• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

Dangers of global port tagging

We have dozens of switches around our sites. We use VLAN 3 for VoIP. It's becoming unmanageable tagging only those ports which have VoIP devices plugged into them as, invariably, the socket designation on the wall/patch panel unavoidably differs from the port number on the switch.

What are the dangers of simply tagging ALL ports with this VLAN, given that less than 10% of them will ever have a device plugged in which can make use of that traffic?

Thanks in advance.
0
stalbansschool
Asked:
stalbansschool
2 Solutions
 
Andy MIT Systems ManagerCommented:
In theory yes you can tag all the ports but I really would not recommend it at all. Basically each tagged port (i.e. all of them) will get all traffic broadcasts for the VOIP network, resulting in network issues. (To be honest doing this kind of defeats the purpose of a vlan in the first place).

When you plug a phone into a switch port you need to setup the port ID for that VLAN anyway to make it work so even if you did tag all ports you'll still need to make individual changes on the switch anyway to add new phones, so it won't make setup any easier.
0
 
Cyclops3590Commented:
agree with Morty.  you don't mention what kind of switch you have but some you can configure to auto-provision a port to the voice vlan and all of its setting dynamically easing your admin responsibilities.  something to look into anyway.
0
 
stalbansschoolAuthor Commented:
Thank you both.

We are predominantly using Netgear GS748TPS as edge switches. (I should have mentioned this is the question).

Our VoIP handsets contain gigabit switches allowing us to daisy-chain PCs where we are low on data sockets (which has happened in may places - some of our site is 1,100 years old with 4ft thick walls so only has the bar minimum data provision!) As such, I guess setting the port ID for the voice VLAN would preclude daisy-chained PCs picking up the default VLAN without some VLAN config on the PCs' NICs.

However, I take both points - we want to avoid issues with broadcasts, so need to limit the use of VLAN tagging to just the ports on which we need it; we also need to investigate auto-provisioning as this could be a solution to the admin overhead.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now