×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Switch IP addressing for VOip and data.

Unanswered Question
Nov 25th, 2002
User Badges:

We have a small office setup that we would like to deploy VOip. Since we were running low on IP addresses we currently use private addresses (i.e. 10. addressing) on all the Cisco 3500 series switches. There's no problem with the data traffic, but will this private addressing of the switches have any affect on the VOip traffic and system?


My guess is no problem.


Thanks, T.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jcmartin Mon, 11/25/2002 - 12:34
User Badges:

In general, for bandwidth management as well as security reasons, you want to use a different subnet for your voice traffic than for your data traffic. You can do this on the switch with seperate vlans, and setting up your router interface to trunk them.

jcmartin Wed, 11/27/2002 - 09:33
User Badges:

Since the ony time NAT = Security is in the limited cases where you are being hacked by a real novice, then the only reason to use NAT is when you have a lack of real ip addresses.


The majority of security breaches occur from the inside, where you are already on a known ip network. Next most common is DoS, which NAT will not prevent. Hijacking or sniffing a session will take place either in the public realm or from the inside, so NAT does nothing to prevent this. Hacking into a NATed system using the outside address is just as easy as using an inside address unless you are using PAT, which is a horrible kludge that breaks several other protocols. And the only fixes for many of those protocols to be able to use PAT is to open up holes in your FW, which is worse than using a routable ip address.


Having a good, enforced security policy is far better than using NAT and assuming that it is a security measure.

I hope you are not suggesting on any level the use of public routable IP addressess on an internal enterprise network is common or suggested practice. I did not suggest security as a factor for deciding to use NAT. Their is no benefit to using public routable addresses on an internal LAN however the benefits of private addressing and NAT are many.


quote

"then the only reason to use NAT is when you have a lack of real ip addresses. "


are you kidding?



I guess that applies to... lets see..... THE WORLD!!


so I guess the team of engineers here


http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html


were not only wrong but were probably on drugs at the time?



Lets say you use public ip addresses on your lan that you "own" only you dont really own them because your ISP does. What if you want to change your ISP?


should you readdress your whole network?

jcmartin Sat, 11/30/2002 - 05:50
User Badges:

The last thing I want to do is turn Open Forum into a flame war, but I knew that when I posted the last message, that it could end up that way. For some odd reason, NAT is one of those topics where people either love it or hate it. I'm of the latter group, and you are obviously of the former.


Contrary to what you said above, I have worked both for and with several companies, large and small, who actually "own" their own set of routable addresses. I am of the opinion that if you own them, use them. The route aggregation argument, though a valid one, falls apart very quickly when you multihome to two different ISPs for fault tolerance. It happens more often than you'd think, given the ever-growing dependance on the internet for critical business applications.


And in the article above that you referenced, they said, "A major drawback to the use of private address space is that it may actually reduce an enterprise's flexibility to access the Internet." (And I've known several engineers who were probably on drugs when they wrote things, though it didn't necessarily impact the quality of their work.)


I stil lhold that the benefits of using publicly routable addresses outweigh the benefits of using NAT in many situations. And having been through readdressing several times during the merger mania of the 80's and 90's, it's not all that bad, and it happens whether you are using public or private addresses.


"(And I've known several engineers who were probably on drugs when they wrote things, though it didn't necessarily impact the quality of their work.)"


fair point




"And in the article above that you referenced, they said, "A major drawback to the use of private address space is that it may actually reduce an enterprise's flexibility to access the Internet." "


I believe that this is less true today then when that RFC was introduced



rfinnesey Sat, 11/30/2002 - 11:57
User Badges:

You can own your IP block your ISP does not have to own them.


Ryan,


Actions

This Discussion