Rrcrumm,
apply this acl on the inbound interface .... when you do this step, then there
is no need adding additonal acl statements mentioned by Dan... remember you
applied it on the outside interface which doesn't have any control in
regulating the remote host with exception adding the Dan acl also to make it
work...
Dan,
when ccm-manager fall-back mgcp command is used, and under telephony-service
the command srst ephone description doesn't show up on the phone..rather it
showed as Cisco Cme, whereas the description is given as "your current
options"... when i gave the command system message then it showed as your
current options.. is this is a bug in srst command under telephony service???
thank you
krishna.
________________________________
From: Rrcrumm <rrcr...@yahoo.com>
To: Dan Quinlan (daquinla) <daqui...@cisco.com>
Cc: Online Study <ccie_voice@onlinestudylist.com>
Sent: Sunday, July 29, 2012 9:58 PM
Subject: Re: [OSL | CCIE_Voice] SRST Access-list for home equipment
Thanks Dan
I'll try that
Sent from my iPhone
On Jul 29, 2012, at 7:52 PM, "Dan Quinlan (daquinla)" <daqui...@cisco.com>
wrote:
Oh and I'd apply the access group on interface vlan 12 (the phone vlan) in both
directions ip access group sc in and up access group sc out
>
>
>DQ
>d...@cisco.com
>
>
Sent from my iPhone
>
>On Jul 29, 2012, at 10:48 PM, "Dan Quinlan (daquinla)" <daqui...@cisco.com>
>wrote:
>
>
>You need to add rules for the other direction as well (pub and sub to the
>phone). Otherwise the phone still receives keepalives. So you need to add
>these to your access list:
>>
>>deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11
>>host 192.168.12.12
>>
>>
>>
>>
>>DQ
>>d...@cisco.com
>>
>>
Sent from my iPhone
>>
>>On Jul 29, 2012, at 10:40 PM, "Randall Crumm" <rrcr...@yahoo.com> wrote:
>>
>>
>>Hello,
>>>I am working on PL but with my equipment. I want to make the phones here go
>>>into SRST. SO I need to add an access-list, my hoe phone being IP address
>>>192.168.12.12
>>>
>>>
>>>So I added this
>>>ip access-list extended sc
>>> deny ip host 192.168.12.12 host 10.10.210.11
>>> deny ip host 192.168.12.12 host 10.10.210.10
>>> permit ip any any
>>>
>>>
>>>
>>>
>>>Then applied it to the interface:
>>>interface FastEthernet0/0
>>> description (Outside Public Interface)
>>> ip address dhcp
>>> ip access-group sc out <<<<<<<<<<<<<<<<<<
>>> no ip unreachables
>>> ip mtu 1400
>>> ip nat outside
>>> ip virtual-reassembly
>>> duplex auto
>>> speed auto
>>> no cdp enable
>>> crypto ipsec client ezvpn Voice-vRack
>>>
>>>
>>>
>>>
>>>This is not working. Any thoughts?
>>>
>>>
>>>
>>>Cheers,
>>>Randall
>>>
>>_______________________________________________
>>>For more information regarding industry leading CCIE Lab training, please
>>>visit www.ipexpert.com
>>>
>>>Are you a CCNP or CCIE and looking for a job? Check out
>>>www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com