call manager security and layer 3 cos configuration

Discussion in 'Cisco' started by Bill F, Jan 2, 2004.

  1. Bill F

    Bill F Guest

    I read a design reference document for the call manager and for security
    purposes it suggests putting the call manager servers on their own vlan
    and putting a firewall in front. The part of this implementation that
    I'm unclear on however is the cos config. Currently the cm boxes and
    the ip phones are on the same vlan and if this changes I have to
    configure cos for layer3 so that vox packets are tagged - I believe it
    would be a value of 3 for the call setup and 5 for the call data (rtp) -
    correct? Anyway, I've researched l3 cos configuration before and it
    seems as though there are a number of approaches. I'll be configuring
    the additional vlan interface as a secondary fa int on a 3620 running IP
    12.2(17). Any suggestions about how to do the cos part? Any opinions
    on design for securing call manager would be great too.

    Thanks
    Bill F, Jan 2, 2004
    #1
    1. Advertising

  2. Bill F

    Chris Wong Guest

    Check out the Cisco Field Manual: Catalyst Switch Configuration (
    http://www.ciscopress.com ). It has great voice config examples for Layer 2
    switching configs. I'm still getting up to speed with Cisco VoIP, but it
    seems so far that Layer 2 switching CoS is more important than Layer 3.
    Also check out the Cisco Press books on CallManager: Cisco IP Telephony,
    Cisco CallManager Fundamentals and Troubleshooting Cisco IP Telephony.
    These have general recommendations for Cisco VoIP network design...

    --

    Chris Wong
    A+, Server+, Network+, Linux+,
    CCNA, CCDA, CSE, MCSA, MCSE


    "Bill F" <> wrote in message
    news:...
    > I read a design reference document for the call manager and for security
    > purposes it suggests putting the call manager servers on their own vlan
    > and putting a firewall in front. The part of this implementation that
    > I'm unclear on however is the cos config. Currently the cm boxes and
    > the ip phones are on the same vlan and if this changes I have to
    > configure cos for layer3 so that vox packets are tagged - I believe it
    > would be a value of 3 for the call setup and 5 for the call data (rtp) -
    > correct? Anyway, I've researched l3 cos configuration before and it
    > seems as though there are a number of approaches. I'll be configuring
    > the additional vlan interface as a secondary fa int on a 3620 running IP
    > 12.2(17). Any suggestions about how to do the cos part? Any opinions
    > on design for securing call manager would be great too.
    >
    > Thanks
    >
    Chris Wong, Jan 4, 2004
    #2
    1. Advertising

  3. Bill F

    Bill F Guest

    I'm looking specifically at L3 QoS as I'm moving the call managers to
    their own vlan routed through a 3620 (switch is a 4006 with a SUPII) and
    thus traffic between the phones and the call manager will be flowing
    across a routed interface.

    I was told I needed to tag the vox packets at the router to ensure
    priority over data packets. The more I think about it, I realize that
    for the most part there will only be vox related traffic flowing between
    the phone and call manager vlans - pc's are already on their own vlan,
    so, I'm wondering if QoS is even needed in this scenario. And unless
    I'm mistaken, wouldn't it only be call setup traffic that would flow
    between the phones and CM? The bearer traffic, I thought, would go
    directly to the VG200's which will remain on the same subnet as the
    phones. I'm kind of new at VoIP, so I'm probably missing something here.

    Chris Wong wrote:
    > Check out the Cisco Field Manual: Catalyst Switch Configuration (
    > http://www.ciscopress.com ). It has great voice config examples for Layer 2
    > switching configs. I'm still getting up to speed with Cisco VoIP, but it
    > seems so far that Layer 2 switching CoS is more important than Layer 3.
    > Also check out the Cisco Press books on CallManager: Cisco IP Telephony,
    > Cisco CallManager Fundamentals and Troubleshooting Cisco IP Telephony.
    > These have general recommendations for Cisco VoIP network design...
    >
    Bill F, Jan 5, 2004
    #3
  4. Bill F

    Chris Wong Guest

    You would typically have data hosts on VLAN 1 for example, then CallManagers
    and IP phones (all voice networking really, including gateways) on VLAN 2.
    I think it's just complicating the issue placing a router between IP phones
    and CallManagers. QoS config is still needed even in this config. You
    basically have the phones not trust QoS/CoS from their PC ports and phones
    by default place a higher priority on their own ports. You'd also have
    QoS/CoS config on switches to prioritize call setup traffic wherever
    possible, as you mentioned...This is how our environment is set up; the only
    routing is between the 2 VLANs so we can get to the CallManager Admin site
    and for connectivity tests and monitoring. We don't have any Layer 3 QoS
    configured on our routing...

    --

    Chris Wong
    A+, Server+, Network+, Linux+,
    CCNA, CCDA, CSE, MCSA, MCSE


    "Bill F" <> wrote in message
    news:...
    > I'm looking specifically at L3 QoS as I'm moving the call managers to
    > their own vlan routed through a 3620 (switch is a 4006 with a SUPII) and
    > thus traffic between the phones and the call manager will be flowing
    > across a routed interface.
    >
    > I was told I needed to tag the vox packets at the router to ensure
    > priority over data packets. The more I think about it, I realize that
    > for the most part there will only be vox related traffic flowing between
    > the phone and call manager vlans - pc's are already on their own vlan,
    > so, I'm wondering if QoS is even needed in this scenario. And unless
    > I'm mistaken, wouldn't it only be call setup traffic that would flow
    > between the phones and CM? The bearer traffic, I thought, would go
    > directly to the VG200's which will remain on the same subnet as the
    > phones. I'm kind of new at VoIP, so I'm probably missing something here.
    >
    > Chris Wong wrote:
    > > Check out the Cisco Field Manual: Catalyst Switch Configuration (
    > > http://www.ciscopress.com ). It has great voice config examples for

    Layer 2
    > > switching configs. I'm still getting up to speed with Cisco VoIP, but

    it
    > > seems so far that Layer 2 switching CoS is more important than Layer 3.
    > > Also check out the Cisco Press books on CallManager: Cisco IP Telephony,
    > > Cisco CallManager Fundamentals and Troubleshooting Cisco IP Telephony.
    > > These have general recommendations for Cisco VoIP network design...
    > >

    >
    Chris Wong, Jan 6, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. praveen
    Replies:
    1
    Views:
    3,053
    Bjørn Djupvik
    Oct 22, 2003
  2. John Daragon

    Recording Call Manager Configuration

    John Daragon, Aug 19, 2005, in forum: Cisco
    Replies:
    4
    Views:
    874
    John Daragon
    Aug 19, 2005
  3. nazgulero

    Call Manager limit call duration

    nazgulero, Oct 25, 2005, in forum: Cisco
    Replies:
    0
    Views:
    896
    nazgulero
    Oct 25, 2005
  4. Replies:
    1
    Views:
    1,018
  5. Replies:
    2
    Views:
    17,630
    Hildebrand
    Mar 23, 2009
Loading...

Share This Page