Solved

VLANs for Voice, Workstations and Servers

Posted on 2015-02-23
2
298 Views
Last Modified: 2016-11-23
We use Dell switches on our small network. We are planning to install a new VoIP system to replace our old digital phone system. The boss does not want to run new cabling for the new VoIP phones but wants to tether the workstations off the phone handsets; i.e. the workstations will connect to the phone VoIP handsets and that will then run to the wall plate with one network cable. He wants separate VLANs set up for the workstations, the new phones and the servers. We have two VMWare ESXi hosts on-site that each hosts a few small VM's, including a domain controller that also runs DHCP for the network.

I am familiar with setting up VLAN's using dedicated switch ports to separate VoIP and data traffic but since the workstations will be tethered to the phones I am uncertain how to proceed. Also, the DHCP server needs to be able to offer IP address leases from different IP address pools depending on which VLAN the devices belong to.

Can anyone help me by explaining how I should set up the VLANs?
1. Do I still configure VLAN's on the switches themselves? How do I assign port membership because I have two different devices linking in using the same physical port?
2. How do I define a DHCP scope specifically for use by each VLAN on the domain controller?
3. What configuration needs to happen on the workstations and server VM's to link them to the "workstation" and "server" VLANs?
4. Sake of interest: why would you use VLANs in this case and not just assign different IP subnets with DHCP MAC reservations for the devices; seems simpler?

Any help would be greatly appreciated.

Thanks!
0
Comment
Question by:Katfis
2 Comments
 
LVL 11

Accepted Solution

by:
Bryant Schaper earned 250 total points
ID: 40626736
Can you provide the model of phones, router and switches.

What are trying to do is not complicated assuming the hardware supports it.  The phones need to know how to find a voice vlan.  This via LLDP-MED of CDP.  It will then pickup an IP on that vlan, and the access port can be assigned to another.  We do this on our cisco phones, and works perfect, even with our juniper switches.

For your questions:

1.  Yes, you assign an access vlan and a voice vlan
2.  You need to define sites and services in AD, add add the appropriate subnet.  Your router needs to forward the dhcp request to your dns server, (IP helper-address)
3.Workstations just need to be on the right vlan and get the new IP via DHCP (dont forget printers).  Servers will need to have a new vswitch with the corrent vlan as well.
4.  Traffic isolation, security boundary.  You could still sniff the traffic and rebuild a voice call for example.  In a small shop it is probably not needed, but still best practice to isolate the voice traffic.
0
 
LVL 6

Assisted Solution

by:rgorman
rgorman earned 250 total points
ID: 40627099
With the Dell switches you might have to configure each port as an 802.1q trunk port with the workstation VLAN configured as untagged and the voice VLAN as tagged.  Then you would need to make sure your phone knows what VLAN is the voice VLAN in its config.  I don't think the Dell's have an option for voice VLAN which is why you will need to configure them as trunk ports and define the voice vlan on the phones.  Your voice VLAN would have a VLAN interface IP that the phones could route through should they need to to get to the voice servers.  You could also just stick the voice servers on the same VLAN as the phones if it is a small network and that should be fine.

As long as your workstation VLAN is configured as untagged on the trunk ports they should just work fine.

Your ESXi servers should be configured with port groups (their version of VLAN's) and connected to the switch using trunk ports too so if you have done that you shouldn't have to do much.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now