Understanding the Cisco IP Phone Concepts and Registration - CCNA Voice 640-461 - page 56

Information Technology Reference

In-Depth Information

Using this process, the PC never knows what VLAN it belongs to. The VLAN tag is ap-

plied when the incoming frame crosses a trunk port. The VLAN tag is removed when exit-

ing the port to the destination PC. Always keep in mind that VLANs are a switching

concept; the PCs never participate in the VLAN tagging process.

VLANs are not a Cisco-only technology. Just about all managed switch vendors support

VLANs. In order for VLANs to operate in a mixed-vendor environment, a common trunk-

ing or “tagging” language must exist between them. This language is known as 802.1Q. All

vendors design their switches to recognize and understand the 802.1Q tag, which is what

allows us to trunk between switches in any environment.

Understanding Voice VLANs

It is a common and recommended practice to separate voice and data traffic by using

VLANs. There are already easy-to-use applications available, such as Wireshark and Voice

Over Misconfigured Internet Telephones (VOMIT), that allow intruders to capture voice

conversations on the network and convert them into WAV data files. Separating voice and

data traffic using VLANs provides a solid security boundary, preventing data applications

from reaching the voice traffic. It also gives you a simpler method to deploy QoS, priori-

tizing the voice traffic over the data.

One initial difficulty you can encounter when separating voice and data traffic is the fact

that PCs are often connected to the network using the Ethernet port on the back of a

Cisco IP Phone. Because you can assign a switchport to only a single VLAN, it initially

seems impossible to separate voice and data traffic. That is, until you see that Cisco IP

Phones support 802.1Q tagging.

The switch built into Cisco IP Phones has much of the same hardware that exists inside of

a full Cisco switch. The incoming switchport is able to receive and send 802.1Q tagged

packets. This gives you the capability to establish a type of trunk connection between the

Cisco switch and IP phone, as shown in Figure 3-6.

Voice VLAN: 25

Data VLAN: 50

Key

To p i c

V

Fa0/1

Tagged Voice Packets

Untagged Data Packets

Untagged Data Packets

Figure 3-6

Separating Voice and Data Traffic Using VLANs

Next Page

CCNA Voice 640-461

Search WWH ::

Custom Search

Home