With the automatically configured voice VLAN feature, network administrators can segment phones into separate logical networks even though the data and voice infrastructure is physically the same. The voice VLAN feature places the phones into their own VLANs without the need for end-user intervention. A user can plug the phone into the switch, and the switch provides the phone with the necessary VLAN information.

Sample Configuration 1

The following example shows how to configure separate subnets for voice and data on the Catalyst 4224:

This configuration instructs the IP phone to generate a packet with an 802.1Q VLAN ID of 150 with an 802.1p value of 5 (default for voice bearer traffic).

---

Note   The portfast command is only supported on nontrunk ports.

---

---

Note   In a centralized Cisco CallManager deployment model, the DHCP server might be located across the WAN link. If so, an ip helper-address command pointing to the DHCP server should be included on the voice VLAN interface for the IP phone. This is done to obtain its IP address as well as the address of the TFTP server required for its configuration. Be aware that Cisco IOS supports a DHCP server function. If this function is used, the Catalyst 4224 serves as a local DHCP server and a helper address would not be required.

---

Sample Configuration 2

Configuring inter-VLAN routing is identical to the configuration on a Catalyst 6000 with an MSFC. Configuring an interface for WAN routing is consistent with other Cisco IOS platforms.

The following example provides a sample configuration:

---

Note   Standard IGP routing protocols such as RIP, Interior Gateway Routing Protocol (IGRP), Enhanced Interior Gateway Routing Protocol (EIGRP), and open shortest path first (OSPF) are supported on the Catalyst 4224. Multicast routing is also supported for PIM dense mode, sparse mode, and sparse-dense mode.

---

Configuring a Single Subnet for Voice and Data

For network designs with incremental IP telephony deployment, network managers can configure the Catalyst 4224 so that the voice and data traffic coexist on the same subnet. This might be necessary when it is impractical to allocate an additional IP subnet for IP phones. You must still prioritize voice above data at both Layer 2 and Layer 3.

Layer 3 classification is already handled because the phone sets the type of service (ToS) bits in all media streams to an IP Precedence value of 5. (With Cisco CallManager Release 3.0(5), this marking changed to a Differentiated Services Code Point [DSCP] value of EF.) However, to ensure that there is Layer 2 classification for admission to the multiple queues in the branch office switches, the phone must also use the User Priority bits in the Layer 2 802.1p header to provide class of service (CoS) marking. Setting the bits to provide marking can be done by having the switch look for 802.1p headers on the native VLAN.

This configuration approach must address two key considerations:

The following procedure shows how to automatically configure Cisco IP phones to send voice and data traffic on the same VLAN.

Sample Configuration

The Catalyst 4224 supports the use of an 802.1p-only option when configuring the voice VLAN. Use this option to allow the IP phone to tag VoIP packets with a CoS of 5 on the native VLAN, while all PC data traffic is sent untagged.

The following example shows a single subnet configuration for the Catalyst 4224 switch:

The Catalyst 4224 instructs the IP phone to generate an 802.1Q frame with a null VLAN ID value but with an 802.1p value (default is CoS of 5 for bearer traffic). The voice and data vlans are both 40 in this example.

Configuring Ethernet Ports to Support IP Phones with Multiple Ports

You might want to use multiple ports to connect the IP phones (option 2 in Figure 3-1) if any of the following conditions apply to your Cisco IP telephony network:

IP Addressing

The recommended configuration for using multiple cables to connect IP phones to the network is to use a separate IP subnet and separate VLANs for IP telephony.

Sample Configuration

The following example illustrates the configuration on the IP phone:

The following example illustrates the configuration on the PC:

---

Note   Using a separate subnet, and possibly a separate IP address space, may not be an option for some small branch offices due to the IP routing configuration. If the IP routing can handle an additional subnet at the remote branch, you can use Cisco Network Registrar and secondary addressing.

---

Managing the Catalyst 4224 Access Gateway Switch

This section illustrates how to perform basic management tasks on the Catalyst 4224 with the Cisco IOS command-line interface (CLI). You might find this information useful when you configure the switch for the previous scenarios.

---

Note   For reference information on the voice commands used in this section, refer to the "Command Reference for Voice VLAN."

---

This section contains the following topics:

Adding Trap Managers

A trap manager is a management station that receives and processes traps. When you configure a trap manager, community strings for each member switch must be unique. If a member switch has an assigned IP address, the management station accesses the switch by using its assigned IP address.

