Great post J
From: Rohyans, Aaron [mailto:[email protected]] Sent: 18 December 2009 00:37 To: NT System Admin Issues Subject: RE: VLAN question Short answer - yes! What your phone vendor is referring to is simply VLAN segmentation and it is an *essential* part of a well performing IP Telephony system. The phones likely have the capability to run an 802.1q trunk to your HP switch. What this essentially does, is allow the phone to 'tag' its traffic using 802.1q headers for a specific VLAN (i.e. your new Voice VLAN) as well as tag it with a specific Class of Service (CoS) value (i.e. 802.1p - CS3 or CS5). blah blah blah blah blah. The PC sends it's traffic normally (un-'tagged') through the phone and into the 'Native' VLAN of the switch (Native = your Data VLAN). Now, what this means to you is that your PCs will operate normally as they did before, but your phone will LOGICALLY separate its traffic from the rest of your network. Although it rides over the same cable, the traffic will be logically separate as it enters/leaves the switch. The fact that your phone tags its traffic with CS3/CS5 (Media = CS5, Signaling = CS3) also allows you to establish proper Quality of Service (QoS) trust boundaries as well as provide proper Queuing/Policing/Priority mechanisms to ensure that your phone traffic maintains precedence over your data traffic. Remember, phones are unforgiving to network latency/packet loss. So, anytime we have the opportunity to 'screw' over normal PCs by shoving phone traffic ahead of them - we should do it - their traffic is much more forgiving to latency/packet loss. Advantages to what your phone vendor is proposing: . Creates a separate broadcast domain for your phones - phones are very "chatty" (no pun intended J) and tend to broadcast A LOT. why should your PCs have to listen to these broadcasts when it doesn't pertain to them - and vice versa? . VLANs provide a decent level of protection in the event you suffer from a broadcast storm on one of your subnets - i.e. you loop your network by accident and the most you'll do is kill that one VLAN. As it is now, if you were to accidentally loop your network, you'd kill both phones and PCs. With VLAN segmentation, hopefully the most you'll kill is your PC side - leaving your phones unharmed J . The ability to build in QoS mechanisms (YES, you NEED QoS even in a LAN environment) based on 802.1p tags or VLAN assignment (although, you *could* provide QoS without VLANs using 802.1p tagging. but that's no fun J) . Easier traffic management (even for traffic outside of phones - perhaps now you could put those 'chatty' printers into a VLAN by themselves!) . With proper QoS, your phones will no longer 'compete' for the wire with your PC - they'll be given preferential treatment Disadvantages: . A more complicated (but well performing) network . More subnets to manage/account for/route . Really all you need is LAN QoS (proper trust boundaries and priority queues setup in your switches) to resolve your issues here.. VLANs *will* add complexity . You will have graduated from $50 switches, to $500 switches overnight All in all, I would completely agree with your phone vendor. As it stands right now, your phones are sharing the same media/broadcast domain as your PCs and, thus ,'competing' for access to your network. VLANs are mechanism used to thwart this competition. If you have the ability, have your vendor reconfigure the Voice Gateway to operate in a new test VLAN. place one or more phones into this test VLAN (on unused switchports) and test your call quality. I think you'll see the difference! Hope this helps! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected] http://www.dpsciences.com/ "I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus..." "There are 10 kinds of people in this world... those who can read binary, and those who can't" From: Evan Brastow [mailto:[email protected]] Sent: Thursday, December 17, 2009 6:40 PM To: NT System Admin Issues Subject: OT: VLAN question Preface: I have no idea what I'm talking about. With that out of the way, I have a network consultant and a phone supplier that are a little bit at odds. We just purchased an Allworx IP phone system. All was going well until it was made active today and because apparent that voice quality was horrible. The IP part is only internal. External calls go over standard analog lines. But the problem is with internal calls as well as external. The Allworx phones share a 100Mbps network with the computers. We're a small company (smaller than ever) with about 25 computers and 19 phones, BUT, a lot of those phones and computers are out in production areas and receive VERY little use (i.e., someone will log in/out of a job once every few hours, and make a phone call once a day out there.) There are probably only about 8-10 active computers, and fewer active phones. The way it's configured is that the phone sits on the same cable as the computer. It goes from the wall jack to the phone, and then from the phone to the computer. The phone are on the same subnet as, and get IP addresses from the same DHCP server as the computer network. When phone calls are made, there's echoing, latency, static, etc. The switch is an HP ProCurve 2810-48G. Cabling is all CAT5 at least. The phone supplier is telling me that the way to segment the traffic to make sure there are no voice quality issues is to create a VLAN on the switch. But my IT consultant is saying, "What's to segment? Everything's on the same cable and on the same subnet?" It appears now that the phone supplier is saying that he can create a VLAN, and then they would use the Allworx phone system server as a DHCP server for the phones, which would put them on their own subnet, thereby making all the traffic flow better and the calls clearer. He said he'd have to link the two VLANS together as there are computer apps that interface with the phone system. So, my question is (because I don't know much about this end of networking,) does this sound like creating a separate VLAN is really going to help improve bandwidth and increase call quality? Thanks so much J Evan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
