Our network is currently setup with no subnets or VLANs. We are looking at going to VoIP so this needs to change before VoIP is installed. I believe that we want to use VLANs to separate Voice and Data, am I correct on saying that? Also, I would like to separate our engineering department off our main data because of their file sizes and the time it takes to open them. However, they would still need to see all the servers and I would need to be able to see their systems for remote support. What is the best approach for this?
-
"so this needs to change before VoIP is installed" - Why? I've seen and installed a few networks where they're on the same vLAN. "separate our engineering department off our main data because of their file sizes and the time it takes to open them" - Is this impacting the rest of the network? Do you not use Switches? – Chris S Dec 17 '12 at 19:47
-
How many nodes were on the network where you didn't separate VoIP and Data traffic? Yes it does impact our network sometimes. We are using Trendnet switchs. – Trevor Dec 17 '12 at 20:24
-
1Are you sure you _need_ to do this? If you're a relatively small office, you might be able to get away without it. If you're a mid-size office, newer equipment can sometimes do QoS using packet inspection. If you're any larger, you should already have separate vlans for certain things. – Joel Coel Dec 17 '12 at 20:36
-
How big is your network? VOIP runs fine on standard office networks without VLANs and you can prioritize without the VLAN. Although many VOIP phones do allow you to insert a VLAN tag and it does make it slightly easier. The point is, if you've only got 20 PC – hookenz Dec 17 '12 at 20:39
-
The biggest site where it's all one vLAN has 4 phones and computers (each), a printer, and a copy machine on the network. So quite small. Anything more than half-dozen and I'd recommend vLANs. However, I would always recommend configuring QoS at least for SIP/Skinny if nothing else. As for the performance issues, the vLAN likely wouldn't solve that. You probably have a bottleneck somewhere that needs attention. – Chris S Dec 17 '12 at 20:45
-
About 100 computers and 35 desk phones.... – Trevor Dec 18 '12 at 14:27
4 Answers
Right. I'm going to be brutally honest, because it's what I'm good at.
Throw away your Trendnet switches. Get HP Procurves. Don't settle for anything less than 2510-48Gs, with PoE if you want to use VoIP phones which are powered from the network.
If you're going PoE, make sure that your phones and switches are both certified as 802.3af/at compatible, (and backward compatible) so that you can expand the network later without worrying.
Let's pretend you've got the following network:
192.168.0.0/24 - VLAN 1 - Management traffic only.
192.168.1.0/23 - VLAN 2 - Data.
192.168.3.0/23 - VLAN 3 - Voice.
You put the switches VLAN 1 interface on, you guessed it, VLAN 1. You set the ports for phones Untagged VLAN 2, Tagged VLAN 3.
Configure your phones to expect voice traffic on VLAN 3. Use VLAN 2 as the pass-through VLAN for data on the data/passthru port.
Don't bother segregating Engineering because they're handling large files. It'd only serve to irritate the users, and won't gain you much in the way of network performance.
The reason for having VLANs is to decrease the size of a broadcast domain, which if you have a huge flat network is a big issue. You can also use VLANs to guarantee delivery of VoIP packets to cut down jitter. There's also the ability to segregate traffic for security reasons. Unless there's a big incentive to do any of this for Engineering, frankly, I wouldn't bother.
If you add VLANs willy-nilly, you also increase the amount of routing power needed to allow traffic to traverse VLANs in the network. There are some routers which will require further licensing to allow 10+ VLANs to be routed to.
An interesting sidenote worth making is that if Engineering are handling really huge files, then there may be some advantage to putting them on a 10Gbit Ethernet network, but you'd also need a NAS device / file server that was 10GbE capable.
- 27,440
- 10
- 72
- 148
-
Just make sure the PoE on the switches is compatible with whatever phones you pickup. The higher-end PowerConnect boxes from Dell are pretty decent as well. – Brent Pabst Dec 17 '12 at 20:35
-
41. I'd highly recommend the *default* vLAN 1 be a "no access" network 2. I'd also highly recommend the subnet ID have something to do with the vLAN ID (eg vlan 20 = 192.168.20.x) 3. Should mention teaming/bonding/lagg/LACP for the Engineering problem (though it's not apparent where the problem is yet). – Chris S Dec 19 '12 at 14:34
I guess I'll throw my $0.02 into the ring too.
First of all, you don't need to change your network from a flat one before bringing in VOIP - ideally, setting up a VLAN for voice traffic and configuring QoS and the like would be part of the project to switch over to VOIP.
And secondly, yes, you want a separate VLAN for VOIP. It's so common to use separate VLANs for voice traffic that it's a de facto standard, in addition to being "best practice" and a good idea. Doing so makes your network more secure and easier to manage and troubleshoot when issues do arise.
Finally, creating a new VLAN for the engineering department won't (or shouldn't) necessarily do anything to impact the speed of file transfers - VLAns are more for logical segmentation and security than anything else. I'd recommend taking a look at Evan Anderson's answer here, which gives you the basics of what a VLAN is, does, and when to use them before you go any further down this path.
- 53,385
- 32
- 133
- 208
Ok, here is my opinion and some background. I've installed a couple of smaller VOIP solutions for a company I used to work for. The largest installation we had was about 50 phones in one location.
