58 PlanningLayer 3 implementationWhere possible, simplify the number of subnets that are used for clientdevices. Even in a Distributed Campus architecture, you can have a fewcentral subnets for clients. As a general rule, Nortel recommends thatwired or wireless IP phones be placed in a separate VLAN (subnet) fromdata devices. This placement can be accomplished by providing one VLAN(subnet) for all WLAN telephony devices, as shown in Figure 9 "Singletelephony VLAN implementation" (page 58). The data client VLAN design isan abstraction (the best practice is to simplify). The WLAN data networkcan have many client subnets, or one— that is unimportant in this contextbecause the focus is support of VoWLAN.Figure 9Single telephony VLAN implementationConsolidating VoWLAN handsets into one VLAN (subnet) has a fewadvantages. First, it allows the WLAN IP Telephony Manager 2245 designto be greatly simplified. Instead of purchasing and deploying at least oneWLAN IP Telephony Manager 2245 per voice subnet, you can now installone WLAN IP Telephony Manager 2245 for the single voice subnet. Forlarger VoWLAN deployments, more WLAN IP Telephony Manager 2245smay be required in that single subnet to support the number of calls;however, fewer WLAN IP Telephony Manager 2245s are needed than in anequivalent multisubnet deployment.A second advantage is that external security measures are easier andless costly to implement. It is common practice to put a telephony WLANbehind a firewall for security reasons. This is because security features onhandsets, particularly authentication capabilities, tend to lag behind theNortel Communication Server 1000WLAN IP Telephony Installation and CommissioningNN43001-504 01.02 StandardRelease 5.0 15 June 2007Copyright © 2004-2007, Nortel Networks.