[VOIPSEC] VoIP Blocking Filter w/Ettercap
Erick Bergquist
ebergquist at ameritech.net
Sun Jul 31 23:39:09 CDT 2005
Thanks. It's hidden pretty well in the docs. :) I'll
have to play with that.
So regarding the 3750 comment, is that default
behavior in certain versions or option that can be
turned on/off? I got to go look through the new
features.
--- Troy Sherman <tsherman at cisco.com> wrote:
> Nope, not just the smartports stuff, although that
> is some good stuff :)
>
> It is only on catos version 8.4 -
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_4/cmd_ref/s
> et_po_r.htm#wp1235003
>
> It is called cdpverify, one word, took me a while to
> re-find it :)
>
> Some of the switches do not allow traffic until they
> see cdp, the one's that
> I have tested are the 3750, but it is not on all
> platforms currently.
>
> Ciao,
>
>
> Troy Sherman
> JAG 1024
> -----Original Message-----
> From: Erick Bergquist
> [mailto:ebergquist at ameritech.net]
> Sent: Saturday, July 30, 2005 2:36 PM
> To: Troy Sherman; 'Michael Todd'
> Cc: Voipsec at voipsa.org; 'Credland, Jim'
> Subject: RE: [VOIPSEC] VoIP Blocking Filter
> w/Ettercap
>
> Troy,
>
> On the Verifying of CDP comment below, are you
> refering to the SmartPort macro commands (qos trust
> ciscoipphone, etc) or something else? I tried
> searching for a CDP verify command, etc but the qos
> trust commands are closest I am finding.
>
> Thanks.
>
> --- Troy Sherman <tsherman at cisco.com> wrote:
>
> > THS - Some switches now look at CDP (I know, but
> > more difficult, do not
> > remember the IOS versions) to make sure that they
> > are seeing a CDP packet
> > from the phone before they allow traffic on that
> > voice vlan. It is baby
> > steps until some newer features come out in the
> > future. The best one off the
> > top of my head is on the CatOS on the 6k (8.3.(4)
> I
> > think), it uses a
> > command called CDP verify to check this, otherwise
> > traffic is blocked.
>
More information about the Voipsec
mailing list