Force Cisco IP Phones to Fall into SRST Mode
Force Cisco IP Phones to Fall into SRST Mode
Are you planning to do SRST Testing to ensure that Cisco IP Phones falls back into SRST Mode when there is a WAN Link failure? It is not recommended to plug out the WAN Link or Turn off Cisco Unified Communications Manager servers or services. The best recommended practice is to do this testing is to apply ACL (Access Control List) on the WAN interface of the router.
What needs to be blocked?
Communication Protocol
- SCCP > Port Number 2000 (TCP)
- Secure SCCP >Port Number 2443 (TCP)
- SIP > Port Number 5060 (TCP/UDP),
- Secure SIP >Port Number 5061 (TCP/UDP)
Real Time Protocol (RTP)
- Standard RTP: Port Numbers between 16384-32767 (UDP)
So you have to block Communication Protocol as well as Real Time Protocol.
What commands to be applied?
Access your WAN Router and configure the following ACL commands.
ip access-list extended SRST-ACL —->>>> Extended ACL Namedeny tcp any any eq 5060 —->>>> Used by SIP
deny udp any any eq 5060 —->>>> Used by SIP
deny tcp any any eq 5061 —->>>> Used by Secure SIP
deny udp any any eq 5061 —->>>> Used by Secure SIP
deny tcp any any eq 2000 —->>>> Used by SCCPdeny tcp any any eq 2443 —->>>> Used by Secure SCCP
deny udp any any range 16384 32767 —->>>> Used by RTP
permit ip any any —->>>> Allowing all other traffic except the above
interface 1/1 —->>>> Replace 1/1 by your WAN interface card identification
ip access-group SRST-ACL in —->>>> Apply the Extended ACL that was created in the above steps. Until and unless this command is applied, ACL is not effective.
no ip access-list extended SRST-ACLinterface 1/1no ip access-group SRST-ACL in
I am working in an IT company and having 10+ years of experience into Cisco IP Telephony and Contact Center. I have worked on products like CUCM, CUC, UCCX, CME/CUE, IM&P, Voice Gateways, VG224, Gatekeepers, Attendant Console, Expressway, Mediasense, Asterisk, Microsoft Teams, Zoom etc. I am not an expert but i keep exploring whenever and wherever i can and share whatever i know. You can visit my LinkedIn profile by clicking on the icon below.
“Everyone you will ever meet knows something you don’t.” ― Bill Nye
