Two VoIP VLANs

TimA
Just browsing

Two VoIP VLANs

Is it possible to configure two different VLANs for VoIP, on an MS350 switch, for two different model IP phones on the same port? We’ve got different headers on the DHCP scopes, but I can’t see an easy way to add more than one VLAN ID on the config screen!

6 REPLIES 6
Uberseehandel
Kind of a big deal

Have you tried configuring the switch ports as Trunk rather than Access? This allows multiple VLAN IDs to be entered.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

We have the ports configured already with a data VLAN and VoIP VLAN, for existing Avaya phones and PCs. We need to allow for Cisco phones to now be used on a separate VLAN, ideally across all ports. 

Uberseehandel
Kind of a big deal

You can have multiple VLANs on a switch port configured as Trunk - 

 

SwitchPortVLANs.jpg

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
hoempf
Getting noticed

Short answer: You probably can't. Unless you manually configure the phones to tag their traffic with a specific VLAN and then use a trunk port as suggested by @Uberseehandel.

This is a very static configuration though and it's also not very secure. If you have the option to use a RADIUS server you could assign a different VLAN for different sing-in credentials / phones. The phone logs in and RADIUS assigns a VLAN based on some criteria of the phone's credentials or properties (like group membership for example). This way you can plug in your phone where ever you want (=move it if need be) and be sure it always gets the correct VLAN. Basically RADIUS is telling the switch which VLAN to use for this port after the device authenticates regardless of what is configured on that port.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/RADIUS_Override

Hope this helps.


@hoempf wrote:
 . . .  use a trunk port as suggested by @Uberseehandel.

 . . .  it's also not very secure.


How is explicitly allowing only specified VLAN traffic on a switch port "not very secure"?

 

You cannot take single components of an overall network design and pontificate on whether or not a feature is "secure".

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Perhaps I should have written „potentially less secure“ since (again: correct me if I‘m wrong) you can‘t do authentication on a trunk port. „not very secure“ was bad phrasing, thanks for pointing that out.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels