[cisco-voip] testing new ACLs: VG224 issues

Lelio Fulgenzi lelio at uoguelph.ca
Thu Dec 1 16:16:28 EST 2011 

I was testing you Mike, you passed. ;) 

----- Original Message -----
From: "Mike Norton" <mikenorton at pwsd76.ab.ca> 
To: "Lelio Fulgenzi" <lelio at uoguelph.ca>, "Cisco VoIPoE List" <cisco-voip at puck.nether.net> 
Sent: Thursday, December 1, 2011 4:14:06 PM 
Subject: RE: [cisco-voip] testing new ACLs: VG224 issues 




Where are you getting the idea of pinging from? ICMP != ping. There are many types of ICMP messages; Echo Request is only one of them. If I had to guess, the ICMP message being sent is probably an Unreachable that has something to do with the UDP traffic. Allowing the traffic and watching with Wireshark would be my next step. 



-- 

Mike Norton 

I.T. Support 

Peace Wapiti School Division No. 76 

Helpdesk: 780-831-3080 

Direct: 780-831-3076 







From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi 
Sent: December-01-11 1:46 PM 
To: Cisco VoIPoE List 
Subject: [cisco-voip] testing new ACLs: VG224 issues 




I'm testing some new voice VLAN ACLs and have noticed a problem with a VG224 port calling an IP phone. If the IP phone puts the VG224 call on hold, no problem, but if the IP phone receives another inbound call and goes to answer it (automatically putting the VG224 call on hold) the VG224 call is dropped. 

I noticed the following deny statements being logged. 

list voice_endpoints_out denied icmp a.b.c.d -> i.j.k.l (3/3), 1 packet 
list voice_endpoints_out denied udp w.x.y.z(19441) -> i.j.k.l(4001), 1 packet 

a.b.c.d is the ip address of one of the ethernet interfaces where a ping packet would be sourced 
w.x.y.z is the loopback address where voice traffic would be sourced 
i.j.k.l is the IP phone 

Why is the VG224 trying to ping my ip phone? 
What is UDP traffic destined to 4001 all about? 





--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20111201/99f62c93/attachment.html>

More information about the cisco-voip mailing list