Announcement

Answer to your question

For starters, review the document titled: "Best Practice Recommendations for Implementing VLANs in a ShoreTel VoIP Environment with IP Phones." Here is a link below to a public web site that has the doc without requiring registration (if you don't have a Shoretel support login.)



Next, for your config, you need to publish the option 156 on your regular VLAN with the 192 address in addition to voice VLAN. The boot process of the phone goes like this...

1) Phone boots and gets a DHCP address from the native VLAN of the port (in your case, I'm assuming the 192.168.1.x address is your native VLAN.) It also receives the 156 set of options telling it where to go for the ftp server, and also (here's the key) what the VLAN is that it should switch to.

2) After booting enough to do some work, it will issue a DHCP release on the native VLAN, and immediately try to acquire a DHCP IP address on the voice VLAN using the VLAN ID that it learned from the option 156 (in your case, VLAN 100).

3) The Layer 3 DHCP ip-helper on your 3750 switch will route the DHCP request to your Linux DHCP server on behalf of the phone.

4) Your DHCP server will hand out a 10.100.100.x address back to the 3750 switch, which will pass it back to your phone, along with the Option 156 stuff.

5) Your phone will now have a 10.100.100.x address and still know the IP address of the FTP server, etc. and will then continue to boot normally within the VLAN 100.

Hope this helps!

Thanks! This helps a lot. I wasn't grasping the fact that the phone pulls an address from the regular subnet first, and then, using the code 156 info, reboots and picks up another address in the voice VLAN.

Thanks for the link as well.

John

I read the Shoretel best practices vlan guide. It says VLAN and QOS are not absolutely necessary because Shoretel VOIP "has one of the best voice sampling, audio digitizing and packetization processing in the VoIP industry ...
It is common to deploy several hundred ShoreTel IP phones intermixed with several hundred general-use workstations in the same campus LAN environment and have no need to deploy VLANs or implement QoS on the LAN"

Is this real? I have 2 offices each with about 15 phones and the Shoretel VOIP sound quality for calls between the two offices is so bad that we are using Skype now. We don't have QOS or VLAN.

Qos

The arcticle says there are many times that QOS on the LAN is not needed. A Surplus of bandwidth hides a multitude of sins.

Your problems come from a lack of QOS on the WAN.......

If your calls are crappy inside the office, then you need QOS on the LAN. If they are crappy site to site, you need QOS on the WAN.....

When installing VoIP you want QoS and a separate VLAN. It is just the best practice. Yes the shoretel is good, but not good enough to create extra bandwidth :gunsmilie:

I'll 2nd the need for QoS. The VLAN portion is slightly optional to help protect your VoIP network and provide more and easier QoS control. At our remote location of less than 10 phones, we don't setup VLAN. At HQ with lots of phones, it's all on a separate VLAN. In your case, you ABSOLUTELY need QoS on the WAN interfaces to fix your issues. This being said, configuring QoS on the WAN edge routers is only part of the battle. For it to truly be successful, you need a carrier that performs QoS on their circuits between your two sites. In my case, I worked with Qwest on our MPLS network and chose a QoS template from the options they gave me, and then matched my QoS rules on our Cisco routers to match the template they put on the MPLS network.

With what we have configured now, I can have a T1 to a remote location FULLY utilized with data traffic (say a massive download, etc.), and you can start up a call and talk without ANY audio problems at all, no clue the T1 is pegged with data traffic.

Here is a post regarding an ISC DHCP server:

ISC DHCP Server serving a ShoreTel phone system | Read, Deploy, Enjoy!

I am using Active Directory DHCP

How can I make it work with Active Directory's DHCP? I do not know if I need to create another scope.

