[Techtalk] Networking question

Anthony de Boer adb at adb.ca
Thu Feb 3 03:47:08 UTC 2011 

Betty Johnson wrote:
> However, the biggest issue right now is our phone system. We are using
> a BCM-50 to set up VOIP with Avaya IP phones. I have a Layer 2 HP
> procurve switch model 2510. I need to set up VLANS on the switch to
> service the VOIP. I have no idea how to do this and not mess up my
> network. I should also probably separate the management part of my
> network with the Data part using VLANs. If the switch is not able to
> handle the routing, I may end up building a Linux router to take care
> of this.

I should disclaim that at the gig I was at that did VoIP phones they
divided the Unix admins from the net admins, but I'd handled both
sides previously.  Also, we were using Cisco phones and switches, but
hopefully a description of how that worked is relevant.

802.1q is the VLAN technology; it lets packets have an added VLAN number,
so that separate networks can travel over the one cable or fibre and the
receiving equipment can separate them by VLAN number (or lack of a VLAN
number, for untagged packets) and pass on to the appropriate place.

Our phones had two ports, one going to the wall jack and the other to
our desktop PC or laptop.  I was told that the phones were set up to
work on a numbered VLAN, while they passed untagged packets to/from
the PC.  In addition to 802.1q, the switches also did POE (Power Over
Ethernet) so they powered the phones and we didn't need to use wallwarts
for that.

In the switch, all the desktop ports would be configured for VLAN
#whatever and untagged traffic, one port would be configured to pass
untagged traffic only and go to the regular network with the servers and
routers, and another port would be configured for the VLAN-tagged traffic
(which it can untag on a port dedicated to a particular VLAN number) to
talk to the VoIP router.  We actually had dedicated Internet connections
for VoIP so that data traffic wouldn't interfere, although there exist
routers (and Linux boxes configured per lartc.org) that can prioritize
some traffic over other traffic.

Hopefully you have access to good documentation, both the manuals of the
bits of gear involved and the particulars of the setup your organization
and/or telco uses.  If someone else you have access to sets up these
technological terrors on a regular basis, don't be too proud to delegate;
the amount of research needed, especially to have a chance of doing it
right the first time without a lab net to break first, can take more time
than it may be worth.

Meanwhile, much of my 802.1q experience at the earlier gig was with
switches connected to the big bad Internet; at each site we set up a
private management network, the telnet and SNMP stuff on each switch
being on that via a VLAN, along with insecurely-networked things like
remote power controllers, and a couple of trusted Linux boxes were on it
too, to run SNMP monitoring and as a place we'd SSH to before telnetting
the private stuff.

Note also: Linux boxes can talk 802.1q directly, so you have a bunch of
virtual interfaces with just one physical one, but at least a decade
ago when we were doing this we found that not all network cards
supported the slightly-larger 802.1q frames.

Anyway, thus endeth the braindump.

-- 
Anthony de Boer

More information about the Techtalk mailing list