Voice VLAN security

Unanswered Question
Jun 13th, 2001
User Badges:


We have an application were we provide voice over IP services to a customer with a centralized Call Manager. We want the PC's of the customer to be connected to IP phones and we want to have a different VLAN for the phones and the PC's. One of our concern is that we don't want the customer to access the voice VLAN. Is there a security issue here, if the customer use a PC equipped with a 802.1Q network card and by any chance he knows the voice VLAN ID, can he access the VLAN dedicated to voice and by the same time have access to the Call Manager, or any other servers on the same VLAN??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
p-beauregard Wed, 06/13/2001 - 09:39
User Badges:

A 3524XL-PWR.

When you say no security risk, can you be more specific?


A VLAN maps to a subnet (Layer 3) as a broadcast domain, such that a VLAN is equivalent to a subnet. VVID is the voice VLAN that the switch assigns to the IP phone inside the CDP message. It allows the IP phone to get its VLAN ID automatically when it is plugged into the switch if a VLAN is configured for the phone. If no VLAN is configured for the IP phone, the phone resides in the native VLAN (data subnet) of the switch.so if you set up VVID there is no way for the PC to reside in the phone space.


This Discussion