A friend assumed a new roll providing IT services to a small firm of about 100 people, and has gone about trying to correct the problems with the current infrastructure. From what I’ve been told, they have non-Cisco VoIP phones connected to a Cisco POE switch, and everything is in a single VLAN. He mentioned that the data stomps all over the voice, and there are overall bandwidth issues – to make things worse, there isn’t an easy way to see who the bandwidth offenders are. Please note that you need a Layer 3 switch – this means that your switch is able to do some routing.
So, I decided to write a more general post, listing some best practices for setting up a small office for voice. In this example we’ll be setting up a 48 port switch for a small office, including some VoIP phones:
- 48 port Cisco POE switch
- non-cisco phones
So, here is what we’d like to do:
- Put the PCs and phones (and other devices) in a different vlans. Vlan stands for virtual local area network, and what it does, is make a new network, similar to just having a separate physical switch. We’ll be making several vlans, and they will have different IP address ranges.
- Address DHCP. We’re going to have several different vlans (networks), and each one will need it’s own DHCP scope.
- Turn on SNMP. This is a great way to monitor your servers, especially using the open-source software Cacti.
So, let’s get to it:
IP address assignment
Since we’re going to have multiple different networks, we’ll need to assign them different (non-overlapping) IP ranges. Here is what I propose:
- Vlan2 – 10.2.X.X – servers
- Vlan3 – 10.3.X.X – users (user devices like desktops)
- Vlan4 – 10.4.X.X – voice (this will be for phones)
- Vlan5 – 10.5.X.X – wireless (put your access points in this network)
- Vlan6 – 10.6.X.X – printers
The more you separate different types of devices the better off you are. You’ll be able to gather more information, and isolate any offending devices much easier. Also, you can do things like limit wireless users access to the internet (and not to the user PC and servers).
Setting up your vlans:
These commands are entered from the enable prompt on your Cisco switch
entering config mode:
interface Vlan 2
ip address 10.2.1.1 255.255.0.0
interface Vlan 3
ip address 10.3.1.1 255.255.0.0
interface Vlan 4
ip address 10.4.1.1 255.255.0.0
interface Vlan 5
ip address 10.5.1.1 255.255.0.0
interface Vlan 6
ip address 10.6.1.1 255.255.0.0
So, now we’ll that we have our Vlans setup. Before they will work, we’ll have to add some ports to them.
We’re going to break out switch ports down like this:
- 1-9 – servers
- 10-41 – users & phones (you could connect a phone, a PC, or both to these ports
- 42-43 – wireless ap
- 44-48 – printers
So, to add everything to the interfaces to the proper vlans, we’ll use some interface range commands. Keep in mind that your interfaces may be named differently (i.e. Gigabit)
interface range FastEthernet 0/1 - 9
switchport access vlan 2
interface range FastEthernet 0/10 - 41
description Users and Voice
switchport access vlan 3
switchport trunk encapsulation dot1q
switchport trunk native vlan 3
switchport trunk allowed vlan 3,4
switchport mode trunk
interface range FastEthernet 0/42 - 43
switchport access vlan 5
interface range FastEthernet 0/44 - 48
switchport access vlan 6
So now, you should be able to issue the command “show vlan” and see all the interfaces in the proper vlans
Assuming you have an existing DHCP server, you’ll need to setup a scope for each subnet.
Optional – you could use the Cisco switch to be your DHCP server (this is quite common for IP phone deployments). If you wanted to do that, just use the following commands. You can have multiple dhcp pools on a single switch.
First, we’ll reserve the first 10 ip addresses for your voice servers, and devices (the first number is the low ip address, and the second is the high address – everything between is not avaliable to the dhcp pool):
ip dhcp excluded-address 10.4.1.1 10.4.1.10
The DHCP option 150 may or may not apply to you. If you don’t need it (or know what it is), then you can just leave that line out. This is the TFTP server where your phones will download their load from.
ip dhcp pool VOICE
network 10.4.1.0 255.255.0.0
dns-server 18.104.22.168 22.214.171.124
option 150 ip 10.4.1.2 10.4.1.3
OK, this is the easy part. Just enter config mode on the switch and use this command. Be sure to replace the CHANGEME with your own (madeup) community string
snmp-server community CHANGEME RO
Once this is done, anyone on the same network will have read-only access to the snmp data of the switch. I would suggest that you use something like Cacti all the switch-ports on your switch.
Plugging in the phones
The last piece of the puzzle is to tell the phones what vlan they are in. With Cisco phones this is discovered automatically through CDP, but since CDP is a proprietary protocol, that doesn’t work with all phones. I’ve read that you can add other options to the DHCP scope that will point these phones in the right direction, or you could simply go to each phone and hard code it’s voice vlan. Just be aware of the IP address that your phone gets, and make sure that it’s from the correct network.
A fantastic tool for small business, or test labs for that matter is VMware’s free ESXi. This will allow you to turn a single computer or server into several virtual machines. I would suggest loading ESXi onto an old server or desktop, and then running CactiEZ on as a virtual machine. CactiEz is a pre-build version of cacti, that comes as an ISO and is ready to roll.
VMware ESXi – http://www.vmware.com/products/vsphere-hypervisor/
CactiEZ – http://www.cactiusers.org