How do I get VoIP phones in one subnet, to use the gateway in the LAN subnet?

We’re using a SonicWall TZ-215 firewall.  Our LAN X0 port is setup as 192.168.0.1—254, with 192.168.0.2 setup as the gateway, 255.255.255.0 as the subnet.  

We’re getting VoIP phones, and the vendor is setting them up with static addresses between 192.168.1.100—200, subnet 255.255.255.0.  How do I configure the SonicWall to get the phones to access the 192.168.0.2 gateway?  (X3—X6 interfaces are unused on the SonicWall, if needed for the solution)
TachyonOneIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
You can't, because the phones are on a separate subnet by definition of their IP addresses and the 255.255.255.0 subnet. You would need a new physical or sub  interface on the Sonicwall to be on the 192.168.1.0 255.255.255.0 network. An IP address of 192.168.1.1 for the Sonicwall would generally be a good choice.
0
Blue Street TechLast KnightCommented:
Hi TachyonOne,

How do I configure the SonicWall to get the phones to access the 192.168.0.2 gateway?  (X3—X6 interfaces are unused on the SonicWall, if needed for the solution)
Having voice on a separate subnet is ideal! But since you asked...there are a couple of ways you can achieve this, but all would require a switch of some sort:
a) create X3 as a 192.168.1.0/24 subnet & use two (2) unmanaged switches (1 for X0 & 1 for X3) to disseminate traffic downstream (cheapest Best option);
b) create X3 as a 192.168.1.0/24 subnet & use one (1) managed switch (for both X0 & X3) to disseminate traffic downstream (recommended & Best option);
c) create X3 as a 192.168.1.0/24 subnet, bridge from X3 as the primary to X0 as the secondary & use one (1) unmanaged switch (for both X0 & X3) to disseminate traffic downstream (not recommended option but works).

In options a) and b) the networks would talk via Access Rules. In option 3 the L2 bridge would provide one (1) shared network of 192.168.1.0/24, not advisable but doable. QoS and BWM should be enabled on the voice network as well as Consistent NAT.

But again, I'd recommend option b), and a) in that order.

Let me know if you have any other questions!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TachyonOneIT ManagerAuthor Commented:
Blue Street Tech,

In implementing option b), why does the switch have to be managed?  Is there something special I have to setup on the switch?

Also, I've attached a diagram of what I think option b looks like.  Please check to make sure I'm understanding...

Thanks!
Routing-Diagram.JPG
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

ArneLoviusCommented:
To have the phones one one subnet, and the computers on another subnet while connecting to the network via the phone, a managed switch is required so that they can be configured with a native VLAN for the computers and a tagged (802.1q) VLAN for the phones.

Rather than using static addresses for the phone, DHCP would usually be the method of setting the VLAN for the phones, and assigning addresses, and has the advantage of reducing the task list when provisioning a new phone.
2
Blue Street TechLast KnightCommented:
In implementing option b), why does the switch have to be managed?  Is there something special I have to setup on the switch?
ArneLovius answered this for me!

I see so from your diagram it looks like you are using the phone switchports to dissiminate traffic to the computers, is that correct? I would recommend against that for a number of reasons:
• introducing multiple single points of failure & relying on, typically, cheap swithports to carry the burden;
• if you have an issue with the phone the user is dead in the water;
• sometimes there are limitations on what the phone switchports will support in terms of protocols,
• for 1Gb networks this is a non-starter as most phone switchports run on 100Mb speeds.

It costs a bit more to run a separate line for each station so that out of the wall each user has two CAT6 feeds but its well worth it in the long run. Provided that the phone swithports support 802.1q you should still be able to setup option b as you have drawn in your diagram.

Let me know if you have any other questions!
0
kevinhsiehCommented:
We daisy chain the PCs through the phone all the time in an enterprise environment. If the phone is a problem, we tell users to unplug the network cable from the phone to wall jack and connect directly to the computer. It isn't a big deal.
0
Blue Street TechLast KnightCommented:
Just because something is common or it works doesn't mean its the best way of doing it! It isn't a big deal but I don't see it as a networking Best Practice either. That's all!
0
TachyonOneIT ManagerAuthor Commented:
Unfortunately, I am stuck with feeding the computers from the phone’s switch-ports.  The phones we’re using support 802.1q and VLAN’s, so I need a little more information about setting up VLAN’s with the SonicWall.  The phones are going to be setup with static IP’s.

Using the setup b) described above:
X0 to say port 1 of the managed switch, port configured as the native VLAN1 for the computers
X3 to say port 3 of the managed switch, port configured to VLAN3 for the phones

Is there any other configuration I need to do in the SonicWall to support this VLAN setup, or is it all just happening between the phone and the switch?  (I found a video tutorial online showing vlan’s being setup on the SonicWall, but I don’t know if I need to do this, or if the switch setup is enough)
0
ArneLoviusCommented:
Using the phone to deliver Ethernet to the computer works very well. I have many clients that use this, obviously if the phone is only 100Mb, then the computer won't have gigabit, but apart from that it works very well.

You do not need to setup VLANS on the SonicWALL, you can use a port on the switch for each SonicWALL interface, but you DO need a managed switch to connect to the phones.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.