Nortel Networks 1

Voice over Wireless LAN Solution Guide v1.0 December 2005

______________________________________________________________________________________________________

Page 22

Figure 7: Single telephony VLAN implementation

Consolidating VoWLAN handsets into one VLAN/subnet has a few advantages. First, it allows the

WTM 2245 design to be greatly simplified. Instead of purchasing and deploying at least one WTM

2245 per voice subnet, you can now install one WTM 2245 for the single voice subnet. For larger

VoWLAN deployments, more WTM 2245s may be required in that single subnet to support the

number of calls, but overall fewer WTM 2245s are needed than in an equivalent multisubnet

deployment. Deciding on the number of WTM 2245s needed becomes strictly a call engineering

exercise (as it should be).

A second advantage is that external security measures are easier and less costly to implement. It

is common practice to put a telephony WLAN behind a firewall for security reasons. This is

because security features on handsets, particularly authentication capabilities, tend to lag behind

the industry. So to mitigate risks, a firewall can be used to block all but the ports needed for IP

Telephony. This practice gets complex and costly when multiplied by a number of subnets. A

more cost-effective alternative to implementing a firewall is to assign private addresses to the

handsets and let the WTM 2245 Network Address Translation (NAT) capabilities serve as a form

of secure firewall to the telephony LAN (T-LAN). Of course this is not as secure as using a

traditional firewall to secure the T-LAN.

The downside of putting all telephony devices into the same subnet is that broadcasts are

increased. Also, while security is simplified, the importance of implementing adequate security

measures increases because more devices will be impacted in the event of a security breach.

2.2.2.6 Roaming

The concept of roaming in the WSS 2300 solution is a simple one. Given the previous discussion

about Layer 3 implementation and VLANs being determined by policy, roaming is a very simple

extension. In fact, the section could be renamed “roaming upon startup” because a device being

tunneled to a remote VLAN upon connection to the network is like starting out in a roamed state

from a WSS perspective. When moving from WSS to WSS, the tunnel back to the remote VLAN

is simply moved with the device.

In the previous VoWLAN solution for the WLAN 2200 series, one of the design limits was that

Push-to-Talk (PTT) required all WSS 2270s to be physically located in the same subnet due to

roaming problems. With the WLAN 2300 series this restriction is now lifted due to symmetric

tunneling, and PTT works across WSSs in different subnets. Symmetric tunneling describes the

traffic flow in the event that a device is not local to the subnet to which it is assigned. Both