Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3182
Views
0
Helpful
18
Replies

[SOLVED] Odd SIP Issue - "182 Queued"

danplacek
Level 4
Level 4

‎04-06-2012 02:12 PM - edited ‎03-21-2019 05:37 AM

We had a customer yesterday who stopped recevinging incoming calls.

The issue was fixed by a reboot, and unfortunately I did not keep a copy of the logs.

However, what seemed to be happening is that incoming SIP INVITE's were getting a "182 Queued" message back instead of "180 Ringing" as expected, so when you called you did not hear any ringback, and the call never went through... even this it was "connected".

Anyone have any insight into how this could happen or what that particular status code means?

Thanks.

Message was edited by: Daniel Placek

Labels:
0 Helpful
18 Replies 18

danplacek
Level 4
Level 4
In response to danplacek

‎07-19-2012 08:56 AM

Update:

We have found an interesting CDR record that shows up right before the system locks up and stops accepting calls.

Below are 2 screenshots from the last 2 times it happened.

An incoming call with unknown CLID/CNAM comes in... following that the system accepts no further calls.

-------------------------

0 Helpful

danplacek
Level 4
Level 4

‎07-20-2012 09:26 AM

Mystery solved.

It appears to be a security problem on our SIP providers end. We did a long running packet capture in between the UC320 and the provider IAD.

Immediately preceding this issue we found:

INVITE sip:9011441212790843@64.179.x.x, with session description

INVITE sip:8011441212790841@64.179.x.x, with session description

INVITE sip:1#011441212790840@64.179.x.x, with session description

There were many calls in a row like this -- it appears to be attempted toll fraud.

The UC320 appears to accept the first 12 calls, then spits back "182 Queued" to all the rest that come in.

Because we had the AA setup to "Return to Main Menu" on timeout (instead of endcall) and the person sending these bogus requests was not sending "BYE"'s, the calls got hung, and any further calls got "Queued".

We are going to work with the provider on this... but it sure would be really nice if you could setup a UC320 to reject any calls to DIDs not defined in the incoming dial plan.

Thanks for all of your assistance.

0 Helpful

rbordner
Cisco Employee
Cisco Employee
In response to danplacek

‎07-23-2012 01:32 PM

Daniel,

Thank you for the update on this outstanding item. 

One question, was the source IP address of the inbound calls from your SIP provider? The UC320W does block inbound calls from IP addresses that are not registered via the configured SIP trunk.  (There are some corner cases where we generated some PMF's to allow inbound calls on multiple IP's).

Thanks again for your update.

Randy

0 Helpful

danplacek
Level 4
Level 4
In response to rbordner

‎07-25-2012 06:15 AM

Yes they were sourced from the provider -- that's why I identified it as a provider security problem.

It is SIP delivered over a T1 with QOS; they have a AdTran IAD on site as an SBC... it clearly has some access list problems.

Dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents