05-23-2008 05:25 AM - edited 03-15-2019 10:50 AM
If I were to open the ports needed for a skinny protocol phone to connect to the CME how can I prevent unauthorized phones from logging in and being assigned an extension? I am not worried about encrypting the data but would like to have some type of authentication involved.
Thanks,
Diego
05-23-2008 07:24 AM
Actually only phones with a MAC address configured in the system will be given an extension.
Hope this helps, please rate post if it does!
05-23-2008 07:37 AM
Not necessarily our system has autodiscovered all phones connected the the local LAN. I am guessing via CDP or something. My hope is that whatever technique is used to autoconfigure local LAN phones is not available via WAN.
Diego
05-23-2008 08:16 AM
The phone may autoregister is so configured under telephony-service, however an unknow mac will have no DN assigned and cannot call out neither receive calls.
05-23-2008 09:24 AM
Ah, forgot to mention, by default SIP is open and that is a BIG risk, you need an ACL blocking incoming udp/tcp port 5060 on the internet interface.
05-23-2008 09:24 AM
Sounds good.
Thanks,
Diego
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: