Cisco Cisco Unified MeetingPlace 7.0 Manual Técnica
How to Identify if TOLLFRAUD_APP is Blocking Your Call
If the TOLLFRAUD_APP is rejecting the call, it generates a Q.850 disconnect cause value of 21, which
represents Call Rejected. The debug voip ccapi inout command can be run to identify the cause value.
represents Call Rejected. The debug voip ccapi inout command can be run to identify the cause value.
Additionally, voice iec syslog can be enabled to further verify if the call failure is a result of the toll−fraud
prevention. This configuration, which is often handy to troubleshoot the origin of failure from a gateway
perspective, will print out that the call is being rejected due to toll call fraud. The CCAPI and Voice IEC
output is demonstrated in this debug output:
prevention. This configuration, which is often handy to troubleshoot the origin of failure from a gateway
perspective, will print out that the call is being rejected due to toll call fraud. The CCAPI and Voice IEC
output is demonstrated in this debug output:
%VOICE_IEC−3−GW: Application Framework Core: Internal Error (Toll fraud call rejected):
IEC=1.1.228.3.31.0 on callID 3 GUID=F146D6B0539C11DF800CA596C4C2D7EF
000183: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallSetContext:
Context=0x49EC9978
000184: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/cc_process_call_setup_ind:
>>>>CCAPI handed cid 3 with tag 1002 to app "_ManagedAppProcess_TOLLFRAUD_APP"
000185: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallDisconnect:
Cause Value=21, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=0)
The Q.850 disconnect value that is returned for blocked calls can also be changed from the default of 21 with
this command:
this command:
voice service voip
ip address trusted call−block cause <q850 cause−code>
How to Return to Pre−15.1(2)T Behavior
Source IP Address Trust List
There are three ways to return to the previous behavior of voice gateways before this trusted address
toll−fraud prevention feature was implemented. All of these configurations require that you are already
running 15.1(2)T in order for you to make the configuration change.
toll−fraud prevention feature was implemented. All of these configurations require that you are already
running 15.1(2)T in order for you to make the configuration change.
Explicitly enable those source IP addresses from which you would like to add to the trusted list for
legitimate VoIP calls. Up to 100 entries can be defined. This below configuration accepts calls from
those host 203.0.113.100/32, as well as from the network 192.0.2.0/24. Call setups from all other
hosts are rejected. This is the recommended method from a voice security perspective.
legitimate VoIP calls. Up to 100 entries can be defined. This below configuration accepts calls from
those host 203.0.113.100/32, as well as from the network 192.0.2.0/24. Call setups from all other
hosts are rejected. This is the recommended method from a voice security perspective.
voice service voip
ip address trusted list
ipv4 203.0.113.100 255.255.255.255
ipv4 192.0.2.0 255.255.255.0
1.
Configure the router to accept incoming call setups from all source IP addresses.
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
2.
Disable the toll−fraud prevention application completely.
voice service voip
no ip address trusted authenticate
3.
Two−Stage Dialing
If two−stage dialing is required, the following can be configured to return behavior to match previous
releases.
releases.