By default, no trap manager is defined, and no traps are issued.

Beginning in privileged EXEC mode, follow these steps to add a trap manager and community string:

Configuring IP Information

This section describes how to assign IP information on the Catalyst 4224, and contains the following topics:

Assigning IP Information to the Switch—Overview

You can use a BOOTP server to automatically assign IP information to the switch; however, the BOOTP server must be set up in advance with a database of physical MAC addresses and corresponding IP addresses, subnet masks, and default gateway addresses. In addition, the switch must be able to access the BOOTP server through one of its ports. At startup, a switch without an IP address requests the information from the BOOTP server; the requested information is saved in the switch running the configuration file. To ensure that the IP information is saved when the switch is restarted, save the configuration by entering the write memory command in privileged EXEC mode.

You can change the information in these fields. The mask identifies the bits that denote the network number in the IP address. When you use the mask to create a subnet on a network, the mask is then referred to as a subnet mask. The broadcast address is reserved for sending messages to all hosts. The CPU sends traffic to an unknown IP address through the default gateway.

Assigning IP Information to the Switch—Procedure

Beginning in privileged EXEC mode, follow these steps to enter the IP information:

Removing an IP Address

Use the following procedure to remove IP information from a switch.

---

Note   Using the no ip address command in configuration mode disables the IP protocol stack and removes the IP information. Cluster members without IP addresses rely on the IP protocol stack being enabled.

---

Beginning in privileged EXEC mode, follow these steps to remove an IP address:

---

Caution   If you are removing the IP address through a Telnet session, your connection to the switch will be lost.

---

Specifying a Domain Name and Configuring the DNS

Each unique IP address can have an associated host name. Cisco IOS software maintains a cache of host name-to-address mappings for use by the EXEC mode commands connect, telnet, ping, and related Telnet support operations. This cache speeds the process of converting names to addresses.

IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, such as the File Transfer Protocol (FTP) system, is identified as ftp.cisco.com.

To track domain names, IP has defined the concept of a domain name server (DNS), whose purpose is to hold a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names and then specify a name server and enable the DNS, the Internet's global naming scheme that uniquely identifies network devices.

Specifying the Domain Name

You can specify a default domain name that the software uses to complete domain name requests. You can specify either a single domain name or a list of domain names. When you specify a domain name, any IP host name without a domain name will have that domain name appended to it before being added to the host table.

Specifying a Name Server

You can specify up to six hosts that can function as a name server to supply name information for the DNS.

Enabling the DNS

If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet's global naming scheme, the DNS, accomplishes this task. This service is enabled by default.

Configuring Voice Ports

The Catalyst 4224 can connect to a Cisco 7960 IP Phone and carry IP voice traffic. If necessary, the Catalyst 4224 can supply electrical power to the circuit connecting it to the Cisco 7960 IP Phone.

Because the sound quality of an IP telephone call can deteriorate if the data is unevenly transmitted, the current release of the Cisco IOS software supports Quality of Service (QoS) based on IEEE 802.1p Class of Service (CoS). QoS uses classification and scheduling to transmit network traffic from the switch in a predictable manner.

The Cisco 7960 IP Phone contains an integrated three-port 10/100 switch. These dedicated ports connect to the following devices:

Figure 3-2 shows a sample configuration for a Cisco 7960 IP Phone.

Configuring a Port to Connect to a Cisco 7960 IP Phone

Because a Cisco 7960 IP Phone also supports connection to a PC or other device, a port connecting a Catalyst 4224 to a Cisco 7960 IP Phone can carry a mix of traffic. There are three ways to configure a port connected to a Cisco 7960 IP Phone:

Disabling Inline Power on a Catalyst 4224

The Catalyst 4224 can supply inline power to the Cisco 7960 IP Phone if necessary. The Cisco 7960 IP Phone can also be connected to an AC power source and supply its own power to the voice circuit. When the Cisco 7960 IP Phone is supplying its own power, a Catalyst 4224 can forward IP voice traffic to and from the phone.

A detection mechanism on the Catalyst 4224 determines whether it is connected to a Cisco 7960 IP Phone. If the switch senses that there is no power on the circuit, the switch supplies the power. If there is power on the circuit, the switch does not supply it.

