Setup 2nd VLAN for Voice on CISCO Switch

SycamoreIT
SycamoreIT used Ask the Experts™
on
I have a network which currently has the voice and data all on the same network space (192.168.27.1/24). The DHCP server is a Draytek 3900 Series Firewall and the network switch is Catalyst 2960 L series.

I have access to the CLI on Cisco but have zero experience using the command line interface so ideally would be better if we can configure the network switch to allow me to access via a browser (if thats easier for configuring switch).

Any advice on how to achieve this would be appreciated.

Thanks
Sycamore IT
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Are you planning to connect voip phones on their own switch ports or daisy chain the computers off of the voip phones?

If  a separate port for the voip phone by itself:

vlan x
name voice

interface x/x
switchport access vlan x

Open in new window

If same switchport at pc:

vlan y
name PC_Vlan
vlan x
name VOIP

interface x/x
switchport access vlan y
switchport voice vlan x

Open in new window

bbaoIT Consultant

Commented:
you can use web console to configure your 2960 switch, you may also use a Cisco device manager. CLI is only optional, not necessary.

FYI - for more details, please see the below link.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960xr/hardware/quick/guide/b_gsg_2960xr.html
SouljaSr.Net.Eng
Top Expert 2011

Commented:
If you need access to the browser see if

ip http server or ip https server is in the config. If so, you should be able to get to the switch using the management ip in the browser.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Daisying Chaining PC's from phones is the way we are currently setup.
Only the title of the question suggests what you are thinking about: a separate VLAN.
But, you don't mention *why?*.

In my experience, the situation you have now is not only typical for a small to medium office but, I'd say, preferred.
I have one larger organization where we set up a VOIP VLAN and it has caused some headaches.
Even the VOIP provider was a little surprised about our VLAN...
We did it because the VOIP "deal" included a separate internet connection and there was already a well-formed security architecture in place.  So, the VLAN made it possible to use the same cables and keep the phone system separate (external PBX).
What it did do was allow us to tweak QoS but there's no evidence that this mattered....

Author

Commented:
Fred, we have experienced call quality issues and drops and this has been reported to the provider of the voip system. They have requested we set up the voice vlan has a prerequisite but its something I ignored because I have other larger clients (around 50 users) who are on a single network range and they never report issues with call quality or drops although the voip providers are different. That said the other voip providers requested I setup voice vlans when I installed those networks but as I said, it was ignored. This is the first time Ive had to do a vlan just for voice and its something Im doing to keep the voip provider engaged so we can get to the bottom of the issue.

Author

Commented:
ok when I connected to switch and tried commands, I got the following.


% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: n



Press RETURN to get started!


Switch>ip http server
       ^
% Invalid input detected at '^' marker.

Switch>ip https server
       ^
% Invalid input detected at '^' marker.
Re: VOIP VLAN.
Well, in our case, and I suspect in your case, the VOIP traffic is sharing the same wires with the other network traffic.  
That many computers are daisy-chained off the phones is a clue.  And, as usual, I doubt that you intend to add separate cabling just for the phones.  If you did then you'd have a "LAN" for the phones - independent of how routers and switches might view things re: VLANs.
That's not to say that *some* wires will only be carrying network traffic and need not be trunked with the VOIP VLAN.
But, to serve the phones AND their daisy-chained computers requires trunk lines.

Assume this simple topology with a VOIP VLAN:
Gateway/Router - Central switch - downstream switch - phones+computers..

The inter-switch connections have to be trunk lines.
The wire feeding each phone+computer has to be a trunk line.
So, all the inter-switch traffic is combined on the wires.
Without QoS, nothing has been accomplished *except* to avoid adding wires for the phones.
So, the VLAN by itself isn't likely to solve call quality issues.
Sr.Net.Eng
Top Expert 2011
Commented:
@SycamoreIT

switch>en
conf t
ip domain-name something.com
crypto key generate rsa modulus 1024
username cisco priv 15 password 0 cisco
ip http server
ip http secure-server
int vlan 1
ip address x.x.x.x 255.255.255.0
no shut

line vty 0 4
login local
transport input ssh

Open in new window


That should get you started and able to access the gui. The username and password is whatever you want. I just put cisco to keep it simple for this example.
Distinguished Expert 2018

Commented:
Did you make sure to enter enable mode first?

