Thanks Ian. We're going to have a mix of both desktop and hand held wireless clients. I would like the desktop clients to have access to all the features as an "on-premise" client, so for the time being, I'd like to not interject the Expressway since some of these features are not available.
Right now, it's voice only, no IM&P. So, we could modify the ACLs appropriately and allow peer-to-peer traffic on the wiLAN as required. My hope/guess is that we could use trusted relay points for the audio and modify ACLs / config to "fix" anything that wasn't working. Lelio --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519‐824‐4120 Ext 56354 le...@uoguelph.ca www.uoguelph.ca/ccs Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 ----- Original Message ----- From: "Ian Anderson" <i...@andersoi.co.uk> To: "Cisco VOIP" <cisco-voip@puck.nether.net> Cc: "Lelio Fulgenzi" <le...@uoguelph.ca> Sent: Tuesday, February 17, 2015 11:43:58 AM Subject: Re: [cisco-voip] trusted relay points There are a few gotchas, desktop sharing via BFCP doesn't work for one. If it's just for segregation of wireless clients, it may be worthwhile you investigating the use of Expressway/MRA? On 17 February 2015 at 16:34, Brian Meade < bmead...@vt.edu > wrote: They're basically just MTPs you deem to be "trusted". A lot of people use them for switching between IPv4 and IPv6. Really not anything different than just forcing MTP Required other than maybe just narrowing down the MTP list. Some people use the same setup for VPN phones/IP Communicators over VPN so VPN clients don't have to be able to talk directly to each other. On Tue, Feb 17, 2015 at 11:28 AM, Lelio Fulgenzi < le...@uoguelph.ca > wrote: <blockquote> We had a security discussion with our account team, and one thing that was brought up was the concept/feature of trusted relay points. There's not much on the subject in the guides, other than saying some MTPs are trusted relay points. Our thought was, rather than opening up the voice VLANs to allow media from the data VLANs, we could simply set up the Jabber clients with "trusted relay points" enabled and modify the voice VLAN ACLs to allow access from these trusted relay points. We could either use our PSTN gateways or deploy another set of 2900s for this purpose. This would also help us in the short term, I believe, by not having to enable "peer to peer" communications on our wiLAN. Any thoughts or pointers to some documents would be fantastic. Lelio --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519‐824‐4120 Ext 56354 le...@uoguelph.ca www.uoguelph.ca/ccs Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip </blockquote>
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