You can configure the switch to never supply power to the Cisco 7960 IP Phone and to disable the detection mechanism.

Beginning in privileged EXEC mode, follow these steps to configure a port to never supply power to Cisco 7960 IP Phones:

---

Note   Entering the show power inline [interface-type number] command in privileged EXEC mode displays the power allocated to the IP phone by the Catalyst 4224. To display the maximum power requested by the IP phone, enter the show cdp neighbors [interface-type number] detail command in privileged EXEC mode.

---

Enabling and Disabling Switch Port Analyzer

You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A Switch Port Analyzer (SPAN) port cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. Any number of ports can be defined as SPAN ports, and any combination of ports can be monitored. SPAN is supported for up to two sessions.

Enabling the Switch Port Analyzer

Beginning in privileged EXEC mode, follow these steps to enable SPAN:

Disabling Switch Port Analyzer

Beginning in privileged EXEC mode, follow these steps to disable SPAN:

Managing the ARP Table

To communicate with a device (on Ethernet, for example), the software first must determine the 48-bit MAC or local data link address of that device. The process of determining the local data link address from an IP address is called address resolution.

The Address Resolution Protocol (ARP) associates a host IP address with corresponding media or MAC addresses and VLAN ID. Taking an IP address as input, ARP determines the associated MAC address. Once a MAC address is determined, the IP-MAC address association is stored in an ARP cache for rapid retrieval. Then, the IP datagram is encapsulated in a link-layer frame and sent over the network.

Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol (SNAP). By default, standard Ethernet-style ARP encapsulation (represented by the arpa keyword) is enabled on the IP interface.

When you manually add entries to the ARP Table by using the CLI, you must be aware that these entries do not age and must be manually removed.

Managing the MAC Address Tables

The switch uses the MAC address tables to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include the following types of addresses:

The address tables list the destination MAC address and the associated VLAN ID, module, and port number associated with the address. Figure 3-3 shows an example of a list of addresses as they would appear in the dynamic, secure, or static address table.

Figure 3-3   Contents of the Address Table

MAC Addresses and VLANs

All MAC addresses are associated with one or more VLANs. An address can exist in more than one VLAN and have different destinations in each. Multicast addresses, for example, could be forwarded to port 1 in VLAN 1 and ports 9, 10, and 11 in VLAN 5.

Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. An address can be secure in one VLAN and dynamic in another. Addresses that are statically entered in one VLAN must be static addresses in all other VLANs.

Changing the Address Aging Time

Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. Use the Aging Time field to define how long the switch retains unseen addresses in the table. This parameter applies to all VLANs.

Configuring the Aging Time

Setting too short an aging time can cause addresses to be prematurely removed from the table. When the switch receives a packet for an unknown destination, the switch floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses; it can cause delays in establishing connectivity when a workstation is moved to a new port.

Beginning in privileged EXEC mode, follow these steps to configure the dynamic address table aging time.

Removing Dynamic Address Entries

Beginning in privileged EXEC mode, follow these steps to remove a dynamic address entry:

You can remove all dynamic entries by using the clear mac-address-table dynamic command in privileged EXEC mode.

Adding Secure Addresses

The secure address table contains secure MAC addresses and their associated ports and VLANs. A secure address is a manually entered unicast address that is forwarded to only one port per VLAN. If you enter an address that is already assigned to another port, the switch reassigns the secure address to the new port.

You can enter a secure port address even when the port does not yet belong to a VLAN. When the port is later assigned to a VLAN, packets destined for that address are forwarded to the port.

Adding Secure Addresses

Beginning in privileged EXEC mode, follow these steps to add a secure address:

 

Removing Secure Addresses

Beginning in privileged EXEC mode, follow these steps to remove a secure address:

 

You can remove all secure addresses by using the clear mac-address-table secure command in privileged EXEC mode.

Adding and Removing Static Addresses

A static address has the following characteristics:

Because all ports are associated with at least one VLAN, the switch acquires the VLAN ID for the address from the ports that you select on the forwarding map. A static address in one VLAN must be a static address in other VLANs. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.

Adding Static Addresses

Beginning in privileged EXEC mode, follow these steps to add a static address:

Removing Static Addresses

Beginning in privileged EXEC mode, follow these steps to remove a static address:

You can remove all secure addresses by using the clear mac-address-table static command in privileged EXEC mode.