on
06-25-2012
03:26 PM
- edited on
02-15-2024
11:16 PM
by
Roger Kallberg
The following is an example of how to setup call blocking based off of incoming Caller's ANI.
In this example, my voice environment consist of an 8.6 CUCM Pub with 3 Subscribers. I have three Cisco 2911 H.323 voice gateways with 1 PRI in each. I put together this simple 3 step process based off of a Cisco configuration guide. I tested it on my cell phone and a coupe of others and it worked great. Here are the three steps:
Block Incoming Calls based off of ANI
The following configuration must be applied to each voice gateway. It is done in basically 3 steps:
1. Create a Translation Rule
Within the translation rule you will use the reject command followed by the pattern you wish to block. In this case we use the entire phone number.
router#conf t
router(config)#voice translation-rule 1
router(config-xxx)#rule 1 reject /^8055553538$/
router(config-xxx)#rule 2 reject /^4805557904$/
Moving forward, you can continue to add rules to reject numbers as you see fit.
Example:
router(config-xxx)#rule 3 reject /^4805557905$/ and so on.
2. Apply the Translation rule to a Translation Profile and give it a name
(This will be used to apply to the incoming Dial-peer(s).)
router#conf t
router(config)#voice translation-profile call_block
router(config-xxx)#translate calling 1
In this case we named the Translation Profile "call_block"
3. Apply Translation Profile to incoming Dial-peers (only) on each router
router#conf t
router(config)#dial-peer voice 1 pots
router(config-xxx)#call-block translation-profile incoming call_block
router(config-xxx)#call-block disconnect-cause incoming call-reject
In our case, we apply this to dial-peer 1 on each voice gateway as this is the incoming dial-peer for each location.
The dial-peer looks like this after configuration: (At least in our environment)
dial-peer voice 1 pots
call-block translation-profile incoming call_block
call-block disconnect-cause incoming call-reject
incoming called-number .
direct-inward-dial
Hope this helps for anyone out there looking to block based on incoming calling numbers.
Nice work there, i made a similar conf, and blocked all numbers begining with 060 and 064:
rule 1 /^060/ /9999/
rule 2 /^064/ /9999/
is possible redirect a call to especific hunt-goup using similar configuration?
We used this method successfully until we quickly reached the maximum number of blocking rules (15). I see we can do this on the CUCM (8x & later) with a couple of CSS & Partitions, then build Xlate patterns to block based on calling party number. That's fine except I'd like to be able to do the blocking on the GW router if I could. How do I get around this limit of 15? Someone mentioned IOS 15.3(T) expanded this capacity to 100 rules, which again is fine, but where do I go after I hit 100 reject rules?
TIA
Bill
Hi Bill, that is a good question. Typically we purge out the older rules when and if we reach our maximum if we are blocking specific numbers. Or you can block out groups of numbers using expressions the way fpavici describes above.
Excellent document !!
Thanks for sharing
Regards
Bill,
I found an interesting way to block more if needed. You can create incoming dial-peers matching by answer-address and then apply a translation rule that rejects the call or reroutes the called number to something invalid.
You can create as many as you have memory for (Dial-peers consume 6k per peer).
Example:
voice translation-rule 99
rule 1 /^..../ /7778/
voice translation-profile FILTER_LIST
translate called 99
dial-peer voice 99 pots
translation-profile incoming FILTER_LIST
answer-address 5558675309
This will take calls that patch the peer and forward them to 7778, which I have configured in Unity as a call handler that says "goodbye" then hangs up.
Keep in mind if you are running CUBE that if you match the inbound calls using a "incoming called number .T" dial-peer it will take precedence over answer address. You will have to convert you peer to "answer-address .T".
I hope that is helpful!
Mitch
Hi all,
I need to block an incoming call on my CME ver 9.1.
I follow the example but not working. Below my configuration:
voice translation-rule 1
rule 1 // /0/ type unknown unknown
rule 2 // /00/ type national national
rule 3 // /000/ type international international
!
voice translation-rule 2
rule 1 /^100/ /100/
rule 2 /^101/ /101/
rule 3 /^110/ /110/
rule 4 /^111/ /111/
rule 5 /^112/ /112/
rule 6 /^113/ /113/
rule 7 /^114/ /114/
rule 8 /^115/ /115/
rule 9 /^116/ /116/
rule 10 /^117/ /117/
rule 11 /^118/ /118/
rule 12 /^119/ /119/
rule 13 /^120/ /120/
!
voice translation-rule 3
rule 1 /101/ /xxxxxxx101/
rule 2 /.../ /xxxxxxx100/
!
voice translation-rule 4
rule 1 /^0\([0-9]\)/ /\1/
!
voice translation-rule 6
rule 1 reject /009715297xxxxx/
rule 2 reject /^3903072xxxxx/
!