Author

Commented:
@Fred - never heard of Trunk Lines - we have just standard network cables to the desk where the phones are then a small patch from the phone to the pc.

@Soulja
Do I just enter that line by line or paste it into the putty session? Obvs I would have to put an IP address in line 9 thou?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
I'd do line by line so you see what's going on.
SouljaSr.Net.Eng
Top Expert 2011

Commented:
@sycamore

In regards to Fred's comment. He is referring to the switchport that a phone and computer is sharing when daisy chained. The port is treated as a trunk that tags both vlans used on the switchport. One for the data vlan and the other for the voice vlan.

Author

Commented:
@Soluja
I entered in the various commands via the putty session and got all the way through to the end without problems. Do I need to save and escape out of the session?

When I try and reach it via the broswer I get a username/password prompt. Ive tried cisco and cisco also cisco and password but neither seem to work - do I have to save the config
SouljaSr.Net.Eng
Top Expert 2011
Commented:
Sorry I forgot the command

ip http authentication local

then

copy run start

to save config
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Username and password will be whatever you configured.

Author

Commented:
copy run start didnt work (other command did thou)? Also Ive not configured as username/password?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
copy run start won't work if you are still in global config mode. You will know you are in this mode if you see (config).  Type exit to get back to EXEC mode, which you will see just #. Then do copy run start

As for the username and password. Is in the first configs I provided:

username cisco priv 15 password 0 cisco

Open in new window

Author

Commented:
Ok, all done - Im in and I can now see the gui via the browser.
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Great to hear!

Author

Commented:
So now that Im into the GUI, how do we set up the 2nd VLAN for the voice and issue the correct IP address to voip handset (192.168.28.0/24) and PC/all other devices to keep getting the current DHCP settings?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
you should start an entirely new question as this question regarding accessing the gui has been resolved.

Author

Commented:
Thank you Soulja - all sorted now.
In regards to Fred's comment. He is referring to the switchport that a phone and computer is sharing when daisy chained. The port is treated as a trunk that tags both vlans used on the switchport. One for the data vlan and the other for the voice vlan.
Yes.  I guess a good way to think of VLANs is rather twofold:
But first, "what is a LAN?"  A LAN is a physical set of cables, ports and switches and maybe a router port.  It doesn't matter what the copper carries and it could be multiple subnets - which would be unusual.  If that's done then there's no way to separate the traffic other than destination machines recognizing what traffic is of interest to them.
Then, "what is a VLAN?" The same thing except for the Virtual part.  It provides virtually "new copper" by sharing the actual copper and by maintaining some separation.
So then a VLAN may have two characteristics (or more):
1) It may be set up to provide for a separate subnet.   And routers may help in providing the subnet range, DHCP etc. and call those VLANS.  In fact, some routers call ALL subnets a VLAN starting with things like VLAN 0 or VLAN 1.  
2) The packets on the ports or wires have additional information in TAGs (or not) that say "this is a VLAN 0 packet", "this is a VLAN 1 packet", etc.
(Of course it's more complicated than that but this is a top-level view).
So now, in a switch, those packets may be separated out physically to different ports or they may be combined (time multiplexed) on the same port / wire.  The latter arrangement is important if you don't want to add cables.  The time-multiplexed ports/cables are called "trunked".  
Imagine a switch with upstream ports to two physical VLANs.  Only one VLAN per port.
Then imagine the switch cascades down to another switch but there is only one cable run for that purpose.
Then that switch port needs to be "trunked".
At the downstream switch, the trunked cable ends
and, ALL the ports downstream may be trunked to support phone+computer each.
The phone separates out the packets is a way to think about it.  It uses the VOIP-assigned VLAN for voice and ignores the data VLAN.  The computer effectively ignores the voice part (or never sees it) and deals with the data.
When packets return, they are tagged as before and belong to their respective VLANs.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial