I worked for a large organization (or even an enterprise, it would be more correct to say), in which they had a following network setup, which I don't understand how it could possibly function properly.
What I mean is that they had large enterprise managed switches (by Cisco, HP and other companies), all supporting VLANs, of course, with about 48 ports each, and to those switches were connected both workstations (regular desktop PCs and notebooks) and VoIP phones. And here comes the interesting part, which I don't understand how it's possible.
The network setup in that enterprise enabled anyone to connect to those large switches either PCs (or notebook), or VoIP phones or both to any given physical port of the switch. In other words, if you would connect only a PC (without a VoIP phone) to any physical port of the switch, the PC would connect to the network and work just fine. If you would connect only a VoIP phone (without a PC) to any physical port of the switch, that VoIP phone would also connect to the network and would enable you to place calls just fine. And if you would connect both a VoIP phone and a PC to the same physical port of the switch (ANY port of the switch), both the PC and the VoIP phone would also work just fine (in this scenario, the VoIP phone connects directly to the switch with an ethernet cable and the PC connects to the second ethernet port, located on the VoIP phone itself, which is specifically designed for connecting a PC to the VoIP phone). So, all the 3 connection methods (PC only, VoIP phone only and PC together with a VoIP phone) work perfectly. Now, the part, which I don't understand, is that in any of those 3 connection methods the PC and the VoIP phone connect to DIFFERENT VLANs automatically, when you connect them to the switch. To my understanding, if all of the above said is true, it means that each and every port of the large switch must necessarily be configured as a trunk/tagged port, so that it can carry data of at least 2 VLANs - one for the PCs and the other for the VoIP phones (or another option is that one of those 2 VLANs is tagged and the other is the native untagged VLAN). If my assumption, that each switch port is a trunk port, carrying data of at least 2 VLANs, is true, then how can it be possible, that, when only a PC (without a VoIP phone) is directly connected to a switch port with an ethernet cable, the PC also works fine? How can a PC work fine, while being connected alone to a trunk/tagged port, if PCs do NOT understand VLAN tagging and can only work, when being connected to access/untagged ports? And I know for sure that the PCs and notebooks, used in that enterprise, do NOT understand VLAN tagging and can only work, if connected to access/untagged ports.
Sincerly and with gratitude,
This is standard Enterprise best practice setup, you also sent me private message, i have requested some information already there, before posting this reply - so dont like to repeat the same - so provide same information here or other message to understand better,
Hi, Balaji, and thank you for your reply.
Like I said in my initial message, I worked for that corporation in the past and don't work for it anymore, because my work contract ended. But, even if you had asked me to provide the output of the switch configuration when I was still working there, I still wouldn't have been able to do it, because I didn't have the required access level (permissions) to view such configuration data.
Regarding your question about the DHCP server, all I know is that PCs and laptops were receiving IP addresses automatically (Provided that's the case, is it possible that the PCs/laptops were getting their IP addresses from anything except a DHCP server?), because there was no static IP configuration in their network adapters (I saw it with my own eyes). As far as the VoIP phones are concerned, I only know that the central VoIP server of the corporation recognized each individual VoIP phone device by its MAC address, and, based on that MAC address, the VoIP phone device would receive its specific configuration data (e.g. phone line number etc).
After I provided you with the above info, are you able to say how this whole network setup (PCs and VoIP phones being on different VLANs) can possibly work, given the fact that PCs are not capable of understanding VLANs?
You got it! What you're describing is a typical access port hosting two VLANs, one "native" and the other tagged. I.e. the port, is in fact, acting like trunk port hosting only two VLANs.
PCs use the "native" VLAN, as they don't tag. VoIP phones can also use the "native" VLAN or often also support using a tagged VLAN. (NB: some VoIP phones initially start with the "native" VLAN, but are "instructed" to change to using a specific tagged VLAN.)
VoIP phones intended to host a downstream PC are running as a bit of a mini-switch that are VLAN aware. "Native" VLAN traffic that they don't want is passed along to/from the downstream host.
BTW, some switches can also vary what "native" VLAN is assigned to a port. For example, I worked in an Enterprise where, if your PC has the "right" certificate on it, it got connected to the internal Enterprise network, but if not, it got connected to the "guest" network.
Also FYI, sometimes the VoIP phone does not have the capacity to allow the downstream host to use continuous wire-speed. Also even when the VoIP phone is on a different VLAN, it's still sharing port bandwidth. I.e. there are situations that sharing a port do not guarantee the VoIP phone the same level of service that having it's own port would. (QoS can help with that, though.)
Thank you for your reply!
However, in your message you haven't addressed the main point, which I was asking about.
I will repeat my question, to make it clear what I am asking about.
My question is the following.
If a regular PC (or notebook) is an absolutely non-VLAN-aware device, then how can it operate properly and be connected to the network, when its connected to a port switch DIRECTLY (without a VoIP phone in the middle), if that port carries data for at least 2 VLANs? How will the PC be able to separate the frames, relating to its own VLAN, if, like I said, a PC is a non-VLAN-aware device???
Igor sent private messages to several of us wit this question without mentioning that he had posted in the community. That is unproductive. Wish I had checked a bit more carefully for duplication. Here is the response that I sent to him:
i can answer your question from the perspective of how Cisco does it and assume that other vendors do it in similar ways. You do not tell how the switch ports are configured and I will assume it is the typical Cisco solution and if it is not the case let me know how they are configured and I will revise my answer.
The typical Cisco solution configured the switch port as a access port in some vlan and then configures voice vlan specifying another vlan. This allows both vlan to be active. It treats the connection as a trunk with the first vlan (the data vlan) as the native vlan and the second vlan (the voice vlan) as the tagged vlan. In this situation if a computer is connected it will be assigned to the data vlan and if a phone is connected it is assigned to voice vlan. What makes this work is use of a protocol that can detect what type of device is connected. For purely Cisco environment it might be cdp. For interoperability it would be some thing like LLDP.
Yes, you are right, I sent my question to several experts here in private messages and also posted it on the general community board, in order to obtain a maximally extensive answer, as much as possible not leaving any "blank spaces" in my understanding of this issue.
Thank you for the clarification.
Can I make from your words a more general conclusion: if there is a trunk port on a switch, which carries data of several tagged VLANs (even more than 2), and, along with that, that port also carries data for an untagged native VLAN, then ANY non-VLAN-aware device, connected that that port, will be able to drop/disregard/ignore the traffic from all the tagged VLANs on that port and use only the frames, coming from the native untagged VLAN? I just want to stress that my question here refers not only to a special case, when there are only 2 VLANs configured on the port: a native untagged VLAN and another voice VLAN, but to ANY general case, when there is a switch port, EXPLICITLY configured as a trunk port, carrying tagged data for MANY VLANs + untagged data for the native VLAN.
I would like to thank all the experts on this site, who took part in answering my question, for explaining this issue so well to me (including in private messages)!
You are all true experts and real professional!
Thank you very very much!!!