02-16-2004 11:50 AM - edited 03-13-2019 03:52 AM
Hi there,
I am trying to secure IP phones on a voice vlan from the data vlans. CMs and Unity are on a third vlan.
I am building ACLs as specific as possible to control the trafic. I have isolated most UDP and TCP ports but I still have problems with dynamic ports with both the Attendant Console and the TFTP transfers.
1- Attendant Console:
From my latest sniffer traces using CCM 3.3.3sr3, I can see several specific ports:
PC to Pub using TCP 1101
PC to Pub/sub using TCP 2748
Sub/Pub to PC using a specified UDP port
The problem comes from another session on a TCP port that seems to be negociated within the TCP 1101 session. In my traces, the publisher sends a TCP port (ex: XXXX) in the data portion of the TCP 1101 session. Then the console PC initiates a session to PUB with that XXXX as the destination port.
Is there a way to make sure the negociated port (XXXX) is always the same or at least stays in a given range ??
2- TFTP
Of course phone issue read requests from some high port to UDP 69. However the TFTP server sends the requested file from some UDP dynamic port to the UDP port that requested the file.
Is there some way of restricting the range of UDP ports use by the TFTP server to send the files??
My third problem may be IPCC express but I haven't had time yet to put the sniffer on it.
Thanx in advance for your inputs.
Eric
02-24-2004 07:57 AM
You can check the below links which will be very useful for you to secure
Securing Networks with Private VLANs and VLAN Access Control Lists
http://www.cisco.com/warp/public/473/90.shtml
Configuring Port Security
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2940/12119ea1/2940scg/swtrafc.htm#1038501
Configuring Port Security
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_20/config/port_sec.htm
Configuring Isolated Private VLANs on Catalyst Switches
http://www.cisco.com/warp/public/473/194.html
Private VLAN Catalyst Switch Support Matrix
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide