Voice Toll Fraud on ios 15.x

Beginning in IOS 15.1(2)T

Its only the signalling traffic “call setup” that needs to be trusted not the media streams. So best just to add the CUCM servers to the trust list.

If we wanted to trust only our CUCM Publisher and Subscribers servers:
voice service voip
ip address trusted list
ipv4 177.1.10.10 255.255.255.255
ipv4 177.1.10.20 255.255.255.255

To trust the entire subnet:
voice service voip
ip address trusted list
ipv4 177.1.10.0 255.255.255.0

To go back to pre-15.1(2)T behavior:
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0

Or:
voice service voip
no ip address trusted authenticate

To configure the router for pre-15.1(2)T behavior as it relates to inbound POTS calls.
For inbound ISDN calls we would add:
voice service pots
no direct-inward-dial isdn

And for inbound FXO calls we would add:
voice-port 0/0
secondary dialtone

do show ip address trusted list to see trusted ip address

ref:http://blog.ine.com/2011/02/11/voice-toll-fraud-caveats-no-voip-traffic-by-default/#comments

About Alexis Katsavras

Working as Freelance Cisco Unified Communications Consultant in the UK. www.NetPacket.co.uk