Solved

Configuring Dell PowerConnect 35xx Switches for Voice VLAN

Posted on 2014-01-28
25
888 Views
Last Modified: 2016-11-23
We use Dell PowerConnect 35xx switches and I want to know the best way to handle VLANs and our VoIP.  Currently I simply have two VLANs (100=data; 200=phone).  PCs and phones do not share jacks, so each switch port is in access mode and assigned to one VLAN or the other as appropriate.  The ports going between the switches are in trunk mode and carry both VLANs.  

At the switch that connects to the router (Internet) I use a separate port for each VLAN; each going to a separate port on the router.  That way I can assign higher priority to the traffic on the voice VLAN.  (Not sure if that is the "normal" way to do it -- but it was what made sense to me :-)

At times of heavy data usage we occasionally get some "chop" on our voice lines.  I don't know if it's being caused at the router, switch(es) or both.  However, I want to eliminate it anywhere I can.  I notice that the switches have something called Voice VLAN, but I don't understand what the difference is between that and a regular VLAN.  Is it something I can use to give the voice traffic higher priority at the switch level?  And if so, how would I set it up?
0
Comment
Question by:slattdog
  • 15
  • 10
25 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39819689
Nope, voice vlan is only used if you wanted to connect the phone and pc on the same switch port (daisy chaining the pc off of the phone). It would in essence create a trunk for both vlans on that one switchport. Since you are not sharing data jacks it is not needed.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39819699
Is the router only doing routing to the internet or handing vlan routing also? Or is your 35xx doing the VLAN routing.

Yes, the separate uplinks is a very strange setup.
0
 

Author Comment

by:slattdog
ID: 39820848
Okay, no Voice VLAN.  Thanks Soulja.

The reason for the separate uplinks is that I just wanted to keep the networks as segregated as possible, and it seemed to allow more control (bandwidth for example) at the router (which is a SonicWALL NSA240 btw.)

How would you recommend it be setup?
0
 

Author Comment

by:slattdog
ID: 39820868
The SonicWALL is handling Internet and VLAN routing.  (Sorry, forgot to answer your question.)
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39820889
I would let it to have the 35xx handle all vlan routing and allow the sonic to just handle internet routing and inspection. The fact that you have it setup like that could be the reason you are having voice issues.

You will free up plenty of resource on the Sonic, and the 35xx will route vlan traffic faster anyway.
0
 

Author Comment

by:slattdog
ID: 39820928
I'm pretty new to all this.  When you say to have the switch do the routing, what does that look like?  The only things I have configured on the switches is adding the VLANs, assigning ports to the appropriate VLAN, and then setting the ports that go between switches to Port mode.  All I really want is to have two separate (virtual) networks over one physical network infrastructure.  

The data and voice networks don't need to talk to each other, they just each need Internet connectivity.  By using separate ports on the SonicWALL it seemed easier to allocate higher priority to the voice VLAN, but if I'm handling that wrong I'll change it.  My goal there is just to make sure that voice traffic gets all the bandwidth it needs -- regardless of data usage.

So, I guess I don't understand "routing" in the context of the switches?

Given my setup, from SonicWALL to 35xx's what is the best way to configure things so that the voice VLAN has priority all the way through.
0
 

Author Comment

by:slattdog
ID: 39820971
Should I have all the VLANs flowing through a single port on the SonicWALL, or a different port for each?  I don't understand the benefits for one versus the other.  I guess I figured I'd get more control by giving them each a separate port.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 500 total points
ID: 39821054
No, you don't want any of the vlan to flow through the sonicwall, you want to contain any vlan to vlan routing at the L3 switch. The only traffic you want to hit the sonicwall is traffic exiting or entering from the internet. Is there any particular reason you want to inspect traffic from vlan to vlan?
0
 

Author Comment

by:slattdog
ID: 39821103
Sorry Soulja, but I don't think I'm following you.  You say I, "don't want any of the vlan to flow through the sonicwall," but if I don't configure VLANs on the SonicWALL how do I control them independently?  For example: bandwidth limiting, content filtering, etc.  If the SonicWALL doesn't know about the VLANs how can it distinguish?
0
 

Author Comment

by:slattdog
ID: 39821182
Maybe just re-stating the obvious here, but they say a picture is worth 1000 words :-)
img-140130112828.pdf
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39821223
Is your voice traffic going to the internet? Why would it need to bandwidth limited or content filtered? If voice traffic stays within the lan, there shouldn't be any congestion. The chokepoint is the connection to the internet.

