1

I have two 24 port 3Comm 2928 managed switches along with several smaller unmanaged switches. Additionally, each user has a VOIP phone that acts as a switch so both phone and PC can plug into the same ethernet jack.

I want to segment the network to separate our servers from most of the network, and maybe put all VOIP related traffic in it's own VLAN as well. Most configuration how to's and even testing out the 3com web interface seem to indicate VLAN's need to be assigned via ports, not just on MAC address.

Question:

Is it possible for me to segment two devices that are plugged into the same port on my managed switch? For example, both my VOIP phone and my PC are plugged into an unmanaged switch which then is plugged into one port of the managed switch. Is it too late to decide where the traffic can be routed to? I'm guessing they will both be assigned an IP on the same VLAN interface and therefore cannot be separated. I think I'll need to separate the phones and PC's, but just want to make sure.

Thanks!

Chris
  • 13
  • 2

1 Answers1

0

Part of this depends on how your Phones get their configuration information. There are few different ways out there that this can work, and it can effect the answer. But, most likely, what you need to do is set this up so that the switch port is untagged on the vlan your PCs will use, and tagged for the vlan your phones will use. And, yes, that means your PCs+Phones must be connected directly to a managed switch. An unmanaged switch will likely strip off the vlan tags and break your setup. As far as unmanaged switches are concerned, everything you connect to them uses whatever vlan is untagged on the switch's uplink connection.

If you want to isolate your servers to their own vlan, you also need to make sure that the core of your network has ability to route traffic between those vlans.

Joel Coel
  • 12,910
  • 13
  • 61
  • 99