Announcement

This can be done. In our HQ Site we have the port turned off and for our users using the VPN phone over seas it enabled for them.

You want to have someone help you with this.

We accomplished this by adding the line: "Ethernet2 0" (minus the parentheses) in the custom file for each of the model phones (I believe for the IP230 is the sevcustom.txt file). You then push the files to the "C:\Inetpub\FTPROOT" folder of the local voicemail server and reset your phones so they pick up the new configuration file.

I've seen this request before, but never understood the reasoning. Why do people zero in on the Eth2 jack a the biggest security hole ever - what about the jack on the wall?? Aren't they the same?

Perhaps I'm missing something and I'd be happy if someone enlightened me... Can you do something from the jack on the phone that you can't do from the jack on the wall?

I agree with you jlear. If someone wants to use the network drop, they're much more likely to unplug the cat5 cable from the phone and plug it into their laptop or other device, not realizing they can use the secondary ethernet port, or just not having an extra cat5 cable. We have our own salesmen do this quite often.

If you want to block someone from using it, you'll need to do MAC filtering on the switch port to only allow that specific phone's mac address. Or perhaps it is possible to only allow mac addresses that begin with 00-10-49 (ShoreTel Phones).

I'm sure there are other more elaborate methods, such as Network Access Control (NAC) that would work as well, but I personally don't know enough about any of that to help.

Gary