Solved

VLAN Tag for chained network device.

Posted on 2016-09-19
11
54 Views
Last Modified: 2016-09-21
Hi Experts!!! I have another dilemma with vlan configuration. I have vlan 1 for data and vlan 20 for other. I have port has two devices daisy chained. 1st device need to be at vlan 1 and other device needs to be vlan 20. If I untagged for vlan 20 and tagged vlan 1, the device vlan 1 is not able to talk. How that work?  What is best way to handle this? Thanks in advance!!
0
Comment
Question by:MoonLive
  • 5
  • 5
11 Comments
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 41804963
If devices are PC and phone it is easy - tag traffic to phone and untag PC traffic.
Servers can talk "taggish" and can route, so basically, maybe, you can use server to route traffic for you (one of the tags here is Windows server). Or add switch if needed.
Otherwise, if one of devices (phone, server etc) can't do tricky part for other device I guess you will have to add switch somewhere (or hub - but hubs are half duplex, so it is not recommended solution).
0
 

Author Comment

by:MoonLive
ID: 41805155
Good to hear from you Predrag Jovic!.  

Well it is phone and PC! vlan 1 with voice, vlan 20 with security camera. I did untagg vlan 20 and tagged vlan 1, but i can't ping vlan 1 device when i do that.  PC needs to be connect to server for security camera connection.  how does device know which device is tagged or untagged?
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 41805346
Hi MoonLive, :)
how does device know which device is tagged or untagged?
That is the biggest issue.
Typically end devices do not know tags at all. Some devices (phones and switches etc) understand tags, but generally end devices do not understand frames with dot1q tag and simply drop frame if tag is present. So, typically, for end devices that don't understand frames with tags some other device (switch, phone) must remove tag from frame before frame is sent to that device (e.g PC, camera). Most of IP phones typically have built in 2 port switch for that purpose, but for some vendors you need to manually assign on phone what is voice VLAN (tagged). There are also implementations where both VLANs are untagged, actually Cisco have 4 ways  to implement VoIP and PC on one port.
Cisco's recommended port configuration on switch port is not including tagging at all:

 interface fastethernet 2/5
  switchport mode access
  switchport access vlan 10
  switchport voice vlan 20

You need to check how port is configured and also how phone vendor implementation.
I am sorry, but there are many ways that can this be implemented, so I can't give you solution.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 41807887
Please be clear though... what is connecting to the port, and how?  Is it a phone connecting to the port and a device connecting to the phone?

Assuming it's a phone connected to the switch and a device connected to the phone, can the phone do CDP?  If so just do this on the port:

switchport mode access
switchport access vlan 20
switchport voice vlan 1

Open in new window

0
 

Author Comment

by:MoonLive
ID: 41808626
We are using HP Procurve Switch. The switch connected with ShoreTel phone and PC (security camera client).
I am now sure HP switch have command as Cisco does. if you or anyone knows please let me know.

PC vlan 20
voice vlan 1

i am planning to put voice vlan in the future once I can figure out this type of situation.
Thanks
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 41808920
Typically that kind of setup depends on phone needs. You can find configuration details on link below (including Cisco, Juniper and HP (HP Procurve – 2520G-24-POE Example - page 21)).
Data Network Best Practices for ShoreTel VoIP
0
 

Author Comment

by:MoonLive
ID: 41808989
On the document example show all dscp-map priority. if this command is entered in all switches, i don't need voice vlan to setup?  Did i understood correctly?  
Or do i need to setup voice vlan on all switch and tagged all ports that has phone and set those priority?  
I just want clear understanding of this. Thanks
0
 
LVL 26

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 41809042
You need voice VLAN and PC VLAN setup.
On page 22 you have example how to configure HP ports.

HP is VLAN centric - you assign ports under VLAN.
vlan 10
name voice
 voice
 tagged 1-20, 27
vlan 20
 name office
 untagged 1-20, 27

Above config would be configuration of ports for both voice 1- 20 tagged and untagged PC traffic on port 1 - 20, port 27 would be example of uplink to L3 switch.
This should be useful if you are familiar with Cisco - HP Cisco commands reference guide
Also ports to phones and PCs should be configured as edge ports. I did not, so far, configured ShoreTel phones, so I will not be big help with this one.
I found this one, looks useful - HP ShoreTel configuration.
0
 

Author Comment

by:MoonLive
ID: 41809159
As always. you are helpful!!! do i still need qos dscp-map statement?
0
 
LVL 26

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 500 total points
ID: 41809177
You typically need QoS for voice, so yes.
However congestion is typically on WAN link and you need it at least at that point, but anyway - end-to-end QoS is highly recommended.
0
 

Author Closing Comment

by:MoonLive
ID: 41809186
Thanks for the all the respond and useful link.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Is your computer hacked? learn how to detect and delete malware in your PC
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now