Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4046
Views
0
Helpful
4
Replies

Call Manager components and VLANs

robmas0871
Level 1
Level 1

‎03-12-2010 01:04 AM - edited ‎03-15-2019 09:45 PM

Hi,

my question is about best VLAN distribution of main Call Manager components. I have to setup an infrastructure with:

- 3 CUCM Servers

- 2 Unity Connection Servers

- 6 Gateways Routers

- 2 servers with 4 monitoring software (Unified Provisioning Manager, Unified Operations Manager, Unified Service Monitor, Unified Service Statistics

Manager)

Assuming that i will put IP Phones on separate VLANs, my questions are:

- which is the best VLAN configuration for all these components ? (eg: CUCM and Gateways in same VLAN, ecc...)

- is there any particular rule i must respect to put these appliances in separate VLANs ? I mean, if there is a limitation that force me to put some components on the same VLAN or put other components in different VLANs.

Thank you.

Labels:
0 Helpful
4 Replies 4

kelvin.blair
Level 5
Level 5

‎03-15-2010 06:41 AM

Take a look at the SRND guide http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/netstruc.html#wp1043629

.  It is a good refereence document.  To answer your question, as long as the number devices do not exceed 512 in a single vlan you will be fine.

SRND:

Proper access layer design starts with assigning a single IP subnet per virtual LAN (VLAN). Typically, a VLAN should not span multiple wiring closet switches; that is, a VLAN should have presence in one and only one access layer switch (see Figure 3-2). This practice eliminates topological loops at Layer 2, thus avoiding temporary flow interruptions due to Spanning Tree convergence. However, with the introduction of standards-based IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) and 802.1s Multiple Instance Spanning Tree Protocol (MISTP), Spanning Tree can converge at much higher rates. More importantly, confining a VLAN to a single access layer switch also serves to limit the size of the broadcast domain. There is the potential for large numbers of devices within a single VLAN or broadcast domain to generate large amounts of broadcast traffic periodically, which can be problematic. A good rule of thumb is to limit the number of devices per VLAN to about 512, which is equivalent to two Class C subnets (that is, a 23-bit subnet masked Class C address). Typical access layer switches include the stackable Cisco Catalyst 2950, 3500XL, 3550, and 3750, as well as the Cisco 3560 and the larger, higher-density Catalyst 4000 and 6000 switches.

Note The recommendation to limit the number of devices in a single Unified Communications VLAN to approximately 512 is not solely due to the need to control the amount of VLAN broadcast traffic. For Linux-based Unified CM server platforms, the ARP cache has a hard limit of 1024 devices. Installing Unified CM in a VLAN with a IP subnet containing more than 1024 devices can cause the Unified CM server ARP cache to fill up quickly, which can seriously affect communications between the Unified CM server and other Unified Communications endpoints. Even though the ARP cache size on Windows-based Unified CM server platforms expands dynamically, Cisco strongly recommends a limit of 512 devices in any VLAN regardless of the operating system used by the Unified CM server platform.

0 Helpful

Hythim Ali El Hadad
Level 6
Level 6

‎03-15-2010 06:42 AM

Hi,

As you have vlan routing, i think it is good to have each type of the specified servers and gws in a separate VLAN

cucm

unity connection

monitoring

gateways

ip phones

It is to avoid any kind of high traffic [broadcasting] in each vlan to affect the others

But sure you can have all in the same vlan

wish this be helpful

Thanks

0 Helpful

David Hailey
VIP Alumni
VIP Alumni
In response to Hythim Ali El Hadad

‎03-15-2010 07:28 AM

As opposed to putting everything into a separate VLAN, I would suggest trying to take a more logical approach and then you can use ACL's to control inter-VLAN communication, if needed, and/or restrict unwanted access to the voice networks from data networks.  So, example would be:

Call Control - CUCM

Media - Gateways

Applications (Critical) - Unity, Unity Connection, CER, CUPS (would depend on the criticality of the apps for your organization and then you could apply QoS according per application)

Applications (Secondary) - Non-critical apps, could be CUOM, CUPM, CUMA, Third-party apps like Cistera, Right Fax, etc.

How you split them up is up to you.  But, this will help you separate things without having a VLAN for every single app, and will make your ACL's for security a bit more manageable.

Hailey

Please rate helpful posts!

0 Helpful

robmas0871
Level 1
Level 1
In response to David Hailey

‎03-15-2010 08:21 AM

Hi,

thanks to all of you. I duplicated the post because i created it 3 days ago and there was no reply.

0 Helpful
Customers Also Viewed These Support Documents