Nice work there, i made a similar conf, and blocked all numbers begining with 060 and 064:

rule 1 /^060/ /9999/

rule 2 /^064/ /9999/

is possible redirect a call to especific hunt-goup using similar configuration?

We used this method successfully until we quickly reached the maximum number of blocking rules (15). I see we can do this on the CUCM (8x & later) with a couple of CSS & Partitions, then build Xlate patterns to block based on calling party number. That's fine except I'd like to be able to do the blocking on the GW router if I could. How do I get around this limit of 15?  Someone mentioned IOS 15.3(T) expanded this capacity to 100 rules, which again is fine, but where do I go after I hit 100 reject rules?

TIA

Bill

Hi Bill, that is a good question.  Typically we purge out the older rules when and if we reach our maximum if we are blocking specific numbers.  Or you can block out groups of numbers using expressions the way fpavici describes above.

Excellent document !!

Thanks for sharing

Regards

Bill,

I found an interesting way to block more if needed. You can create incoming dial-peers matching by answer-address and then apply a translation rule that rejects the call or reroutes the called number to something invalid.

You can create as many as you have memory for (Dial-peers consume 6k per peer).

Example:

voice translation-rule 99
 rule 1 /^..../ /7778/
voice translation-profile FILTER_LIST
 translate called 99

dial-peer voice 99 pots
 translation-profile incoming FILTER_LIST
 answer-address 5558675309

This will take calls that patch the peer and forward them to 7778, which I have configured in Unity as a call handler that says "goodbye" then hangs up.

Keep in mind if you are running CUBE that if you match the inbound calls using a "incoming called number .T" dial-peer it will take precedence over answer address. You will have to convert you peer to "answer-address .T".

I hope that is helpful!

Mitch

Hi all, 

I need to block an incoming call on my CME ver 9.1.

I follow the example but not working. Below my configuration:

voice translation-rule 1
 rule 1 // /0/ type unknown unknown
 rule 2 // /00/ type national national
 rule 3 // /000/ type international international
!
voice translation-rule 2
 rule 1 /^100/ /100/
 rule 2 /^101/ /101/
 rule 3 /^110/ /110/
 rule 4 /^111/ /111/
 rule 5 /^112/ /112/
 rule 6 /^113/ /113/
 rule 7 /^114/ /114/
 rule 8 /^115/ /115/
 rule 9 /^116/ /116/
 rule 10 /^117/ /117/
 rule 11 /^118/ /118/
 rule 12 /^119/ /119/
 rule 13 /^120/ /120/
!
voice translation-rule 3
 rule 1 /101/ /xxxxxxx101/
 rule 2 /.../ /xxxxxxx100/
!
voice translation-rule 4
 rule 1 /^0\([0-9]\)/ /\1/
!
voice translation-rule 6
 rule 1 reject /009715297xxxxx/
 rule 2 reject /^3903072xxxxx/
!
!
voice translation-profile IN-PSTN
 translate calling 1
 translate called 2
!         
voice translation-profile OUT-PSTN
 translate calling 3
 translate called 4
!
voice translation-profile call_block
 translate calling 6
!

dial-peer voice 10 pots
 trunkgroup BRITrunk
 tone ringback alert-no-PI
 translation-profile incoming IN-PSTN
 incoming called-number .T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 20 pots
 trunkgroup BRITrunk
 corlist outgoing Internazionali
 tone ringback alert-no-PI
 description Outgoingdp
 translation-profile outgoing OUT-PSTN
 destination-pattern 000T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 30 pots
 trunkgroup BRITrunk
 corlist outgoing Nazionali
 tone ringback alert-no-PI
 description Outgoingdp
 translation-profile outgoing OUT-PSTN
 destination-pattern 00T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 40 pots
 trunkgroup BRITrunk
 corlist outgoing Cellulari
 tone ringback alert-no-PI
 translation-profile outgoing OUT-PSTN
 preference 1
 destination-pattern 03T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 50 pots
 trunkgroup BRITrunk
 tone ringback alert-no-PI
 translation-profile outgoing OUT-PSTN
 preference 1
 destination-pattern 11.
 no digit-strip
 direct-inward-dial
!
dial-peer voice 60 pots
 trunkgroup BRITrunk
 tone ringback alert-no-PI
 translation-profile outgoing OUT-PSTN
 preference 1
 destination-pattern 011.
 no digit-strip
 direct-inward-dial
!
dial-peer voice 1 pots
 service stcapp
 port 0/2/1
!
dial-peer voice 2 pots
 service stcapp
 port 0/2/2
!
dial-peer voice 70 pots
 trunkgroup BRITrunk
 call-block translation-profile incoming call_block
 call-block disconnect-cause incoming call-reject
 incoming called-number .

Can you kindly help me?

Best regards

Pietro

Hi Joshua Engels

i have followed your guide but not work.

