0

I have a standard corporate network with Active Directory, and I have an outbuilding for the local community college. We run off port 1 on our modem and run straight into our Palo Alto, which then feeds into our core switch; the CC runs off port 2 and jumps straight out via two Cisco SG300s to their Watchguard and their AD handles network settings through the VPN tunnel. The PCs need to run off their connection, but the Avaya VOIP phones need to run off mine.

enter image description here

Attempted solution: I ran a line (vlan'd off) from an open port on one of my access switches to the SG300, then set the same vlan on the SG300 at the other end and tried to run the VOIP phones off that. No dice. The vlan is in my core with the address of the closest SG300 as the IP address. No dice.

I suspect the issue is that I'm missing a subnet for the phones, but inside our network that's handled by option 242 in our DHCP server. Do I need to set second IPs on the two SG300s for my network to see them, and serve DHCP to the phones over our vlan?

Right now I can plug into either of the SG300s and get out to the internet, but I can't get connectivity with my domain no matter what vlan the port is set to.

Zac67
  • 10,320
  • 2
  • 12
  • 32
ERA
  • 1
  • 1
  • 2
    Please add a network diagram to your question - as it is it's very hard to make out what's where. – Zac67 Feb 09 '23 at 21:55
  • Added via link in the body of the post. – ERA Feb 13 '23 at 14:46
  • 1
    And the question is? "Teach me network basics" is a bad question for a pro place. Nail it down to a SINGLE ACTIONABLE iTEM. – TomTom Feb 13 '23 at 15:09

1 Answers1

0

Do I need to set second IPs on the two SG300s for my network to see them, and serve DHCP to the phones over our vlan?

Only when you use them for routing. As it appears, you're trunking VLAN 99 to the core switch, so that's where you need to a) configure the VLAN, b) add an IP address to the VLAN, used as gateway, c) configure routing and d) provide DHCP (direct from core switch, or a directly connected server, or by DHCP relay).

Depending on the phone configurations, you need to either configure VLAN 99 as untagged on their ports (access mode) or tagged (trunk mode). Make sure you exclude unwanted VLANs on the switch ports towards the phones.

Your question is still somewhat hazy and terminology unclear. When checking connectivity

  • L2 connectivity: make sure you see the required phone MAC addresses in the switches' MAC tables in the desired VLAN
  • L3 basics: make sure DHCP works on the new VLAN (see above)
  • L3 routing: make sure you can ping from the phone VLAN to your SIP gateway and vice versa
Zac67
  • 10,320
  • 2
  • 12
  • 32