<div dir="ltr">One thing to note: You can set the VLAN in the Polycom config file. The advantage to that is a) if you plug a computer into the second port on the phone, it won't be on the VLAN, and b) if someone unplugs the phone and plugs a computer into that network port, it won't be on the VLAN.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 25, 2021 at 2:07 PM Neal Rhodes via Ale <<a href="mailto:ale@ale.org">ale@ale.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
I have never worked with VLANS before.<br>
<br>
My understanding is the simple (ha!) way of doing VLAN is to let the <br>
wired switches (NetGear) assign it based on what port into which things <br>
are plugged.<br>
<br>
Imagine a church with offices and sanctuary upstairs, community schools <br>
and distance Learning downstairs, printers for each, and Wifi hotspots <br>
here and there. And now everything is getting a 192.168.1.x address <br>
assigned by the DHCP on the Firewall Router.<br>
<br>
And there are some obvious reasons you might not want students <br>
downstairs having access to office computers, or the audio mixer in the <br>
sanctuary, but they might need to print something on occasion.<br>
<br>
Ergo the outline of Routers/VLANS I'm thinking of is below. Indented <br>
generally means "I'm plugged into this device above".<br>
<br>
Main Firewall Router: (now Cisco, but likely Ubiquity soon)<br>
- Comcast VoiceEdge Server (No VLAN)<br>
- Office Switch (NetGear)<br>
- VLAN1<br>
- PolyCon Office phone-sets<br>
- Computers Connected to them<br>
- Computers wired direct to switch<br>
- Office Wifi Hotspot<br>
- VLAN2<br>
- Sanctuary Switch<br>
- Propresenter PC<br>
- Streaming encoder<br>
- Camera<br>
- X32 Wifi Hotspot<br>
- X32 Audio Mixer<br>
- Mixer Control Tablets<br>
- No VLAN assigned<br>
- Office HP Printer<br>
- Office Toshiba Printer<br>
- Hanberry Hall Wifi Hotspot<br>
<br>
- Downstairs Switch (NetGear)<br>
- VLAN3<br>
- Community Schools phone-sets<br>
- Computers Connected to them<br>
<br>
- Downstairs Hallway Wifi Hotspot<br>
- Students doing Distance Learning<br>
- Shepherd's Hall Wifi Hotspot?? (do we have to move cable? <br>
Or can that hotspot claim VLAN3?)<br>
- Students doing Distance Learning<br>
- No VLAN assigned<br>
- Community Schools Toshiba Printer<br>
<br>
My understanding is that each switch will add the VLAN tag, and that by <br>
default the Firewall Router will not pass data from one VLAN to another <br>
VLAN. Thus:<br>
- Any device can obtain internet NAT service;<br>
- Any device can print to any printer NOT on a VLAN;<br>
- Any device can access the VoiceEdge server;<br>
- No devices outside the Sanctuary VLAN2 can access it;<br>
- No devices outside the Office VLAN1 can access it;<br>
- There is no need to enforce the Guest logins on the downstairs Wifi, <br>
as there are no resources to compromise other than paper and toner.<br>
<br>
How Comcast voice behaves is important to know. Do phone-sets only talk <br>
to the voice server? or do they talk to each other? I shall attempt <br>
to beat an answer out of them on this.<br>
<br>
Am I thinking right on this? what Firewall Router feature requirements <br>
are needed to support this?<br>
<br>
regards,<br>
<br>
Neal<br>
<br>
<br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
</blockquote></div>