For this week's project, I decided to split up the network to give IP phone traffic it's own VLAN with the eventual goal of QoS and all that good stuff in mind. The first challenge of course was getting my Dell and Netgear routers to play together nicely which actually wasn't that bad. I already have a Layer 3 routing Switch from netgear (FSM7352S) in place which I previously configured to support routing between our existing network and an isolated vlan for the testing LAB. The plan was to use the i2002 and i2004 phones to use VLAN 20 and to pass through untagged packets to the PCs attached to them.
Steps:1. Setup VLAN 20 on the switch.
2. Change the access mode of all the ports involved to 'General' which would allow them to handle traffic from multiple VLANs including the default 'VLAN 1'. Then make sure VLAN 20 is selected and set all ports to 'tagged'. When done, each port should still have a PVID of 1, be untagged for VLAN 1 and tagged for VLAN 20.
3. Changed the ports connecting my switches to TRUNK mode. On the ones where trunk mode was not available, I just set that port to be tagged for VLAN 20 and made sure the port was set to 'General' mode.
4. Turned on
GVRP which I naively thought was a great feature that would propagate all my vlans to all my switches, solve all the world's problems, perform miracles, etc. Which to be truthful, it did advertise the VLANs and the other switches acknowledged their existense but I wasn't able to tag any ports on the switches that had dynamically received the VLAN info. I'm still not sure if that's a problem with the Dell switches or the monkey writing this blog.
5.
Turned off GVRP and just setup VLAN 20 manually on all switches.
6. Tested that an IP phone on one switch in each building to make sure that VLAN 20 was routing properly.
7. I hard-coded a block of switch ports to 'Access Mode' with a PVID of 20 for the nortel BCM phone servers to lock them into VLAN 20. Then I set up one of the BCM servers to be a DHCP server for that VLAN and rebooted it to make sure changes took effect.
8. I setup option 191 and 128 on the win2k3 DHCP server on the Data lan with the high hopes that it would redirect the ip phones automatically to VLAN 20. Option 191 tells the phones to use VLAN X which in my case is 20 and option 128 is a string which tells the phones settings like the ip of the BCM, etc. HAHAHA, didn't work right - probably my fault. It seemed to get the right server address but just wasn't DHCP'ing on VLAN 20.
9. Manually went to each IP phone and set the server IP, and VLAN to 20.
10. Backed up all switch configurations.
Lo and behold, it all worked. All ip phones were able to DHCP to VLAN 20, and all PCs hooked up through them were able to DHCP to vlan 1. Now all my IP phones are isolated away from the data network. Next project will be QoS. Don't forget, anytime you add a new switch you'll need to configure VLAN 20 on it unless you've got GVRP working.
For more information on option 191, 128, and IP Phone settings, I found some Very helpful posts on McNamara's blog.
Option 128:http://michaelfmcnamara.blogspot.com/2007/10/dhcp-options-voip.htmlOption 191:http://michaelfmcnamara.blogspot.com/2007/10/dhcp-options-voip-part-2.htmland Ip phone settings:http://michaelfmcnamara.blogspot.com/2007/10/nortel-i2002i2004-internet-telephone.html(I went with Partial DHCP because I still haven't gotten the Full to work yet.)
Posts
