Hi, thanks for your suggestions. I can provide the answers for your questions. How many users are on the network total? 13300 How many users total per site(8) 1660 Actually this is a small project for triple-Play services...so I must decide how many VLANs I should provide per DSLAM. According to the text I've read it would be a good practice to have 1 VLAN per service and I would be answering my own question :=) but I don't know if I should consider more variables..for example if additionally I need a VLAN per site?? thanks in advance, have a nice day. Orlando ... View more

Thanks a lot Waleed, have a nice day! :) Regards, Orlando ... View more

Thanks for your help Waleed if I have a network infrastructure to provide triple-play services and I want to separate traffic using vlan per service. There will be DSLAM for example to concentrate users at the access Layer, and then it will route traffic to the Agregation layer. The question is if I want a VLAN per service (3 in this case) I will need just 3 vlans? or I should take any other variables in order to know the total number of vlans that I need ? maybe if you know a useful link. I really appreciate your help, Have a nice day, Orlando ... View more

Hi, thanks a lot 4 your reply. I was out of the office, and now i'm back to this case. I'll try, and let you know if it works 4 me. Have a nice day. Orlando ... View more

OK thanks, let me take a look to the link Regards, Orlando ... View more

the CCME version is 3.3. IOS 12.3.14T3 thanks. ... View more

The thing is that we do not use any SIP connection through internet. It's just the CCME in the LAN that has been accesed from Internet...somehow. That CCME do not have any voice/data traffic from/to Internet, and even that, it happened. The CCME only has dial-peers to connect to the local PSTN. We don't have dial-peers to any other system/PBX. Regards, Orlando ... View more

I'm pasting some info collected about it. And take a look to the following IP address: 203.121.71.211. The following phone calls are made from somewhere in Internet taking advantage of some vulnerability. Regards, Orlando. ************* WGIRtr01#sho voice call active voice compact A/O FAX T Codec type Peer Address IP R : Total call-legs: 8 513 ANS T6 g729r8 VOIP P10101010101 203.121.71.211:18188 514 ORG T6 g729r8 TELE P9001095367356257 515 ANS T6 g729r8 VOIP P10101010101 203.121.71.211:18196 516 ORG T6 g729r8 TELE P90010951534883 517 ANS T4 g729r8 VOIP P10101010101 203.121.71.211:18204 518 ORG T4 g729r8 TELE P9001021260860325 519 ANS T5 g729r8 VOIP P10101010101 203.121.71.211:18212 520 ORG T5 g729r8 TELE P9001095015569 ... View more

Hi. Thanks 4 your reply. The thing is that behind the ADSL modem we have a pix and a router with CCME in the LAN that is the local PBX(With SCCP phones, there are no H323/SIP trunks). So the attack was made from internet and they reached the LAN to make phone calls (Toll Fraud) using the IP PBX in the LAN through the COs connected to that router. Do you know about any bug, or vulnerability? Thanks once again! Regards, ORlando ... View more

Hi, In the ACL of the firewall yoou can set up h323 ports, but the problem is that there is a huge range of UDP ports for RTP packets, if I'm not wrong from 16384 to 32000 something. AS the RTP packets are no enabled you can't hear the voice. Other point is that then the destination address is the remote phone, so you can try to do PAT or No NAT in the Firewall. ORlando ... View more