No announcement yet.
  • Filter
  • Time
  • Show
Clear All
new posts

  • disable switch port on shoretel phone (230)

    Hey guys, is there a way to disable to switch port on the back of the phone via telnet? we want to disable access to certain phones so that laptops cannot be plugged into them to gain internet access.


  • #2
    disable port

    Here is another article about a disabling the port on a 560. Disabling on a 230 should be very similar.

    we use microsoft DHCP servers and recently found a microsoft article on setting up a Mac Address "approved" list. You pre-populate a list with all the mac addresses that are allowed to get a dhcp address. If they aren't on the list, they dont get an address..... not as effective as full NAP but it is pretty easy to manage.

    If you diable the second port, what is to keep someone from just unplugging the phone and using the phones ethernet cord?

    I know that someone could spoof an approved mac address, but most "common" people wouldnt know how. Someone could also "guess" a proper static IP and gateway, etc.

    long story short, I thought the DHCP dll was kind of neat.

    Microsoft Windows DHCP Team Blog : DHCP Server Callout DLL for MAC Address based filtering


    • #3
      we have a cisco router doing DHCP, and I could set up static DHCP, but all they would need to do is set an ip in the subnet statically on their pc and it would work. the phones are permently mounted to the wall, so they don't have a way to remove them to unplug the cat5 cable temporarily.



      • #4
        We accomplished this by adding the line: "Ethernet2 0" (minus the parentheses) in the custom file for each of the model phones we have in our remote site and then we push the files to the "C:\Inetpub\FTPROOT" folder of our local voicemail server.
        Last edited by dsirek; 05-26-2009, 03:35 PM.


        • #5
          Another suggestion, we recommend Layer 3 VLAN tagging on the phone. And on the network switch you allow the tagged packet from the ShoreTel phone, then set switch port to have all untagged traffic enter a layer 2 vlan 'bucket'. This keeps the phone operating, but stops any device plugged into that port from connecting.