[asterisk-users] 100 users - voip lan security and qos ?

Mon Apr 30 15:36:35 MST 2007

This is a pretty common setup. Just make sure you have ACL's restricting
traffic between your data and voice vlan's. Generally, we recommend more
than two VLAN's for QoS and security. Usually customers setup the following:

1.) Voice VLAN's for Phones
2.) Data VLAN's for workstations
3.) Voice server VLAN's for IP telephony servers (anything that handles
communications media)
4.) Data server VLAN's for intranet services
5.) converged communications VLAN's - Remote access VLAN's and workstation
endpoints that have soft phones or IPTV clients fall into this category -
802.1p is recommended for these types of VLAN's
6.) wireless VLAN's - These are seldom built for QoS or streaming media, so
they should be segmented and treated differently.

All VLAN's should be properly segmented from each other. Ie. Data VLAN's
should be restricted from accessing voice VLAN's. All network ingress/egress
points should have appropriate SBC's and application layer gateways
installed. The network should always be constructed to preserve voice
services in the event of a network crisis. If you lose the data side of the
network, 95% of large enterprises will always fall back on their telephone
and conferencing systems for crisis management.

Good luck. 

--------------------------------------------------
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com

VoIP Security Training, LLC
http://VoIPSecurityTraining.com

848 N. Rainbow Blvd. #1676
Las Vegas, NV 89107
Phone: (617) 959-7625
Fax: (214) 279-2906

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Steve
Finkelstein
Sent: Sunday, April 29, 2007 4:13 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] 100 users - voip lan security and qos ?

If you are using a cisco switch (2950, 3560, CE500, 4000, 6500, or 3750)
then you will be able to setup the phone and have the computer daisy
chained to it.

I have a similar setup on mine. Here's how I configure my switch ports
in order to achieve the desired effect:

switchport access vlan 5
switchport voice vlan 6
auto qos voip cisco-phone

This is assuming your data VLAN is configured as VLAN 5, and your VoIP
VLAN is on VLAN 6. This will allow the phone to create a trunk port and
facilitate both end nodes through one switch port.

HTH

- sf

A_ Navone wrote:
> i have a customer that needs to plug the phones into the pc's
> using the pass-through rj45 available on most sip phones
> 
> the question they are asking me is how to keep the data network
> separate from / secure from the voip network
> 
> i understand they can set up vlans but i am hazy on a few details
> 
> 1
> since the phones are plugged into the pc's how will the phones
> be segmented into their own vlan ?
> 
> 2
> assuming the phone sends out a tos bit, how can we confirm
> that the customer's switch can read the tos bit and correctly
> prioritize it ?
> 
> 3
> to prioritize voip in the router (coming from the switch)
> we are looking at the wrtg54L and have
> found these 2 juicy websites
> http://openwrt.org
> and
> http://www.dd-wrt.com/dd-wrtv2/index.php
> 
> has anyone downloaded and flashed the "voip" firmware ?
> does it give worthwhile advantages over the default firmware ?
> does the wrtg54L have any advantages over other routers ?
> 
> any other advice to offer ?
> 
> thank you so much in advance
> 
> _________________________________________________________________
> Exercise your brain! Try Flexicon.
>
http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapr
il07
> 
> 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> !DSPAM:1020,4634f9c388295209328925!
> 
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users