کد:
http://ciscoconfigs.net/index.php?option=com_content&task=view&id=21&Itemid=26
This configuration snippet shows how to setup a 3750 switch that will have a voice and data vlan supporting Cisco phones
that support the connection of a PC to the back of the phone. In order to understand this you have to understand how the
Cisco phones work. On current Cisco switches we have what is considered to be an auxilary vlan. This is configured on
the switchport with the voice vlan statement. When the phone boots up it gets its vlan information through Cisco
Discovery Protocol (CDP). CDP runs at layer 2. This tells the phone to put itself into the voice vlan, and to let the
desktop PC send traffic accross the access vlan. The auxilary vlan eliminates the possibility of forgetting to prune
the vlans if it were set up with normal 8021q trunking commands.
# This configuration was taken from a 3750 running 12.2(25)SEE2.
# I like to see the actual date and time for debug and log information, and then it is good security practice
# to have password-encryption turned on.
service timestamps debug datetime
service timestamps log datetime
service password-encryption
hostname 3750-Cisco
username cisco privilege 15 secret ciscoaaa new-model
# To ensure accurate time reporting set the timezone properly as well set the new daylight savings time settings.
clock timezone EST -5
clock summer-time DST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
# It is best practice to put VTP in transparent mode to ensure we don't fall into any incorrect vlan
# propagation issues.
vtp domain ciscoconfigs
vtp mode transparent
# Set UDLD to aggressive mode. This is only for fiber connections. This command was added from the global
# macro cisco-global. UDLD is Unidirectional Link Detection. This is running across fiber interfaces and
# aggressive mode simply speeds up the timers that are associated with bringing a link back up or timing out
# a bad link.
udld aggressive
# We are only using this switch as a layer 2 switch. In this example the vlans are trunked
# back to a core switch where the layer 3 interfaces are configured. Since we are not routing in this
# switch we do not need to turn on ip routing. The ip subnet-zero command is a default command.
ip subnet-zero
no ip domain-lookup
ip domain-name ciscoconfigs.net
# The following statements look scary but really they are not. These statements set up all the
# queues the thresholds, cos-dscp mappings etc to support voice over ip. The good news is that
# with Cisco's autoqos feature these statements get generated automatically once autoqos is
# turned on. Keep this in mind.. These settings apply to how Cisco defines the QoS levels for
# Cisco phones. These same settings may not apply to another vendor's IP phone system. They
# may use different dscp values to define priority service.
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
# The following applies the global macro called cisco-global. If you are not familiar with macros
# and smartports look them up on Cisco's website. They come in very handy. This macro once applied
# sets up UDLD to work in aggressive mode, reduced the errdisable recovery time from 5 minutes to
# 60 seconds, turns on Rapdid Spanning Tree, loopuard and sets the vtp mode to transparent.
macro global description cisco-global
errdisable recovery cause link-flap
errdisable recovery interval 60
no file verify auto
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
vlan internal allocation policy ascending
# This is where the vlan's are defined at layer 2. Since VTP is transparent we need to define
# the vlans on each switch.
vlan 10
name Data
vlan 20
name Voice
vlan 999
name Management
# The standard phone / desktop port configuration is shown below. Since the Cisco phones get
# their vlan information from CDP you will need to define the access vlan and the voice vlan.
# To enable QoS for the phones enter the auto qos voip cisco-phone command. This will create
# the bandwdith share and shape commands, the mls commands, and the plethera of QoS commands
# that were previously shown. Spanning-tree portfast should be enabled as well as bpduguard.
#
# The switchports could have been configured with a macro as well. We could have used the
# macro called cisco-phone. The command would have been
#
# macro apply cisco-phone $access_vlan 10 $voice_vlan 20
#
# This macro would have enabled all of the commands we have displayed plus it would have added
# the commands to enable port security for 2 MAC addresses. Again, all the ports from Fa0/1
# to Fa0/48 will all be configured the same so you could use the interface range statement to
# apply it all at the same time.
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
...
...
...
...
interface FastEthernet0/48
switchport access vlan 26
switchport mode access
switchport voice vlan 16
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
# Here is an uplink port to a 6509 which has the layer 3 interfaces. In this case we set it up
# to trunk all of the vlans. The QoS statements were all configured from the single command
# auto qos voip trust. This is the auto qos command you would use on all uplinks carrying voice.
interface GigabitEthernet0/1
description Connection to 6509
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
auto qos voip trust
spanning-tree link-type point-to-point
interface GigabitEthernet0/2
interface GigabitEthernet0/3
interface GigabitEthernet0/4
# Since we are not using vlan1 we need to shut this interface down
interface Vlan1
no ip address
shutdown
# In this example vlan 999 is the vlan that all of the network gear is being managed in.
# So we give this switch a layer 3 interface and give it an ip address in the management
# vlan. Remember routing is not turned on so the switch is essentially a host from this
# perspective so you will need to enter the default gateway.
interface Vlan999
ip address 10.1.254.24 255.255.255.0
ip default-gateway 10.1.254.1
ip classless
ip http server
# It is good security practice to set up your read and write community strings to something other than
# public and private. In this example we also specified an access list that defines which hosts we
# will actually accept an snmp request from.
access-list 10 permit 10.1.254.10
snmp-server community ciscoconfigs-pub RO 10
snmp-server community ciscoconfigs-priv RW 10
control-plane
# On the console and virtual terminal ports 0 - 4 we set the login to local so that we will use user authentication
# against the local database. A username was added near the beginning of this configuration. In addition
# the logging synchronous command helps you type in commands when the screen is scrolling. If you are halfway
# through your command and a console message popped up on the screen it would then take the part of the
# command that you already typed in a put it on a new line for you instead of breaking your command accross
# console messages.
line con 0
login local
logging synchronous
line vty 0 4
logging synchronous
login local
length 0
line vty 5 15
no login
# It is always good to have a time server configured so all of your network devices will have the correct
# time. This is important when trying to correlate events between devices and logs.
ntp server 10.1.254.100
end
LinkBack URL
About LinkBacks
