Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blacklisted IP Addresses

Status
Not open for further replies.

bignose21

Programmer
Jul 4, 2003
2,199
GB
Have a control room on a site and they have a DR site that they test monthly. So they go to the DR location and login the phones and test all is good, then they go back to the main site and try to login the normal phones and the IP Addresses get blacklisted and phones (J179) just display “Acquiring Service” after first attempt of logging back in. Clear the blacklist on the service status and the phone comes straight up. The IPO LAN 1 is set for default "Block blacklist only" and both sets of phones are on customer LAN/WAN so no remote users. Any way to stop this, is it possible to white list the phone Voice VLAN subnet(s) or just individual IP's?
 
If it was IP address blacklisting, you can use the NoUser source number B_DISABLE_HTTP_IPADDR to disable that. But with the huge caveats that you have disabled the protection from IP connection that you might not want. The configuration setting you are referring too is around User Agent blacklisting.

The IP Office System Monitor manual lists the different blacklisting screens and several NUSNs that can be used to tailor the behaviour.

Your explanation is a little vague (you're fully clear because its your setup but we have to guess a bit and that leads to issues). Is the DR (Disaster Recovery) a totally separate site or are the two network linked (Server Edition or IP500 SCN). If the later, was the switch over by IP Office resilience, you text make it sound like physically unplugging and going to another site.

If its a small number of phones, it might just be easiest to write the resolution steps you already have into the "Recovery Procedure".

Stuck in a never ending cycle of file copying.
 
So phones are only registering with the Primary Server no IP Office hardware on either site (Server in a DC, sites are completely separate). In the ipoffice.log I see:

ATR|SecurityLogin|phone ip address|0.0.0.0|00-00-00-00-00-00|AccountTimeout||.....|

TRP|Access temporarily blocked due to repeated TLS connection failures. TLS Client IP Address x.x.x.x Local Port: 5061
 
would it work just to whitelist the Voice VLAN as white list accepts partial entries, if so is the format just to only add "192.168.1." for example or does it use wild cards "192.168.1.*"?
 
sizbut is there a explanation of how to implement "B_DISABLE_HTTP_IPADDR" and uses etc. as in the documents I just see that it can be used to disable the blacklisting bit no explanation or examples of how to configure it where to put it etc.
 
Google "IP Office NoUser Source Number"

Stuck in a never ending cycle of file copying.
 
you can also add B_DISABLE_SIP_IPADDR , into the NoUser source number, if the problem is SIP registration issues

Help in Manager is pretty decent

Joe
FHandw, ACSS, ACIS
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top