Seperate non-routable subnet just for phones?

Hi all:

N00b question. I’m segmenting off my network and am wondering if it’s proper practice to have a non-routable subnet just for phones? I.e. one nic for management of freepbx/connection to the SIP provider, and one NIC for phones to connect to FreePBX.

Anything to watch for?

Thanks in advance.

FreePBX recently added a DHCP server option to aid with this type of setup. As long as you only open sip signalling and rtp ports to that subnet it should be fairly secure. If you have a managed switch between the PBX and your phones you could add mac address filtering as well in addition to 802.1x authentication.

Yes, dual NICs and separate address blocks is proper practice to do that. In fact, any configuration that doesn’t do this is going to give you special problems all their own.