Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
1
Replies

Port security with VoIP

srosenthal
Level 4
Level 4

‎07-02-2008 03:25 PM - edited ‎03-15-2019 11:42 AM

Can port security be run on a switchport that is connected to a IP phone?

Labels:
0 Helpful
1 Reply 1

Rob Huffman
Hall of Fame
Hall of Fame

‎07-02-2008 04:02 PM

Hi Seth,

Yes, this is a fully supported model :)

Port Security

Whereas Cisco firewall solutions provide access control for external users, port security provides access control for internal users. A built-in feature on Cisco routers and switches, port security limits the services that network users can access based on the physical port to which they connect, and helps protect the voice system in the following ways:

• Preventing toll fraud - The most basic step in preventing toll fraud is denying network access to unauthorized users. Port security enables organizations to restrict access to the voice network to particular ports. For example, a company might disallow access to the voice system from ports in locations where employees ordinarily do not use phones, such as custodial areas or the manufacturing floor. Another way that port security controls access is by directing a user into the appropriate VLAN based on the user's voice privileges. An unknown user, for example, might be directed to a guest VLAN with no or limited voice privileges, and also be subject to ACLs that prevent access to the voice system. A known user, in contrast, would be directed to the voice VLAN for that user's department.

• Preventing DoS attacks - The port does not turn on until it receives confirmation that both the user and device are trusted. This helps prevent an untrusted user from connecting to the network from a private location in the company, such as a basement or custodial closet, and launching a DoS attack. To protect against DoS attacks launched by employees' computers and laptops without their knowledge, companies can combine port security with Network Admission Control (NAC) to verify that the PC or laptop is protected with the latest versions of antivirus software and Cisco Security Agent.

• Preventing impersonation, spoofing, or eavesdropping - Port security can be used to limit the number of MAC addresses authorized to access the network through a given port. This eliminates the potential for someone to, for example, disconnect a legitimate IP phone, connect in its place a hub with two or more ports, and then connect an unauthorized IP phone or PC softphone to one of the hub ports to impersonate another user. The port rejects all MAC addresses other than the single known MAC address.

From this good doc;

http://www.cisco.com/en/US/solutions/collateral/ns339/ns639/ns641/net_implementation_white_paper0900aecd80460724.html

Hope this helps!

Rob

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents