You'll have a tough time with acl's in switches... I would recommend pfsense between the vlans as a more workable solution... On Oct 25, 2011 4:26 PM, "Becker, Jesse" <[email protected]> wrote:
> I think the only ACL system that allows related, from my experience is > IPTables. I was creating these on our layer 3 switches. Both Cisco and > Extreme can do established traffic, however, they do not have an option for > related as far as I can tell. > > I think I have all the port worked out in my ACL. I haven't seen anything > blocked trip the logs. > > Jes > > On Mon, Oct 24, 2011 at 8:05 PM, Josh Patten <[email protected]> wrote: > >> for the FTP bit, generally this traffic is considered RELATED, so as long >> as your ACL allows RELATED traffic you shouldn't have an issue with these >> high ports. >> >> On Mon, Oct 24, 2011 at 5:05 PM, Becker, Jesse <[email protected]>wrote: >> >>> All, >>> We use strict ACLs on all our VLAN subnets and I was wondering if there >>> was a documented list before I do trial/error testing. One of thing I have >>> noticed so far is that the phone tries to reach out to the server using >>> target ports in the high 50000 range. I have found that these are the >>> passive mode ports configured in vsftpd, so I have opened them. Is there a >>> documented list of ports that need to be opened up between a Polycom phone >>> (UA client) and the SipX server? I currently have tftp 69, ftp 20-21 >>> (including passive ports 50000-50050), sip 5060, moh 15060 opened. >>> >>> Thanks in advanced. >>> >>> Jes >>> >>> -- >>> >>> >>> Jesse Becker | Technical Manager >>> Network+ | Linux+ Certified Professional >>> SunGard Higher Education @ SUNY Ulster >>> 491 Cottekill Road, Stone Ridge, NY 12484 >>> Tel 845-687-5064 | Fax 845-687-5105 >>> [email protected] | www.sunyulster.edu >>> >>> <http://www.sunyulster.edu/> >>> >>> Check out our knowledge base: >>> http://kb.sunyulster.edu<http://kb.sunyulster.edu/> >>> >>> >>> >>> _______________________________________________ >>> sipx-users mailing list >>> [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>> >> >> >> >> -- >> Josh Patten >> eZuce >> Solutions Architect >> O.978-296-1005 X2050 >> M.979-574-5699 >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > > > -- > > > Jesse Becker | Technical Manager > Network+ | Linux+ Certified Professional > SunGard Higher Education @ SUNY Ulster > 491 Cottekill Road, Stone Ridge, NY 12484 > Tel 845-687-5064 | Fax 845-687-5105 > [email protected] | www.sunyulster.edu > > <http://www.sunyulster.edu/> > > Check out our knowledge base: > http://kb.sunyulster.edu<http://kb.sunyulster.edu/> > > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
