We are currently deploying 2940 and 2950 8, 12, and 24 port switches to a lot of our end user locations. We have an extremely dynamic wireless network set up where I am at due to users constantly moving to new locations, and I need to manage it more effeciently. We support a lot of people who think they can plug in whatever they want. I deal with loopbacks on a weekly basis, and it causes havoc on the rest of our users. Which brings me to the point of this post…I need some input as to a correct Cisco uplink config. 2940 and 2950 switches do not support dot1q trunk encapsulation from what little I know, and switchport mode trunk will not work without it. We have two vlans operating, one voice, one data, and the following config is the only way we have been able to get it to work.
interface GigabitEthernet0/1
description Uplink for SM
switchport access vlan xx
switchport voice vlan xx
spanning-tree portfast disable
Is there anyone out there that has dealt with setting up cisco switches on the SM side? Is there a better configuration to use? Thanks for any help.
missed a command
switchport mode access
why are yo using Cisco switches on customer side…
Why don’;t you get a cheap dum switch and use the VLAN on the SM’s to isolate the customer.
I believe the 2940 and 2950 series catalyst switches will support dot1q encapsulation.
the command should be
switchport trunk encapsulation dot1q
but to use that you have to have the port in trunk mode via
switchport mode trunk
I know the 2950 will do it, but I don’t have a 2940 in front of me to verify. If the commands aren’t showing up do you have the Enterprise level IOS?
We have been using dummy switches, however, our…main customer does not wish us using these due to the lack of security on them.
Ahhhh crap…did some more studying. ISL is not supported on these suckers, so dot1q is all there is. It’s not a command because it does not need to be one.
This makes me wonder though…if I have vlans established on the switch, and I enable them on the SM as well, can I set the VoIP to high priority via the SM? I’ve been having tons of complaints concerning lost calls lately. I’ve tried HW scheduling (no advantage though :[) and SW scheduling (75/40 60/40 50/50) and had the same problems no matter what I do. There is not an SM here that has a jitter over 5, so the signal quality is not an issue. I get few complaints on any data throughput, but the VoIP is another issue. Any suggestions?
you need to get the VOIP packets tagged and the use diff serv on the SM to give it high priority.
You can set high priority channels on the AP to, I have not done this yet, but many of the other guys on the forum have and claim good results…
we have customers who use CISCO switches and we have to plug in our SM (nat disabled) into them…
* only allow untagged packets
* switchon BDU filtering on client switch
* make sure they can’t join your VTP domain
works fine
Thanks for the help. I’ll give it a shot.
OK, I’m one step closer. Apparently Cisco VoIP phones send out a discovery pulse to look for POE cabable devices. This has caused all sorts of interesting loop back storms and phone problems. Mostly the phones just freezing up completely. THat’s beside the point, but I took some of your advice.
This is where I’m at right now on the switch:
global:
Switch(config)#errdisable detect cause loopback
Switch(config)#errdisable recovery cause bpduguard
Switch(config)#errdisable recovery cause loopback
Switch(config)#errdisable recovery cause psecure-violation
on the actual uplink port:
description Uplink for SM
switchport trunk native vlan x
switchport mode trunk
switchport voice vlan x
spanning-tree portfast disable
spanning-tree bpdufilter enable
This is where I need some more help:
And on the AP:
VLAN Enable
Dynamic Learning Enable
Allow Frame Types All Frames
VLAN Ageing Timeout 1440
Management VID 1
All Local SM Management Enable
And on the SM:
Dynamic Learning Enable
Allow Frame Types All Frames
VLAN Ageing Timeout 1440
Untagged Ingress VID 1
Management VID 1
Local SM Management Enable
As of right now, with these settings, i have run a lab with a phone and computer through a 12 port cisco catalyst 2950 uplinked to an SM via a single AP plugged into a 4506 (almost the same settings) with no problems so far. I had some serious problems without the bpdu filtering and errdisable recovery commands. Everything seems to work, but I’m not sure if vlans are even being utilized. I’ve read through the documentation, and to be honest, I’m not sure how to approach the vlan tagging and using the diff serv with it. I am running SW with a 50down/50HPup setting and also 6/3 6/3 7/3 on the control slots (read some white papers on a lab a company did somewhere on this site…I may have misunderstood it but they mentioned something about the benefits of a 50/50 setting).
Anyways, could you perhaps walk me through the vlan tagging and diffserv configs? It would be greatly appreciated. Also, I need to be able to manage the SM and still poll it via an NMS and PrizmEMS i have running. It seems whenever i start messing with untagged frames and changing vlan ids i lose the ability to even ping the SM…sometimes the AP…I remember something in the docs about PrizmEMS requiring SM management to be disabled if it is managing the device…hope I’m making a small amount of sense.
Thanks for any help,
did you get anywhere with this…
you can configure the SM to which ever vlan you want on the 12 port 2950 you need to create that vlan and add the ip address on that vlan interface… use this IP as the gateway for that customer (ip phone) take NAT into consideration.
For managment, the NMS/Prizm need to be on the Management VID to be able to get to the mangement port on the SM’s, hence if the NMS is plugged into a switch and the SM has a MVID of 10, put the switchport on vlan 10
Unfortunately I’ve not had a chance to further test this due to some great lightning and moisture I was not expecting for a couple more months (and lack of supplies…see where this is going…). Iraq sucks…hahah…
I will set up a lab in the next couple of days with the necessary equipment and give your suggestions a shot. Thanks again!