A while back I wrote a article about doing this with a older Dell switch but recently needed to do the same thing using a Ubiquiti switch. With a upcoming phone system upgrade I will be changing out about 130 old digital phones to IP phones and a lot of the cubicles don’t have extra Ethernet ports. So I will be using the 1Gb passthrough port on the new Mitel 6930w phones. But to keep everything separate the phones will be on one VLAN and the PCs on another. Configuration within the UniFi ecosystem is a lot different then command line Dell switches, personally once you get used to it I think it’s a lot faster and easier.
Like in the other article the user/PC network is VLAN 10 (10.40.10.) and the phones are on VLAN 20 (10.40.20.). First the setup within the UniFi Network software where you define custom ports (Settings -> Profiles -> Ethernet Ports -> Create New):
- Name: Phones (Tagged) with User Passthrough (Untagged)
- Primary Network: VLAN 10 Users
- Traffic Restriction: All other VLANs except for VLAN 20
Save that profile then go into a switch where you will be plugging in a phone. In the switches Port Manager go to a port you will be using this on, select it, then scroll down to Advanced and switch it from Auto to Manual. You can now check the Feature box for Ethernet Port Profile and select your profile. Note that with the newest UI what this really is doing is manually setting the port profile above for you. So you can do this without setting up custom profiles but doing it this way is easier and personally quicker to see whats going on.
Now that the switch is setup you modify DHCP just like in the previous article by adding a Mitel specific Option 43 to both VLANs. First we will add the option on the Users VLAN 10 to tell the phones to switch over to VLAN 20:
Then add Option 43 to the Phones VLAN 20:
And your done. The phone will boot up and send it’s initial DHCP request untagged which the switch will tag as VLAN 10. DHCP will get this and option 43 will tell the phone to switch over to VLAN 20. It will, reboot, and then make another DHCP request tagged with VLAN 20. It will then get the correct server info. Any computer you plug into the passthrough port will get tagged by the switch back to VLAN 10 and everything should work together which keeping the traffic separate.