Cisco WS-C6506 Software Manual page 1416

Configuring VoIP on a Switch
Supported Cisco IP Phones
These Cisco IP phones are supported with the trusted boundary feature:
•
•
•
•
QoS and Cisco IP Phone Configuration
The Cisco IP Phones are directly attached to the Catalyst 6500 series switch ports. Typically, the traffic
that is coming from the phone and entering the switch is marked with a tag using the 802.1Q header. The
header contains the VLAN information and the class of service (CoS) 3-bit field. The CoS determines
the priority of the packet. For most Cisco IP Phone configurations, the traffic that comes from the phone
and enters the switch is trusted to ensure that the voice traffic is properly prioritized over other types of
traffic in the network. The port on the switch where the phone is attached is configured to trust-cos,
which means that the port trusts the CoS labeling of all packets arriving on that port.
QoS, Cisco IP Phone, and PC Configuration
A PC or workstation can be attached to the Cisco IP Phone. The phone has a built-in hub that mixes the
traffic coming from the PC, the phone, and the switch port. To distinguish the traffic that comes from
the PC from the traffic that comes from the phone, use the 3-bit CoS labels.
You need to configure the QoS features on the phone for proper labeling to occur. The QoS configuration
information is sent to the phone using CDP from the switch. The QoS configuration determines the trust
state of the phone and the classification information (Ext-Cos). The phone supports two trust states:
•
•
If the phone is in trusted mode, all the labels that are produced by the PC are sent directly through the
phone toward the switch, untouched. If the phone is in untrusted mode, all traffic coming from the PC
is marked with the Ext-Cos value before it is sent to the switch.
For most setups, the PC or workstation that is attached to the phone is unable to tag its packets. In these
cases, all the traffic that comes from the PC and enters the switch through the phone, is marked with the
"default ext-cos" that is configured on the phone.
In some cases, the PC can tag its own packets. A PC running Windows 2000 can be configured to send
the 802.1Q frames of any priority. To solve this problem, the phones should be configured to be
untrusted, which marks all the traffic coming from the PC to the appropriate priority.
The trusted boundary prevents the users from taking advantage of the trust-cos setting on the switch by
disconnecting their phone from the network and plugging their PC directly into the switch port. It uses
CDP to detect the phone's presence on a port. If the phone leaves the port, the feature automatically
configures the port to be untrusted, which solves the security issue.
The trusted boundary is implemented using a configuration command to create a new type of trust. The
command allows you to configure the port trust based on the presence of a given device on a port. For
the Cisco IP Phones, you configure the trust as "trust-device ciscoipphone."
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
55-34
Cisco IP Phone 7910
Cisco IP Phone 7935
Cisco IP Phone 7940
Cisco IP Phone 7960
Trusted
Untrusted and marked with a new COS value (Ext-Cos)
Chapter 55 Configuring a VoIP Network
OL-8978-04