[cisco-voip] trusted relay points
Ian Anderson
ia at andersoi.co.uk
Tue Feb 17 11:43:58 EST 2015
There are a few gotchas, desktop sharing via BFCP doesn't work for one.
If it's just for segregation of wireless clients, it may be worthwhile you
investigating the use of Expressway/MRA?
On 17 February 2015 at 16:34, Brian Meade <bmeade90 at vt.edu> wrote:
> They're basically just MTPs you deem to be "trusted". A lot of people use
> them for switching between IPv4 and IPv6. Really not anything different
> than just forcing MTP Required other than maybe just narrowing down the MTP
> list. Some people use the same setup for VPN phones/IP Communicators over
> VPN so VPN clients don't have to be able to talk directly to each other.
>
> On Tue, Feb 17, 2015 at 11:28 AM, Lelio Fulgenzi <lelio at uoguelph.ca>
> wrote:
>
>>
>> We had a security discussion with our account team, and one thing that
>> was brought up was the concept/feature of trusted relay points.
>>
>> There's not much on the subject in the guides, other than saying some
>> MTPs are trusted relay points.
>>
>> Our thought was, rather than opening up the voice VLANs to allow media
>> from the data VLANs, we could simply set up the Jabber clients with
>> "trusted relay points" enabled and modify the voice VLAN ACLs to allow
>> access from these trusted relay points. We could either use our PSTN
>> gateways or deploy another set of 2900s for this purpose.
>>
>> This would also help us in the short term, I believe, by not having to
>> enable "peer to peer" communications on our wiLAN.
>>
>> Any thoughts or pointers to some documents would be fantastic.
>>
>> Lelio
>>
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst, Network Infrastructure
>> Computing and Communications Services (CCS)
>> University of Guelph
>>
>> 519‐824‐4120 Ext 56354
>> lelio at uoguelph.ca
>> www.uoguelph.ca/ccs
>> Room 037, Animal Science and Nutrition Building
>> Guelph, Ontario, N1G 2W1
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150217/e5fb1296/attachment.html>
More information about the cisco-voip
mailing list