Now, even with that setup we didn't use VLAN's. Why? Because you can QoS without VLAN's and it's not too hard. If it was bigger than this, then I would have likely placed it into a VLAN. But part of the reason I didn't do it is because we had limited ports available at the customer premises and unmanaged switches. They had hardly any budget and although I was nervous about it, it worked fine. In fact we used the passthrough ports on the phones where the phone itself has a port that you connect to the LAN and then another which you connect to the computer.
Basically VLANing can sometimes make it a little easier to filter and prioritise the VLAN VOIP traffic. Because many phones can add the VLAN tag for you. Many IP phones also set the DSCP bits which you can use to prioritize your VOIP traffic as well. However, the VLAN is NOT going to magically make it all work well. Remember, your phones are connected to a switched network, not a shared piece of copper (unless it's the passthrough port. I've had no problems with that) so problems are generally not introduced at the copper level Where the sharing comes in is your internet feed. This is why QoS is the most important part of running VOIP and is the hardest to get right.
VOIP issues get significantly worse the smaller the bandwidth you have available. Why? because several users want to download some files at the same time, and if VOIP traffic doesn't get enough bandwidth or if the packets start getting delayed you get choppy audio. However, most phones can cope with 120ms ping which seems very high, but they have jitter buffers in them that smooths the voice and you don't really notice. So my advice is to ensure you have a good router that can do QoS. 10Mbit/s will do a small office with 10 phones and provide basic internet browsing and the odd download just fine.
And then have a read of Toastman's comments on how QoS works (google it). He's been a big contributor to the excellent tomato router replacement software. And even if you don't use tomato, he gives a very good explanation of how QoS works and how you can make all this work for you. I used Mikrotik gear myself which has good QoS built in. Cisco gear can also do it, but it's more expensive. At home I used tomato and that worked very very well also.
Hope that helps.
- 14,132
- 22
- 86
- 142
-
+1 for "VLAN is NOT going to magically make it all work well". The phones we use only set 802.1q per vLAN, so it's important to understand how QoS will work with your equipment before making an big commitments. – Chris S Dec 19 '12 at 14:43
-
Toastman's QoS setup here. I recommend this reading: http://www.linksysinfo.org/index.php?threads/common-tomato-topics-please-read-for-help-information.31234/ – hookenz Jul 26 '17 at 21:48
To seperate departments VLAN are great. But for VoIP, I highly suggest a seperated physical network.
It will be easier to manage Jitter and QoS in general.
For your engineering department, remember that even if you create a VLAN just for them, they will still go on the same switches, therefore they will clug the switch that all other VLANs are on.
That's another queue that adding a VLAN just for VoIP won't help you much.
Alright, I don't mind the down votes, but to all of you who tells me I don't know how to do my job, I'd like to have your opinion on voice VLAN hopping and adding a single point of failure by aggregating two networks that have two different purposes.
If your only argument is that its longer to plug cables and install switches then you are lazy, not competent.
I know voice VLANs are widely used, McDonalds is widely eaten...doesn't mean it's the best meal in town.
It would be nice for contributors to be, at least, polite. Members with thousands of rep should have read and apply Etiquette.
-
6Could you expand on why a separate physical network for VoIP would be easier to manage? Separating VoIP via VLANs is pretty standard... – HostBits Dec 17 '12 at 19:46
-
With VoIP we are planning on using the Data Ports on the phone for the PC. I don't a Separate physical network will work. – Trevor Dec 17 '12 at 19:52
-
@Cheekaleak Because QoS to start with is quite hard to configure properly IMO. I found that segragating the two networks gave the same results if not better, with less headaches. Especially since there are no VLANs on the network yet. In my case, there also was the PoE question...so I had to re-equiped anyway. – Alex Dec 17 '12 at 19:58
-
3-1 Because this would be a huge step backwards, terrible to manage,have limited expansion and be more expensive. And PoE doesn't change that. VLANs are ideal for VoIP and work fine on any scale network. – Dan Dec 17 '12 at 20:07
-
@Dan so you tell me only VLAN, no QoS and any type of network, any size and any usage of that network will be fine? That doesn't define my experience with mixed data and VoIP traffic. And please explain how it's terrible to manage and a step backward? – Alex Dec 17 '12 at 20:12
-
5@Alex I didn't say it would work fine unconfigured - but yes, if properly done VoIP within a VLAN is good enough for huge enterprises, then it's probably good enough for anybody. It's a step backwards because people stopped doing separate networks when VLANs came in to regular use. And it's terrible to manage because you're doubling everything - why configure two switches when you can just configure one properly? – Dan Dec 17 '12 at 20:20
-
@Dan I don't think the whole world has stop separating networks and now are all using VLANs. I'm not saying VLANs are useless and I use them extensively, but in some cases, it is better to have dedicated physical network. iSCSI for example. – Alex Dec 17 '12 at 20:25
-
@Trevor So you're not actually separating VOIP and DATA if you're using the ports on the IP Phones as a pass-thru...and just as a side note, most IP phones have a 100mb switch build in, not gigabit, so your PC's would lose the speed when going through the phone. – user72593 Dec 17 '12 at 20:41
-
3-1 from me, the only reason I might consider using a different switch for network stuff these days would be to offload iSCSI or data intensive (see: IOPs) traffic. VoIP is not data intensive! – Brent Pabst Dec 17 '12 at 20:48
-
3@user72593 That's not true anymore, most of the phones shipping these days have 1g switch ports, often two built-in. – Brent Pabst Dec 17 '12 at 21:10