Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6486
Views
0
Helpful
18
Replies

Cisco VCS Alarm - Call license limit reached

Rohit Khajuria
Level 1
Level 1

‎10-06-2014 12:56 PM - edited ‎03-18-2019 03:29 AM

I got some alarms on VCS-E and i dont know how to troubleshoot those alarms. Following are some alarms that i recieved :

 

1. Call license limit reached

2.Capacity warning

 

Please tell me if there is any way to troubleshoot these alarms or how can I clear off these alarms.

Some call got rejected because of these alarma also. Below is the log status for the calls which are dicsonnected.

 

 

 

 

1 person had this problem
Labels:
0 Helpful
18 Replies 18

Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Rohit Khajuria

‎10-08-2014 09:19 AM

All the 100@ calls are the result of you getting scanned, such as what Wayne mentions in his post above (SIPVicious), and those call attempts are them trying to exploit possible PSTN trunks.  If you don't use a PSTN gateway in your environment connected to your VCS, you can turn off UDP on the VCS.  One other solution is to create a CPL, call policy, that can block those incoming call attempt.

0 Helpful

Wayne DeNardi
VIP
VIP
In response to Patrick Sparkman

‎10-08-2014 04:36 PM

Yes, as Patrick has said, and as per the link in my previous post (this one), you're getting scanned by SIPVicious or something similar.

As suggested, you can turn off SIP UDP Mode - see Page 445 of the VCS Administrator Guide.

There's some CPL examples for blocking similar traffic in this old thread: https://supportforums.cisco.com/discussion/11234081/calls-asteriskdifferent-ip-addresses

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

0 Helpful

Rohit Khajuria
Level 1
Level 1
In response to Patrick Sparkman

‎10-10-2014 06:06 AM

Thanks for your reply again.

I will create a call policy as you said but for call policy i need to mention some destination pattern. Can you please telll me how can we create a call policy in this case as we are getting calls from some SIP ID's.

 

I am very new to this stuff so please dont mind my stupid questions.

 

Thanks

0 Helpful

Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Rohit Khajuria

‎10-15-2014 05:18 PM

The attached a CPL script, which is an XML file, that should work.  You need to open up the XML file, look for 100@VCS_IP, and change VCS_IP to be the address of your VCS that the calls are coming in on.  Once done you can upload it to your VCS by going to Configuration > Call Policy > Configuration, and browse to the CPL script and upload it.  Remember to set call policy mode to use "Local CPL".

You can test to make sure it works by going to Maintenance > Tools > Locate.  I based the CPL to block all call attempts on 100@vcs_ip, where vcs_ip is the IP address you change to that is in use on your VCS.  I tested it against my lab VCS it stopped the search attempt before it reached the search rules, and uses up a call license.

Suggest you also disable UDP on your VCS if you don't need it, that is what all these scans are using.  It's disabled by default whenever a VCS is installed anyway, so it won't harm anything, unless you need it turned on for something specific.

block_unwanted_calls_cpl_0.zip
0 Helpful
Customers Also Viewed These Support Documents