Cisco IP Phone models
Most contain a 3port switch
The voice and user PC ports:
connecting to the user’s PC, the internal VoIP data stream
always function as access-mode switch ports
The uplink ports
connects to the upstream switch
to operate as an 802.1Q trunk or as an access-mode (single VLAN) port.
If an 802.1Q trunk is needed, a special-case trunk automatically is negotiated by the DTP and CDP
structure
[cisco switch] — [cisco ip phone] — [pc]
When a PC is connected to the PC switch port on an IP Phone,The Catalyst switch instructs the IP Phone how to trust the PC QoS information.
cisco switch必須啟動cdp及portfast以支援cisco ip phone
pc連到switch不會感覺到ip phone存在
code:
G.711 , G.729
設定VVID(voice vlan id)
(config-if)# switchport voice vlan < vlan-id | dot1p | untagged | none>
預設是關閉
此vlan屬於Auxiliary VLANs
只能以access mode設在layer2 interface
會建立特殊的802.1q trunk
qos根據mls qos turst的設定,預設是0
vlan-id:使用trunk,
指定該vlan為voice vlan,
pc data在native vlan不被tag,用802.1p做qos
dot1q:使用trunk,
指定vlan0為voice vlan,
pc data在native vlan不被tag,用802.1p做qos
untagged:使用trunk,
指定native vlan為voice vlan,
pc data和voice data在native vlan不被tag
none(default):不使用trunk,
類似untagged
ps:
The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.
ps:
You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
ex:
指定vlan50為voice vlan,vlan10給pc data
(config)# interface gigabitethernet1/0/1
(config-if)# switchport access vlan 10
(config-if)# switchport trunk native vlan 20
(config-if)# switchport voice vlan 50
(config-if)# switchport mode access
顯示VVID狀態
#show interface switchport
畫面大致如下
Switch# show interfaces fastEthernet 1/0/1 switchport
Name: Fa1/0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 110 (VoIP)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
………………………………………………….
QOS Trust Boundary
定義:
The perimeter formed by switches that do not trust incoming QoS;
trust boundary由最外層的turst device組成
功能:
a point in the network where decisions about CoS markings on incoming packets are made.
組成設備:
trust device,可turst的classifies packet
佈署:
1邊界不建議在L3 device,因為會造成device CPU Loading過高的問題
2建議離PC端越近的設備做QoS(邊界)
ex:邊界在IP Phone是最好的,因為在IP Phone就開始對語音的封包分類,QoS的效果最佳
cisco packet qos priority
1. voice
2. call signaling
3. video interactive
4. video streaming
5. network management
6. ip routing
常見的Qos配置方法
1.使用人工配置
2.使用Cisco SDM(Security Device Manager)設定
3.使用AutoQoS自動配置
…
啟動QOS功能
(config)# mls qos
設定信任介面
Switch(config)# interface < interface >
Switch(config-if)# mls qos trust < cos | ip-precedence | dscp>
預設為非信任介面,此類介面不相信進來的qos設定
ip-precedence:使用ip的tos欄位
cos:預設為0,只會作用frame上,也就是只在trunk發揮作用
dscp:只作用在packet上
ps:
連接在client之介面通常不會設成trust,因要防止client自訂qos而獲得較高之網路優先權
ps:
cisco預設會啟用cos-to-dscp mapping,將cos資訊寫進dscp中
ps:
限制cisco-phone信任條件
(config-if)# mls qos trust device cisco-phone
會透過cdp檢測是否為cisco-phone,若是則信任cisco-phone過來之qos設定
ps:
指定cisco-phone對pc數據之信任條件
(config-if)# switchport priority extend | trust>
cos < value> :將pc數據之qos重設為此value(0-7)
cos 0 :(default)指定pc數據不可信任
trust :指定pc數據可信任
…….
使用auto-qos
(config-if)#[no] auto qos voip < cisco-phone | cisco-softphone | trust>
該命令執行以下任務
啟用qos
啟用cos-to-dscp mapping
數據進入介面和出去介面之queue tuning
指定voip數據優先進入介面
建立qos trust邊界
cisco-phone:要由cdp發現之cisco-phone才會被trust
cisco-softphone:進來的數據若dscp設為24,26,46才會被trust,其他則重設為0
trust:所有進來的數據都trust,用於連接switch
ps:
若要修改parameter,需先用no auto qos voip,在用auto qos voip < parameter >
ps:CEF和CDP必需先啟動
ps:
auto qos voip cisco-phone為例,畫面大致如下
Switch(config-if)# auto qos voip cisco-phone
Switch(config-if)#
*Sep 7 04:14:41.618 EDT: mls qos map cos-dscp 0 8 16 26 32 46 48 56
*Sep 7 04:14:41.622 EDT: mls qos min-reserve 5 170
*Sep 7 04:14:41.622 EDT: mls qos min-reserve 6 85
*Sep 7 04:14:41.622 EDT: mls qos min-reserve 7 51
*Sep 7 04:14:41.626 EDT: mls qos min-reserve 8 34
*Sep 7 04:14:41.626 EDT: mls qos
*Sep 7 04:14:42.598 EDT: interface FastEthernet0/37
*Sep 7 04:14:42.598 EDT: mls qos trust device cisco-phone
*Sep 7 04:14:42.602 EDT: mls qos trust cos
*Sep 7 04:14:42.606 EDT: wrr-queue bandwidth 10 20 70 1
*Sep 7 04:14:42.610 EDT: wrr-queue min-reserve 1 5
*Sep 7 04:14:42.618 EDT: wrr-queue min-reserve 2 6
*Sep 7 04:14:42.626 EDT: wrr-queue min-reserve 3 7
*Sep 7 04:14:42.634 EDT: wrr-queue min-reserve 4 8
*Sep 7 04:14:42.642 EDT: no wrr-queue cos-map
*Sep 7 04:14:42.646 EDT: wrr-queue cos-map 1 0 1
*Sep 7 04:14:42.650 EDT: wrr-queue cos-map 2 2 4
*Sep 7 04:14:42.654 EDT: wrr-queue cos-map 3 3 6 7
*Sep 7 04:14:42.658 EDT: wrr-queue cos-map 4 5
*Sep 7 04:14:42.662 EDT: priority-queue out
說明: mls qos and wrr-queue QoS-related commands are two shaded commands that enable trust for CoS values coming from a Cisco phone.
cos-dscp 0 8 16 26 32 46 48 56表示對應到cos 8個priority level
啟用qos debug
# debug auto qos
可看見qos詳細狀態及auto qos voip所執行之參數
顯示auto qos狀態
# show auto qos [ interface < interface >]
畫面大致如下
Switch# show auto qos interface fastethernet 0/37
FastEthernet0/37
auto qos voip cisco-phone
……….
顯示qos介面狀態
# show mls qos interface < interface>
ps:
畫面大致如下
Switch# show mls qos interface fastethernet 0/1
FastEthernet0/1
trust state: trust cos //信任cos狀態
trust mode: trust cos
trust enabled flag: ena
COS override: dis //關閉cos複寫
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
說明:此為信任狀態
ps:
畫面大致如下
Switch# show mls qos interface fastethernet 0/1
FastEthernet0/1
trust state: not trusted
trust mode: trust cos
trust enabled flag: dis
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
說明:不是連接cisco-phone,所以此為不信任狀態
顯示switchport介面狀態
#show interface < interface > switchport
畫面大致如下
Switch# show interface fastethernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
[output deleted…]
Voice VLAN: 2 (VLAN0002)
Appliance trust: none
說明如下
Appliance trust: none,表示目前連接之設備不符合trust條件
顯示running-config之介面狀態
#show running-config interface < interface>
畫面大致如下
Switch# show running-config interface fastethernet 0/47
Building configuration…
Current configuration : 219 bytes
!
interface FastEthernet0/47
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 100
mls qos trust device cisco-phone
mls qos trust cos
no mdix auto
end
ps:
cisco-phone啟用之訊息大致如下
6d18h: %ILPOWER-7-DETECT: Interface Fa1/0/1: Power Device detected: Cisco PD
6d18h: %ILPOWER-5-POWER_GRANTED: Interface Fa1/0/1: Power granted
6d18h: %LINK-3-UPDOWN: Interface FastEthernet1/0/1, changed state to up
6d18h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up
6d18h: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Fa1/0/1, port trust enabled.