05-23-2015 05:17 AM - edited 03-17-2019 03:06 AM
HI all,
I have a customer
Thanks.
05-23-2015 06:23 AM
Bad idea for couple of reasons:
QoS - having them in same VLAN would make QoS policies a lot more challenging
Security - no way to separate the networks for any security reasons
Why would customer want it this way? Adding new VLANs and subnets is trivial on any network, so the configuration is minimal (assuming customer is running ip routing protocols properly on their network).
05-24-2015 04:13 AM
05-24-2015 10:26 AM
Question is why not, especially on Qos front?
From SRND
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/netstruc.html
Separate voice and data VLANs are recommended for the following reasons:
Private addressing of phones on the voice or auxiliary VLAN ensures address conservation and ensures that phones are not accessible directly through public networks. PCs and servers are typically addressed with publicly routed subnet addresses; however, voice endpoints may be addressed using RFC 1918 private subnet addresses.
QoS trust boundaries can be extended to voice devices without extending these trust boundaries and, in turn, QoS features to PCs and other data devices.
VLAN access control, 802.1Q, and 802.1p tagging can provide protection for voice devices from malicious internal and external network attacks such as worms, denial of service (DoS) attacks, and attempts by data devices to gain access to priority queues through packet tagging.
Separate VLANs for voice and data devices at the access layer provide ease of management and simplified QoS configuration.
To provide high-quality voice and to take advantage of the full voice feature set, access layer switches should provide support for:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide