Exactly Carlos. It makes logical sense that if there is no door, it doesn't matter if you have a keyring or not to get through. However, oddly, if you forget your keyring at home, you become Kevin Mitnick and can social engineer any cleaning person in the office building to open any door.
Kind Regards,
Mark Snow, CCIE #14073
(Voice, Security)
Instructor
INE.com
On Jul 31, 2012, at 8:53, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:
> With the annoying exception that if you have no keyring, it behaves like
> if you had a master key, hence my negative logic description a couple of
> months ago.
>
> -Carlos
>
> Mark Snow @ 31/07/2012 09:44 -0300 dixit:
>> Everyone's given you exactly what you need, but I thought I might add that the basic premise of corlists are that the inbound corlist must contain members that are equal to, or a superset of, the members on the outgoing corlist.
>>
>> Think of it like doors with locks and keyrings with keys. You must have a keyring on your inbound that has at least one key for each lock on your outbound door. Also important to the analogy is that whenever you have buy a lock, the key comes with it. This makes the entities in this analogy both keys and locks in their naming, and they become keys if used in a keyring, and locks if used on a door. Again, this is just an analogy and these are just naming conventions, and nothing is actually changing per se, this is just a way to remember things.
>>
>> Here is an illustration:
>>
>> !! First define your key-lock pairs
>> !
>> dial-peer cor custom
>> name Key-Lock-LOCAL
>> !
>> dial-peer cor custom
>> name Key-Lock-NATIONAL
>> !
>> !! Next define your Doors and apply locks
>> dial-peer cor list Door-LOCAL
>> member Key-Lock-LOCAL
>> !
>> dial-peer cor list Door-NATIONAL
>> member Key-Lock-NATIONAL
>> !
>> !! Next define your Keyrings and apply keys
>> dial-peer cor list Keyring-LOCAL
>> member Key-Lock-LOCAL
>> !
>> dial-peer cor list Keyring-NATIONAL
>> member Key-Lock-LOCAL
>> member Key-Lock-NATIONAL
>> !
>> !! Next assign Doors to your outbound dial peers
>> dial-peer voice 10 pots
>> destination-pattern .......
>> corlist outgoing Door-LOCAL
>> !
>> dial-peer voice 11 pots
>> destination-pattern ...........
>> corlist outgoing Door-NATIONAL
>> !
>> !! Finally handout Keyrings to your phones so that as they make calls in they can use their keys to open locks on the outbound doors!
>> ephone 1
>> cor incoming Keyring-LOCAL
>> !
>> ephone 1
>> cor incoming Keyring-NATIONAL
>> !
>>
>>
>>
>> Rinse and repeat as needed for desired outcome.
>>
>>
>> Kind Regards,
>>
>> Mark Snow, CCIE #14073
>> (Voice, Security)
>> Instructor
>> INE.com
>>
>>
>>
>>
>>
>> On Jul 31, 2012, at 6:14, Iam Here <go_soon2010_at_hotmail.com> wrote:
>>
>>> Thanks Jordan
>>>
>>>> From: zdh1207_at_gmail.com
>>>> Date: Tue, 31 Jul 2012 16:41:48 +0800
>>>> Subject: Re: COR on CME Question
>>>> To: kapilatrish_at_hotmail.com
>>>> CC: go_soon2010_at_hotmail.com; ccielab_at_groupstudy.com
>>>>
>>>> Try this,
>>>>
>>>> dial-peer cor custom
>>>> name managerl_PT
>>>> !
>>>> dial-peer cor list manager_CCS
>>>> member manager_PT
>>>> !
>>>> ! the manager's IP phone
>>>> ephone 2
>>>> cor outcoming managerl_CCS
>>>> ! the office boy's IP phone
>>>> ephone 3
>>>> cor incoming (other than manager_CCS
>>>>
>>>> Jordan
>>>>
>>>> 2012/7/31 Kapil Atrish <kapilatrish_at_hotmail.com>
>>>>
>>>>> It's the same concept, but here, you need COR applied on both sides with
>>>>> no
>>>>> overlapping members in it to prevent calling.
>>>>>
>>>>> If COR is not applied at either side, everything is allowed.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> From: go_soon2010_at_hotmail.com
>>>>> To: rwest_at_zyedge.com
>>>>> CC: kapilatrish_at_hotmail.com; ccielab_at_groupstudy.com
>>>>> Subject: RE: COR on CME Question
>>>>> Date: Tue, 31 Jul 2012 02:56:53 +0300
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Thank you very much . But what about if I want the office boy IP phone to
>>>>> not
>>>>> be able to call the Manager Ip Phone
>>>>> I mean to prevent certain Internal IP phone to call another Internal IP
>>>>> Phone
>>>>> .
>>>>> In the CUCM We can use Partitions and CSS but I don't know how we can do
>>>>> that
>>>>> in the CME
>>>>>
>>>>>
>>>>>
>>>>>> From: rwest_at_zyedge.com
>>>>>> To: go_soon2010_at_hotmail.com
>>>>>> CC: kapilatrish_at_hotmail.com; ccielab_at_groupstudy.com
>>>>>> Subject: Re: COR on CME Question
>>>>>> Date: Mon, 30 Jul 2012 23:49:08 +0000
>>>>>>
>>>>>> He just showed you. Create a Cor list not attached to a dial peer and
>>>>> them
>>>>> they cannot dial out.
