Cisco 7965 IP phones and TP-Link Gigabit Smart Switches

I had some interesting times trying to get my Cisco 7965 working with a TP-Link SG2210P swtich.

The way I want this to work is have all ports on the switch configured as access ports on my normal VLAN, but have the phone automatically run on a different VLAN, and be able to use the pass-through port on the phone for another device on the normal VLAN (the way they would normally be configured in an all-cisco environment). I also didn’t want non-phone devices to be able to access the voice VLAN.

At first all seemed to work fine, I configured the OUI filter entry to match the mac address prefix of the phone (the default Cisco rule it comes with doesn’t cover the phone I have). I also configured the switch-wide voice vlan settings, and set the “voice vlan mode” of all the access ports to “auto”.

However, I later noticed that the phone was trying to get a DHCP address on my normal VLAN instead of the voice one. I think that what had happened is that I’d switched on support for LLDP and LLDP-MED, and now the phone was being told by the switch to use the voice vlan, and was also being told that the voice vlan wasn’t present on the port, thus confusing the phone thoroughly. After lots of messing around I have come to the following conclusion:

  • Do enable LLDP and LLDP-MED
  • Set the “voice vlan mode” to “manual” for the access ports.
  • Explicitly allow the voice vlan (tagged) on the access ports.
  • Use the “voice vlan security” feature to prevent non-phone devices getting onto the voice vlan (this uses the OUI filter entries again).

The end result should look like this:

sw1-office#show run int g 1/0/5
interface gigabitEthernet 1/0/5
  switchport general allowed vlan <your data vlan id> untagged
  switchport general allowed vlan <your voice vlan id> tagged
  switchport pvid <your data vlan id>
  no switchport general allowed vlan 1
  switchport voice vlan mode manual
  switchport voice vlan security
  lldp med-status