Switching Networking Theory

Voice VLAN

Dedicated VLANs for VoIP traffic with QoS prioritization and separation from data traffic

Voice VLAN

  • Voice VLANs are separate Layer 2 broadcast domains specifically designed for IP phone traffic - this segregation provides Quality of Service (QoS) prioritization and security isolation from data traffic
  • Operates by allowing a single switch port to carry both data VLAN (untagged) and voice VLAN (tagged) traffic simultaneously
  • IP phones act as mini-switches with built-in 3-port switch functionality - one port connects to switch, one to PC, and internal port for phone operations
  • Voice traffic receives 802.1Q VLAN tagging while PC data remains untagged on the native/access VLAN
  • Switch port configuration uses switchport voice vlan <vlan-id> command in addition to standard access VLAN configuration

Key Benefits

  • QoS Implementation: Voice traffic can be prioritized using Class of Service (CoS) markings in 802.1Q headers
  • Security Separation: Voice and data traffic isolated into different broadcast domains
  • Bandwidth Management: Dedicated VLAN allows for traffic shaping and monitoring
  • Simplified Cabling: Single cable run supports both phone and PC connectivity

Configuration Components

  • CDP/LLDP Discovery: Switch advertises voice VLAN information to compatible IP phones
  • Power over Ethernet (PoE): Often deployed alongside voice VLANs for phone power delivery
  • Trust Boundaries: Switch trusts CoS markings from IP phones but not from connected PCs
Traffic Type VLAN Tagging Priority Typical VLAN ID Range
Voice 802.1Q Tagged High (CoS 5) 100-199
Data Untagged (Native) Normal (CoS 0) Any

Vocabulary

  • Voice VLAN: Dedicated VLAN for IP telephony traffic with QoS prioritization
  • Auxiliary VLAN: Cisco term for voice VLAN configuration on switch ports
  • CoS (Class of Service): Layer 2 QoS marking (0-7) carried in 802.1Q VLAN tags
  • Trust Boundary: Point in network where QoS markings are trusted or remarked

Notes

  • Voice VLANs require 802.1Q trunking knowledge - phones tag voice traffic but leave data untagged
  • Default voice VLAN behavior varies by vendor - Cisco uses auxiliary VLAN concept while others may differ
  • IP phones typically receive VLAN assignment via CDP/LLDP advertisements from switch
  • Common deployment uses separate IP subnets for voice and data VLANs (e.g., 10.1.100.0/24 for voice, 10.1.10.0/24 for data)
  • Voice VLAN configuration doesn’t automatically enable QoS - requires additional service-policy configuration for traffic prioritization
  • Troubleshooting tip: Use show interfaces switchport to verify voice VLAN assignment and show cdp neighbors detail to confirm phone discovery
  • Security consideration: Voice VLANs can be attack vectors if not properly secured with port security and DHCP snooping