HPE Community
Switches, Hubs, and Modems
1753287 Members
5437 Online
108792 Solutions
New Discussion юеВ

VOIP/2 VLAN setup for 2626 and 2650 Switches

 
SOLVED
Go to solution
Bennett Terwilliger
New Member

тАО10-27-2008 11:30 AM

тАО10-27-2008 11:30 AM

VOIP/2 VLAN setup for 2626 and 2650 Switches

Hello,

I am implementing a new VOIP phone system for which we have purchased a 2626-PWR and 2650-PWR switch for the LAN. The phone documentation provides configuration with Cisco switches and this is the first time I've configured HP switches. Here's how we'd like to set things up:

- Data traffic: VLAN1 192.168.1.1/24
- Voip traffic: VLAN2 192.168.2.1/24
- Firewall/GW for switches; 192.168.1.1
- DHCP server (192.168.1.8) providing IPs to phones on VOIP VLAN
- Traffic able to communicate between VLANs - Phones will be plugged into switch, and User PCs will plug into hub on VOIP phone (so switch ports will need to have both VLANs)
- QOS to prioritize VOIP traffic
- Port 1 Uplink, Port 2 Trunk, Ports 3-24 Phones/PCs

We will also be re-IPing everything during the move, so if for some reason a different private IP scheme works better, it's not a problem to change that. So far, I've pieced together configs from other IP Phone vendors and switches for the setup. Here is the current running config on the 2626:


Running configuration:

; J8164A Configuration Editor; Created on release #H.10.38

hostname "hppc2626-pwr"
interface 2
no lacp
exit
trunk 2 Trk1 Trunk
ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1,3-26,Trk1
ip address 192.168.1.15 255.255.255.0
ip helper-address 192.168.1.8
exit
vlan 10
name "voip"
ip address 192.168.2.1 255.255.255.0
qos priority 7
ip helper-address 192.168.1.8
voice
exit
ip route 0.0.0.0 0.0.0.0 192.168.1.1
spanning-tree Trk1 priority 4
password manager


So basically, any help with this config would be much appreciated. At this point, I think the VLANs are setup, although not that they are fully able to communicate between each other. I would also appreciate any advice on trunking the switches, or just a method to ensure they can operate together with the above config requirements. Can the 2626 handle the IP routing, or do I need to put additional routing information into the firewall?

Any help would be much appreciated.
0 Kudos
5 REPLIES 5
Jeff Carrell
Honored Contributor

тАО10-27-2008 12:19 PM

тАО10-27-2008 12:19 PM

Solution

Re: VOIP/2 VLAN setup for 2626 and 2650 Switches

your config is basically ok, but there are some changes to be made...

1st off, some definitions differences between cisco and procurve (and most others too):

cisco<--->procurve
--------------------------
trunk port - tagged (802.1Q)
access port - untagged
etherchannel - trunk/lacp

1) so where you've defined a trunk port, you only put in a single port...if the goal was to make a larger link between the 2 switches, you'd need to add another port....if the goal was to move 2 vlan's of traffic over a single link, you need to delete the trunk and change the port to tagged in vlan 10...

2) you don't need a ip helper-address in the same vlan as where the dhcp server is...it doesn't hurt to be on the config, it just doesn't serve any purpose...

3) the 26xx can do routing, but only "local" routing between vlans, and have static route entries to point to another router...what you have configured with the route-of-last-resort should work ok...

4) in order to have phones and pc's coming into 1 port, the port needs to be 'tagged' in vlan 10 and the phone configs need to have them set to speak tagged and in vlan 10 (some phones do it hard-coded config, others do it via the download/soft config of the phone, and some do it both ways)...

5) most/some phones have QoS predefined at qos=6...if your phones do, the procurve switches preserve the QoS setting without any config...you have it set to qos=7 which will override the phones config (if any)...not a problem, but most folks tend to leave QoS=6 for phones...but it is your call...

6) you'll need to add a static route entry in your f/w to get back to vlan 10 if any ip device goes there to get to the internet, etc (any net other than vlan 1/10)...

7) btw, the ip default-gateway in the "router" doesn't do anything for you...it goes inactive when 'ip routing' is enabled...but to get ride off it, you have to turn off 'ip routing' then do a 'no ip default-gateway' then re-enable 'ip routing'...

that's about it i think :-)

hth...jeff
Bennett Terwilliger
New Member

тАО10-27-2008 01:16 PM

тАО10-27-2008 01:16 PM

Re: VOIP/2 VLAN setup for 2626 and 2650 Switches

Thanks for the quick response and the additional information, it helps get some familiarity with things. Let me fill in a few details that I think are missing from my original post.

Port 2 on both switches had been set aside as a trunk port to link the 2 switches together (and hopefully pass VLAN information). I'm not sure if this is the best configuration and am open to other ways of linking the switches that might function beter. I don't have much familiarity with this, so any ideas on how to do this are welcome.

I guess what I'd like to ensure first is that traffic is able to communicate between the two VLANs. This doesn't appear to be happening at the moment with a phone in the voip vlan and a laptop in the default. Is there anything in the config that suggests why this may be? Could anyone provide a basic config that would ensure communication between 2 vlans?

I think it may be easiest to start with that and then add in the additional (QOS, linking the switches, etc).

Thanks again.

0 Kudos
Andr├й Beck
Honored Contributor

тАО10-28-2008 02:30 AM

тАО10-28-2008 02:30 AM

Re: VOIP/2 VLAN setup for 2626 and 2650 Switches

Bennett,

> I guess what I'd like to ensure first is
> that traffic is able to communicate between
> the two VLANs. This doesn't appear to be
> happening at the moment with a phone in the
> voip vlan and a laptop in the default.

It appears that you configured the switch correctly for connected routing to work, so there should be no problem with that. In order to verify this, I'd plug two computers into access ports to either VLAN (untagged), configure them correctly for the connected IP networks (especially the default gateways) and then they should reach each other. Only then start with more complicated devices like phones, or with automating things (DHCP).

Remember, a router that's only routing between connected networks does so by default, there is nothing that would need special configuration for that to occur. Still, lots of people have problems to get it running the first time (believe me, I'm giving classes on this, it's the default issue showing up every time). The reason is they misconfigure not actually the router, but the end devices. In your case, has the default gateway of end devices in 192.168.1.0/24 really been changed to 192.168.1.15 or is it still pointing to your firewall? If the latter, that's the sole reason for dysfunction of the setup.

HTH,
Andre.
Bennett Terwilliger
New Member

тАО10-28-2008 01:20 PM

тАО10-28-2008 01:20 PM

Re: VOIP/2 VLAN setup for 2626 and 2650 Switches

Thanks for the help and the reply which I think solved the first problem. I think the initial configuration for the VLANs may have indeed been correct. I was misconfiguring the gateway on the connected devices. Communication works between the VLANs when any device's gatway is set to the VLAN IP. Thanks for the help thus far.

The next issue I am curious about is turnking and spanning tree. These were the related lines in the config:

trunk 2 Trk1 Trunk
spanning-tree Trk1 priority 4

Ideally, it would be nice to have the switches linked together. What do I need to change to accomplish this and is there anything in regards to spanning tree that is recommended to configure in a setup like this?

One more issue I am having is that the VOIP VLAN cannot get out to the Internet. I've tried adding a route for the VOIP vlan to the Internet Gateway, but this has no effect. Is there an additional IP ROUTE statement I can add to do this on the switch?

Thanks again.
0 Kudos
Andr├й Beck
Honored Contributor

тАО10-30-2008 11:30 AM

тАО10-30-2008 11:30 AM

Re: VOIP/2 VLAN setup for 2626 and 2650 Switches

Re Bennett,

> The next issue I am curious about is
> turnking and spanning tree. These were the
> related lines in the config:
>
>trunk 2 Trk1 Trunk

This will create a single-member "dumb" aggregate (trunk) consisting solely of port 2 and call it Trk1. As long as you don't add more members, it doesn't make much sense to use an aggregate, a simple inter switch link (ISL) will suffice. With a 2626 and 2650, I'd connect them on one of their Gigabit ports and be done with it.

When a trunk is required, consider using LACP instead of a dumb trunk. The protocol helps to prevent ports from entering a trunk that aren't supposed to in case of a cable misplug. That's especially helpful when running sans STP, where a trunk misplug can easily form a loop.

> spanning-tree Trk1 priority 4

This statement appears automatically when you create a trunk. The intention is to give a trunk of multiple ports a better STP priority than a single port would have, so the trunk will become the preferred path. It could be argued that this should rather happen by path-cost shifting, but it's the way ProCurve does it.

> Ideally, it would be nice to have the
> switches linked together. What do I need
> to change to accomplish this and is there
> anything in regards to spanning tree that
> is recommended to configure in a setup
> like this?

Use an ISL to connect the switches (e.g. port 25 on the 2626 to port 49 on the 2650) and allow all configured VLANs on the ISL. Do this by setting the default VLAN as untagged and every other VLAN you operate as tagged on the ISL interfaces (or Trk1 if you use that as the ISL). After that, all VLANs span all switches configured this way.

Spanning tree is a measure added to prevent total network meltdown when a topology has loops. Loops can be unintentional (cable plugged wrongly by accident) or deliberate (increasing availability by providing backup paths) and STP helps with both of them, so it's both a means to avoid disaster and a way to build networks that are HA on L2 (to some extend). Given that, ProCurve's default setting of disabled STP is questionable.

With just two switches, STP is optional and would fill the error-preventing role mostly, but considering that networks always grow, I'd still activate it (especially if you also play with trunks). You don't need much tuning, just configure RSTP on both switches and if one of them is in a somewhat more central role, lower the bridge priority value on that box so it will win the root election. Optional but helpful to cut on convergence timing: Define correct Edge/Nonedge roles on the ports. Essentially all ports are Edge except your ISL(s).

> One more issue I am having is that the
> VOIP VLAN cannot get out to the Internet.
> I've tried adding a route for the VOIP
> vlan to the Internet Gateway, but this has
> no effect.

That route is essential, but not necessarily sufficient. The route makes sure the GW can send packets to 192.168.2.0/24 at all. For hosts in this network to actually talk to the Internet, there may be other requirements on the GW: NAT rules for 192.168.2.0/24, filter rules allowing the Internet access from these addresses in the first place etc. If the GW is only a subordinate router in a larger WAN (not directly to the Internet), the routers further up in the WAN might also need routes added (unless the GW does NAT anyway).

> Is there an additional IP ROUTE statement
> I can add to do this on the switch?

No, the switch is the only location where you don't have to do anything for this to work (beyond establishing the connected routes plus a single static default route to the Internet GW, all of that already beeing present).

HTH,
Andre.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.