Monday, April 14, 2008

Separate VLANs for nortel ip phones and data

For this week's project, I decided to split up the network to give IP phone traffic it's own VLAN with the eventual goal of QoS and all that good stuff in mind. The first challenge of course was getting my Dell and Netgear routers to play together nicely which actually wasn't that bad. I already have a Layer 3 routing Switch from netgear (FSM7352S) in place which I previously configured to support routing between our existing network and an isolated vlan for the testing LAB. The plan was to use the i2002 and i2004 phones to use VLAN 20 and to pass through untagged packets to the PCs attached to them.

Steps:
1. Setup VLAN 20 on the switch.

2. Change the access mode of all the ports involved to 'General' which would allow them to handle traffic from multiple VLANs including the default 'VLAN 1'. Then make sure VLAN 20 is selected and set all ports to 'tagged'. When done, each port should still have a PVID of 1, be untagged for VLAN 1 and tagged for VLAN 20.

3. Changed the ports connecting my switches to TRUNK mode. On the ones where trunk mode was not available, I just set that port to be tagged for VLAN 20 and made sure the port was set to 'General' mode.

4. Turned on GVRP which I naively thought was a great feature that would propagate all my vlans to all my switches, solve all the world's problems, perform miracles, etc. Which to be truthful, it did advertise the VLANs and the other switches acknowledged their existense but I wasn't able to tag any ports on the switches that had dynamically received the VLAN info. I'm still not sure if that's a problem with the Dell switches or the monkey writing this blog.

5. Turned off GVRP and just setup VLAN 20 manually on all switches.

6. Tested that an IP phone on one switch in each building to make sure that VLAN 20 was routing properly.

7. I hard-coded a block of switch ports to 'Access Mode' with a PVID of 20 for the nortel BCM phone servers to lock them into VLAN 20. Then I set up one of the BCM servers to be a DHCP server for that VLAN and rebooted it to make sure changes took effect.

8. I setup option 191 and 128 on the win2k3 DHCP server on the Data lan with the high hopes that it would redirect the ip phones automatically to VLAN 20. Option 191 tells the phones to use VLAN X which in my case is 20 and option 128 is a string which tells the phones settings like the ip of the BCM, etc. HAHAHA, didn't work right - probably my fault. It seemed to get the right server address but just wasn't DHCP'ing on VLAN 20.

9. Manually went to each IP phone and set the server IP, and VLAN to 20.

10. Backed up all switch configurations.

Lo and behold, it all worked. All ip phones were able to DHCP to VLAN 20, and all PCs hooked up through them were able to DHCP to vlan 1. Now all my IP phones are isolated away from the data network. Next project will be QoS. Don't forget, anytime you add a new switch you'll need to configure VLAN 20 on it unless you've got GVRP working.

For more information on option 191, 128, and IP Phone settings, I found some Very helpful posts on McNamara's blog.

Option 128:
http://michaelfmcnamara.blogspot.com/2007/10/dhcp-options-voip.html
Option 191:
http://michaelfmcnamara.blogspot.com/2007/10/dhcp-options-voip-part-2.html
and Ip phone settings:
http://michaelfmcnamara.blogspot.com/2007/10/nortel-i2002i2004-internet-telephone.html
(I went with Partial DHCP because I still haven't gotten the Full to work yet.)

2 comments:

Michael McNamara said...

Very nice blog and post.

Hopefully you know that the BCM/SRG use port 7300 and not port 4100 like the Succession 1000 Call Servers. You would need to modify your DHCP string to use port 7300.

Cheers!

Mostafa Kamar said...

Hi guys,
I had this issue, and by the way I was reading the blogs of Mr. McNamara which was so helpful, but trial and error gave me new results and conclusions:
First you can add the VLAN ID option 191 for the voice traffic in both DHCP Data and Voice scopes or only the Data scopes, same results, both working, of course along with option 128 which must reside in both Data and Voice Scopes.
Second, on the phones you must make sure that you have the (full) DHCP mode along with VLAN ID on (DHCP) mode, not None.
This way, you don't have to do the LLDP MED option which ignores option 191 and will not need to put the node IP or the VLAN manually.
Third, if you didn't configure the VLAN from DHCP, the phone might stay on the default VLAN ID 4095 and pick up IP from the Data Scope, and will work also fine but will confuse your DHCP network administrators.
Good Luck!!!