Tag Archives: VLAN

Using Ubiquiti switches and Mitel phones with PC port passthrough on different VLANs

A while back I wrote a article about doing this with a older Dell switch but recently needed to do the same thing using a Ubiquiti switch. With a upcoming phone system upgrade I will be changing out about 130 old digital phones to IP phones and a lot of the cubicles don’t have extra Ethernet ports. So I will be using the 1Gb passthrough port on the new Mitel 6930w phones. But to keep everything separate the phones will be on one VLAN and the PCs on another. Configuration within the UniFi ecosystem is a lot different then command line Dell switches, personally once you get used to it I think it’s a lot faster and easier.

Like in the other article the user/PC network is VLAN 10 (10.40.10.) and the phones are on VLAN 20 (10.40.20.). First the setup within the UniFi Network software where you define custom ports (Settings -> Profiles -> Ethernet Ports -> Create New):

  • Name: Phones (Tagged) with User Passthrough (Untagged)
  • Primary Network: VLAN 10 Users
  • Traffic Restriction: All other VLANs except for VLAN 20

Save that profile then go into a switch where you will be plugging in a phone. In the switches Port Manager go to a port you will be using this on, select it, then scroll down to Advanced and switch it from Auto to Manual. You can now check the Feature box for Ethernet Port Profile and select your profile. Note that with the newest UI what this really is doing is manually setting the port profile above for you. So you can do this without setting up custom profiles but doing it this way is easier and personally quicker to see whats going on.

Now that the switch is setup you modify DHCP just like in the previous article by adding a Mitel specific Option 43 to both VLANs. First we will add the option on the Users VLAN 10 to tell the phones to switch over to VLAN 20:


Then add Option 43 to the Phones VLAN 20:


And your done. The phone will boot up and send it’s initial DHCP request untagged which the switch will tag as VLAN 10. DHCP will get this and option 43 will tell the phone to switch over to VLAN 20. It will, reboot, and then make another DHCP request tagged with VLAN 20. It will then get the correct server info. Any computer you plug into the passthrough port will get tagged by the switch back to VLAN 10 and everything should work together which keeping the traffic separate.

Setting up Mitel VoIP phones with PC ports on different VLANs

Recently ran into a situation where we were taking over a office that had a single Ethernet run to each desk that we needed to provide new IP phone along with PC connectivity. Now I don’t really like doing this, multiple points of failure, more complicated config, etc but running new cabling was going to be cost prohibitive so I have to work with what I got.

The core switch was going to be a older Dell N3024p, the phones Mitel 5340. We use DHCP exclusively for the Mitels using Option 43 which there is already a good guide on setting up. The tricky part was getting the phone on one VLAN but the PC port on a different VLAN and not having to manually set anything up on the phones. So this is what we ended up doing.

For this network VLAN 10 was for users/computers (10.40.10.*) and VLAN 20 was for phones (10.40.20.*). The switch ports on the Dell were setup as “General” ports using the following config:

switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 20 tagged
switchport general allowed vlan remove 1
switchport voice vlan 20

So any packet arriving at the switch that was not tagged would be tagged VLAN 10. It also accepted tagged packets as long as they were from VLAN 20. After removing the default VLAN 1 nothing else would be accepted on the port. I also set VLAN 20 as voice traffic as the Dell switches have some QoS for voice that is enabled.

Now the tricky part. I want the phone to request DHCP but by default it’s going to start off on VLAN 10 since it’s traffic won’t be tagged at first. In comes Option 43. I add the manufacture specific DHCP option to the DHCP scope for the users subnet, 10.40.10.*, since that’s what the phone will first request on and I only put in enough for the phone to switch over to the phones vlan:


The phone gets this, sets itself to VLAN 20, and retries DHCP. Now the request is coming from the 10.40.20.* subnet which in DHCP has the full Option 43 string:


So now it gets the correct config from the correct subnet. And anything plugged into the PC port gets passed through untagged which gets put on the users subnet and pulls DHCP from there correctly.