Re: [OSL | CCIE_Voice] SRST Access-list for home equipment
Rrcrumm, apply this acl on the inbound interface when you do this step, then there is no need adding additonal acl statements mentioned by Dan... remember you applied it on the outside interface which doesn't have any control in regulating the remote host with exception adding the Dan acl also to make it work... Dan, when ccm-manager fall-back mgcp command is used, and under telephony-service the command srst ephone description doesn't show up on the phone..rather it showed as Cisco Cme, whereas the description is given as your current options... when i gave the command system message then it showed as your current options.. is this is a bug in srst command under telephony service??? thank you krishna. From: Rrcrumm rrcr...@yahoo.com To: Dan Quinlan (daquinla) daqui...@cisco.com Cc: Online Study ccie_voice@onlinestudylist.com Sent: Sunday, July 29, 2012 9:58 PM Subject: Re: [OSL | CCIE_Voice] SRST Access-list for home equipment Thanks Dan I'll try that Sent from my iPhone On Jul 29, 2012, at 7:52 PM, Dan Quinlan (daquinla) daqui...@cisco.com wrote: Oh and I'd apply the access group on interface vlan 12 (the phone vlan) in both directions ip access group sc in and up access group sc out DQ d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:48 PM, Dan Quinlan (daquinla) daqui...@cisco.com wrote: You need to add rules for the other direction as well (pub and sub to the phone). Otherwise the phone still receives keepalives. So you need to add these to your access list: deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11 host 192.168.12.12 DQ d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:40 PM, Randall Crumm rrcr...@yahoo.com wrote: Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] SRST Access-list for home equipment
Not a bug - different commands. srst ephone description just sets what shows in the running config as the description tag on ephones that are learned. System message is always what shows on the phone just above the soft keys. DQ d...@cisco.commailto:d...@cisco.com Sent from my iPhone On Jul 30, 2012, at 3:37 AM, Krishna vinayak_...@yahoo.commailto:vinayak_...@yahoo.com wrote: Rrcrumm, apply this acl on the inbound interface when you do this step, then there is no need adding additonal acl statements mentioned by Dan... remember you applied it on the outside interface which doesn't have any control in regulating the remote host with exception adding the Dan acl also to make it work... Dan, when ccm-manager fall-back mgcp command is used, and under telephony-service the command srst ephone description doesn't show up on the phone..rather it showed as Cisco Cme, whereas the description is given as your current options... when i gave the command system message then it showed as your current options.. is this is a bug in srst command under telephony service??? thank you krishna. From: Rrcrumm rrcr...@yahoo.commailto:rrcr...@yahoo.com To: Dan Quinlan (daquinla) daqui...@cisco.commailto:daqui...@cisco.com Cc: Online Study ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com Sent: Sunday, July 29, 2012 9:58 PM Subject: Re: [OSL | CCIE_Voice] SRST Access-list for home equipment Thanks Dan I'll try that Sent from my iPhone On Jul 29, 2012, at 7:52 PM, Dan Quinlan (daquinla) daqui...@cisco.commailto:daqui...@cisco.com wrote: Oh and I'd apply the access group on interface vlan 12 (the phone vlan) in both directions ip access group sc in and up access group sc out DQ d...@cisco.commailto:d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:48 PM, Dan Quinlan (daquinla) daqui...@cisco.commailto:daqui...@cisco.com wrote: You need to add rules for the other direction as well (pub and sub to the phone). Otherwise the phone still receives keepalives. So you need to add these to your access list: deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11 host 192.168.12.12 DQ d...@cisco.commailto:d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:40 PM, Randall Crumm rrcr...@yahoo.commailto:rrcr...@yahoo.com wrote: Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.comhttp://www.ipexpert.com/ Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.comhttp://www.platinumplacement.com/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.comhttp://www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.comhttp://www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
[OSL | CCIE_Voice] SRST Access-list for home equipment
Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] SRST Access-list for home equipment
You need to add rules for the other direction as well (pub and sub to the phone). Otherwise the phone still receives keepalives. So you need to add these to your access list: deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11 host 192.168.12.12 DQ d...@cisco.commailto:d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:40 PM, Randall Crumm rrcr...@yahoo.commailto:rrcr...@yahoo.com wrote: Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.comhttp://www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.comhttp://www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] SRST Access-list for home equipment
Oh and I'd apply the access group on interface vlan 12 (the phone vlan) in both directions ip access group sc in and up access group sc out DQ d...@cisco.commailto:d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:48 PM, Dan Quinlan (daquinla) daqui...@cisco.commailto:daqui...@cisco.com wrote: You need to add rules for the other direction as well (pub and sub to the phone). Otherwise the phone still receives keepalives. So you need to add these to your access list: deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11 host 192.168.12.12 DQ d...@cisco.commailto:d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:40 PM, Randall Crumm rrcr...@yahoo.commailto:rrcr...@yahoo.com wrote: Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.comhttp://www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.comhttp://www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] SRST Access-list for home equipment
Thanks Dan I'll try that Sent from my iPhone On Jul 29, 2012, at 7:52 PM, Dan Quinlan (daquinla) daqui...@cisco.com wrote: Oh and I'd apply the access group on interface vlan 12 (the phone vlan) in both directions ip access group sc in and up access group sc out DQ d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:48 PM, Dan Quinlan (daquinla) daqui...@cisco.com wrote: You need to add rules for the other direction as well (pub and sub to the phone). Otherwise the phone still receives keepalives. So you need to add these to your access list: deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11 host 192.168.12.12 DQ d...@cisco.com Sent from my iPhone On Jul 29, 2012, at 10:40 PM, Randall Crumm rrcr...@yahoo.com wrote: Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
