Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CME open to the public Internet

If I were to open the ports needed for a skinny protocol phone to connect to the CME how can I prevent unauthorized phones from logging in and being assigned an extension? I am not worried about encrypting the data but would like to have some type of authentication involved.

Thanks,

Diego

5 REPLIES
Hall of Fame Super Gold

Re: CME open to the public Internet

Actually only phones with a MAC address configured in the system will be given an extension.

Hope this helps, please rate post if it does!

Community Member

Re: CME open to the public Internet

Not necessarily our system has autodiscovered all phones connected the the local LAN. I am guessing via CDP or something. My hope is that whatever technique is used to autoconfigure local LAN phones is not available via WAN.

Diego

Hall of Fame Super Gold

Re: CME open to the public Internet

The phone may autoregister is so configured under telephony-service, however an unknow mac will have no DN assigned and cannot call out neither receive calls.

Hall of Fame Super Gold

Re: CME open to the public Internet

Ah, forgot to mention, by default SIP is open and that is a BIG risk, you need an ACL blocking incoming udp/tcp port 5060 on the internet interface.

Community Member

Re: CME open to the public Internet

Sounds good.

Thanks,

Diego

148
Views
5
Helpful
5
Replies
CreatePlease to create content