how to set up a vlan -

Hewlett-packard / Omnibook 6200
February 1, 2009 at 22:08:13
Specs: Windows XP, p4, 2gb
I have 12 PCs and 12 Polycom phones - the PCs plug into the phone the phone plugs into the wall
I have a layer 2 switch (managed) and a netgear firewall router my polycom phones are in the address range to and my PCs and other devices are to

how do I set up one vlan for the phones, 1 vlan for the other devices and in some cases they VLANs will need to communicate with each other

I am having network congestion issues


See More: how to set up a vlan -

Report •

February 2, 2009 at 07:28:07
What kind of managed switch are you using?

Typical scenario is you configure the VLAN's on your switch, assign the VLAN's to the ports and then plug the appropriate device into the proper port.

the PCs plug into the phone the phone plugs into the wall

I did this in my office for a while (to test) and you have to have the base VLAN set to the VoIP VLAN. On my Nortel switches, that's called the PVID. So for example, let's say you have the following:

Management VLAN = 1
Data VLAN = 2

Port assignment would be as follows for a port carrying both the VoIP phone and a PC connected to the VoIP phone:

PVID = 3
Allowed VLAN's = 2, 3

The reason you'd have both VLAN's assigned to a port you're plugging a VoIP phone into should be obvious. If it's not, you need both because the port will be carrying both the Data and the VoIP traffic.

my polycom phones are in the address range to and my PCs and other devices are to

Are those on the same subnet? If you had posted the subnet mask, I wouldn't have to ask. If they are, I would separate that into two separate subnets.

Report •

February 2, 2009 at 08:00:41
You accomplish nothing with a vlan concerning your setup.

"PCs plug into the phone the phone plugs into the wall"

You need to rewire so phones plug into the wall and the pcs plug into different ports in the wall.

Then you can have the pcs on one vlan and the phones on another.

Report •

February 2, 2009 at 11:42:00
then you can't set up a VLAN by ip address range??? this is what I get from your response
thanks for replying

Report •

Related Solutions

February 2, 2009 at 12:19:13
a vlan is a hardware level switch like a train track. You can have one set of cars on one track and another set on another track and they won't hit each other.

You have a single switch which means you have a single broadcast domain.

You can image this as a street with houses on each side of the street. One side maybe odd numbered and the other side even numbered.

How much traffic there is on the street is not determined by the address numbering [tcp/ip addresses].

Now if you wire as suggested then with vlans you can create two broadcast domains.

With only 24 devices where is your "congestion"?
Does your switch support QoS?

It is QoS that you really want. This will allow telephone to get a higher priority over data so your phone calls are smooth.

Report •

February 2, 2009 at 13:55:15
then you can't set up a VLAN by ip address range??? this is what I get from your response

You misunderstood my response, and, you misunderstand VLAN tagging. I suggest you get more informed before attempting VLAN tagging in your work environment. Some extensive reading/research on VLAN tagging would do you a lot of good.

We can't explain everything you need to know to accomplish that which you want to do when you don't even speak the basic language of the concept involved. To someone who does speak the same language, my post was crystal clear.

I don't say this to be rude or mean. I'm simply pointing out what is obvious to myself and others who work with VLAN's and VLAN tagging on a day-to-day basis.

It's not that tough a concept but you do have to have a good understanding of networking basics (ie: sub/supernetting, routing, TCP/IP, etc) in order to make sense of it and employ it.

Report •

February 2, 2009 at 16:38:01
Data and phone traffic should be separated into there own vlan . Usually this is accomplished by setting the ports as trunks or in a cisco switch you setup a voice vlan in a different vlan. Right now though you have everything in the same big broadcast domain and phones are very sensitive to any kind of delay.You need a separate address space for your phones and then trunk those 2 vlans to the phone , 1 will be for your voice and the other is the data vlan hung off the phone. QOS should also be implemented if the phone switch is multiple hops away.

Report •

February 2, 2009 at 17:10:22

I was trying to get more informed, that is why I asked the question??

right now I am sorry I asked the question

BTW, my previous reply was not to you

I am glad I didn't have to pay to join this site

Report •

February 2, 2009 at 19:13:57
londo58 still here to help if interested

Report •

February 3, 2009 at 05:40:11
I was trying to get more informed, that is why I asked the question??

