On Fri, 2009-06-19 at 09:40 -0400, Mark Jeffers wrote:
> The phones actually act as a level 2 switch themselves. They tag
> their own packets for VLAN9 (the voice VLAN on my network) and tag the
> packets of the PC attached to them (if there is one) as VLAN1.
Do they actually _tag_ the PC's packets to VLAN 1? On 802.1q trunks,
VLAN 1 generally is the "native" VLAN and does not have the extra 4
bytes and therefore no tag. It is however possible to tag the native
VLAN as well - in general, this option must be activated, though.
> Attaching a phone and a pc to the same switch port has made me nervous
> from day one, but the vendor swore up and down it would work no
> problem.
It definitely isn't. Provided you configure the switch port as 802.1q
link (being a cisco-i-fied persion, I use the term "802.1q trunk" often,
although other vendors use "trunk" to refer to multiple parallel
ethernet links)
In your case, the switch port for a Phone+PC should then be configured
to send packets for VLAN 9 with tags, and packets for VLAN 1 without (or
with, depending if the phone is configured to send VLAN 1 packets with
tags or without).
Make sure that no packets for/from other VLANs (than 1 and 9) go out of
the switch on those Phone+PC ports.
> Also, one thing that has me shaking my head in disbelief is that while
> Allworx built their phones with VLAN tagging abilities, their main
> phone server can't tag its own packets.
Perfectly allright. Just make sure that the server's switch port is
"VLAN 9 only" and sends untagged frames. (Cisco speak: "switchport
access vlan 9)
> But anyway, I was of course suspicious of the pc/phone combo, but some
> of my most problematic phones have no pc attached to them. Plus, I
> figured building the VLANs would solve any problem related to that.
> Perhaps I was wrong?
Well, VLANing is a good way to separate traffic, but some consideration
is necessary to make it work.
Questions:
- are there any inter switch links between the voice server's switch
port and the Phone+PC's switch ports?
- if yes, is that/these interswitch link properly configured as 802.1q links
to carry the needed VLANs (and if possible, exclusively the needed ones)?
- actual voice traffic is between the phones directly, not between
the phone and the SIP server; phone-to-server is only used for call
setup and registration.
- are the firewall's switch ports configured properly as untagged for
VLAN 1 and VLAN 9, respectively (assuming that the FW does not do
tagging itself).
- since VLAN 1 and VLAN 9 are meant to be different broadcast domains,
do they have different IP subnets?
- is there any other device (besides the firewall) that has each
a "leg" into VLAN 1 and VLAN 9? Make sure that it does not "bridge"
nor "route" between these VLANs.
regards
Marc
