Cisco Cisco Unified MeetingPlace 7.0 Manuale Tecnico
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Behavior Before 15.1(2)T
For all IOS releases before 15.1(2)T, the default behavior for IOS voice gateways is to accept call setups from
all sources. As long as voice services are running on the router, the default configuration will treat a call setup
from any source IP address as a legitimate and trusted source to set a call up for. Also, FXO ports and inbound
calls on ISDN circuits will present secondary−dial tone for inbound calls, allowing for two−stage dialing. This
assumes a proper inbound dial−peer is being matched.
all sources. As long as voice services are running on the router, the default configuration will treat a call setup
from any source IP address as a legitimate and trusted source to set a call up for. Also, FXO ports and inbound
calls on ISDN circuits will present secondary−dial tone for inbound calls, allowing for two−stage dialing. This
assumes a proper inbound dial−peer is being matched.
Behavior with 15.1(2)T and Later Releases
Starting with 15.1(2)T, the routers default behavior is to not trust a call setup from a VoIP source. This
feature adds an internal application named TOLLFRAUD_APP to the default call control stack, which checks
the source IP of the call setup before routing the call. If the source IP does not match an explicit entry in the
configuration as a trusted VoIP source, the call is rejected.
feature adds an internal application named TOLLFRAUD_APP to the default call control stack, which checks
the source IP of the call setup before routing the call. If the source IP does not match an explicit entry in the
configuration as a trusted VoIP source, the call is rejected.
Note: If you have dial−peers configured with session target, calls from those IPs will be accepted even if there
is no trusted list configured.
is no trusted list configured.
When booting a version of IOS with the toll−fraud prevention application, this is printed to the devices
console during the boot sequence:
console during the boot sequence:
Following voice command is enabled:
voice service voip
ip address trusted authenticate
The command enables the ip address authentication
on incoming H.323 or SIP trunk calls for toll fraud
prevention supports.
Please use "show ip address trusted list" command
to display a list of valid ip addresses for incoming
H.323 or SIP trunk calls.
Additional valid ip addresses can be added via the
following command line:
voice service voip
ip address trusted list
ipv4 <ipv4−address> [<ipv4 network−mask>]
The router automatically adds any destinations that are defined as an ipv4 target in a VoIP dial−peer to the
trusted source list. You can observe this behavior with the output of this command:
trusted source list. You can observe this behavior with the output of this command:
Router#show ip address trusted list
IP Address Trusted Authentication
Administration State: UP
Operation State: UP
IP Address Trusted Call Block Cause: call−reject (21)
VoIP Dial−peer IPv4 Session Targets:
Peer Tag Oper State Session Target
−−−−−−−− −−−−−−−−−− −−−−−−−−−−−−−−
3000 UP ipv4:203.0.113.100
1001 UP ipv4:192.0.2.100