Educause Security Discussion mailing list archives
Re: Virtual Routing for Voice Traffic
From: "Curtis, Bruce" <bruce.curtis () NDSU EDU>
Date: Fri, 24 Mar 2017 17:59:36 +0000
For years we have put VoIP phones on the same Vlan as all other devices. We configure the switches to trust the DSCP markings from the phones. QoS will prevent more packet loss than putting phones on a separate Vlan. QoS will put packets in a different queue on a switch port, Vlan numbers have no effect on which switch port queue a packet is placed in. The VoIP phones now have private IP numbers. They had public IP numbers for several years for our initial deployments. But we don’t have enough public IPv4 numbers and the phones don’t need access to the Internet. (But there are now some phone models with a display and a web browser). Our state network has many more VoIP phones deployed in state government offices throughout the state and they also put VoIP phone on the “data” Vlan. One advantage of putting phones on the same Vlan is that even when using one port to connect both a phone and PC (PC connects through phone) the switch port can be an access port (non-trunk) port. Not providing a trunk port prevents several security and DoS attacks. Another plus is that our phones boot faster but that might not be true for all phones. The phones from our vendor boot twice when using a separate voice Vlan. The phones boot, learn the number for the voice Vlan via DHCP or LLDP and then reboot and then tag packets for the voice Vlan.
On Mar 24, 2017, at 7:39 AM, John Center <john.center () VILLANOVA EDU> wrote: Hi, (I posted this to the NETMAN list, but I thought I'd also ask the Security people, since this is one of our concerns.) We're having a debate about how to best route voice traffic over our data network. Right now, we have a physically separate data & voice infrastructure, but want to consolidate for cost savings. How many schools are using virtual routing to separate voice & data over a common network infrastructure? How many are running both without any routing separation, except for voice VLANs? Why? Inquiring minds want to know... :-) Thanks. -John -- John Center Villanova University
--- Bruce Curtis bruce.curtis () ndsu edu Certified NetAnalyst II 701-231-8527 North Dakota State University
Current thread:
- Virtual Routing for Voice Traffic John Center (Mar 24)
- Re: Virtual Routing for Voice Traffic Rob Milman (Mar 24)
- Re: Virtual Routing for Voice Traffic Nicholas Garigliano (Mar 24)
- Re: Virtual Routing for Voice Traffic Brian T. Huntley (Mar 24)
- Re: Virtual Routing for Voice Traffic John Center (Mar 31)
- Re: Virtual Routing for Voice Traffic Nicholas Garigliano (Mar 24)
- Re: Virtual Routing for Voice Traffic Rob Milman (Mar 24)
- Re: Virtual Routing for Voice Traffic Curtis, Bruce (Mar 24)
- Re: Virtual Routing for Voice Traffic John Reilly (Mar 27)