Q: Why would you still configure a voice VLAN?

_|brt.drml|_ · ‎03-09-2021

Reviewing my current QoS rules for the company, I'm came across the following question/thought:

Why would I still use a VOICE vlan?

Reason of thought:

I probably use the NBAR solely to mark my traffic ingress the vlan. Today we make a difference between both DATA vlan and a VOICE vlan.

However, I say : "What is the difference between a laptop and an ephone?" My Users have a variety of voice (skype etc) applications. If I monitor the usage of a 'hardware' phone, then I notice that it is less used.

In the end, my marking policy will be the same for both VLAN. Just to keep it simple.

I guess, the only reason to separate the Vlan is for monitoring reasons? Another reason is still separating voice from data traffic to avoid issues (Good design practice?).

I'm wondering what you are all thinking about this thought.

In the end, it is just a thought

Thank you

Bart

marce1000 · ‎03-09-2021

- Here's an example opinion : https://blog.bumpinthe.net/2016/06/15/do-you-need-a-voice-vlan/

>...

One scenario where a voice VLAN does make some sense, is when you’re doing a large-scale deployment and the number of phones you are adding outstrips the number of available IP addresses on your existing subnets. In this case, it may make sense to create a new VLAN for the phones. I say “may” as you might also have a requirement to use IP subnets for location determination for emergency calling. Overlaying a single voice VLAN to cover your site may not be suitable – you may have to deploy multiple voice VLANs to provide the location granularity required. It may make more sense to simply further partition your network into general purpose user VLANs.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Joseph W. Doherty · ‎03-09-2021

One reason to use a voice VLAN, is because VoIP is a bit more "fragile" then other more routine data apps. Having a separate voice VLAN allows us to provide some additional protections to VoIP devices, and their traffic, on that VLAN.

For example, one reason "flat" networks don't scale is due to broadcast traffic hitting all devices within the same L2 domain. Besides broadcasts consuming physical bandwidth to the host, a host cannot simply ignore broadcast addressed packets (like it can with unicast or multicast packets [which have addresses it's not interested in]). It must actually accept the packet and examine the contents to see if host needs to actually further process the information within that broadcast packet.

By having a separate voice VLAN, the voice hosts connected in that VLAN, don't need to "see" packets that we "know" would not apply to them.

Like any other VLAN, also having a discreet L3 interface, helps provide a checkpoint where we can apply ACLs to filter traffic to/from that network as well, and/or, perhaps, of having edge port ACLs that also "examine" traffic to/from a "voice" host. (One example of such, was at my last employer, we had edge port policies that limited ingress bandwidth to 300 Kbps [on gig ports]. We did this in lieu of trying to "validate" whether port ingress traffic was VolP. So, if someone wanted to plug in a host, and send FTP with DSCP EF markings, they could, but they would only get a couple of VoIP call's typical bandwidth.)

Richard Burts · ‎03-10-2021

The original post asks this question "Why would I still use a VOICE vlan?". It seems to me that one obvious answer is that using voice vlan allows a single physical port on the switch to support both a PC and a phone, which could reduce the number of switch ports required and might simplify the wiring infrastructure.

HTH

Rick

Joseph W. Doherty · ‎03-10-2021

That's a good point Rick although it presumes your switches and VoIP devices support such a topology, which, of course, anything manufactured this century likely would.

Further, though, I believe some VoIP phones, might still be able to share a port with a PC while only using one (i.e. untagged) VLAN on the port.

Lastly, when sharing something like a VoIP phone and PC on a port, using different VLANs, the traffic to the PC can be an impediment to the VoIP phone's operation, unless QoS, prioritizing the voice VLAN has been configured on the edge port. Even with that, one non-Cisco VoIP phone vendor recommends only half the number of VoIP phones on the voice VLAN in such configurations.

_|brt.drml|_ · ‎03-10-2021

Dear responders,

Thank you. It looks like an interesting question and good interesting responses. I'll will not change of course but, I did wonder, what if the hardware phones are less used... I probably can imagine that these hardware phones will disappear. Hence the reason why I dropped this post.

Indeed, on the edge port I will tag accordingly and differentiate between voice, video and media applications.

Richard Burts · ‎03-11-2021

Thanks for the update. I believe that this would vary from organization to organization. Some organizations, especially with the recent emphasis on work from home, may move away from the desk phone. And for them it might make sense to discontinue the voice vlan. But a number of customers that I have worked with are committed to the desk IP phone as their standard implementation.

HTH

Rick