I am in the process of redesigning my network and have been trying to determine the best way to VLAN VoIP and IP CCTV. I will be putting the devices in a separate VLAN, but I am still trying to decide the best way to handle VLANs for the servers (VoIP PBX/NVR). As I see it, there are three options:
-
Devices and the server in the same VLAN
+--------------+ | Firewall/ | | Router | +----+---+-----+ | | +-------+ +-----+ | |+-------------+ +-------------+
| VoIP VLAN | |CCTV VLAN | | - PBX | |- NVR | | - Phones | |- IP Cameras | +-------------+ +-------------+
-
Devices and the server in separate VLANs
+--------------+ | Firewall/ | | Router | +----+---+-----+ | | +-------+ +------+ | |+-------------+ +-------------+ | PBX VLAN | | NVR VLAN | +-----+-------+ +-----+-------+ | | +-----+-------+ +-----+-------+ | Phone VLAN | | Camera VLAN | +-------------+ +-------------+
-
Server in server VLAN
+--------------+ | Firewall/ | | Router | +-+---+-----+--+ | | | +--------------+ | +---------------+ | | |+-------+-------+ +------+-------+ +---------+---------+ | | | | | Server VLAN | | Phone VLAN | | Camera VLAN | | - PBX | | | | | | - NVR | +---------------+ +--------------+ | - other servers | +-------------------+
In each case, router firewall & host firewall rules will limit connections to the minimum required for each device/server to perform its task and allow administration/monitoring.
No comments:
Post a Comment