I am working in an inherited environment where I have basically been thrown in feet first. I'm also brand new to VLANs, and only set it up via documentation from other techs in my company.
After struggling for a long time trying to get VoIP phones working both inside and outside of our LAN, another colleague and I finally got a VLAN setup on one of the switches, and the phones started working properly.
Currently, I have 3 network closets, all connected by dual CAT6 cables back to the main closet. All the switches are 802.1Q compatible. One switch has the VLAN to the phone system, as required. What I want to do is get the other switches on a tagged VLAN, but I was wondering why I should or should not make every switch part of that VLAN as well, for future proofing? Is it a good idea to set every port either untagged to one network, or tagged to all VLANs available?
The main problem that I actually care about most, however, is should I only include the Uplink ports on the other switches to be part of the phone's VLAN, Tagged, plus the ports off those individual switches that needs to be part of that VLAN? Or am I making this too complicated for myself?
Best Answer
Two different philosophies are commonly applied (IME), leading to two different approaches (well, 3 if we include the not-very-philosophical "random mess".)
The higher-paranoia approach is to restrict all VLANs only to the places they are needed, and to place all unused ports into a VLAN that goes nowhere. If you later add VoIP phones to a particular switch that does not have them now, you will add the VoIP VLAN to that trunk link at the time, not before.
The lower paranoia approach would be to put all VLANs on all trunks, and only apply them to device ports as needed. This is often (but need not be) combined with leaving open ports on some useful network rather than a "dead" VLAN so that plugging things in does not require a management change every time.
Which is appropriate depends on the use of the network(s), the exposure of switches to unauthorized persons, and to some extent which philosophy is dominant in your local/company culture.