We run VoIP for 1000 users over 26 sites using Cisco UCM's. Bit above what you are asking for but I can offer advice.
Although vlans might seem like an overhead to you, they can become your best friend. Yes, there is a learning curve but it will be worth it in the end.
The advantages of vlans come in their isolation ie they limit broadcast domains. They also give you more granular control.
Incidentally, you could achieve the same physically ie with another switch (on a different subnet) to which you only plug the phones into.
With VoIP, you need top notch networks ie you will need to pay attention to QoS etc as allowing users to fully saturate the bandwidth ie heavy download, file copy etc will result in degraded call quality with users don't like to put up with. In this day and age, they demand that phones just work. More so than pc's. Voice needs to be a priority as it needs to arrive in real time and any delay will cause call degradation.
For 40 users, my advice would be to go for a separate vlan (or physically lan if you don't want to get into vlan's)
Most managed switches have programming on them that can assist you with QoS etc eg voice vlan's which can also make it easier for you. So although it might seem daunting at first, it's worth putting the effort in or you could find yourself in a situation where there are issues and they aren't easy to diagnose.
Let me guess, one point against vlans is the planned usage of the builtin switch in the IP phones for the PCs and laptops? If I am right do yourself a favor and stop thinking about that idea any more ;-) In every situation we had to use them strange behaviours occured to the PC/Laptop connectivity that directly connected devices never have...
In an environment like this i would use a free interface of the UTM for another local network and change all ports on the switches, where a phone is connected to untagged vlan2 for example. Also the port where the UTM is connected via the additional Interface. The uplinks between switches have to be changed to untagged vlan1 (Default) and additionally transfer tagged vlan2. Now you can use the UTM as DHCP for the vlan2. All switches, where a phone is connected need to be vlan capable, but the invest in exchanging 'stupid' 5 or 8port switches to managed switches is worth it.
As explained above you should really consider to DO choose for VLAN's. It's really not that difficult and most switches nowadays fully support it and can also automatically put your phones in the right VLAN no matter to which switch port you connect them (Using what's called Voice VLAN where the switch looks to the MAC-address (OUI-part) and based on that places the phones into their own VLAN).
Also the built-in switch doesn't have to be a problem; we have an Avaya system and there the computers connected to the phone's switch will get the proper VLAN (which is different from the phone's VLAN itself). Also we don't really have any problems with the built-in switch on the phones other than that most of our phones have a 100Mbps built-in switch.
Hi,
I aggree to my previous writers: you should work with different VLANs.
According to your question: you can work with two different IP subnets in one LAN. If there's no routing instance between the subnets, only clients of the same subnet will see each other (VoIP see VoIP, workstations see workstations). But I think it is not possible to add two different DHCP ranges on the same LAN interface of the UTM. I'm also not sure if you can route between the subnets with one physical LAN interface. For this the interface must have two IP addresses, one of each subnet.
Jas
Thanks for the answers.
I'm not opposed to VLANs, I just wasn't sure for roughly 40 users that it would make a difference... which based on all the replies, seems like VLAN is the way to go. Additionally, to be honest, while I understand the concept, I haven't designed one previously. So with that said, hopefully I ask some more questions and provide some more details :
Hopefully that all makes sense.
Thanks in advance.
VLANs serve a single purpose...security. That's it. If you NEED to separate your network because you can't have network devices "seeing" some other devices on your network, that is when you use VLANs.
I've setup many flat networks that included hundreds of VoIP phones without the use of a single VLAN and have yet to run into any issues that were a direct result of the internal network. In every case of a problem, the issue could be traced back to the ISP or destination or some point in between. Jitter and latency are your worst enemies for VoIP and if you have problems with those on your internal network, you've ether got bad infrastructure (ie: bad cabling, terminations, equipment) or a bad network design. Do yourself a favour and read item #5 here...
I totally onboard with others in recommending you run separate drops for phone connections and don't use any phone's internal switch. They are garbage unless you pay huge money for the phones.
Empty Set said:Due to the lack of drops at end user stations, we are planning on using the switch in the phones (this may change down the line as we expect to have work done on our home office and have multiple drops added)
This is likely to cause you many headaches.
Empty Set said:We currently don't use VLANs, so with the knowledge that there won't be a different switch for phones, how would I establish what I imagine is two VLANS (data and voice)?
VLANs are not a necessity unless for security separation as mentioned.
Empty Set said:Our new VOIP system will be cloud based if that makes a difference
Make sure you have your provider set you up with onsite testing units before you sign anything so you can see and experience how things work. This isn't a guarantee that things will work well and forever (internet routes change constantly so there's no guarantee that packets travelling one route will always travel that route), but it's a start.
Empty Set said:Can the Sophos UTM 220 be the DHCP for these two different scopes and understand how to provide each type of device their proper subnet
Yes, you simply have to setup a new interface you get to set the IP address for your gateway as well as netmask, then setup a new DHCP server on the UTM.