The number is not blocked by my call manager relesa 9.1 (below my rule)

voice translation-rule 1
 rule 1 // /0/ type unknown unknown
 rule 2 // /00/ type national national
 rule 3 // /000/ type international international
!
voice translation-rule 2
 rule 1 /^100/ /100/
 rule 2 /^101/ /101/
 rule 3 /^110/ /110/
 rule 4 /^111/ /111/
 rule 5 /^112/ /112/
 rule 6 /^113/ /113/
 rule 7 /^114/ /114/
 rule 8 /^115/ /115/
 rule 9 /^116/ /116/
 rule 10 /^117/ /117/
 rule 11 /^118/ /118/
 rule 12 /^119/ /119/
 rule 13 /^120/ /120/
!
voice translation-rule 3
 rule 1 /101/ /xxxxxxx101/
 rule 2 /.../ /xxxxxxx100/
!
voice translation-rule 4
 rule 1 /^0\([0-9]\)/ /\1/
!
voice translation-rule 6
 rule 1 reject /009715297xxxxx/
 rule 2 reject /^3903072xxxxx/
!
!
voice translation-profile IN-PSTN
 translate calling 1
 translate called 2
!         
voice translation-profile OUT-PSTN
 translate calling 3
 translate called 4
!
voice translation-profile call_block
 translate calling 6
!

dial-peer voice 10 pots
 trunkgroup BRITrunk
 tone ringback alert-no-PI
 translation-profile incoming IN-PSTN
 incoming called-number .T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 20 pots
 trunkgroup BRITrunk
 corlist outgoing Internazionali
 tone ringback alert-no-PI
 description Outgoingdp
 translation-profile outgoing OUT-PSTN
 destination-pattern 000T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 30 pots
 trunkgroup BRITrunk
 corlist outgoing Nazionali
 tone ringback alert-no-PI
 description Outgoingdp
 translation-profile outgoing OUT-PSTN
 destination-pattern 00T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 40 pots
 trunkgroup BRITrunk
 corlist outgoing Cellulari
 tone ringback alert-no-PI
 translation-profile outgoing OUT-PSTN
 preference 1
 destination-pattern 03T
 no digit-strip
 direct-inward-dial
!
dial-peer voice 50 pots
 trunkgroup BRITrunk
 tone ringback alert-no-PI
 translation-profile outgoing OUT-PSTN
 preference 1
 destination-pattern 11.
 no digit-strip
 direct-inward-dial
!
dial-peer voice 60 pots
 trunkgroup BRITrunk
 tone ringback alert-no-PI
 translation-profile outgoing OUT-PSTN
 preference 1
 destination-pattern 011.
 no digit-strip
 direct-inward-dial
!
dial-peer voice 1 pots
 service stcapp
 port 0/2/1
!
dial-peer voice 2 pots
 service stcapp
 port 0/2/2
!
dial-peer voice 70 pots
 trunkgroup BRITrunk
 call-block translation-profile incoming call_block
 call-block disconnect-cause incoming call-reject
 incoming called-number .

Can you kindly help me?

Best regards

Pietro

you need to add the two lines below too your inbound dial-peer, on your case dial-peer voice 10 pot

 call-block translation-profile incoming call_block
 call-block disconnect-cause incoming call-reject

I agree

My apologies for not starting a new thread but so much of this thread could apply to my version of the question. 

What if you had a certain block of numbers being used by your CER for the ERL masking and you only wanted to allow inbound calls from the PSAP to reach those numbers, not errant calls because the DIDs had been assigned by your provider prior to your assignment.  Basically, there are only maybe 100 numbers I would allow that are part of a block, let's say 321-456-78XX and then to block any other numbers inbound for your set of DIDs.  Imagine you already have a few hundred DIDs for normal calling concerns.  You are trying to avoid your onsite emergency response desk from being overwhelmed with solicitor calls.

Thank you in advance for any reply

Hey,

I am having issues with setting up our 2921 Voice Router to block calls from a particular number. This is what I have added to the router:

voice translation-rule 200
rule 1 reject /225571****/

voice translation-profile Call_Block
translate calling 200

dial-peer voice 10 pots (which is our incoming call dial-peer)
call-block translation-profile incoming Call_Block
call-block disconnect-cause incoming call-reject

Do you see anything I am missing or need to change?

@Joshua Engels I know this is an old post, but I stumbled upon it as I linked to it for a question in the community. While reading it and the comments made by a few I noticed that you did have an error in step 2. You did not specify the rule to use for blocking the calling number in the profile, you had put in one of the commands that you'd use on the dial peer. As I have edit rights to this part of the community, I guess by being a Designated VIP, I took the liberty to edit that part and also remove the comments from others that pointed this error out to you as it's no longer contains that error. Other than that great post.

