[cisco-voip] CallManagers & Gateways - controlling access
Corson, Teressa
Teressa.Corson at doit.nh.gov
Mon Nov 14 12:00:23 EST 2011
I'm puzzled...hoping someone here can explain. The basics are CUCM
version 7.1.5.33900-10 with one pub and 2 subs. CUCM controls the GWs
using MCGP in our config.
Due to some calling anomalies, Cisco TAC advised me to put the config
below on my gateways. The TAC rep says this will allow only my
CallManagers to send calls using these gateways.
access-list 99 remark ALLOWED CUCM SERVERS
access-list 99 permit 10.a.b.c
access-list 99 permit 10.a.b.d
access-list 99 permit 10.a.b.e
access-list 99 deny any log
!
voice source-group VOIP-Block
access-list 99
My understanding, based on the documentation I've read, is that the ACL
99 just matches traffic and tosses it to the voice source-group. The
voice source-group does not block traffic, at least not as configured.
Can a voice source-group be used to limit the CallManagers allowed to
use the GW?
I tried a test. I made a test CM Group with just the CM server
10.a.b.c, and a test Device Pool using the test CM Group. I removed
10.a.b.c from the ACL so, in theory, calls from that CM shouldn't be
permitted to use the GW. I put my own phone in the test DP. I was
still able to make and receive calls, even when I could see that my
phone was registered to the non-allowed CM. I could see from the debug
that my calls are going through the specific GW that contains the ACL &
source-group above. Unless I'm missing something, that indicates to me
that this ACL/source-group config is not blocking calls from
CallManagers outside the permitted group.
Is TAC mistaken? Am I confused (YES) or just doing something wrong?
Any words of wisdom will be greatly appreciated. Thanks.
Teressa
Teressa Corson, CCNP, CCDA, CCNA-Voice
TSS VI, Operations
Network Operations
NH Department of Information Technology
603-223-5727
www.nh.gov/doit <http://www.nh.gov/doit>
Statement of Confidentiality: The contents of this message are
confidential. Any unauthorized disclosure, reproduction, use or
dissemination (either in whole or in part) is prohibited. If you are
not the intended recipient of this message, please notify the sender
immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20111114/cf03d172/attachment.html>
More information about the cisco-voip
mailing list