Beruflich Dokumente
Kultur Dokumente
Introduction
Network Administrators must consider a multitude of
complex configuration options and networking parameters
when designing a large local area network (LAN). Those
options can include the use of Virtual LANs.
This document will briefly describe the use and purpose of
VLANs and then explain, in detail, several implementation
strategies for VLANs in a Voice over IP (VoIP) network.
Configuration samples are included. For simplicity sake all
configuration examples are given using Cisco IOS command
structures. Please refer to your networking hardwares
documentation in order to apply the ideas and concepts
presented in this document rather than using these exact
configuration examples.
Defining VLANs
ROUTER CONFIGURATION
interface FastEthernet 0/0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet 0/1
ip address 2.2.2.1 255.255.255.0
Layer 3 Router
FE 0/0
Layer 2 Switch
FE 0/1
Layer 2 Switch
QA LAN
1.1.1.x /24
HR LAN
2.2.2.x /24
Figure 1
ROUTER CONFIGURATION
Layer 3 Router
FE 0/0.10
VLAN-Capable
Layer 2 Switch
VLAN ID = 10
FE 0/0.20
Port 7
QA VLAN
1.1.1.x /24
Port 1
HR VLAN
2.2.2.x /24
Port 2
Port 3
Port 4
Port 5
Port 6
Un-tagged links
vlan 10 name QA
interface FastEthernet1
switchport mode access (the default)
switchport access vlan 10
interface FastEthernet2
switchport access vlan 10
interface FastEthernet3
switchport access vlan 10
vlan 20 name HR
interface FastEthernet4
switchport access vlan 20
interface FastEthernet5
switchport access vlan 20
interface FastEthernet6
switchport access vlan 20
interface FastEthernet7
switchport mode trunk
switchport trunk encapsulation dot1q
Figure 2.
Ports in the switch now must be configured by the administrator to be assigned to one particular VLAN or the other.
Ports in the switch are now no longer physically restricted to
being in a single LAN but can be logically, or virtually,
assigned to a logical LAN, called a Virtual LAN (VLAN). All
ports in this new network can now be dynamically assigned
to either the QA VLAN or the HR VLAN and the broadcast
domains for the two virtual networks are contained and
isolated by the software running on the switch. Packets sent
within one virtual network stay within the VLAN. Each packet
is marked, internally within the switch, by a VLAN ID number
called a VLAN tag (generally a number between 1 and 4096)
to identify which VLAN it belongs to. The tags, though used
internally, are stripped off when the packets are transmitted
to devices connected to standard ports on the switch.
These standard ports connected to standard devices are
called untagged ports.
QA VLAN
1.1.1.x /24
Virtual
Interface
VLANHR
Tag =10
HR VLAN
2.2.2.x /24
Tag =20
Virtual L3
Router
Port 1
Port 2
Port 3
Port 4
Port 5
Port 6
..........
ip routing
interface VLAN_10
description : QA Network
ip address 1.1.1.1 255.255.255.0
interface VLAN_20
description : HR Network
ip address 2.2.2.1 255.255.255.0
..........
Figure 3.
DHCP
QA VLAN
1.1.1.x /24
Port 10
DHCP Server
1.1.1.5
Virtual
Interface
VLANQA
interface FastEthernet10
switchport access vlan 10
Virtual
Interface
VLANHR
Tag =10
interface VLAN20
description : HR Network
ip address 2.2.2.1 255.255.255.0
ip helper-address 1.1.1.5
HR VLAN
2.2.2.x /24
Tag =20
Virtual L3
Router
Port 1
Port 2
Port 3
Port 4
Port 5
Port 6
Scope QA
Address Range: 1.1.1.100 1.1.1.199
Subnet Mask: 255.255.255.0
Default Router: 1.1.1.1
Scope HR
Address Range: 2.2.2.100 2.2.2.199
Subnet Mask: 255.255.255.0
Default Router: 2.2.2.1
Figure 4.
LAN 2
MANT
EXT 5
1
QA VLAN
1.1.1.x /24
Port 10
Virtual
Interface
VLANQA
Tag =10
DHCP Server
1.1.1.5
Virtual L3
Router
Port 12
Virtual
Interface
VLANHR
HR VLAN
2.2.2.x /24
Tag = 20
Virtual Interface
VLANVoice
Tag = 30
Voice VLAN
3.3.3.x /24
Scope QA
Address Range: 1.1.1.100 1.1.1.199
Subnet Mask: 255.255.255.0
Default Router: 1.1.1.1
Option 156: ftpservers=3.3.3.5, layer2tagging=1, vlanid=30
Scope HR
Address Range: 2.2.2.100 2.2.2.199
Subnet Mask: 255.255.255.0
Default Router: 2.2.2.1
Option 156: ftpservers=3.3.3.5, layer2tagging=1, vlanid=30
Scope Voice
Address Range: 3.3.3.100 3.3.3.199
Subnet Mask: 255.255.255.0
Default Router: 3.3.3.1
Option 156: ftpservers=3.3.3.5, layer2tagging=1, vlanid=30
Port 11
ShoreTel Server
3.3.3.5
Port 1
Port 2
Port 3
Port 4
Port 5
Port 6
Figure 5.
Epilogue
There are many different configuration options that were
not discussed in this document. Some of them were left
out for brevity sake (such as multi-netting). Some were left
out because they are discussed in other ShoreTel White
Papers (such as WAN QoS configuration guidelines) or the
ShoreTel Documentation (such as detailed IP phone
configuration options and additional DHCP scope parameters such as NTP servers, and GMT offset).
Others topics were left out because they are not needed,
do not improve the voice-quality in a VoIP network, are
unnecessarily complex or provide little or no added value.
These include:
Ciscos AutoQOS
References
IEEE 802.1Q Tagging:
http://www.ieee802.org/1/pages/802.1Q.html
http://ieeexplore.ieee.org/xpl/standardstoc.jsp?isnumber=
27089&isYear=2003
Cisco Catalyst 3560 VLAN documentation:
http://www.cisco.com/en/US/products/hw/switches/
ps5528/products_configuration_guide_chapter09186a00802b7cc8.html
ShoreTel6 Planning and Installation Guide, Chapter 9:
Understanding Toll-Quality Voice
Other topics are very pertinent but are beyond the scope of
this document, such as:
Record of Change
Port security
Private VLANs
MAC address locking/filtering
Denial of Service (DOS) / Distributed DOS (DDOS) attack
prevention
Voice encryption (added in ShoreTel 6)
Phone +1.408.331.3300
Issue
Author
Date
1.0
J. Rowley
Initial Release
+1.877.80SHORE
Fax +1.408.331.3333
Copyright 2006 ShoreTel. All rights reserved. ShoreTel, the ShoreTel Logo, ShoreCare, ShoreGear, ShoreWare, ShorePhone, ControlPoint and Office Anywhere are trademarks or registered trademarks of ShoreTel, Inc.
All other marks are the property of their respective owners. Specifications are subject to change without notice. ST0130_5.06
www.shoretel.com