+ Reply to Thread
Results 1 to 11 of 11
  1. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #1

    Default Seperating Voice VLAN & Data VLAN traffic with L3 Switches

    Hey guys,

    Quick question. If I have a current flat environment with analog phones and eventually implement VoIP phones, current best practice stipulates separating the voice & data VLAN traffic and placing them in different Subnets.

    As such, I am looking to get a L3 switch to route these separate Subnets but my question is, should I have a distinct L3 switch for every area of the building which currently has it's own L2 switch? Do I need to route per switch or will one L3 suffice?

    It looks like only one L3 switch is required according to this:
    How To Configure InterVLAN Routing on Layer 3 Switches - Cisco Systems


    Please note that this environment does not have Cisco/Adtran gear in place and as such the Router on a stick method won't work. In addition, the L3 Switch being considered is an HP A5120-24G.
    HP: JE066A#ABA - HP A5120-24G EI Switch - Access switches - fixed port
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #2
    Quote Originally Posted by genXrcist View Post
    Hey guys,

    Quick question. If I have a current flat environment with analog phones and eventually implement VoIP phones, current best practice stipulates separating the voice & data VLAN traffic and placing them in different Subnets.

    As such, I am looking to get a L3 switch to route these separate Subnets but my question is, should I have a distinct L3 switch for every area of the building which currently has it's own L2 switch? Do I need to route per switch or will one L3 suffice?

    It looks like only one L3 switch is required according to this:
    How To Configure InterVLAN Routing on Layer 3 Switches - Cisco Systems


    Please note that this environment does not have Cisco/Adtran gear in place and as such the Router on a stick method won't work. In addition, the L3 Switch being considered is an HP A5120-24G.
    HP: JE066A#ABA - HP A5120-24G EI Switch - Access switches - fixed port
    No responses huh?
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,003

    Certifications
    CCNP, CCNA:Voice/Sec, MCSE: Sec, VCP and some other random ones
    #3
    Hey dude,

    You can use the router on a stick method with anything that supported 802.1q trunking, any switch and router from the last 10 years really. Layer3 is just nice since it's all done at wire speed, less equipment and less points of failure. Then again, you really shouldn't have much if any traffic passing to/from your voice network to your data anyway. Kinda of moot point.

    You really don't need a layer 3 switch to handle the voice traffic. You just assign the ports you need to the VLANs you need. Then trunk up to the router.

    If you need to Daisey chain off your phones you will need setup 802.1q trunks on all your access ports.

    That make sense or do I need more beer?
    Reply With Quote Quote  

  5. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #4
    It makes sense but the router I'm working with is a SonicWall TZ 170 and it doesn't support 802.1q SonicOS Enhanced 3.2

    There is an empty OPT port though so I suppose I could use that but that would mean I could only ever have the two VLANs in place.

    I suppose I could put up an old 2600 or 3640 router up and use one of those Fa ports as the Gateway....create a DMZ essentially between the SW and the Cisco router....This would allow me to put in as many sub.interfaces as we'd ever need.

    I work for a small re-seller that sells remarketed HW and we get Cisco stuff in all the time. The owner wants to use this stuff to keep IT costs down but he is willing to spend $ when necessary.

    Now that I continue to think this through having more than 1 L3 switch would have little benefit.

    So you don't think it would be worth buying the $2100 switch for $700?
    Reply With Quote Quote  

  6. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #5
    Quote Originally Posted by Daniel333 View Post
    Hey dude,

    If you need to Daisey chain off your phones you will need setup 802.1q trunks on all your access ports.
    I just re-read your post and this part confuses me. I thought that most SIP phones would tag their traffic per the Voice VLAN and then that traffic would go out the trunk port to it's destination. The traffic that is behind the phone (the PC) would then get tagged by the switch and thus be isolated from the Voice VLAN. This would allow for a single Trunk uplink with all the rest of the ports left as Access.

    Is that not the case?
    Reply With Quote Quote  

  7. Senior Member chmorin's Avatar
    Join Date
    Feb 2010
    Location
    Texas
    Posts
    1,443

    Certifications
    CCNP:Voice, CCNA:V(IIUC), CCNA, CCENT, Security +, Network +, A+,CIW
    #6
    Well the first thing out of any cisco certified individual here will probably be: Go get Cisco Equipment.

    Now that I have that out of the way, some information for you!

    The voice/aux/access vlan configurations are only significant and will only apply if the VoIP phone is able to support multipul vlan instances, and even create QoS Trust settings. For the moment, let's assume it can.

    As such, I am looking to get a L3 switch to route these separate Subnets but my question is, should I have a distinct L3 switch for every area of the building which currently has it's own L2 switch? Do I need to route per switch or will one L3 suffice?
    In a campus style network, it is not needed to have L3 switches all the way to the access level. Some people prefer to do this and use routing all the way to the access layer, but for the most part it is not needed. It is not uncommon to have a L3 switch in your core layer, and have your distrobution/access layers be layer two or cheaper layer three switches. L2 switches support many VLAN's, but they dont support more than one SVI.

    I just re-read your post and this part confuses me. I thought that most SIP phones would tag their traffic per the Voice VLAN and then that traffic would go out the trunk port to it's destination. The traffic that is behind the phone (the PC) would then get tagged by the switch and thus be isolated from the Voice VLAN. This would allow for a single Trunk uplink with all the rest of the ports left as Access.
    I can only speak for cisco phones, but they create a 'mini trunk' if you will that is an 802.1q trunk that allows the data traffic and the voice traffic to be tagged by different vlans. The method he speaks of sounds rather old-school, and it something that you used to have to do for cisco phones on outdated equipment. You would set the port to trunk, and allow only the two vlan's you wanted on that trunk to your phone.
    Reply With Quote Quote  

  8. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #7
    Quote Originally Posted by chmorin View Post
    Well the first thing out of any cisco certified individual here will probably be: Go get Cisco Equipment.

