Rule ID
SV-260043r1117223_rule
Version
V1R2
When network elements do not dynamically reconfigure the data security attributes as data is created and combined, the possibility exists that security attributes will not correctly reflect the data with which they are associated. For the Enterprise Voice, Video, and Messaging Session Manager, the use of 802.1q tags on media and signaling, and the use of VLANs provides this layer of security. VLANs facilitate access and traffic control for voice video system components and enhanced QoS. Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and other special types. VLANs provide segmentation at layer 2. Virtual Routing and Forwarding (VRF) provides segmentation at layer 3 and works with Multiprotocol Label Switching (MPLS) for enterprise and WAN environments. When VRF is used without MPLS, it is referred to as VRF lite. For Voice Video systems, subnets, VLANs, and VRFs are used to separate media and signaling streams from all other traffic.
Verify the Enterprise Voice, Video, and Messaging Session Manager applies 802.1Q VLAN tags to signaling and media traffic. If the Enterprise Voice, Video, and Messaging Session Manager does not apply 802.1Q VLAN tags to signaling and media traffic, this is a finding.
Configure the Enterprise Voice, Video, and Messaging Session Manager to apply 802.1Q VLAN tags to signaling and media traffic or be in a private subnet.