11-25-2002 08:08 AM - edited 03-12-2019 09:42 PM
We have a small office setup that we would like to deploy VOip. Since we were running low on IP addresses we currently use private addresses (i.e. 10. addressing) on all the Cisco 3500 series switches. There's no problem with the data traffic, but will this private addressing of the switches have any affect on the VOip traffic and system?
My guess is no problem.
Thanks, T.
11-25-2002 12:34 PM
In general, for bandwidth management as well as security reasons, you want to use a different subnet for your voice traffic than for your data traffic. You can do this on the switch with seperate vlans, and setting up your router interface to trunk them.
11-25-2002 04:06 PM
you should use private addressses for ALL of your internal devices. Why would you even consider public IP's for anything other than devices that need to be accessed via the internet and even then your firewall would answer for those addresses any way
11-27-2002 09:33 AM
Since the ony time NAT = Security is in the limited cases where you are being hacked by a real novice, then the only reason to use NAT is when you have a lack of real ip addresses.
The majority of security breaches occur from the inside, where you are already on a known ip network. Next most common is DoS, which NAT will not prevent. Hijacking or sniffing a session will take place either in the public realm or from the inside, so NAT does nothing to prevent this. Hacking into a NATed system using the outside address is just as easy as using an inside address unless you are using PAT, which is a horrible kludge that breaks several other protocols. And the only fixes for many of those protocols to be able to use PAT is to open up holes in your FW, which is worse than using a routable ip address.
Having a good, enforced security policy is far better than using NAT and assuming that it is a security measure.
11-27-2002 11:22 AM
I hope you are not suggesting on any level the use of public routable IP addressess on an internal enterprise network is common or suggested practice. I did not suggest security as a factor for deciding to use NAT. Their is no benefit to using public routable addresses on an internal LAN however the benefits of private addressing and NAT are many.
quote
"then the only reason to use NAT is when you have a lack of real ip addresses. "
are you kidding?
I guess that applies to... lets see..... THE WORLD!!
so I guess the team of engineers here
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html
were not only wrong but were probably on drugs at the time?
Lets say you use public ip addresses on your lan that you "own" only you dont really own them because your ISP does. What if you want to change your ISP?
should you readdress your whole network?
11-30-2002 05:50 AM
The last thing I want to do is turn Open Forum into a flame war, but I knew that when I posted the last message, that it could end up that way. For some odd reason, NAT is one of those topics where people either love it or hate it. I'm of the latter group, and you are obviously of the former.
Contrary to what you said above, I have worked both for and with several companies, large and small, who actually "own" their own set of routable addresses. I am of the opinion that if you own them, use them. The route aggregation argument, though a valid one, falls apart very quickly when you multihome to two different ISPs for fault tolerance. It happens more often than you'd think, given the ever-growing dependance on the internet for critical business applications.
And in the article above that you referenced, they said, "A major drawback to the use of private address space is that it may actually reduce an enterprise's flexibility to access the Internet." (And I've known several engineers who were probably on drugs when they wrote things, though it didn't necessarily impact the quality of their work.)
I stil lhold that the benefits of using publicly routable addresses outweigh the benefits of using NAT in many situations. And having been through readdressing several times during the merger mania of the 80's and 90's, it's not all that bad, and it happens whether you are using public or private addresses.
11-30-2002 06:13 AM
"(And I've known several engineers who were probably on drugs when they wrote things, though it didn't necessarily impact the quality of their work.)"
fair point
"And in the article above that you referenced, they said, "A major drawback to the use of private address space is that it may actually reduce an enterprise's flexibility to access the Internet." "
I believe that this is less true today then when that RFC was introduced
11-30-2002 11:57 AM
You can own your IP block your ISP does not have to own them.
Ryan,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide