Office VOIP with Multiple Private Networks?

January 23, 2011 at 07:56:30
Specs: Macintosh
I'm going to move offices into a shared situation with 3 companies. Each company will want its own private network so there's no snooping between companies. I am planning on using VOIP for the phone system (Nextiva cloud based). Is it possible to set up the system so that each company has access to the VOIP system but yet remains sequestered in the their own network for everything else. I was hoping to do this with one data port at each workstation using Cisco SPA-303 phones. The way I understand this, is that the phone plugs in to the data port and you daisy chain the workstation off from each phone. Is this possible to do this while having the system I described? Another wrinkle is that I'd also like all the networks to be access shared printers. I am a complete novice at both VOIP & data but a quick learner.

Thanks in advance for your advice!


See More: Office VOIP with Multiple Private Networks?

Report •


#1
January 24, 2011 at 07:29:11
Is it possible to set up the system so that each company has access to the VOIP system but yet remains sequestered in the their own network for everything else.

Yes of course it is. Use VLAN's and separate subnets for each VLAN.

I was hoping to do this with one data port at each workstation using Cisco SPA-303 phones. The way I understand this, is that the phone plugs in to the data port and you daisy chain the workstation off from each phone

I'm not familiar with those phones, we use Nortel equipment here, but that's how it works for ours. I did this just to test on my own VoIP phone. I had to add both the data VLAN and the VoIP VLAN to the port on the switch with the data VLAN as the base VLAN.

Another wrinkle is that I'd also like all the networks to be access shared printers.

While making VLAN's, make one for printers and ensure there's a path to it from all data VLAN's.

Example:

VLAN 1 = management VLAN = 192.168.1.0/24
VLAN 2 = printer VLAN = 192.168.2.0/24
VLAN 3 = data VLAN = 192.168.3.0/24 (company 1)
VLAN 4 = data VLAN = 192.168.4.0/24 (company 2)
VLAN 5 = data VLAN = 192.168.5.0/24 (company 3)
VLAN 6 = VoIP VLAN = 192.168.6.0/24

Routing:
VLAN's 3,4,5 have routes to VLAN's 2 & 6

No routes between VLAN's 3, 4, and 5

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
January 25, 2011 at 12:15:39
Hi Curt,

Thanks for the help. I spoke to Nextiva and they say that all their functionality is cloud based so that as long as each phone has access to the internet, they don't need to be on the same VLAN. Even transferring a call from one extension to another happens in the cloud. I will take your advice about how to set up the rest of the VLANs.

Thanks!


Report •

#3
January 25, 2011 at 12:47:22
I spoke to Nextiva and they say that all their functionality is cloud based so that as long as each phone has access to the internet, they don't need to be on the same VLAN.

LOL

Ok, let me explain a couple of things to you since it's obvious you don't quite understand.

First, what I said above about VLAN's and their appropriate setup applies only to your internal network (LAN).

Second, the "cloud" (don't you just love buzz words!) is external to your network. As in, not a part of your LAN. What I wrote above is internal and designed to help you get packets, be they data or VoIP, back and forth from your internal network, to
a) other parts of your LAN
and
b) to the internet (external)

Once the data leaves your network (LAN) and heads out to the "cloud" you are now on somebody elses network and your VLAN tags are gone.

What the person you spoke with at Nextiva has no clue about is your internal network and was speaking solely about what happens once the VoIP leaves your network and enters "the cloud"

Third, the person you spoke with is likely a helpdesk analyst and as such, has little or no formal training on computers, has little or no experience working in industry and probably doesn't know the difference between a VLAN and a VPN.

If you're going to use VLAN's internally in your network, and from the sounds of your situation, this is the best solution for you, then you have to have a VLAN for the VoIP or the VoIP phones will not work and neither will any computers plugged into them.............period, end of story. Without a VLAN for the VoIP in a VLAN environment, the VoIP data goes nowhere, much less outside your LAN and out to "the cloud"

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Related Solutions

#4
January 25, 2011 at 13:14:07
Hi Curt,

Thanks for the help once again. I think I understand it better now and will make a VLAN for the VOIP. I still do have a question about the daisy chaining of the phones and computers. Do you know if it matters that the data from the computer hits the phone first in terms of getting to the correct VLAN? They told me the phone acts as a switch, so I'm guessing that the phone will "route" the data to the correct VLAN. Any thoughts? Again, thanks for all your help.

Best,

Philip


Report •

#5
January 25, 2011 at 15:17:00
Thanks for the help once again. I think I understand it better now and will make a VLAN for the VOIP.

Your posts have been pretty sketchy on details of your setup with regard to what type of hardware you're using.

VLAN tagging requires Layer 2 "managed" switches and a router. A layer 3 switch can both VLAN tag and act as a router.

Are you presently using VLAN's? Do you have equipment capable of running VLAN's? Do you, or anyone else in your workplace have experience with VLAN's?

I still do have a question about the daisy chaining of the phones and computers. Do you know if it matters that the data from the computer hits the phone first in terms of getting to the correct VLAN? They told me the phone acts as a switch, so I'm guessing that the phone will "route" the data to the correct VLAN. Any thoughts? Again, thanks for all your help.

Here's how I made this work with my VoIP phone. Using my example VLAN's from above.


VLAN 1 = management VLAN = 192.168.1.0/24
VLAN 2 = printer VLAN = 192.168.2.0/24
VLAN 3 = data VLAN = 192.168.3.0/24 (company 1)
VLAN 4 = data VLAN = 192.168.4.0/24 (company 2)
VLAN 5 = data VLAN = 192.168.5.0/24 (company 3)
VLAN 6 = VoIP VLAN = 192.168.6.0/24

On the port on the switch I plugged the VoIP phone into, I had to set the PVID (Primary VLAN ID) to the VoIP set's VLAN since that was what was plugged directly into that port. Then I had to add the VLAN tag for the data network as an "allowed" VLAN on that port.

So, let's say you're computer is in VLAN 3 and your VoIP phone (VLAN 6) plugs into port 17 on your managed switch. The settings on port 17 should be as follows:

PVID = 6
Allowed VLAN's = 6, 3

Basically what you've done here is made that port on uplink port. The above settings combined with the VoIP phone itself allow the data traffic (VLAN 3) to be carried on the same interface as the VoIP phone. The switch will then break the two data streams apart.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#6
January 25, 2011 at 16:04:03
Your posts have been pretty sketchy on details of your setup with regard to what type of hardware you're using.

So far it's vaporware. I have nothing and no experience using VLANs. I was planning on getting a router and a layer 2 managed switch. I was going to start this process very slowly by creating 2 VLANs and using 1 phone on each of those. Your posts above make perfect sense and I will try those out. I do have someone working with me who does have some VLAN experience. I have about a week to set this up before it really has to work for more than the test system. I'm hoping after some trial and error and following your sage advice, I'll be able to get this up and running. I'll let you know how it goes. I won't actually start this process for another few weeks and by then I hope to have a much better grasp on VLANs.

Thanks.


Report •

#7
January 26, 2011 at 08:01:20
I do have someone working with me who does have some VLAN experience.

Good, VLAN's aren't really complex, but if it's your first time around, it's always better to have someone who knows to help you out.

I have about a week to set this up before it really has to work for more than the test system. I'm hoping after some trial and error and following your sage advice, I'll be able to get this up and running.

That's not a lot of time to lab this out. The big issue is, how long will it take to get your equipment. With the equipment in hand, I could have this setup and be testing in about two hours with equipment I know. With a new-to-me make/model it would take a little longer as they're all a wee bit proprietary in their nomenclature and setup.

Aside from the router and switch, you'll want a phone and PC to connect to the phone in order to lab it all out.

I'll let you know how it goes.

I'd like that. If you need some more advice, PM me as well as responding to this thread so I'll be sure to see it.

I won't actually start this process for another few weeks and by then I hope to have a much better grasp on VLANs.

VLAN tagging is actually not a very complex thing to do, or learn. Do some googling and spend a bit of time on reading/research and by the time you have your equipment in hand and are ready to lab this out, you'll be prepared enough.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •


Ask Question