10-25-2010 10:18 AM - last edited on 03-25-2019 04:12 PM by ciscomoderator
What you guys do for voice vlan security? I'm using NAC which takes care of the data vlan but I have nothing enabled for voice vlans yet, other than using the port security.
I have Avaya phone system witch Avaya IP phones. Any recommendation would be helpful.
10-25-2010 10:37 PM
A few basic things:
- voice vlans are never allowed to talk to the internet (or in my opinion, any other network)
- nothing can talk to the voice vlans but voice appliances (which should be in your voice vlan anyways) and management nodes
- ensure that phones remark any inbound traffic to CoS0 so chained PCs cannot send traffic with higher markings and have it honored by the switch/infrastructure
- make sure you use sRTP so eavesdropping is not as likely to cause data leaks
I have more but it's late and I'm trying to give you just a few ideas...
10-26-2010 07:06 AM
I agree voice vlans should never allow to talk to Internet but the newer phones have options to go to weather.com etc. Someday we'll have to allow limited Internet access.
How do you restrict that nothing can talk to Voice vlans but the voice appliances? I see this can happen via ACL , do you use anything else other than ACLs? I wish Cisco NAC would do that but that's not the case. I'm looking the option to buy Palo Altos to restrict user traffc from data center which will also take care of voice vlans etc. But I want to see what other people are doing before I put this on the table for my mgmt.
10-26-2010 07:32 AM
Apply an ACL to any SVIs to prevent traffic from routing from an outside VLAN into the voice vlan. It's simple yet elegant.
I'm fairly sure you don't have to have the phones going to the internet to get the weather.com data. Usually you can stream all this over the xml features from the call manager and voice gateways, and not have to actually provide real internet access. We had stock tickers, weather, sports scores, etc streaming to our phones and none of the phones had internet access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide