Unsolved
This post is more than 5 years old
1 Rookie
•
40 Posts
0
3727
July 14th, 2016 15:00
Setup Voice and Data VLAN on 3448P
I currently have voice and data on the same subnet but due to the way our web traffic is filtered it causes issues with voice so we need to segregate the voice onto a separate VLAN.
I've added a virtual interface on my Dell Sonicwall firewall and followed this post (en.community.dell.com/.../18956488) for the PowerConnect setup but something is not right.
The phones (Avaya IPO) on the LAN all work correctly, they get the VLAN information from the DHCP server on the LAN and contact the phone switch for a IP on the voice VLAN. The problem is with traffic between the phone switch and the data LAN which when captured on the Sonicwall is being dropped as the packets appear to come from the data LAN (X0) instead of the voice LAN (X0:V2).
Is this down to my port configurations on the network switch?
In the post above, in the first reply it states "Make the port a tagged member of your voice vlan and a untagged member of the data vlan. Set your PVID for the port to whatever your data vlan is." Is "the port" the one which the phone switch is connected to? Currently I have all ports set as untagged on the default VLAN and tagged on the voice VLAN.
TIA
Chris
0 events found
DELL-Josh Cr
Moderator
•
9.5K Posts
0
July 14th, 2016 16:00
Hi,
Can you post your configuration? If you make the untagged vlan not vlan 1 does it work? Are you able to test that?
tippers
1 Rookie
•
40 Posts
0
July 15th, 2016 02:00
Hi,
Config:
interface range ethernet all
switchport mode general
exit
vlan database
vlan 2
exit
interface range ethernet all
switchport general allowed vlan add 2
exit
interface vlan 2
name Voice
exit
interface vlan 1
ip address 10.20.30.198 255.255.255.0
exit
ip default-gateway 10.20.30.254
management access-list "SSH Profile"
permit ip-source 10.20.30.0 mask 255.255.255.0 service ssh
exit
aaa authentication enable default line
aaa authentication login default line
line ssh
password encrypted
exit
username admin password level 15 encrypted
ip ssh server
snmp-server community Dell_Network_Manager rw view DefaultSuper
clock summer-time recurring eu
clock source sntp
Default settings:
Service tag: 2T27SB1
SW version 2.0.0.34 (date 25-Jul-2010 time 14:24:24)
Fast Ethernet Ports
==========================
no shutdown
speed 100
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
Gigabit Ethernet Ports
=============================
no shutdown
speed 1000
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
interface vlan 1
interface port-channel 1 - 8
spanning-tree
spanning-tree mode STP
qos basic
So you mean create a new VLAN (say VLAN ID 3) and make all the ports untagged. Not sure how that will make a difference to the voice VLAN (ID 2)?
DELL-Josh Cr
Moderator
•
9.5K Posts
0
July 15th, 2016 11:00
The reason to test a different vlan is on a lot of our switches vlan 1 is not routable, while the 2448 doesn’t have routing functionality it still could be somewhere else in the network that isn’t routing it properly. If you plug just a phone into a port and assign it vlan 2 does it get a DHCP address?
tippers
1 Rookie
•
40 Posts
0
July 15th, 2016 13:00
It's a 3448 but maybe it has the same features as the 2448?
The problem isn't with the phones not getting IP addresses but with the traffic between the phone switch and data LAN. Can you explain the necessary steps to change the configuration to make this work?
DELL-Josh Cr
Moderator
•
9.5K Posts
0
July 15th, 2016 14:00
Sorry, I meant the 3448. So the data traffic is being dropped because the sonicwall thinks it is from the voice vlan or the other way around and the voice packets are being dropped?
DELL-Josh Cr
Moderator
•
9.5K Posts
0
July 15th, 2016 14:00
How is the port between the switch and the sonicwall configured?
tippers
1 Rookie
•
40 Posts
0
July 15th, 2016 14:00
It's setup the same as all the other ports, General mode, untagged on the default vlan 1 and tagged on vlan 2 for voice.
I don't know how to 'read' the configuration I posted above but does it show this?
tippers
1 Rookie
•
40 Posts
0
July 15th, 2016 14:00
Traffic from the phone switch which is destined for the WAN (SIP traffic for example) is being received by the sonicwall on X0 which is the data LAN interface. It needs to be tagged as VLAN 2 so it comes to interface X0:V2 on the sonicwall.
I have no experience of VLAN so I'm learning as I'm going here but I'm not sure I've got the setup right on the network switch.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
July 15th, 2016 15:00
It was not in the configuration that was posted previously. It seems like the sonicwall is treating the traffic as untagged and dumping it into the untagged vlan. If you make that port a trunk port rather than a general port that may help. It is also possible that it is something in the Sonicwall configuration that is causing it.
tippers
1 Rookie
•
40 Posts
0
July 19th, 2016 10:00
I'll try changing the port over to Trunk in an hour and see if it makes a difference.
tippers
1 Rookie
•
40 Posts
0
July 19th, 2016 11:00
No same result when changing the port (to which the phone switch connects) to Trunk mode or changing the port connecting to the Sonicwall to Trunk mode or having both in Trunk mode.
The packets are coming from the new IP address of the phone switch on VLAN 2 but appearing at the Sonicwall from X0 instead of X0:V2, ie they have no VLAN tag.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
July 19th, 2016 13:00
The port might not be set to tag vlan 2, and is sending them both untagged. Try the following.
switchport mode general
switchport general allowed vlan add 2 tagged
You may also want to check to see if the Sonicwall subinterfaces are set correctly. https://support.software.dell.com/kb/sw11477
tippers
1 Rookie
•
40 Posts
0
July 29th, 2016 15:00
Hi,
No VLAN 2 is definitely set to tag traffic on all ethernet ports from 1 to 48 and the four G ports.
There isn't much to configure on the sub-interfaces on the Sonicwall but everything is as described in the article.
Any other thoughts?