From Voice Video Services Policy STIG
Part of Deficient design: VVoIP system addressing re: DHCP
When using Dynamic Host Configuration Protocol (DHCP) for address assignment and host configuration, different DHCP scopes (different address space, subnets, and VLANs) must be used for voice components and data components. This is most easily and safely accomplished by providing a DHCP server that is dedicated to the VVoIP system endpoints. That is to say that a DHCP server serving VVoIP devices needs to be in the VVoIP domain i.e., same address space and VLAN(s). This alleviates the need to route DHCP requests into the data environment on the LAN which would degrade the separation of the VVoIP environment and the Data environment.
Interview the IAO to confirm compliance with the following requirement: In the event the VVoIP system is designed to use DHCP for initial VVoIP endpoint address assignment/configuration, ensure the design incorporates a different DHCP server than any that might be used for data components/hosts. Additionally ensure these servers reside in their respective voice or data address space and VLAN. NOTE: Soft-phones or VVoIP/UC applications residing on PC/workstations will, by default, utilize the IP information obtained by the workstation from the data DHCP server unless the workstation and soft-phone is capable of multiple VLANs and the soft-phone is assigned to the VVoIP VLAN. In case of the latter, the workstation or the soft-phone itself may obtain its IP information from the VVoIP DHCP server for use by the soft-phone or VVoIP application. Determine if, in the VVoIP system design, DHCP is used for VVoIP endpoint address assignment/configuration. If so, determine the location of the DHCP server and whether it is dedicated to the VVoIP system (separate from the data host DHCP server) and is deployed in the core VVoIP VLAN with an appropriate IP address within the dedicated VVoIP address space. This is a finding in the event DHCP is used for VVoIP endpoint address assignment/configuration and these conditions are not met. NOTE: It is recommended that the VVoIP DHCP server used as discussed in this requirement be implemented in the following order of preference: a dedicated device, part of the VVoIP call controller (LSC/MFSS) or other VVoIP related server; on an infrastructure router inside the enclave that is directly involved in the control of the VVoIP system or VLANs. NOTE: The Network Infrastructure STIG precludes the implementation of a DHCP server on a perimeter router.
If the VVoIP system design uses DHCP for VVoIP initial endpoint address assignment/configuration, ensure the design incorporates a different DHCP server than any that might be used for data components/hosts. Additionally ensure these servers reside in their respective voice or data address space and VLAN. NOTE: Soft-phones or VVoIP/UC applications residing on PC/workstations will, by default, utilize the IP information obtained by the workstation from the data DHCP server unless the workstation and soft-phone is capable of multiple VLANs and the soft-phone is assigned to the VVoIP VLAN. In case of the latter, the workstation or the soft-phone itself may obtain its IP information from the VVoIP DHCP server for use by the soft-phone or VVoIP application. NOTE: It is recommended that the VVoIP DHCP server used as discussed in this requirement be implemented in the following order of preference: a dedicated device, part of the VVoIP call controller (LSC/MFSS) or other VVoIP related server; on an infrastructure router inside the enclave that is directly involved in the control of the VVoIP system or VLANs. NOTE: The Network Infrastructure STIG precludes the implementation of a DHCP server on a perimeter router.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer