Table of Contents
Advertisement
How to Configure Secure Unified SRST
dial-peer voice 81235 pots
application mgcpapp
destination-pattern 81235
port 1/1/0
forward-digits all
!
dial-peer voice 81234 pots
application mgcpapp
destination-pattern 81234
port 1/0/0
!
dial-peer voice 999100 pots
application mgcpapp
port 1/0/0
!
dial-peer voice 999110 pots
application mgcpapp
port 1/1/0
!
!
! Enable credentials service on the gateway.
credentials
ip source-address 10.1.1.22 port 2445
trustpoint srstca
!
!
! Enable SRST mode.
call-manager-fallback
secondary-dialtone 9
transfer-system full-consult
ip source-address 10.1.1.22 port 2000
max-ephones 15
max-dn 30
transfer-pattern .....
.
.
.
Control Plane Policing: Example
This section provides a configuration example for the security best practice of protecting the credentials
service port using control plane policing. Control plane policing protects the gateway and maintains
packet forwarding and protocol states despite a heavy traffic load. For more information on control
planes, see the
Router# show running-config
.
.
.
! Allow trusted host traffic.
access-list 140 deny tcp host 10.1.1.11 any eq 2445
! Rate-limit all other traffic.
access-list 140 permit tcp any any eq 2445
access-list 140 deny ip any any
! Define class-map "sccp-class."
class-map match-all sccp-class
match access-group 140
policy-map control-plane-policy
class sccp-class
police 8000 1500 1500 conform-action drop exceed-action drop
Cisco Unified SCCP and SIP SRST System Administrator Guide
220
Control Plane Policing
documentation.
Configuring Secure SRST for SCCP and SIP
OL-13143-04
Advertisement
Table of Contents
Troubleshooting
