Solved

Dangers of global port tagging

Posted on 2014-01-10
3
318 Views
Last Modified: 2014-01-13
We have dozens of switches around our sites. We use VLAN 3 for VoIP. It's becoming unmanageable tagging only those ports which have VoIP devices plugged into them as, invariably, the socket designation on the wall/patch panel unavoidably differs from the port number on the switch.

What are the dangers of simply tagging ALL ports with this VLAN, given that less than 10% of them will ever have a device plugged in which can make use of that traffic?

Thanks in advance.
0
Comment
Question by:stalbansschool
3 Comments
 
LVL 13

Accepted Solution

by:
Andy M earned 300 total points
Comment Utility
In theory yes you can tag all the ports but I really would not recommend it at all. Basically each tagged port (i.e. all of them) will get all traffic broadcasts for the VOIP network, resulting in network issues. (To be honest doing this kind of defeats the purpose of a vlan in the first place).

When you plug a phone into a switch port you need to setup the port ID for that VLAN anyway to make it work so even if you did tag all ports you'll still need to make individual changes on the switch anyway to add new phones, so it won't make setup any easier.
0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 200 total points
Comment Utility
agree with Morty.  you don't mention what kind of switch you have but some you can configure to auto-provision a port to the voice vlan and all of its setting dynamically easing your admin responsibilities.  something to look into anyway.
0
 

Author Comment

by:stalbansschool
Comment Utility
Thank you both.

We are predominantly using Netgear GS748TPS as edge switches. (I should have mentioned this is the question).

Our VoIP handsets contain gigabit switches allowing us to daisy-chain PCs where we are low on data sockets (which has happened in may places - some of our site is 1,100 years old with 4ft thick walls so only has the bar minimum data provision!) As such, I guess setting the port ID for the voice VLAN would preclude daisy-chained PCs picking up the default VLAN without some VLAN config on the PCs' NICs.

However, I take both points - we want to avoid issues with broadcasts, so need to limit the use of VLAN tagging to just the ports on which we need it; we also need to investigate auto-provisioning as this could be a solution to the admin overhead.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now