The problem at the time was the crappy switches that the IT guy who I replaced used to build the network originally were dumb, un-managed switches. I knew that if we were going with VoIP we needed to separate the SIP traffic to it's own VLAN, which meant we needed managed switches.
Well since my company is also very cheap, I couldn't spend any money on decent CISCO Catalyst switches, and we ended up with these really terrible Trendnet TEG-448WS switches that could handle VLANs fine, but were super basic when it came to QoS, which is important in VoIP.
After over a year of random drops, and other irritating issues, we had a VoIP company come in to make a recommendation. Mainly, I wanted a 3rd party to come in and confirm what I had been trying to say for a while, which was that we needed better switches.
They still wouldn't let me get a CISCO Catalyst, but they did let me buy some refurbished Dell PowerConnect 3448P's. These switches had more robust QoS features, but they had an interesting problem on their own. By default, you can't modify VLAN 1. It is considered the Native VLAN, or the Default VLAN. That means that all ports are untagged on VLAN 1, and you can't change that. Well, I should say, it's kind of a pain, hence this article, but it can be done.
In order to use VLAN 1 in a true trunk, which is what I wanted to do, you need to be able to set a port to be tagged on all VLANs. Now, you might be saying, why not just set the port on the device you are connecting to as untagged? Then there isn't an issue right? That's true, but the device I was connecting to was a Fortigate 60C Firewall, and it wouldn't give me that option. All VLAN interfaces on that unit are tagged, and cannot be set to untagged. At least, I don't know how to do that.
So what I had to do was to change the VLAN number of the default VLAN on my Dell PowerConnect 3448P. You cannot do this through the web interface either by the way, you have to do this through the terminal. I recommend doing it using the serial port. Also, once you do this, the original IP will be wiped out, so prepare for that. I set mine to 600, because I wasn't going to use it.
Here's what I did:
- Create a new vlan
enable > configure > vlan database > vlan 600 - Set the new vlan as the default vlan
default-vlan vlan 600 - Save your config, then reboot the device
end > copy ru st
reload - Create a new vlan 1
enable > configure > vlan database > vlan 1 - Set a new IP for vlan 1
exit > interface vlan 1 > ip address 192.168.0.8 255.255.255.0 - Set a new IP for vlan 600
exit > interface vlan 600 > ip address 192.168.1.8 255.255.255.0 - Plug your laptop into one of the ports, it should be untagged with vlan 600.
- Give a static ip to your laptop on that subnet, and browse to the ip address of vlan 600
- Login to the web interface, and now you can start tagging and untagging ports on vlan 1 through the gui.
Did this help you out? Are you in a similar situation? Let us know about it in the comments.