The hardware Voice Video Endpoint PC port must maintain VLAN separation from the voice video VLAN, or be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66705 | SRG-NET-000057-VVEP-00012 | SV-81195r1_rule | Medium |
| Description |
|---|
| VLANs limit the ability for endpoint devices to hear anything on other VLANs. On an enterprise network, VLANs are used to collocate common data types. A VLAN will logically separate and isolate certain traffic from other traffic on the network, whether data, voice, or other. For this reason, VLANs are ideal for separating voice video management, control, and media traffic on an existing data network. The PC port must maintain VLAN separation from voice video traffic as part of a defense-in-depth strategy. |
| STIG | Date |
|---|---|
| Voice Video Endpoint Security Requirements Guide | 2017-04-06 |
Details
| Check Text ( C-67331r1_chk ) |
|---|
| If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint PC port maintains VLAN separation from the voice video VLAN or is disabled. For networks with both VoIP and videoconferencing, best practice is to have a separate voice VLAN and video VLAN. If the hardware Voice Video Endpoint PC port is disabled, this is not a finding. If the hardware Voice Video Endpoint PC port does not maintain VLAN separation from the voice video VLAN, this is a finding. |
| Fix Text (F-72781r1_fix) |
|---|
| Configure the hardware Voice Video Endpoint PC port to maintain VLAN separation from the voice video VLAN or be disabled. |