Let's say VoIP network is going to be deployed in my organization.
GIven this is a FIPS-140-2 environment, we will have a separate MPLS network from data only dedicated for VoIP traffic.
If we also have NAC deployed, how is the best practice for NAC handling VoIP vlans and IP Phones?
From the reading the documentation I see that people exclude the VoIP VLAN from NAC. Is this right?
Question:
If it is true people should exclude VoIP VLAN traffic from getting to the NAC system, what happens if someone users a machine that fakes an IP Phone, but in reality it is a malicious PC in the network? How NAC is going to protect against that?