I understand. Simply put, you're talking about several courses worth of information. I gave you a solid answer, based on experience doing exactly what it is you wish to do. If the answer doesn't make sense to you, short of taking you by the hand and instructing you (which I don't have time for, sorry) I can't make you understand.

You have to learn a few things so that the answer would make sense. As I suggested, learn about TCP/IP, learn the OSI model. Learn about subnetting and supernetting and then learn about VLAN tagging. Once you've accomplished that, my answer, and the others, will make perfect, crystal clear sense to you.

I stated plainly I wasn't trying to be rude and I meant it....although from past experience with this same exact situation, I knew you'd take it personally. By situation I mean, someone without enough knowledge comes in, asks a question, gets an answer (or two or three) which they don't understand, gets mad at me, or others here, and behaves badly.

Heck, you didn't even answer the question I asked you, (ie: what make/model switch are you using) and you misspelled my name. So I have to wonder what it is you really want here. You certainly don't seem to be paying much attention.

Report •

February 3, 2009 at 12:19:38

they have a cheap linksys switch and they are getting a DLINK 24 port managed switch to replace it

can I create a VLAN using a group of tcp/IP addresses (per clients request)??

I have read where I can do this with a list of MAC addresses, or is a list of IP addresses something tied to a particular vendors switch (using rules or ??)

it might be a moot point, the customer might not be willing to buy the hardware that does do a VLAN with a group of IP adresses -

Report •

February 3, 2009 at 13:08:48
A vlan is not a group of ip addresses. The answer would be no.

As I explained previously you will accomplish nothing by changing ips.

Which puts us back at the real question of where is your "congestion"?

Because of the way you are wired, pc to phone to switch you have one line supporting two ip devices.

Think about it a second. Why would an ip address make any difference to the traffic going over that wire?

You would also have the issue that all devices are using the same gateway ip. You change to a different ip scope one or the other will not have a gateway.

There is nothing you can do via switch, vlan or ip that will make any difference at all until you properly wire the facility.

Report •

February 3, 2009 at 13:29:35
after reading the previous replies - I had considered having them use the old switch for the PCS and the new switch for the phones - he would just have to run another 12 cables

its a small office

thanks for the replies

Report •

February 3, 2009 at 14:00:18
VLAN's are really independant of the IP addressing.

For example, I can (and I have) take an older managed Cisco 24 port switch, create 3 VLAN's and assign the 4 existing (the management VLAN, VLAN 1, is there by default) to ports.

For the sake of ease of use I do the following:

VLAN 1 = ports 1 - 6 = Bank 1
VLAN 2 = ports 7 - 12 = Bank 2
VLAN 3 = ports 13 - 18 = Bank 3
VLAN 4 = ports 19 - 24 = Bank 4

Now I have 4 banks of 6 ports each assigned to a different VLAN.

I now plug my work PC and my department laptop into two ports in Bank 1 (for example) and assign them the following:

I now open a command prompt window on both and ping each from the other. I add the -t switch to make that ping continuous. Both reply to the other's ping as expected.

I can now take those two, unplug them from Bank 1 and plug both into Bank 2. After a few lost replies, the pings start replying properly. I can do the same with Banks 3 and 4 as well. The same is true for changing the IP's. Leaving the units plugged into bank one, I can change their IP's to and (SM= still) and voila, pings will start replying again (well ok, I'd have to redo the pings with the new IP's, but they would indeed respond).

As long as the PC's plugged into the VLAN's have the same subnet, they can communicate.

If I move the PC to Bank 1 and the laptop to any other Bank, no communication.

It's worth noting I can do the above with our managed 3Com switches as well as our Nortel switches. The point being, the VLAN's are not tied to IP's, or MAC addresses for that matter.

after reading the previous replies - I had considered having them use the old switch for the PCS and the new switch for the phones - he would just have to run another 12 cables

That actually sounds like a better idea. Certainly it would be less hassle for you. Not only would you not have to learn about VLAN tagging, you'd also get to avoid learning how to use the managed switch. Which I'll tell you right now, can be a real hair puller depending on the manufacturer.

Where I work, we have separate outlets for VoIP and data. Which means a minimum of two RJ-45's per wall outlet. We've even color coded ours. Black is data, blue is VoIP.

Report •

Ask Question