    Now that I have that out of the way, some information for you!

    The voice/aux/access vlan configurations are only significant and will only apply if the VoIP phone is able to support multipul vlan instances, and even create QoS Trust settings. For the moment, let's assume it can.


    In a campus style network, it is not needed to have L3 switches all the way to the access level. Some people prefer to do this and use routing all the way to the access layer, but for the most part it is not needed. It is not uncommon to have a L3 switch in your core layer, and have your distrobution/access layers be layer two or cheaper layer three switches. L2 switches support many VLAN's, but they dont support more than one SVI.



    I can only speak for cisco phones, but they create a 'mini trunk' if you will that is an 802.1q trunk that allows the data traffic and the voice traffic to be tagged by different vlans. The method he speaks of sounds rather old-school, and it something that you used to have to do for cisco phones on outdated equipment. You would set the port to trunk, and allow only the two vlan's you wanted on that trunk to your phone.
    LOL I totally agree that we should have all Cisco equipment. I've only been here since 1/3 of this year so give me time, we'll get there.

    Questions;
    What is SVI?
    As for the mini-trunk that the phone creates, doesn't the switch then need to be a Trunk port in order to receive packets from both VLANS? If this is the case then where does the separation happen?
    What do you think of my idea using a 2600/3640 as the Gateway with a DMZ between it and the Sonicwall appliance? I'm working towards an all Gigabit environment and while this would be 100Mbs it would only matter when the Traffic is Internet bound which is of course far less than 100Mbps.
    Reply With Quote Quote  

  9. Senior Member chmorin's Avatar
    Join Date
    Feb 2010
    Location
    Texas
    Posts
    1,443

    Certifications
    CCNP:Voice, CCNA:V(IIUC), CCNA, CCENT, Security +, Network +, A+,CIW
    #8
    Quote Originally Posted by genXrcist View Post
    Questions;
    What is SVI?
    As for the mini-trunk that the phone creates, doesn't the switch then need to be a Trunk port in order to receive packets from both VLANS? If this is the case then where does the separation happen?
    What do you think of my idea using a 2600/3640 as the Gateway with a DMZ between it and the Sonicwall appliance? I'm working towards an all Gigabit environment and while this would be 100Mbs it would only matter when the Traffic is Internet bound which is of course far less than 100Mbps.
    An SVI is a switched virtual interface, and is basically a L3 port that you can give an IP Address for your VLAN'd devices to use as a gateway. It removes the need to configure router on a stick. Instead, you can have VLAN10 to have a 192.168.1.0/24 subnet, and you can have an SVI for VLAN10 with an address of 192.168.1.1/24 for all the devices to use as a gateway. With L3 devices, you can have many of these. With L2 devices, you can only have one and it is for management purposes (Giving your switch an IP Address).

    The mini-trunk is a capability that is provided from the voice vlan configuration on the switchport. The switch is an access mode port, but has an access vlan, and a voice vlan. The phone is able to use both of these.

    I don't see a problem with your idea, but I'm not familiar with your enviornment so I can't say to much.
    Reply With Quote Quote  

  10. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #9
    Ahh ok Gotcha. Now the mini-trunk concept makes sense. Side question, do L3 switches all typically have DHCP relay built in?

    Environment is a single site network with a single Internet Gateway. Building has two floors each serviced by Access layer switches but the lower floor access switch is also the Core/Distribution layer as it connecs to both the Sonicwall and the Servers. No DMZ currently.

    It's a flat network with one subnet so the vast majority of traffic never touches the router.

    The more I think about it the more I'm convinced that this is the way to go given it's free and we're such a small environment. Thanks for your help!
    Reply With Quote Quote  

  11. Senior Member chmorin's Avatar
    Join Date
    Feb 2010
    Location
    Texas
    Posts
    1,443

    Certifications
    CCNP:Voice, CCNA:V(IIUC), CCNA, CCENT, Security +, Network +, A+,CIW
    #10
    Quote Originally Posted by genXrcist View Post
    Ahh ok Gotcha. Now the mini-trunk concept makes sense. Side question, do L3 switches all typically have DHCP relay built in?
    If by DHCP relay you mean allowing nodes from one subnet get their DHCP info from a server on a separate subnet, look into 'helper address' in cisco.

    Quote Originally Posted by genXrcist View Post
    Environment is a single site network with a single Internet Gateway. Building has two floors each serviced by Access layer switches but the lower floor access switch is also the Core/Distribution layer as it connecs to both the Sonicwall and the Servers. No DMZ currently.

    It's a flat network with one subnet so the vast majority of traffic never touches the router.

    The more I think about it the more I'm convinced that this is the way to go given it's free and we're such a small environment. Thanks for your help!
    I do what I can =) Best of luck to you.
    Reply With Quote Quote  

  12. Member Extraordinaire genXrcist's Avatar
    Join Date
    Oct 2008
    Location
    St. Paul, Minnesota
    Posts
    531

    Certifications
    CCNA:V MCITP:EA/EMA2K10 MCSE:S MCSA:M MCDST A+/Net+/Sec+
    #11
    Yep, I'm aware of the IP helper address command, I just wasn't sure if it was in a L3 switch. I suppose I could just as easily fired up one of the two 3550 switches I have sitting here.

    Thanks!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks