It's been quite a while that I've had to setup a segregated VLAN setup for voice prioritization, and need a refresher since I'm hitting a stumbling block.  Here's what I've got:

- Sonicwall TZ100 (will act as router between VLANs)
- Dell PowerConnect 3348 non-POE L2 switch
- Mitel 3300 ICP IP phone system (192.168.2.10 with 2.1 as the gateway (TZ100) and on VLAN 2)

I've configured two ports on the TZ100 as separate LAN subnets/gateways with 192.168.1.0/24 (VLAN 1 Data) and 192.168.2.0/24 (VLAN 2 Voice).  The ports on the Dell corresponding to each of those have been set to Access with their respective VLAN IDs.  All other ports are set up as Trunk (this is where I'm not 100% sure of what I'm doing...)

DHCP is enabled on the TZ100 for the 1.0 network and there are options in the scope directing Mitel IP phones to seek their final DHCP address on VLAN 2.  DHCP is enabled on the Mitel 3300 with teh scope for 2.0 on VLAN 2.

Problem I'm having is understanding how to configure the Dell for Tagged/Untagged packets on VLAN 2.  It allows me to select each port individually on that VLAN as T(Tagged), U(Untagged) or F(?).  I set the Access ports to Untagged and the balance are set to Tagged... is that correct?

Hi,

If I understand you fully, you are correct.  All the ports on VLAN1 should be Untagged and all the ports on VLAN2 that are connected to phones should Tagged.  Just make sure the port going to the router (sonic wall) on VLAN2 is definitely not tagged.

The reason the phones need the VLAN tagging is so that they can correctly identify data (VLAN1) and voice (VLAN2).

If you activate VLAN tagging on a device which does not understand it (like the sonic wall), then it will fail to decode the packets arriving.


Cheers,
Scott

Thank you.  My issue right now is that I've configured the Dell port connected to the 3300 as Access VLAN 2 Untagged and the 3300 is set to VALN 2 however I can't reach it...  

Just realised I had assumed the phones are dual port and allow you to connect a PC to them.  Is this correct?  Otherwise they might need to be Untagged - it depends on the phone really.

Cheers,
Scott

They are dual port...

Ok, that should be correct - you want the 3300 to be on an untagged port.

whoops hit enter and it posted my message early.

What I was going to say is can you connect to the 3300 from a device on VLAN2?  i.e. if you connect a PC to VLAN2 (untagged) can you reach it then?  Just want to eliminate routing problems first and make sure it's purely a layer 2 issue.

Cheers,
Scott

Right now if I set the 3300 as being on VLAN 2 I cannot connect to it at all despite its port being set to Access on VLAN 2 and have a the TZ also have a dedicated port on Access VLAN 2.  I'm not sure what's going on.  If I remove the vlaning on the 3300, all's good as far as getting to it.

The other issue I'm facing is that the TZ's DHCP server doesn't seem to jive with the IP Phones.  Sonicwall's nomenclature for DHCP options, such as "One Byte Data" for numeric values is confusing.  For the VLAN option for example, which is a value of "2", entering "2" yields an astronomical VLAN number on the phone.  I also tried "0x02" (hex format) and that's not working either... not sure what's going on.

Hi V,

When you say 'remove the vlanning on the 3300' what precisely do you mean?  Are you changing the vlan setting on the switch?

I know you are having problems with the DHCP too.  I think it's best to resolve the 3300 access issues first in-case they are related.

Cheers,
Scott

I mean entering "vlan_off" via a serial interface to temporarily disable any VLAN settings on the 3300 itself, not changing any Dell settings.

ok - that makes sense. If you have vlan enabled on the 3300, you need vlan tagging enabled on the Dell - and vice versa.

Since you have the 3300 on VLAN2 already and you are using the Sonicwall to route between VLAN1 and VLAN2 you should be good to go with vlan_off.  Assuming one really important thing - all the IP phones are connected to the Dell, not the 3300.  If they are connected to the 3300, then it will need to understand VLAN tagging to allow the VLAN1 traffic through it.  Which means you will need to enable VLAN tagging on the Dell also.

Does this make sense?  Really, all that matters is that anything that understands what a VLAN is has vlan tagging enabled on the Dell.

Hmm... just thought of one more thing - does the Dell have trunk ports too?  This might make a difference, some switches only like vlan tagging on trunk ports.  I'll dig up the dell docs when I get a chance.

Cheers,
Scott

Thanks!

I'm unclear as to the significance of setting the 3300 on VLAN 2, yet disabling the VLAN functionality, etc.  Is the VLAN 2 setting only marking packets as being on VLAN 2 yet turning VLANing on/off has more to do with processing of the tagged packets?

All of the Dell's ports are set to Trunk except for the 3 ports related to the two TZ100 VLANs and the 3300...

Ok - so I'll try and give a simple answer to you question:

If you have a port set to no vlan tagging, what actually happens is the packets go out of the port without any vlan information in them. This is the normal state for any device that does not understand vlans.

If you have a port set to vlan tagging, it appends a small amount of data to the front of the packet detailing what vlan the packet is in.  This will totally confuse anything that does not understand vlans.

So, for this reason, if you turn vlan's on for the 3300, you also need to turn vlan tagging on the dell. This makes both devices append the vlan information onto the packets and they then both understand each other.

You will only need the 3300 to understand vlan's if you connect the phones to it.  Then what will happen is packets from the PC connected to the phone need to get to VLAN1.  In order for this to work, the 3300 needs to tell the Dell that the packet is for VLAN1.  This often only works on trunk ports that have vlan tagging enabled.

Does this answer your question?

Cheers,
Scott

Thank you, I understand the concept, but not the behavior.

If I vlan_on the 3300, IP Phones connected directly to the 3300's L2 switch won't even see the 3300's DHCP server because it is technically on VLAN 2 I presume.  Turning that off now makes DHCP visible and phones attach, see pic of vlan_off command result in putty.  If I enter command vlan_on, the ports on the 3300 reverse from tagging VLAN 1 to tagging VLAN 2 and untagging VLAN 1.

Figured out my DHCP options problem...

Sonicwall needs to have the VLAN and Priority options set as "Four Byte Data" and values as 0002 and 0006 respectively.  I set them as such and the IP Phone got the right values, rejected the initial offering and FOUND the DHCP server on the 3300 and got its address on VLAN 2... WOOHOO!

All this with vlan_off on the 3300...

Sorry v, was not meaning to be patronizing. I agree the behavior is not expected, but I have limited experience of the mitel equipment. Just one thing though, when you did the vlan_on with the 3300 did you turn on tagging on the Dell?

Cheers,
Scott

No worries!  Tagging's been on on the Dell from the beginning so the answer to that is yes.

OK so the answer was simpler than originally thought... Leave the controller on data and voice VLAN1 (programmed in LAN IP Configuration), but specify VLAN2 Access port for its connection.  All other ports are Trunk, tagged for VLAN2.

VLAN settings on the 3300 are irrelevant in this scenario since it's not doing any proactive tagging of packets.

DHCP on the Sonicwall works, then rejected by phones and 3300 DHCP found, etc.

All's good!

Thanks for your help.