IOS 15.1 Toll Fraud feature

A new feature has been introduced in Cisco IOS® Software Release 15.1(2)T to guard against the incidence of toll-fraud on Voice GateWays (VGWs) installed with Cisco IOS. Starting with IOS 15.1(2)T and newer releases of IOS based on this version, the toll-fraud prevention settings are the default behavior of Cisco IOS-based VGWs.

Behavior Before 15.1(2)T

For all IOS releases before 15.1(2)T, the default behavior for IOS voice gateways is to accept call setups from all sources. As long as voice services are running on the router, the default configuration will treat a call setup from any source IP address as a legitimate and trusted source to set a call up for. Also, FXO ports and inbound calls on ISDN circuits will present secondary-dial tone for inbound calls, allowing for two-stage dialing. This assumes a proper inbound dial-peer is being matched.

Behavior with 15.1(2)T and Later Releases

Starting with 15.1(2)T, the router’s default behavior is to not trust a call setup from a VoIP source. This feature adds an internal application named TOLLFRAUD_APP to the default call control stack, which checks the source IP of the call setup before routing the call. If the source IP does not match an explicit entry in the configuration as a trusted VoIP source, the call is rejected.

The following command is enabled:

  voice service voip
    ip address trusted authenticate   

Additional valid ip addresses can be added via the
 following command line:
   voice service voip
    ip address trusted list
     ipv4 <ipv4-address> [<ipv4 network-mask>] 

If Toll fraud is blocking the call then you will have Q.850 disconnect cause code with value of 21.
%VOICE_IEC-3-GW: Application Framework Core: Internal Error (Toll fraud call rejected):
IEC= on callID 3 GUID=F146D6B0539C11DF800CA596C4C2D7EF
000183: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallSetContext:
000184: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/cc_process_call_setup_ind:
>>>>CCAPI handed cid 3 with tag 1002 to app “_ManagedAppProcess_TOLLFRAUD_APP”
000185: *Apr 30 14:38:57.251: //3/F146D6B0800C/CCAPI/ccCallDisconnect:
Cause Value=21, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=0)

How you can return back to pre-15.1(2) IOS behaviour?

voice service voip
no ip address trusted authenticate

To authenticate all sources for VoIP calls:

voice service voip
ip address trusted list

More can be read from Cisco Technote.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: