|Thank you Curt R for you prompt response. Due to budget restraints, I can't put in L3 switches. I was hoping to use L2 swithes to separate my data and voice traffic on the LAN side and route them to the gateways either by using the ISP's Cisco equipment or by installing a L3 device before the gateway. Does this sound like a viable solution?|
Bummer! It would have been nice to go to L3 switches for many and various reasons.
I suspect you could enlist the help of your ISP to do your routing so I would talk to them, explain your situation, find out what they can do for you and what it would cost. Then compare that to doing it yourself.
If you know UNIX, OpenBSD can be made into a router/firewall quite easily and it's basically free. Where I work, we used teamed (for redundancy) OpenBSD boxes as our routers/firewalls and they work quite well.
BTW, the management Vlan tip sounds like a very good practice. Wuould these ports where I trunk the switches together as well?
Just FYI, a management VLAN is a must in a larger environment. You will want to go this route if feasible with an eye toward expansion and ease of management.
Since your switches will be assigned IP's in your management VLAN (for sake of example we'll say: VLAN 1 = 192.168.1.0/24) With all trunk ports assigned to VLAN 1 (base VLAN), and all other VLAN's are to be passed on this trunk port (as 'allowed VLAN's'), it follows that all traffic (ie: all VLAN's) are then carried on the trunk ports and broken out on the individual ports.
Now let's say you have:
VLAN 2 = 192.168.2.0/24 = Data
VLAN 3 = 192.168.3.0/24 = VoIP
If your VoIP phone is being connected directly to the switch with nothing plugged into it, the port would be tagged with VLAN 3. If it were a data port, VLAN 2. If a combination, like with my Nortel phone and my PC plugged into it, it's base VLAN would be VLAN 3 and VLAN 2 would be an 'allowed VLAN' also tagged to the port.
The reverse would be true for your setup with the phone plugging into the PC.
The following is pretty much the documentation format we use for our switch configs:
Switch - port - Base VLAN - Allowed VLAN's - Description
192.168.1.100 - 48 - 1 - 1, 2, 3 - Trunk (uplink to ???)
192.168.1.100 - 1 - 1 - 1 - management port
192.168.1.100 - 2 - 2 - 2, 3 - Data/VoIP
192.168.1.100 - 3 - 2 - 2, 3 - Data/VoIP
192.168.1.100 - 4 - 2 - 2 - Data
192.168.1.100 - 5 - 3 - 3 - VoIP
Port 1 is designated as a 'management port' so if you need to, you can take a laptop, plug into port 1, give your laptop an IP in the management subnet and then make changes to the switch or whatever you need to do. This is in case your main connection to the switch stops working for whatever reason and you can no longer remote into it.
Port 2 is going to be assigned to a PC that has a VoIP phone plugged into it so it has to carry both VLAN's with the base VLAN being that of whatever device is actually plugged into the port.
I did port's 4 and 5 as one each Data/VoIP so you could see the difference.
You will also need to have input from whomever is going to be taking care of your VoIP controller so I suspect you'll need to meet/talk with both your ISP and the VoIP people (Centrix) in order to deploy your VLAN's and VoIP correctly.