Check: SRG-NET-000520-VVEP-00011
Voice Video Endpoint SRG:
SRG-NET-000520-VVEP-00011
(in versions v2 r2 through v1 r8)
Title
The hardware Voice Video Endpoint must use a voice video VLAN, separate from all other VLANs. (Cat II impact)
Discussion
Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and other special types. VLANs provide segmentation at layer 2. Virtual Routing and Forwarding (VRF) provides segmentation at layer 3, and works with Multiprotocol Label Switching (MPLS) for enterprise and WAN environments. When VRF is used without MPLS, it is referred to as VRF lite. For Voice Video systems, subnets, VLANs, and VRFs are used to separate media and signaling streams from all other traffic.
Check Content
If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint uses a voice video VLAN separate from all other VLANs. For networks with both VoIP and videoconferencing, best practice is to have a separate voice VLAN and video VLAN. If the hardware Voice Video Endpoint does not use a voice video VLAN separate from all other VLANs, this is a finding.
Fix Text
Configure the hardware Voice Video Endpoint to use a voice video VLAN separate from all other VLANs.
Additional Identifiers
Rule ID: SV-206808r604140_rule
Vulnerability ID: V-206808
Group Title: SRG-NET-000520
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-002272 |
The information system dynamically associates security attributes with organization-defined objects in accordance with organization-defined security policies as information is created and combined. |