Thanks I will probably buy it. I had dropped cbt nuggets monthly subscription and not picked up and just been briefly reading over my books which I have some good ones and this site as well. I have been more playing non stop with live production equipment (in safe controlled way I promise lol)
I really have a big question on a network setup we run in Dordrecht Netherlands for 5 switches all layer 2. Would you mind if I asked you a question on that setup.
My manager for some reason does not want to use a different subnet for the voice and the data traffic. He is not worried about security aspect and says there should be no reason we would need routing between the data and the voice data. Instead he said just mark the ports from the media/cic servers with VLAN-VOICE and VLAN-DATA and both that way the voice vlan can communicate with the media servers and since all phones on the same vlan for this branch office all the phones will connect and work together.
Also there is a router but not managed by us some ISP company manages the router and all of our traffic is sent over IPSEC VPN so for the routed traffic we are not concerned about Qos.
Now on the voice vlan we have applied a LLDP policy which tags the VLAN ID inside of the 802.1Q header with the VLAN we choose see below we are testing on one phone right now so only applied to one port.
lldp tagged-packets process
lldp med network-policy application voice tagged vlan 100 priority 5 dscp 46 ports ethe 1/1/9
lldp run
on the data vlan we used the command dual-mode so basically on a brocade this is similar to a cisco were we make that port able to send and receive tagged and untagged traffic. after that we was able to tag the port to the voice vlan we had created.
once we did that and I set up the test voice vlan on all 5 switches and made sure all the trunk ports allowed the traffic I checked the mac address of the port:
Total active entries from port 1/1/9 = 2
MAC-Address Port Type Index VLAN
0004.xxxx.32e5 1/1/9 Dynamic 2104 50
0004.xxxx.32e5 1/1/9 Dynamic 14100 100
so the lddp policy was tagging the frame and sending over the voice vlan and it also sends it over the untagged port.
Just to note when we remove the LLDP the frame is no longer tagged and we will no longer see the mac of the phone on the voice vlan.
So recap for voice vlan 100 and data vlan 50 (changed some information for posting but you get the point)
when I read about using the same subnet for voice as you use for data the only forums post I could find on some other generic forums from google search stated you do not do that and the said it could not be done and the reason they gave was because when you setup the routing interface on say a layer 3 switch you could not setup the same default gateway for both of the routing interfaces or if you used a router the sub interfaces.
That made since but when I my manager pushed back at me this unorthodox method he kept asking where would we need routing at? As long as the voice traffic could reach the media/cic server and reach the phones and it could get its DHCP information then it did not need to be routed or speak to the other vlans and his whole thing was you could add ports that was needed to the voice vlan so he had me add all the server ports to both the voice vlan and data vlan.
Its just not what I read about in the academia environment and the books as they list out best practices. I guess my question is this. do you see any concerns besides security or something about this that it wont work?
I know this post is long and the thoughts probably not laid out well please push back for specific questions to help draw out the information if you are interested in trying to help me figure this out in my head and make sure it works and that he is not having me do something that can cause big issues.