Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL for Voice VLAN

I want to setup ingress filtering for our voice VLAN's so that unneccessary traffic is not passed onto these VLAN's. I have several different VLANs for voice at our Home Site.

So far I have come to the conclusion that I need the following ports open:

TCP 2000

TCP 2001

TCP 2002

TCP 2427

TCP 2428

UDP 53


TCP 80 (If you want to view web info)

What else am I missing...

New Member

Re: ACL for Voice VLAN

You're going to need UDP ports for RTP if you're doing ingress ACL on multiple Voice Vlans. However, I gotta wonder if that's such a good idea in the first place. While it may not be large, each entry checked on an ACL adds latency to the packet's delivery. I think it's be better to put an egress ACL on the data vlan, if you're concerned about malicious mischief. Otherwise, simply putting the voice traffic on a seperate vlan is take care of just about all accidental traffic.

New Member

Re: ACL for Voice VLAN

You need to also permit RTP traffic and TFTP.

Take a look at the IP Telephony SAFE whitepaper. There are a couple of sample ACL's and plenty of info on what all needs to be premitted.


Tim Medley, CCDP, CCNP

IPT Consultant

New Member

Re: ACL for Voice VLAN

Not quite sure how I missed this, but it is perfect. Thanks for the info Tim.


CreatePlease login to create content