Michael, We always had a similar setup for our VLANs for our Cisco Unified Communications and Cisco Core (6509) ACL. I appears to have all the appropriate ports and ranges going for both our Cisco system and SipX system for both our current Cisco Core and our soon to be installed Extreme core (replacing the Cisco switch). I have done verbose logging on both ACLs and have not found any blocked traffic, so I believe I am good.
Our Extreme switches go in early January. I am hoping the school will commit to moving away from Cisco CUCM and replacing it with SipX this Spring. Cisco is slowly getting "fired" at this point. Jes On Tue, Oct 25, 2011 at 7:44 PM, Michael Picher <[email protected]> wrote: > You'll have a tough time with acl's in switches... I would recommend > pfsense between the vlans as a more workable solution... > On Oct 25, 2011 4:26 PM, "Becker, Jesse" <[email protected]> wrote: > >> I think the only ACL system that allows related, from my experience is >> IPTables. I was creating these on our layer 3 switches. Both Cisco and >> Extreme can do established traffic, however, they do not have an option for >> related as far as I can tell. >> >> I think I have all the port worked out in my ACL. I haven't seen anything >> blocked trip the logs. >> >> Jes >> >> On Mon, Oct 24, 2011 at 8:05 PM, Josh Patten <[email protected]> wrote: >> >>> for the FTP bit, generally this traffic is considered RELATED, so as >>> long as your ACL allows RELATED traffic you shouldn't have an issue with >>> these high ports. >>> >>> On Mon, Oct 24, 2011 at 5:05 PM, Becker, Jesse >>> <[email protected]>wrote: >>> >>>> All, >>>> We use strict ACLs on all our VLAN subnets and I was wondering if >>>> there was a documented list before I do trial/error testing. One of thing I >>>> have noticed so far is that the phone tries to reach out to the server >>>> using target ports in the high 50000 range. I have found that these are the >>>> passive mode ports configured in vsftpd, so I have opened them. Is there a >>>> documented list of ports that need to be opened up between a Polycom phone >>>> (UA client) and the SipX server? I currently have tftp 69, ftp 20-21 >>>> (including passive ports 50000-50050), sip 5060, moh 15060 opened. >>>> >>>> Thanks in advanced. >>>> >>>> Jes >>>> >>>> -- >>>> >>>> >>>> Jesse Becker | Technical Manager >>>> Network+ | Linux+ Certified Professional >>>> SunGard Higher Education @ SUNY Ulster >>>> 491 Cottekill Road, Stone Ridge, NY 12484 >>>> Tel 845-687-5064 | Fax 845-687-5105 >>>> [email protected] | www.sunyulster.edu >>>> >>>> <http://www.sunyulster.edu/> >>>> >>>> Check out our knowledge base: >>>> http://kb.sunyulster.edu<http://kb.sunyulster.edu/> >>>> >>>> >>>> >>>> _______________________________________________ >>>> sipx-users mailing list >>>> [email protected] >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>> >>> >>> >>> -- >>> Josh Patten >>> eZuce >>> Solutions Architect >>> O.978-296-1005 X2050 >>> M.979-574-5699 >>> >>> _______________________________________________ >>> sipx-users mailing list >>> [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>> >> >> >> >> -- >> >> >> Jesse Becker | Technical Manager >> Network+ | Linux+ Certified Professional >> SunGard Higher Education @ SUNY Ulster >> 491 Cottekill Road, Stone Ridge, NY 12484 >> Tel 845-687-5064 | Fax 845-687-5105 >> [email protected] | www.sunyulster.edu >> >> <http://www.sunyulster.edu/> >> >> Check out our knowledge base: >> http://kb.sunyulster.edu<http://kb.sunyulster.edu/> >> >> >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Jesse Becker | Technical Manager Network+ | Linux+ Certified Professional SunGard Higher Education @ SUNY Ulster 491 Cottekill Road, Stone Ridge, NY 12484 Tel 845-687-5064 | Fax 845-687-5105 [email protected] | www.sunyulster.edu <http://www.sunyulster.edu/> Check out our knowledge base: http://kb.sunyulster.edu<http://kb.sunyulster.edu/>
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
