Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security at the physical E'net port

Status
Not open for further replies.
Esmerelda

Esmerelda

Technical User
Jun 20, 2002
105
US
I would assume that a laptop plugged into the VOIP phone ethernet connection would be assigned an IP address within that scope. Also, I would assume that this will allow it to connect to the VOIP elements (CLAN’s and Medpros) and that the CLAN’s and Medpro have telnet and ftp desabled (unless taking a vintage upgrade) and only accept ssh connections. And, also, I would assume that the CLANs and Medpros are protected from ping floods.

We have designed the network by isolating all the VOIP elements only into a VLAN, and we use a VRF. The phones, and, thus, phone ethernet ports are located in the private network side and communicate with the CM via that network.

I would be interested in hearing anyone's opinions regarding physical ethernet port level security. I feel that we have addressed this issue well, but, am not entirely sure. It is important that we are able to project an ironclad security presentation regarding Avaya VoIP to our security personnel.

Thank you,

Marilynn

 
Sort by date Sort by votes
In your 46xxsettings.txt file, you can disable the PC ports on the IP Phones, if you are worried about it. You can also set it up so that those IP Phone PC ports are on a separate VLAN, and give out an entirely different set of IP address's. Its all on the 4600/9600 LAN Administrators book.

mitch


AVAYA Certified Specialist
 
Upvote 0 Downvote
Yes, that certainly is a good idea regarding securing the phone port. However, what I am referring to is the LAN Ethernet port. I envision someone walking into an office, unplugging a phone and plugging the cable into a laptop.

Thank you, Marilynn
 
Upvote 0 Downvote
how is that different from unplugging a PC and plugging the LAN cable into the laptop???

setting up the dhcp scope so that IP phones are in 1 vlan/network, and the pc (read lan eth port on phone) are in another subnet, then managing ACL between the two will overcome any issues you may have with unauthorised access from data vlan to voice vlan.
 
Upvote 0 Downvote
So, I think that what you are saying is that someone could walk into the LAN room and plug a laptop into one of the switch ports that feed VoIP phones and the DHCP scope would (if correctly provisioned with separate VLANs) would prevent any unauthorised access.

Right?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Richard_Harrow
  • Locked
  • Question
Both security modules of session managers are showing as "down" after changing the time on
Replies
6
Views
227
mattKnight
mattKnight
gwmyers
  • Locked
  • Question
Security Code
Replies
3
Views
114
gwmyers
gwmyers
Richard_Harrow
  • Locked
  • Question
Cannot Access The Standby Server At This Time. (CM 6.3)
Replies
2
Views
181
JefferP
JefferP
gwmyers
  • Locked
  • Question
Change Security Code
Replies
2
Views
98
gwmyers
gwmyers
Samfiller
  • Locked
  • Question
Avaya Definity Platform Port Pin outs
Replies
3
Views
149
AvayaTier3
AvayaTier3

Part and Inventory Search

Sponsor

Back
Top