Vlans.

[wireman50]

Firstly apologies, I know there is lots on here about Vlans but this is breaking my virginity at actually setting them up.

I remember seeing a post on here about something I need to clarify but for the life of me I can't find it again and like a twonk I didn't archive it....


I understand that it works like this.

I use Vlan1 for the default network for data

I then set up a Vlan10 on the switch and give it an address (range?)

When the phones boot they get a vlan address via dhcp (option 125) and they drop their existing and use the new info to reach the 3300 DHCP.

So on the switch I set all Vlan to untagged on all the ports and Vlan10 to tagged.

This will work although its a very simple setup BUT (and this is teh bit I can't find) someone suggested setting a port on one of the switches differently so i can use it to access the 3300 for management? Can anyone help me with this?

In one sceanrio I have seperate data and voice switches (Huawei S2700 and S5700) but I have a need to use UC so they will need to communicate. i understand this will need some layer three programming so that the computers can access the 3300 so hopefully the firewall will do this.

In the otehr scenario all ports on all switches may ahve a computer or a phone plugged in so I am assuming the first way will work but I will still need some form of routing to enable the computers to see the 3300?

Both these will be release 5.0 CX2 variants

Apolgies for the long post.

 

[sarond]

What I would normally do is have the Mitel plugged in to a switch port that is programmed as untagged Vlan 10. You would then need a dhcp server with option 125 or 43 on the native Vlan 1 to tell the IP phones their VLAN info. This will tag them for Vlan 10.

Alternatively you could use CDP or LLDP to tell the IP devices what Vlan they belong to. Not sure if your switches support this or if they support Layer 3 routing but you will need something to route between Vlans to use UC.

What sort of firewall do you have?

 

[wireman50]

I think it will be a Cisco of some sort in one place and a Watchguard in the other, neither of which I have any access to.

Switch support LLDP (Huawei) so i can use that in the place where I am supplying the sswitches but in the other one I am at the mercy of the IT supplier.

The main one I am doing is the one with the two switches (one of which is a layer three switch I think (Huawei S5700) but not sure if the other does. This will have the watchguard firewall. In this one the phones will be plugged into the S2700 PoE and the PC's will be plugged into the S5700 so its not so much a problem, I think it will just be easier to leave them on completely different subnets and let the firewall do the routing between them. I assume that if I just have the two switches on the firewall seperately this will negate the need for a Vlan? Or will it cause problems with having two DHCP servers? I can turn the Mitel to only serve phones I believe which may alleviate this.

 

[sarond]

If the switches are only connected to each other via the firewall then you don't need Vlan's unless you want to connect a PC via the IP handsets.

You can have a separate DHCP server for each network without any issues as they are completely different networks and a router/firewall won't automatically forward DHCP requests to other interfaces.

 

[wireman50]

Yes, but the issue is I may need to provide UC to the PC's so can I just do this by using the friewall to route calls to the 3300 from the PC network (like a static route)?

 

[sarond]

I can't be 100% on your particular firewall but yes, all you need is static routing.

 

[wireman50]

Mnay thanks.

 

[wireman50]

Err, sorry one more dumb question.

If I did configure Vlans I assume I configure each switch with the same Vlan info and use trunking to connect to each other?


so for instance swutch a vlan10 192.68.5.x/24 trunk to switch b with Vlan10 192.168.5.x/24 and then also connect one of the switches to the router.

 

[sarond]

Yes program the port as a trunk port and tag all the Vlans that you want to pass through. If you are connecting to a router with only one network cable then you will also need to program this as a trunk port with associated programming on the router. i.e it will need to be Vlan aware and have sub interfaces.

 

[LoopyLou]

if possible I like to have the 3300 server as the DHCP server for the phones and leave the customers corporate DHCP server alone. To do this the phones need to boot directly to the voice VLAN. You can do this by using CDP or LLDP to tell the phones during their boot that they belong to the voice network. That way they issue their request for an IP address directly to the 3300.

You can set the 3300 on a tagged/untagged port like the phones to simplify layer 2 switch programming. In later software the 3300 got the ability to tagg its packets. The only issue for me on this is that if I need to attach directly to the 3300 I have to either have a NIC that supports tagging or I need to shut off the tagging in the 3300 through a maintenance command.

The 3300's would only have the same VLAN info if they are on the same VLAN ( i.e in the same rack in the same server room ).

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.

 

[wireman50]

Sorry not clear there I was alluding to setting up the Vlans on the network switches not on the 3300.

So, if I have every port on the switches set to Vlan 1 untagged and every port on Vlan10 tagged I would have to have the 3300 set to tagging (this is release 11 so no problem) for it to work (and I can use LLDP so thats not a prblem either) but then I would not be able to use UC or get to the 3300 via the network to programme it? Unless I can get a rule written in the firewall that will route between Vlan 1 and Vlan10 to enable me to programme the 3300 from a PC on Vlan1. Or for emergencies I would need a NIC on a laptop that is vlan aware so i could set the IP address as the Vlan10 subnet and enable tagging?

 

[LoopyLou]

If you setup as you say then the 3300 is tagging and expecting tagged packets. To program it you would need to have routing enabled between the two VLANs or as you say a laptop with a NIC that can support tagging so you can statically set your laptop to the voice VLAN. Not a lot of them out their but there are some. The only one I ever came across was a Dell D630 laptop with an Intel based NIC. Funnily enough everyone else with virtual the same laptop did not get that feature.

When you say firewall then I assume that's how you have to do routing between VLANs? I try to use HP 26xx and 29xx series network switches because they are layer 2/3 devices. You can program the VLAN routing within the switches to save using a seperate router.

You seem to be well on your way.



I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.

 

[wireman50]

I understand that the Huawei S5700 I have is a layer 3 device so I can set up a static route on that? The S2700 seems to give me options to set up static routes as well (this is PoE) but IIUIC I only need to set up a static route on one device?

 

[sarond]

It's not so much static routing on the switch that you will need, its interVlan routing.

As LoopyLou mentions, a HP 26xx will do the job and thats what I use in our office. You need to assign each Vlan an IP address and enable IP routing on the switch, this will then allow routing between the Vlans. Once this is done you would set you th gateway of the devices in that particular Vlan to the IP address of the switch for that Vlan interface or setup static routes on your main gateway to the switches IP address.