1747980 Members
4476 Online
108756 Solutions
New Discussion

Subnet based VLAN, Tagged vs Untagged, setup and management

 
smulvenon
Occasional Visitor

Subnet based VLAN, Tagged vs Untagged, setup and management

Hi there, long time reader, first time poster.

 

I have been working with 3com switch trying to figure out how to properly setup and configure some new VLANs.

 

This has been a pain for me, and involved many wasted hours and a few holes in the walls.

 

Our basic setup is as follows:

 

We have lines running to every office, usually just one cat5e. We use an IP phone voip system, so the line goes into the phone first.,then out of the phone and into the PC. Most of the phones are Snom 320, but some are Polycom IP 550 (just incase you were wondering). We have two internet connections at each location (7 locations), and each internet connection is intended for either voice traffic or data trafffic. Currently all data and voice goes in and out the faster of the two connections (by design). What we need to have happen is for voice traffic to be tagged or labeled or routed to one connection and data to the other. This can be accomplished by making data VLAN1 and voice VLAN20. We are prepared to set the phones to use a 10.10.x.x subnet and the computers to use a 192.168.x.x subnet. Each location has a different third octet, which will be the same for both data and voice. Seperating the data and voice will allow better phone quality and make sure that when a jackwagon starts downloading huge files or using a torrent, that the phones will not go down, which is currently a problem at all our locations. Internet connections are connected to ports 1 and 2 hsould it make a difference.

 

What I need is some guidance on how this can be properly setup. I know that we desire subnet based VLANs but we cannot seem to set them up properly. Everytime I attempt to set this up in one way or another, the switch either doesn't like it and starts blocking all traffic, or randomly resets itself, thus losing days of work, as it resets to a factory out of box state.

 

To top this all off the beta location for this is 3+ hours away from any legitimate IT support (it is our smallest office). So all of this must be done remotely. We have an RDP session to a box that is directly connected to the switch both by network and console cable. The best on site that we can hope for is to have someone unplug and/or plug things into and out of the switch. Should a trip be necessary it can be done, but would need to be planned and ready to go before the trip is made.

 

As a note the 3com manual on this has been almost worthless, performing so many tasks in a command line, all for not when they either dont work or simply do nothing.

 

I have attached a child's conceptual drawing of our network. Also, we are dealing with both PC and MAC devices, so that helps...

3 REPLIES 3
smulvenon
Occasional Visitor

Re: Subnet based VLAN, Tagged vs Untagged, setup and management

I can see from the number of views, and downloads of the concept drawing that this is a rather popular topic. If anyone is also curious about this, or has literally ANY insight into it, please respond.

 

I know that I cannot be the only one grasping at straws over this.

Peter_Debruyne
Honored Contributor

Re: Subnet based VLAN, Tagged vs Untagged, setup and management

Hi,

 

* I would not go for the ip subnet based setup, but for traditional port-based vlan setup, if possible. That means : do your phones support a voice vlan ? Since that is the cleanest way to do the configuration. IP subnet based vlans will work in case of fixed IP configurations, but in case any dhcp is involved it can become quite complex.

So the best way to move forward is to ensure the phones can be configured with a voice vlan. Please check that first, then the switch configuration can be adjusted based on that.

 

* In the drawing there is only the 2 internet connections and the switch. Which devices are doing the internet vpn ? Are these devices under your control ?

 

Essentially you need a routing device and policy based routing setup to be able to send voice traffic over 1 routed uplink and the data traffic over the other routed uplink. I have no experience with the 4510, but it does not seem like an advanced routing device, so I do not think this switch will be able to handle that part of your request.

 

If you accept a dedicated internet link for voice and dedicated for data (and no failover between them !), you could configure the 4510 with vlans and terminate the voice and data vlans on their respective uplinks.

 

Best regards,Peter

 

smulvenon
Occasional Visitor

Re: Subnet based VLAN, Tagged vs Untagged, setup and management

Peter!

 

Thank you for the response, I have been waiting for some action so that I can figure this out.

 

On the picture there is also listed a server and an example of a Phone and PC configuration. There is typically one cable that goes into an office, which goes into a Snom 320 phone and then jumps out of the phone to provide the PC with network connection.

 

If I can somehow tag the different subnets with their respective VLAN ID, then supposedly the provider's router will take care of the two connection routing. The voice needs to be VLAN 20 and the data VLAN 1, just for reference.

 

As both the phones and PCs will be using the same port on the switch I cannot tag a switch port for one VLAN or the other. The phones will be statically assigned IPs in the 10.10.X.X subnet and the PCs will be DHCP in the 192.168.X.X subnet. Each physical site will have a different 3rd octet that will be unique, but will be the same for both the 10 and 192 subnets on each site. So office "A" will be 192.168.100.X for data and 10.10.100.X for voice; Office "B" will be 192.168.150.X and 10.10.150.X, so on and so forth.

 

We have multiple Operating systems (XP, 7, Mac, Server) and multiple phone brands (Snom, Polycom, Cisco) to deal with. This was why I figured that subnet based VLAN would have been the best. As it would be in credibly complicated rules to try to use MAC addresses as the separation, and hard coding ports to a VLAN wouldn't work with the setup.

 

So I was hoping that there was a way to get all 10.10 subnet data tagged with VLAN 20 and all 192.168 data tagged as VLAN 1 in the switch. The phones are capable of using VLAN information as part of their setup, but I need to get the switch to understand the VLANS first. Every time I try to follow directions that I have found on setting this up, the switch crashes and I have to have someone unplug it and plug it back in (I am three+ hours away from the test site). When it comes back up I have to start from scratch again, including setting the device IP for access. Luckily I planned for this and connected the switch to a local server (2008r2) with a serial console cable.

 

All devices are under my control on the network, and I have test devices setup and ready to go for testing and toying.

 

If you have any ideas, please let me know.

 

Thank you,

 

-Sean