Guidelines for configuring a routable ELAN subnet
When configuring a routable ELAN subnet on the enterprise IP network,
use the following guidelines:
- External multicasts must not be transmitted on the ELAN subnet.
Generally, multicast forwarding is disabled by default on a gateway
router. Ensure that no multicast routing protocols are enabled on the
ELAN subnets gateway router. Do not configure or allow the ELAN or
TLAN subnet’s gateway router (that is, the Layer 3 switch) to forward
multicast traffic to the ELAN subnet.
- External broadcasts must not be forwarded to the ELAN subnet. Ensure
that the Layer 3 switch is configured so that it does not forward broadcast
traffic from elsewhere on the network to the ELAN subnet. This includes
disabling any features on the Layer 3 switch which forward broadcast
packets to a subnet when the received packets destination IP address is
the subnet’s broadcast IP address. This can also include disabling other
broadcast-forwarding mechanisms, such as UDP broadcast forwarding,
DHCP forwarding, or NetBIOS forwarding.
- An ELAN subnet’s gateway router must be capable of Packet Filtering
in order to prevent unauthorized traffic from entering the ELAN subnet.
Management traffic is sent from management systems to the CS 1000
system. Management traffic includes FTP, Telnet, http, SNMP, DBA, and
rlogin servers. Refer to Appendix D for the control and management
TCP and UDP port numbers for each component connected to the
ELAN subnet. Configure the packet filter to forward any traffic with the
source IP address equal to management system’s IP address and a
management service destination TCP or UDP port. The packet filter
should then drop all other traffic.
Converging the Data Network with VoIP Fundamentals
NN43001-260 01.01 Standard