>>>>>>
>>>>>> Sent from handheld
>>>>>>
>>>>>> On Jul 30, 2012, at 7:15 PM, "Iam Here" <go_soon2010_at_hotmail.com> wrote:
>>>>>>
>>>>>>> I appreciate your support but I didn't understand the Idea (I am not
>>>>> Voice
>>>>> Expert )
>>>>>>> For example where should I use corlist outgoing out_Internal command ?
>>>>>>>
>>>>>>>
>>>>>>> From: kapilatrish_at_hotmail.com
>>>>>>> To: go_soon2010_at_hotmail.com; ccielab_at_groupstudy.com
>>>>>>> Subject: RE: COR on CME Question
>>>>>>> Date: Mon, 30 Jul 2012 23:06:07 +0000
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Leaving all the previous configs intact, add this on top and give it a
>>>>> try,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> dial-peer cor custom
>>>>>>> name Internal_PT
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> dial-peer cor list Internal_CCS
>>>>>>> member Internal_PT
>>>>>>>
>>>>>>> !
>>>>>>>
>>>>>>> ephone 2
>>>>>>>
>>>>>>> cor incoming Internal_CCS
>>>>>>> !
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From: go_soon2010_at_hotmail.com
>>>>>>> To: kapilatrish_at_hotmail.com; ccielab_at_groupstudy.com
>>>>>>> Subject: RE: COR on CME Question
>>>>>>> Date: Tue, 31 Jul 2012 01:54:58 +0300
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Here's the config
>>>>>>> ============
>>>>>>> dial-peer cor custom
>>>>>>> name Loc_PT
>>>>>>> name Nat_PT
>>>>>>>
>>>>>>> dial-peer cor list out_Loc
>>>>>>> member Loc_PT
>>>>>>>
>>>>>>> dial-peer cor list out_Nat
>>>>>>> member Nat_PT
>>>>>>>
>>>>>>> dial-peer cor list in_Loc_CCS
>>>>>>> member Loc_PT
>>>>>>>
>>>>>>> dial-peer cor list in_Loc_Nat_CCS
>>>>>>> member Loc_PT
>>>>>>> member Nat_PT
>>>>>>>
>>>>>>> dial-peer voice 10 pots
>>>>>>> description Local
>>>>>>> corlist outgoing out_Loc
>>>>>>>
>>>>>>> dial-peer voice 11 pots
>>>>>>> description National
>>>>>>> corlist outgoing out_Nat
>>>>>>>
>>>>>>>
>>>>>>> ephone 1 (Manager)
>>>>>>> cor incoming in_Loc_Nat_CCS
>>>>>>>
>>>>>>> ephone 2 (Office Boy)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I'd like to configure ephone 2 to call Internal calls only not Local
>>>>> neither National Patterns
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> From: kapilatrish_at_hotmail.com
>>>>>>>> To: go_soon2010_at_hotmail.com; ccielab_at_groupstudy.com
>>>>>>>> Subject: RE: COR on CME Question
>>>>>>>> Date: Mon, 30 Jul 2012 22:39:08 +0000
>>>>>>>>
>>>>>>>> This is pretty simple, I've done it many times.
>>>>>>>>
>>>>>>>> Give it a try and if doesn't work shoot me your configs, I may be
>>>>> able to
>>>>> help
>>>>>>>> you.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> From: go_soon2010_at_hotmail.com
>>>>>>>>> To: kapilatrish_at_hotmail.com; ccielab_at_groupstudy.com
>>>>>>>>> Subject: RE: COR on CME Question
>>>>>>>>> Date: Tue, 31 Jul 2012 00:29:40 +0300
>>>>>>>>>
>>>>>>>>> I read it before and I cluldn't find a method to allow the user to
>>>>> call
>>>>> the
>>>>>>>> internal DNs only and prevent him from using the PSTN
>>>>>>>>>
>>>>>>>>>> From: kapilatrish_at_hotmail.com
>>>>>>>>>> To: go_soon2010_at_hotmail.com; ccielab_at_groupstudy.com
>>>>>>>>>> Subject: RE: COR on CME Question
>>>>>>>>>> Date: Mon, 30 Jul 2012 21:22:53 +0000
>>>>>>>>>>
>>>>>>>>>> Here is how you can do that:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>
>>>>> http://www.cisco.com/en/US/tech/tk652/tk90/technologies_configuration_example
>>>>>>>>>> 09186a008019d649.shtml
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> From: go_soon2010_at_hotmail.com
>>>>>>>>>>> To: ccielab_at_groupstudy.com
>>>>>>>>>>> Subject: COR on CME Question
>>>>>>>>>>> Date: Mon, 30 Jul 2012 22:01:35 +0300
>>>>>>>>>>>
>>>>>>>>>>> I'd like to configure COR to prevent users from using the PSTN
>>>>> (just
>>>>>>>> allow
>>>>>>>>>> them to call internal users only )
>>>>>>>>>>> how can i do that ?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>>
>>>>>>>>>>>
>>>>> _______________________________________________________________________
>>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>
>>>>>>>>>>
>>>>> _______________________________________________________________________
>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>
>>>>>>>>>
>>>>> _______________________________________________________________________
>>>>>>>>> Subscription information may be found at:
>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
>>>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 31 2012 - 09:54:44 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:24 ART