I currently have a scope of 172.30.0.0 for my computers on VLAN1 (in my Dell switch)
I am gearing my network to have 172.30.1.0 for all IP phones and devices like my FTP. This is associated with VLAN2

I set up option 155 for my FTP server 172.30.1.6 and option 156 ftpservers=172.30.1.6, country=1, language=1,layer2tagging=1,vlanid=2

based on your ip scheme, I assume your netmask for each vlan is a /24 (255.255.255.0)
You will need two seperate scopes defined in DHCPMGMT, each with seperate gateways, and you need the 155/156 options in both also. the phone will boot and dhcp on the untagged vlan, which should be the 172.30.0.0 and pull its 156 option from that scope, it then sees the vlanid=2 so it turns on tagging and reboots, now broadcasting its dhcp request on the 172.30.1.0 network.

something to look out for - your first scope will have leases from the first boot of the phones. i ran into the situation before where not enough leases were available for all the segments nodes so some phones could not get the vlan tag information. make sure you have enough ips in your untagged vlan to accomidate your phones running through the vlan jump.

Do I need option 155 since option 156 states the ShoreTel server?

Also, if I am creating these option 155 & 156 in my data scope (172.30.0.0 255.255.255.0) then do I need option 4 which is the time server? Which scope should it belong in if I need it?


Here is where I am at so far:


Data scope (172.30.0.0 255.255.255.0)

Option 156 = (ftpservers=172.30.1.6, country=1, language=1,layer2tagging=1,vlanid=2)
Option 155 = (172.30.1.6) on our untagged (data scope)


Vlan Scope (172.30.1.0 255.255.255.0)

Option 4 = 172.30.0.4 (AD server on data network)

If I am running 2 different scopes, will my computers pick up on the IP Phone scope since they are both in DHCP?

Sorry. I am getting a little confused.

All you have to do is setup two different scopes with option 156 and the string info in both. The phones will first hit the data scope grab a data address and the string info. Now the phone has the TAG and now is forced to reboot and grab an address from the voice V-lan. If you have computers plugged into the phone's switch port the computer will hit the data scope and get an address. Since the computer CAN NOT be tagged the computer will not look anywhere else for an address and will reside on the data network.
Yes, put option 4 in both scopes; the phone needs a time address.

I have added option 156 and 4 under both scopes (172.30.0.0 and 172.30.1.0) of Microsoft DHCP. When I connect the phone to the network, it finds the FTP server (172.30.1.6) but it is assigned and ip address from 172.30.0.0.

Here is a copy of my switch config, which I sent over and over trying to see if anything was missing, but I really do not think that is the issues, b/c the phone is able to see 172.30.1.0 and 172.30.0.0 and it is getting a DHCP address from my Microsoft server on my 172.30.0.0 network.





BTX 6248P#
BTX 6248P#show run
!Current Configuration:
!System Description "PowerConnect 6248P, 2.2.0.3, VxWorks5.5.1"
!System Software Version 2.2.0.3
!
configure
vlan database
vlan 2,1000
exit
hostname "BTX 6248P"
sntp broadcast client enable
sntp server 192.168.1.12
clock timezone -5 minutes 0 zone "EST"
stack
member 1 5
member 2 5
exit
ip address 192.168.250.250 255.255.255.0
ip default-gateway 192.168.250.1
ip address vlan 1000
ip domain-name BTX.COM
ip name-server 192.168.1.8


ip routing
ip route 0.0.0.0 0.0.0.0 172.30.0.1
bootpdhcprelay enable
bootpdhcprelay serverip 172.30.0.4
interface vlan 1
routing
ip address 172.30.0.2 255.255.255.0
exit
interface vlan 2
name "BTX VOIP"
routing
ip address 172.30.1.1 255.255.255.0
no ip proxy-arp
exit
username "admin" password 3747b30024da9263fe2d5134c635d759 level 15 encrypted
username "durwin" password 5858ea228cc2edf88721699b2c8638e5 level 0 encrypted
line telnet
exec-timeout 45
exit
!
interface ethernet 1/g1


switchport mode general
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 2
exit
!
interface ethernet 1/g2
switchport mode general
no switchport general acceptable-frame-type tagged-only
exit
!
interface ethernet 1/g3
classofservice trust ip-dscp
switchport mode general
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 2 tagged
exit
!
interface ethernet 1/g4
classofservice trust ip-dscp
switchport mode general
no switchport general acceptable-frame-type tagged-only

Any thoughts of why I would still be getting a 172.30.0.0 address and not a 172.30.1.0 after I have made the additions to each scope option?