CME open to the public Internet

Unanswered Question
May 23rd, 2008

If I were to open the ports needed for a skinny protocol phone to connect to the CME how can I prevent unauthorized phones from logging in and being assigned an extension? I am not worried about encrypting the data but would like to have some type of authentication involved.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Paolo Bevilacqua Fri, 05/23/2008 - 07:24

Actually only phones with a MAC address configured in the system will be given an extension.

Hope this helps, please rate post if it does!

DIEGO ALONSO Fri, 05/23/2008 - 07:37

Not necessarily our system has autodiscovered all phones connected the the local LAN. I am guessing via CDP or something. My hope is that whatever technique is used to autoconfigure local LAN phones is not available via WAN.


Paolo Bevilacqua Fri, 05/23/2008 - 08:16

The phone may autoregister is so configured under telephony-service, however an unknow mac will have no DN assigned and cannot call out neither receive calls.

Paolo Bevilacqua Fri, 05/23/2008 - 09:24

Ah, forgot to mention, by default SIP is open and that is a BIG risk, you need an ACL blocking incoming udp/tcp port 5060 on the internet interface.


This Discussion