HP Switch – Configuration of Voice VLAN in HP Switch

NOTE: Adjusted from an answer I accidentally posted on an old question

Your layer 3 (IP) is kinda irrelevant! Your PCs can be (and should be) on a different subnet completely decoupled from your voice vlan. Now, to the point. As I wrote in the previous post and with the help of this post:

• Keep your up-links tagged (I tend to use ports at the end - i see you do too ... ++)
• Voice is also tagged based on the above link
• Data will always be untagged on access ports (servers might be an exception - this is mainly for desktops)

So, to the config (# and after are comments):

vlan 5
   name "guests"
   untagged 1-4 # wifi ports
   tagged 45-48 # uplinks

vlan 10
   name "voice"
   tagged 35-38,45-48  # Includes uplinks - based on the prev post voice is tagged
   untagged 12 # This is the EPABX... i just assumed 12... adjust
   qos priority 6 # based on the previous post, L2 priority I assume
   voice
   exit 

vlan 50
   name "data" 
   untagged 35-38 
   tagged 45-48 # uplinks
   exit 

What's going on?:

• your data remain the same (vlan 50) and wifi guests (vlan 5)
• voice vlan sends tagged to the phones (35-38) and also (if needed) to your uplinks. Phones should pick-up tagged traffic but forward untagged packets to the data - which belongs to vlan 50
• you send your voice traffic untagged to the EPABX via port 12 (I might be wrong here, you might have to tag it)
• Nothing changes on the guest wifi

Now depending on what the EPABX is (I have not configured one of those...) it might require tagged traffic on both data and voice so it can route between them... not sure

EDIT 1:

Based on the question how the PCs are getting IPs: You can think of VLANs as separate LANs, each one using a different switch so your phones are completely separate from the PCs. Then notice that on ports 35-38 we send both vlan 10 and 50 with the difference that 50 has a dot1q tag on the frame. Each phone has a simple bridge/switch. It keeps the tagged traffic for itself and is forwarding all the untagged to the PC port. So, for example, when the PC is doing a DHCP request:

1. DHCP req. is broadcast
2. The phone will receive an untagged frame from the PC port which will forward to the switch (as is, no tag added)
3. The switch sees the frame on port 36 without a tag so it knows it belongs to vlan 50 (if the phone was doing the DHCP the frame would have a tag and the switch will see it as vlan 10)
4. The switch will forward the frame on all ports that belong to vlan 50, including uplinks. On the uplinks the switch is adding a tag to the frame before sending it.
5. The DHCP server for PCs is on the same vlan (50), sees the request and sends a reply
6. The reply is received from the switch which now knows the PCs mac address is untagged on port 36 so it forwards the frame to that port
7. The phone receives the DHCP reply frame, but since it is untagged it does not look into it, it directly forwards it to the PC
8. PC now has an IP! (few ACKs go up and down the same way)

Now, if the phone was doing the DHCP:

• Step 3: Switch would see vlan 10
• Step 4-5: The same but for vlan 10 which means that different DHCP server receives the request
• Step 6: The switch now knows the phone's MAC is behind port 36... but this time it is tagged
• Step 7: The phone receives a tagged frame so it keeps it/looks into it and does not forward
• Step 8: Phone now got an IP, note that the PC saw no traffic at all. Completely separate network

Finally, note that since we are talking for a switch, we are staying on OSI Layer 2. Everything involving vlans is in this layer. We have not yet setup any routing. If for any reason your phones should be able to talk to the PCs, then a layer 3 router is required to connect the two networks (currently completely independent from each other)

Hope it helps