Trunks and VLANs and Firewalls, Oh my. (Part 2)

In the last segment I wrote about VLANs and using them to segment network traffic. Rather than do this the traditional way we were going to use VLANs to segment traffic from particular devices.
When you first turn on any Cisco router or switch it automatically communicates on VLAN 1. If you want to add VLANs you have to choose a different subnet. For instance VLAN 1 can be 192.168.0.0/24 and the VLAN 2 could be 192.168.1.0/24. The /24 means the last octet is used for host addresses on the computer devices. In this case you would get 254 computers on each of those two networks. We would then assign port 1 to VLAN 1 and Port 2 to VLAN 2. You could also have many of these ports using one VLAN or the other.
Now if you want to connect one switch our router to another you need to create a Trunk. A Trunk is like a virtual tether between two devices. In the statement you also need to allow traffic for all the VLANs you create on the ports connected between devices.
In our case most of the switches were connected to each other by using the fiber port, so the trunking command would go on both switches fiber ports. If a workstation was plugged into Port 10 then we would do a switchport mode access and switchport access VLAN 3 command on Port 10. The trunking commands would be switchport mode trunk and a DOT 1q command to allow the passing of the traffic between switches.
Our first problem came with the fact that phones and workstations needed to be on the same port. IF the phones were Cisco phones then there is a command for both data and voice to pass on one port, but because we had Shoretel phones this wasn't an option because Shoretel doesn't use the same protocol. So we had to put both a trunking protocol and a VLAN command to make it work. This was a completely undocumented command combination but fortuantely we had a Shoretel person to help us since Cisco wasn't going to be of much help.
Now that the first phase is done go one to the next part to read on.