This is a pretty common setup. Just make sure you have ACL's restricting traffic between your data and voice vlan's. Generally, we recommend more than two VLAN's for QoS and security. Usually customers setup the following:
1.) Voice VLAN's for Phones 2.) Data VLAN's for workstations 3.) Voice server VLAN's for IP telephony servers (anything that handles communications media) 4.) Data server VLAN's for intranet services 5.) converged communications VLAN's - Remote access VLAN's and workstation endpoints that have soft phones or IPTV clients fall into this category - 802.1p is recommended for these types of VLAN's 6.) wireless VLAN's - These are seldom built for QoS or streaming media, so they should be segmented and treated differently. All VLAN's should be properly segmented from each other. Ie. Data VLAN's should be restricted from accessing voice VLAN's. All network ingress/egress points should have appropriate SBC's and application layer gateways installed. The network should always be constructed to preserve voice services in the event of a network crisis. If you lose the data side of the network, 95% of large enterprises will always fall back on their telephone and conferencing systems for crisis management. Good luck. -------------------------------------------------- Salvatore Giudice [EMAIL PROTECTED] VoIP Security Training, LLC http://VoIPSecurityTraining.com 848 N. Rainbow Blvd. #1676 Las Vegas, NV 89107 Phone: (617) 959-7625 Fax: (214) 279-2906 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Finkelstein Sent: Sunday, April 29, 2007 4:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] 100 users - voip lan security and qos ? If you are using a cisco switch (2950, 3560, CE500, 4000, 6500, or 3750) then you will be able to setup the phone and have the computer daisy chained to it. I have a similar setup on mine. Here's how I configure my switch ports in order to achieve the desired effect: switchport access vlan 5 switchport voice vlan 6 auto qos voip cisco-phone This is assuming your data VLAN is configured as VLAN 5, and your VoIP VLAN is on VLAN 6. This will allow the phone to create a trunk port and facilitate both end nodes through one switch port. HTH - sf A_ Navone wrote: > i have a customer that needs to plug the phones into the pc's > using the pass-through rj45 available on most sip phones > > the question they are asking me is how to keep the data network > separate from / secure from the voip network > > i understand they can set up vlans but i am hazy on a few details > > 1 > since the phones are plugged into the pc's how will the phones > be segmented into their own vlan ? > > 2 > assuming the phone sends out a tos bit, how can we confirm > that the customer's switch can read the tos bit and correctly > prioritize it ? > > 3 > to prioritize voip in the router (coming from the switch) > we are looking at the wrtg54L and have > found these 2 juicy websites > http://openwrt.org > and > http://www.dd-wrt.com/dd-wrtv2/index.php > > has anyone downloaded and flashed the "voip" firmware ? > does it give worthwhile advantages over the default firmware ? > does the wrtg54L have any advantages over other routers ? > > any other advice to offer ? > > thank you so much in advance > > _________________________________________________________________ > Exercise your brain! Try Flexicon. > http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapr il07 > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > !DSPAM:1020,4634f9c388295209328925! > _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
