Force Cisco IP Phones to Fall into SRST Mode

Force Cisco IP Phones to Fall into SRST Mode

Are you planning to do SRST Testing to ensure that Cisco IP Phones falls back into SRST Mode when there is a WAN Link failure? It is not recommended to plug out the WAN Link or Turn off Cisco Unified Communications Manager servers or services. The best recommended practice is to do this testing is to apply ACL (Access Control List) on the WAN interface of the router.

What needs to be blocked?

Communication Protocol

  • SCCP > Port Number 2000 (TCP)
  • Secure SCCP >Port Number 2443 (TCP)
  • SIP > Port Number 5060 (TCP/UDP),
  • Secure SIP >Port Number 5061 (TCP/UDP)

Real Time Protocol (RTP)

  • Standard RTP: Port Numbers between 16384-32767 (UDP)

So you have to block Communication Protocol as well as Real Time Protocol.

What commands to be applied?

Access your WAN Router and configure the following ACL commands.

ip access-list extended SRST-ACL    —->>>> Extended ACL Name
deny tcp any any eq 5060     —->>>> Used by SIP
deny udp any any eq 5060    —->>>> Used by SIP
deny tcp any any eq 5061    —->>>> Used by Secure SIP
deny udp any any eq 5061    —->>>> Used by Secure SIP
deny tcp any any eq 2000    —->>>> Used by SCCP
deny tcp any any eq 2443    —->>>> Used by Secure SCCP
deny udp any any range 16384 32767    —->>>> Used by RTP
permit ip any any    —->>>> Allowing all other traffic except the above
Now apply the above ACL Name on the WAN Interface to block the services
interface 1/1      —->>>> Replace 1/1 by your WAN interface card identification
ip access-group SRST-ACL in     —->>>> Apply the Extended ACL that was created in the above steps. Until and unless this command is applied, ACL is not effective.
Now Cisco IP Phones should fall back Cisco Unified Communication Manager to SRST Mode in few seconds .
Once the testing is completed, remove the ACL entries that was created above by placing “no” command. Following is an example –
no ip access-list extended SRST-ACL
interface 1/1
no ip access-group SRST-ACL in
That’s all !
Hope this helps!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *