کد:
http://ciscoconfigs.net/index.php?option=com_content&task=view&id=13&Itemid=26
This configuration snippet shows how to setup a layer 3 switch that will have a voice and data vlan supporting Shoretel phones
that support the connection of a PC to the back of the phone. In order to understand this you have to understand how the
Shoretel phones work. The shoretel phones are set up on 802.1q trunk ports. The trunk should set the native vlan on the
trunk to be the data vlan. Remember the native vlan is where untagged traffic flows, all other vlans going across the trunk
will be tagged. When the phone boots, it sends out a DHCP request that is untagged so it will flow over the native vlan, which
is the data vlan. The DHCP server will provide an ip address to the phone on the data segment. In addition to the normal
DHCP information, the scope will also have to provide the vlan id that the phone should change to, a flag telling it to use vlan
tagging, and an entry for the ftpserver which is the IP address of the phone system. Once the phone receives this information
it reconfigures its network properties and puts itself in the voice vlan. It then sends out a new dhcp request which is tagged
so it flows down the voice vlan. The dhcp server then provides a new IP address on the voice vlan along with the additional
information that is needed for the phone. So once the phone is up, all voice traffic is tagged and flows down the voice vlan
while the PC connected to the phone will send its traffic untagged which will flow down the data vlan. If more vlans are in
use on the switch than just the voice and data vlan, vlan pruning should be configured to ensure that the phone is not over
run with broadcasts from other vlans. Only the data and voice vlan should be sent across the trunk.

# This configuration was taken from a 3750 running 12.2(25)SEE2.

# I like to see the actual date and time for debug and log information, and then it is good security practice
# to have password-encryption turned on.

service timestamps debug datetime
service timestamps log datetime
service password-encryption

hostname 3750-Shoretel

username cisco privilege 15 secret cisco


# To ensure accurate time reporting set the timezone properly as well set the new daylight savings time settings.

clock timezone EST -5
clock summer-time DST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00


# Set UDLD to aggressive mode. This is only for fiber connections. This command was added from the global
# macro cisco-global. UDLD is Unidirectional Link Detection. This is running across fiber interfaces and
# aggressive mode simply speeds up the timers that are associated with bringing a link back up or timing out
# a bad link.

udld aggressive

# This switch is running layer 3 and it will need to route between the vlans so ip routing is turned on.

ip subnet-zero
ip routing
no ip domain-lookup
ip domain-name ciscoconfigs.net


# Default COS to DSCP mappings

mls qos map cos-dscp 0 8 16 26 32 46 46 56


# The following applies the global macro called cisco-global. If you are not familiar with macros
# and smartports look them up on Cisco's website. They come in very handy. This macro once applied
# sets up UDLD to work in aggressive mode, reduced the errdisable recovery time from 5 minutes to
# 60 seconds, turns on Rapdi Spanning Tree, loopuard and sets the vtp mode to transparent.

macro global description cisco-global
errdisable recovery cause link-flap
errdisable recovery interval 60
no file verify auto

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id

vlan internal allocation policy ascending


# The following statements define vlan 10 and vlan 20 from a layer 2 perspective.
vlan 10
name Data

vlan 20
name Voice




# The first port is shown for the connection of the DHCP server. The DHCP server is on vlan 10.
# Always turn spanning-tree portfast on when not connecting to a bridge or switch. It is good
# practice to hard code the speed and duplex for key servers, and networking equipment.

interface GigabitEthernet1/0/1
description DHCP Server
switchport access vlan 10
speed 100
duplex full
spanning-tree portfast


# In this case the Shoretel PBX is connected to port gig1/0/2. It is hard coded to vlan 20 which
# is the voice vlan. Again hard coded speed and duplex, and portfast is enabled.

interface GigabitEthernet1/0/2
description Phone switch
switchport access vlan 20
speed 100
duplex full
spanning-tree portfast

# The standard phone / desktop port configuration is shown below. For most current Shoretel phones
# you set up an 802.1q trunk to the phone. Since the port is set to trunk mode, the switchport
# access vlan 10 statement is not needed and is not used. I simply put it there in case the
# customer wants to change a port setting so it does not support a phone. Once the switchport
# trunk commands are removed, the default access vlan woudl normally be 1 which is not in use.
# If you set the access vlan 10 command, that will ensure that if they remove the trunking commands
# the port will already be set to the correct data vlan.
#
# There are two steps to turn on trunking for this switch. You need to set the trunk encapsulation
# type to dot1q, then you need to set the port to trunk mode. In this case we needed to make sure
# that the native vlan on the trunk is set to the data vlan. The phone is actually a switch but
# since it is an endpoint switch we can set portfast to on. All the ports from gig1/03 to gig1/0/48
# will all be configured the same so you could use the interface range statement to apply it all
# at the same time.


interface GigabitEthernet1/0/3
switchpot access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
...
...
...
interface GigabitEthernet1/0/48
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast

# Since we are not using vlan1 we need to shut this interface down

interface Vlan1
no ip address
shutdown


# Not shown in the running config we have previsouly created vlan 10 and vlan 20 on this switch. How this is
# done is different for the different switch types. On some switches you will enter the vlan database command
# to set them up and some you will set them up within the IOS config. Nevertheless, the interface Vlan command
# does not establish the layer 2 vlan only the layer 3 component. On these switches it is easy to forget to add
# the layer 3 component
#
# On interface Vlan10 we set the gateway address for vlan 10 and the same is done on interface Vlan20. Now
# the phones on vlan 20 still need to talk to the DHCP server which is on the data vlan so we need to configure
# an ip helper-address to point the DHCP requests to the DHCP server on vlan 10.

interface Vlan10
ip address 10.1.1.1 255.255.255.0

interface Vlan20
ip address 172.16.1.1 255.255.255.0
ip helper-address 10.1.1.10

ip classless
ip http server


# It is good security practice to set up your read and write community strings to something other than
# public and private.

snmp-server community ciscoconfigs-pub RO
snmp-server community ciscoconfigs-priv RW


# On the console and virtual terminal ports 0 - 4 we set the login to local so that we will use user authentication
# against the local database. A username was added near the beginning of this configuration. In addition
# the logging synchronous command helps you type in commands when the screen is scrolling. If you are halfway
# through your command and a console message popped up on the screen it would then take the part of the
# command that you already typed in a put it on a new line for you instead of breaking your command accross
# console messages.

line con 0
login local
logging synchronous
line vty 0 4
logging synchronous
login local
length 0
line vty 5 15
no login


# It is always good to have a time server configured so all of your network devices will have the correct
# time. This is important when trying to correlate events between devices and logs.

ntp server 10.1.1.100
end





موضوعات مشابه: