Re: Layer 2 VLAN for NBX phones

richmorrow624 · ‎01-12-2007

I have some questions bout VLANs and isolating traffic.

We have an NBX phone system that is not using IP On-the-fly.

The phone system has an IP address for management purposes only. We do use paging and confrence call functions that work off of IGMP multicasts.

The handset phones are working only on layer 2.

I would like to isolate this traffic from the rest of the network with only have one uplink to the core switches. Then filter the multicasts on the uplink port (if I can do that).

The problem is I cannot make a physical isolation in some areas because there is only one switch. I have plenty of ports available to VLAN this traffic it would help.

Would this be a way to go in this situation?

Would a VLAN help in this case?

Amit Singh · ‎01-12-2007

Yes you have to go for a VLAN.Vlans are the means of logical isloation at layer2.In case of a physical isolation you would require a separate switch that will uplink to the coore and you have to do the inter-valn routing for communication among the diff vlans. Here just create the vlan on the switch and assign the respective phone ports to the vlan and this will solve your purpose.

Let us know if you have any query.

-amit singh

richmorrow624 · ‎01-14-2007

Thanks for the reply.

My situation is a little tricky in that:

The phone system is on the same subnet as the servers in my LAN.

The phones in some cases are a long distance away and connected to a central fiber switch via a fiber link, then uplinked to the Cisco 4503s.

Would i need to change the IP Address on the phone system (only used for management purposes)?

In the case of the Phone system VLAN, the VLAN does not need an IP Address since I am only concerned about layer 2 correct?

Can I create the VLAN

sachinraja · ‎01-14-2007

Hello Rich,

You can definitely create VLANs, but need to take care of some things here.. Since you are saying , it works on layer 2, and if u dont assign an IP on layer 3, this phone will not cross the VLAN boundary.. if the IP PBX or the IP phone server is on a different VLAN, then u will have issues.. All the required components should be in the same broadcast domain for these phones to work fine, since all the components are in layer 2 VLANs..

Also, you can have the management IP on any VLAN and assign the phone an IP addrss. since this is on layer 3, this will be reached from outside.. but on a single port, u can define only one data VLAN... so, u can configure the layer 2 IP phone VLAN as voice VLANs and the management VLAN as the data VLAN for that switchport.. This is how we normally do it on the IP telephony solution of Cisco...

Hope this helps.. all the best. rate replies if found useful..

Raj

richmorrow624 · ‎01-15-2007

Thanks you for the excellent reply.

Forgive me because I am not sure I understand here.

The NBX phones are all layer 2 devices and I am only concerned with isolating them from the rest of the network.

Are you saying that even though the phones are a layer 2 device, I will still have to give the VLAN I create for them on the Cisco switches an IP address? Even though the phones themselves will not use this address?

Also, I am a little confused by this:

"but on a single port, u can define only one data VLAN... so, u can configure the layer 2 IP phone VLAN as voice VLANs and the management VLAN as the data VLAN for that switchport.. This is how we normally do it on the IP telephony solution of Cisco... "

Can you explain?