12-09-2015 08:19 AM - edited 03-18-2019 05:18 AM
Does someone knows if is posible to restrict the users that can authenticate using MRA?
Thanks
Alex
Solved! Go to Solution.
12-09-2015 08:53 AM
AFAIK there is no way to do that, if a user is enabled for IM only, Phone only, or full UC, and you have MRA, he can try to login, and should be able to. CUCM will accept any proxied registrations, assuming right credentials are provided.
12-09-2015 08:53 AM
AFAIK there is no way to do that, if a user is enabled for IM only, Phone only, or full UC, and you have MRA, he can try to login, and should be able to. CUCM will accept any proxied registrations, assuming right credentials are provided.
12-09-2015 09:08 AM
Thats what i suspected but it is not good since expressway solution currently does not protect against authentication DDOS atacks. (embedded freeware GNU fail2ban only protects againts same IP authentication failure).
Alex
12-09-2015 07:43 PM
There is an authentication rate limiting mechanism built into VCS 8.5.2 and above.
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-7/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-7.pdf
Page 40 goes over the feature.
12-09-2015 08:55 PM
Does not rate authentication failure. I opened a TAC case an a bug id was created as a result
https://tools.cisco.com/bugsearch/bug/CSCux29269
It rates applications that tries to authenticate many times but not authentication failure.
Too bad that feature does NOT protect against authentication DDOS attack.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide