Hi there thanks for getting back to me,

I've applied the access list but the pcs are still able to ping the phone. Ummm the list you gave looked good not sure why it's not working? I'm looking around. Ideas?

Sent from Cisco Technical Support iPad App

Hi

Good point, but no not a single one.

Extended IP access list block-data-to-voice

10 deny ip 172.16.1.0 0.0.0.255 10.10.10.0 0.0.0.255

20 permit ip any any

The 10 Network are the phones

interface FastEthernet0/0

description $FW_INSIDE$

no ip address

ip access-group block-data-to-voice in

no ip redirects

no ip proxy-arp

ip flow ingress

ip flow egress

ip pim sparse-dense-mode

ip nat inside

ip virtual-reassembly

ip route-cache flow

speed auto

full-duplex

pppoe enable group global

pppoe-client dial-pool-number 1

service-policy output voip

!

interface FastEthernet0/0.10

description $FW_INSIDE$

encapsulation dot1Q 10

no ip redirects

no ip proxy-arp

ip pim sparse-dense-mode

ip nat inside

ip virtual-reassembly

service-policy output voip

Sent from Cisco Technical Support iPad App

You are applying access-group on Fa0/0 but not on subinterface Fa0/0.1 (if your data vlan id 1)

Hi Alex,

Thanks I'll give that a shot but I never created a sub interface fa0/0.1

Data vlan is 1 as is the native vlan.

I'll split them up to int fa0/0, fa0/0.1 and fa0/0.10 and apply the access list to fa0/0.1 and let you know how it goes.

Thanks

Sent from Cisco Technical Support iPad App

Hi any ideas as to what is not going right?

Thanks for your answer Jeff yes you can do this in cme as well but I am using the phone as a switch port for the pcs so can really do this.

Ideas welcomed

Sent from Cisco Technical Support iPad App

Hi Alain

Your answer was correct thanks for the help

Regards

Sent from Cisco Technical Support iPad App