Wednesday, December 26, 2018

VoIP & CCTV VLAN Best Practices

I am in the process of redesigning my network and have been trying to determine the best way to VLAN VoIP and IP CCTV. I will be putting the devices in a separate VLAN, but I am still trying to decide the best way to handle VLANs for the servers (VoIP PBX/NVR). As I see it, there are three options:

  1. Devices and the server in the same VLAN

     +--------------+ | Firewall/ | | Router | +----+---+-----+ | | +-------+ +-----+ | | 
    

    +-------------+ +-------------+

    | VoIP VLAN | |CCTV VLAN | | - PBX | |- NVR | | - Phones | |- IP Cameras | +-------------+ +-------------+

  2. Devices and the server in separate VLANs

     +--------------+ | Firewall/ | | Router | +----+---+-----+ | | +-------+ +------+ | | 
    

    +-------------+ +-------------+ | PBX VLAN | | NVR VLAN | +-----+-------+ +-----+-------+ | | +-----+-------+ +-----+-------+ | Phone VLAN | | Camera VLAN | +-------------+ +-------------+

  3. Server in server VLAN

     +--------------+ | Firewall/ | | Router | +-+---+-----+--+ | | | +--------------+ | +---------------+ | | | 
    

    +-------+-------+ +------+-------+ +---------+---------+ | | | | | Server VLAN | | Phone VLAN | | Camera VLAN | | - PBX | | | | | | - NVR | +---------------+ +--------------+ | - other servers | +-------------------+

In each case, router firewall & host firewall rules will limit connections to the minimum required for each device/server to perform its task and allow administration/monitoring.



No comments:

Post a Comment