Current configuration : 8283 bytes

!

voice service voip

allow-connections h323 to h323

allow-connections h323 to sip

allow-connections sip to h323

allow-connections sip to sip

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

!

voice class codec 100

codec preference 1 g711alaw

codec preference 2 g729r8

codec preference 3 g711ulaw

!

voice class h323 200

  h225 timeout tcp establish 10

  h225 timeout setup 10

!

voice translation-rule 10

rule 1 /^/ /9/ type national national

rule 2 /^/ /90/ type international international

!

voice translation-rule 111

rule 1 reject /^7566440344$/

!

voice translation-profile Block_Call

translate calling 111

!

voice translation-profile PSTN-INCOMING

translate called 2

!

voice translation-profile outbond-calling

translate calling 10

!

voice translation-profile profile1

translate calling 10

application

global

  service alternate default

!

!

vxml logging-tag

license udi pid CISCO2911/K9 sn FGL201711BN

hw-module pvdm 0/0

!

!

!

object-group network local_cws_net

!

object-group network local_lan_subnets

any

!

object-group network vpn_remote_subnets

any

!

redundancy

!

!

!

!

!

controller E1 0/0/0

pri-group timeslots 1-31 service mgcp

description *** DID 0777 6666666 ***

!

controller E1 0/0/1

pri-group timeslots 1-31 service mgcp

description *** DID 7777777 ***

!

controller E1 0/1/0

pri-group timeslots 1-31 service mgcp

description *** DID 0777 8888888 ***

!

controller E1 0/1/1

shutdown

pri-group timeslots 1-31 service mgcp

description 0777 8888888

!

zone security LAN

zone security WAN

zone security VPN

zone security DMZ

!

interface Tunnel1

no ip address

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 10.10.10.254 255.255.0.0

ip helper-address 10.10.10.31

duplex auto

speed auto

h323-gateway voip interface

h323-gateway voip bind srcaddr 10.10.10.254

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0:15

no ip address

encapsulation hdlc

no cdp enable

isdn switch-type primary-net5

isdn incoming-voice voice

isdn bind-l3 ccm-manager

interface Serial0/0/1:15

no ip address

encapsulation hdlc

no cdp enable

isdn switch-type primary-net5

isdn incoming-voice voice

isdn bind-l3 ccm-manager

!

interface Serial0/1/0:15

no ip address

encapsulation hdlc

no cdp enable

isdn switch-type primary-net5

isdn incoming-voice voice

isdn bind-l3 ccm-manager

!

interface Serial0/1/1:15

no ip address

encapsulation hdlc

no cdp enable

isdn switch-type primary-net5

isdn incoming-voice voice

isdn bind-l3 ccm-manager

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 10.10.10.250

!

ip access-list extended nat-list

permit ip object-group local_lan_subnets any

!

!

!

!

control-plane

!

!

voice-port 0/0/0:15

!

voice-port 0/1/0:15

!

voice-port 0/1/1:15

!

voice-port 0/0/1:15

!        

!

!

!

!

mgcp

mgcp call-agent 10.10.10.31 2427 service-type mgcp version 0.1

mgcp rtp unreachable timeout 1000 action notify

mgcp modem passthrough voip mode nse

mgcp package-capability rtp-package

mgcp package-capability sst-package

mgcp package-capability pre-package

no mgcp package-capability res-package

no mgcp timer receive-rtcp

mgcp sdp simple

mgcp fax t38 inhibit

mgcp bind control source-interface GigabitEthernet0/1

mgcp bind media source-interface GigabitEthernet0/1

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

sccp local GigabitEthernet0/1

sccp ccm 10.10.10.31 identifier 1 version 7.0

sccp ccm 10.10.10.30 identifier 2 version 7.0

sccp

sccp ccm group 1

associate ccm 1 priority 1

associate ccm 2 priority 2

associate profile 2 register transcoder

associate profile 1 register conference

!

ccm-manager music-on-hold

!

ccm-manager fallback-mgcp

ccm-manager redundant-host 10.10.10.30

ccm-manager mgcp

no ccm-manager fax protocol cisco

ccm-manager config server 10.10.10.31 

ccm-manager config

!

dspfarm profile 2 transcode 

codec g729abr8

codec g729ar8

codec g711alaw

codec g711ulaw

codec g729r8

maximum sessions 3

associate application SCCP

!

dspfarm profile 1 conference 

codec g729br8

codec g729r8

codec g729abr8

codec g729ar8

codec g711alaw

codec g711ulaw

maximum sessions 4

associate application SCCP

!

dial-peer voice 5 pots

!

dial-peer voice 2 pots

!

dial-peer voice 100 pots

call-block translation-profile incoming Block_Call

call-block disconnect-cause incoming call-reject

destination-pattern .T

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login local

transport input all

!

scheduler allocate 20000 1000

ntp master

ntp update-calendar

ntp server ntp.iiserb.ac.in

!

end



I tried to use the above highlighted configuration for the blocking of 7566440344 as an incoming call.
But somehow it is not working. I seek any help in this regard to solve this issue. Thank you.

@Vinay Bajpai It looks like your dial peer is not setup as an inbound dial peer. Try adding these two lines.

incoming called-number .
direct-inward-dial

If that doesn't work then turn on these debugs and redo the call and collect the output so that we can look at what's going on.

• debug voip ccapi inout
• debug voip translation