The hardware Voice Video Endpoint must use a voice video VLAN, separate from the default VLAN, the management VLAN, and the data VLAN.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66703 | SRG-NET-000520-VVEP-00011 | SV-81193r1_rule | Medium |
| Description |
|---|
| VLANs limit the ability for endpoint devices to hear anything on other VLANs. On an enterprise network, VLANs are used to collocate common data types. A VLAN will logically separate and isolate certain traffic from other traffic on the network, whether data, voice, or other. For this reason, VLANs are ideal for separating voice video management, control, and media traffic on an existing data network. VLANs for voice video traffic are part of a defense-in-depth strategy. |
| STIG | Date |
|---|---|
| Voice Video Endpoint Security Requirements Guide | 2017-04-06 |
Details
| Check Text ( C-67329r1_chk ) |
|---|
| If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint implements a voice video VLAN separate from the default VLAN, the management VLAN, and the data VLAN. For networks with both VoIP and videoconferencing, best practice is to have a separate voice VLAN and video VLAN. If the hardware Voice Video Endpoint does not implement a voice video VLAN separate from the default VLAN, the management VLAN, and the data VLAN, this is a finding. |
| Fix Text (F-72779r1_fix) |
|---|
| Configure the hardware Voice Video Endpoint to use a voice video VLAN separate from the default VLAN, the management VLAN, and the data VLAN. |