Title

The Enterprise Voice, Video, and Messaging Endpoint must be configured to use a voice video VLAN, separate from all other VLANs. (Cat II impact)

Discussion

Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and other special types. VLANs provide segmentation at layer 2. Virtual Routing and Forwarding (VRF) provides segmentation at layer 3 and works with Multiprotocol Label Switching (MPLS) for enterprise and WAN environments. When VRF is used without MPLS, it is referred to as VRF lite. For Voice Video systems, subnets, VLANs, and VRFs are used to separate media and signaling streams from all other traffic.

Check Content

Verify the Enterprise Voice, Video, and Messaging Endpoint is configured to use a voice video VLAN separate from all other VLANs. For networks with both VoIP and videoconferencing, best practice is to have a separate voice VLAN and video VLAN. If the Enterprise Voice, Video, and Messaging Endpoint does not use a voice video VLAN separate from all other VLANs, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Endpoint to use a voice video VLAN separate from all other VLANs.

Additional Identifiers

Rule ID: SV-259947r948810_rule

Vulnerability ID: V-259947

Group Title: SRG-NET-000018

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.