For web surfing traffic, can you just filter based on source address/or subnet?
0
 

Author Comment

by:slattdog
ID: 39821269
Our phone system (in-house) is VoIP, but our phone lines are also VoIP (Internet based, not PRI, etc.)  No, I don't want to filter the voice network, just give it higher priority than the data traffic.  Perhaps I'm missing something, but if I can't give priority access to the Internet for the VoIP traffic (at the router) then what it to prevent the data network from hogging it all?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:slattdog
ID: 39821282
Is there something I should be doing at the switch level (in addition too, or instead of at the router) to give priority to the voice VLAN?
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 500 total points
ID: 39821301
Okay, I see what you are saying. Even still with voip lines going to internet, you don't need the firewall to be layer 2 aware, just let it be layer 3 aware. Do filtering, bandwidth allocation based on ip/subnet information instead of vlan.

I am pretty sure there are QOS options for the dell power connect to prioritize traffic, but remember most qos queing doesn't take affect unless there is congestion, and that most likely won't happen on the lan side, unless however your phones and pc's share switchports.
0
 

Author Comment

by:slattdog
ID: 39821351
So you are saying I should just have 1 connection from the main switch to the SonicWALL?  If so, how should those ports be configured?  Since they will be carrying all the VLANs, but you are saying to leave the VLANs out of the SonicWALL all together.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39821412
Uplink to the FW with one port. Then you have two options:

1. Create an new vlan interface on the L3 switch, say VLAN 50 with a new subnet, say 192.168.50.1 255.255.255.252. Then change that port connecting to the FW to vlan 50. Change the FW interface to say 192.168.50.2.

2. Change the switch port connecting to the FW to a routed port. Assign same ip above and change FW to ip above.

I would do option #2 since it doesn't need vlan and is straight layer 3.
0
 

Author Comment

by:slattdog
ID: 39821455
Looking at the switch via the GUI I don't see how I make a port a routed port.
0
 

Author Comment

by:slattdog
ID: 39821489
Also, since I am using the SonicWALL as the DHCP server for the phone system, is that going to cause a problem if it is not aware of the VLANs?
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 500 total points
ID: 39821584
Oh man! Forget everything I told you. I thought your switches were layer 3 capable. It looks like they are stictly layer 2. No wonder you are running everything to that Sonicwall. My advice would be to get an Layer 3 switch and incorporate it into our network. You sonicwall is taking on too many responsibilities. If you get the layer 3 switch than everything I have told you thus far will work. I think having the firewall handling multiple things will in fact affect your voice traffic.
0
 

Author Comment

by:slattdog
ID: 39821936
Ah!  OK  :-)

This does leave me wondering though... isn't the SonicWALL designed to handle multiple networks?  What is the reason for it to have 8 ports otherwise.  (I guess it could be a small switch too -- but that is pretty limited for an advanced device like that.)

At the switch level all I want to do is mimic what things would look like if I actually had 2 (or 3 or 4...) physically separate networks.  Each of them would have to plug into the SonicWALL on a different port for Internet access.  The networks do not need to talk to each other -- in fact I specifically DO NOT want them to.  Again, just like they were on physically separate networks; they just all need to share a single Internet connection, which I need to be able to control differently for each.  On the data network I need content filtering, but not on the phone network.  On the phone network the router is the DHCP server, but on the data network it's a Win2008 server.

Then, I want to give higher priority to the voice network, so that no matter how much bandwidth the data network is using (even if it would saturate the connection) the voice network still gets all it wants and the data network gets what's left over.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39822068
I understand, but looking at your diagram, the voice and data aren't physically separate. The only reason to uplink the separate ports is if you wanted to inspect traffic traversing back and forth between the vlans. That said, if you want to qos traffic based on the port it enters, I guess that is possible, I am not super familiar with Sonicwalls. You would normally qos based on source ip/qos marking and then apply some type of policy on the wan interface of the sonicwall.
0
 

Author Comment

by:slattdog
ID: 39822110
Okay, but without a Layer 3 switch do I even have an option?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39822169
Just to confirm you said that voice and data network never talks to one another? When you get choppy calls, is that external calls or on internal?
0
 

Author Comment

by:slattdog
ID: 39822183
For the time being, let me ask this a different way.  We have 2 virtual networks traveling across 1 physical network (at the switch level); and they are sharing 1 Internet connection (via 2 separate ports on the router).  Assuming I can control/prioritize the traffic at the router (which I'm pretty sure I can), what can/should I do to prioritize the traffic at the switch level?

If the switches are never operating close to max capacity then it shouldn't be an issue.  However, if (for sake of example) a computers is doing a huge data transfer from a server on another switch (theoretically using all the available switch bandwidth) and then a phone tries to make a call over that same segment; even though there is plenty of Internet bandwidth for the call, the voice connection would suffer if the switches did not give priority to it right?
0
 

Author Comment

by:slattdog
ID: 39822192
We only get choppy calls (that I have ever experienced anyway) when they are to/from the outside.  Not phone to phone internally.  

I think the issue is Internet bandwidth contention, not switch capacity.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Transparency shows that a company is the kind of business that it wants people to think it is.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now