Solved

Cisco Switch VLAN Configuration

Posted on 2014-09-28
4
646 Views
Last Modified: 2014-09-29
Need some help with VLANs! We have a client that has a phone system and their data network on the same physical network. The phones started having issues after we had to do a subnet change.

The phones pickup a DHCP address from the Windows server (on the 10.10.16.0/24 network) that has the 66 option enabled for TFTP boot that points the phones to the phone system server (10.10.17.0/24 network). Currently there are phones with 10.206.16.x address and phones with 10.10.17.x addresses but what happens is the phones with 10.10.16.x addresses loose their address and have to be set statically on the 10.10.17.x subnet.

I have attached the current VLAN config of the Cisco switch (they have two locations that are connected with fiber). The current setup should be that the data network in on VLAN10 and the phone network is on VLAN20. I don't have a lot of experience with VLANs but I am ready to learn so please teach me!

I believe the phones are able to tag the phone traffic at the phone instead of at the switch. We are not able to just tag physical ports on the switches because some people have to plug their computers into their phones for a network connection. What do we need to change in the switches or phones to make the phones function completely on VLAN20? We can physically tag the port the phone system is plugged into if need be.

vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-48
   untagged 49-52
   ip address dhcp-bootp
   exit
vlan 10
   name "Data"
   untagged 1-48
   tagged 52
   ip address 10.10.16.11 255.255.255.0
   exit
vlan 20
   name "Voice"
   tagged 1-48,52
   no ip address
   exit

This is my assumption:

1. Tag the port that the phone system is plugged into as VLAN20
2. Have the phones do their own tagging on VLAN20

But what needs done on the switch to allow the data traffic to be on VLAN10 and the phone traffic to be on VLAN20 on the same switch port?
0
Comment
Question by:Skyler Kincaid
  • 2
  • 2
4 Comments
 
LVL 26

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 40349315
You can add address to interface VLAN 10, but not to VLAN 10.
#interface VLAN 10
(config-if)# ip address 10.10.16.11 255.255.255.0

Second:
setting for voice on Cisco switches goes like

!configuring untagged ports
#config t
(config)# interface range fastethernet 0/1 - 48
(config-if)#switchport mode access
(config-if)#switchport access vlan 10
(config-if)#switchport voice vlan 20
(config-if)#
!configuring trunk port
Switch(config)#interface fastethernet 0/52 (instead of fastethernet can  be giga or other type)
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed Vlan all
!(allow VLAN's that you want  - instead all write needed 1,5, 6-20)

if you have cisco phone use QoS:

(config-if)#auto qos voip cisco-phone

and for DHCP to give proper IP address (if DHCP server is in another subnet) for VLAN20 you need to add ip helper-address (address from DHCP server)

SW1(config)#interface vlan 20
SW1(config-if)#ip helper-address X.X.X.X
SW1(config-if)#end
0
 
LVL 15

Author Comment

by:Skyler Kincaid
ID: 40349370
So all the ports would be untagged. We could enable the DHCP server on VLAN 20 and that should do it?

Does it make sense that the phones can do their own tagging?

What needs done to make sure the two VLANs can talk to each other?

Thanks for the reply tonight!
0
 
LVL 15

Author Comment

by:Skyler Kincaid
ID: 40349380
So the phones are probably booting up, getting a DHCP address on VLAN 10 (from the server), pulling the TFTP boot server, pull the configuration, and then works normally until the DHCP reservation times out. At that point they are on VLAN 20 where no DHCP server is enabled.
0
 
LVL 26

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 500 total points
ID: 40349391
We could enable the DHCP server on VLAN 20 and that should do it?

Yes

Does it make sense that the phones can do their own tagging?

Yes , otherwise as untagged phones are part of VLAN 10.

What needs done to make sure the two VLANs can talk to each other?

You need routing (L3 device).

More on Cisco voice switch configurations:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/513_n1_1/b_Cisco_n5k_layer2_config_gd_rel_513_N1_1/b_Cisco_n5k_layer2_config_gd_rel_513_N1_1_chapter_0110.pdf
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now