!
voice translation-profile IN-PSTN
translate calling 1
translate called 2
!
voice translation-profile OUT-PSTN
translate calling 3
translate called 4
!
voice translation-profile call_block
translate calling 6
!
dial-peer voice 10 pots
trunkgroup BRITrunk
tone ringback alert-no-PI
translation-profile incoming IN-PSTN
incoming called-number .T
no digit-strip
direct-inward-dial
!
dial-peer voice 20 pots
trunkgroup BRITrunk
corlist outgoing Internazionali
tone ringback alert-no-PI
description Outgoingdp
translation-profile outgoing OUT-PSTN
destination-pattern 000T
no digit-strip
direct-inward-dial
!
dial-peer voice 30 pots
trunkgroup BRITrunk
corlist outgoing Nazionali
tone ringback alert-no-PI
description Outgoingdp
translation-profile outgoing OUT-PSTN
destination-pattern 00T
no digit-strip
direct-inward-dial
!
dial-peer voice 40 pots
trunkgroup BRITrunk
corlist outgoing Cellulari
tone ringback alert-no-PI
translation-profile outgoing OUT-PSTN
preference 1
destination-pattern 03T
no digit-strip
direct-inward-dial
!
dial-peer voice 50 pots
trunkgroup BRITrunk
tone ringback alert-no-PI
translation-profile outgoing OUT-PSTN
preference 1
destination-pattern 11.
no digit-strip
direct-inward-dial
!
dial-peer voice 60 pots
trunkgroup BRITrunk
tone ringback alert-no-PI
translation-profile outgoing OUT-PSTN
preference 1
destination-pattern 011.
no digit-strip
direct-inward-dial
!
dial-peer voice 1 pots
service stcapp
port 0/2/1
!
dial-peer voice 2 pots
service stcapp
port 0/2/2
!
dial-peer voice 70 pots
trunkgroup BRITrunk
call-block translation-profile incoming call_block
call-block disconnect-cause incoming call-reject
incoming called-number .
Can you kindly help me?
Best regards
Pietro
Hi Joshua Engels
i have followed your guide but not work.
The number is not blocked by my call manager relesa 9.1 (below my rule)
voice translation-rule 1
rule 1 // /0/ type unknown unknown
rule 2 // /00/ type national national
rule 3 // /000/ type international international
!
voice translation-rule 2
rule 1 /^100/ /100/
rule 2 /^101/ /101/
rule 3 /^110/ /110/
rule 4 /^111/ /111/
rule 5 /^112/ /112/
rule 6 /^113/ /113/
rule 7 /^114/ /114/
rule 8 /^115/ /115/
rule 9 /^116/ /116/
rule 10 /^117/ /117/
rule 11 /^118/ /118/
rule 12 /^119/ /119/
rule 13 /^120/ /120/
!
voice translation-rule 3
rule 1 /101/ /xxxxxxx101/
rule 2 /.../ /xxxxxxx100/
!
voice translation-rule 4
rule 1 /^0\([0-9]\)/ /\1/
!
voice translation-rule 6
rule 1 reject /009715297xxxxx/
rule 2 reject /^3903072xxxxx/
!
!
voice translation-profile IN-PSTN
translate calling 1
translate called 2
!
voice translation-profile OUT-PSTN
translate calling 3
translate called 4
!
voice translation-profile call_block
translate calling 6
!
dial-peer voice 10 pots
trunkgroup BRITrunk
tone ringback alert-no-PI
translation-profile incoming IN-PSTN
incoming called-number .T
no digit-strip
direct-inward-dial
!
dial-peer voice 20 pots
trunkgroup BRITrunk
corlist outgoing Internazionali
tone ringback alert-no-PI
description Outgoingdp
translation-profile outgoing OUT-PSTN
destination-pattern 000T
no digit-strip
direct-inward-dial
!
dial-peer voice 30 pots
trunkgroup BRITrunk
corlist outgoing Nazionali
tone ringback alert-no-PI
description Outgoingdp
translation-profile outgoing OUT-PSTN
destination-pattern 00T
no digit-strip
direct-inward-dial
!
dial-peer voice 40 pots
trunkgroup BRITrunk
corlist outgoing Cellulari
tone ringback alert-no-PI
translation-profile outgoing OUT-PSTN
preference 1
destination-pattern 03T
no digit-strip
direct-inward-dial
!
dial-peer voice 50 pots
trunkgroup BRITrunk
tone ringback alert-no-PI
translation-profile outgoing OUT-PSTN
preference 1
destination-pattern 11.
no digit-strip
direct-inward-dial
!
dial-peer voice 60 pots
trunkgroup BRITrunk
tone ringback alert-no-PI
translation-profile outgoing OUT-PSTN
preference 1
destination-pattern 011.
no digit-strip
direct-inward-dial
!
dial-peer voice 1 pots
service stcapp
port 0/2/1
!
dial-peer voice 2 pots
service stcapp
port 0/2/2
!
dial-peer voice 70 pots
trunkgroup BRITrunk
call-block translation-profile incoming call_block
call-block disconnect-cause incoming call-reject
incoming called-number .
Can you kindly help me?
Best regards
Pietro
you need to add the two lines below too your inbound dial-peer, on your case dial-peer voice 10 pot
call-block translation-profile incoming call_block
call-block disconnect-cause incoming call-reject
I agree
My apologies for not starting a new thread but so much of this thread could apply to my version of the question.
What if you had a certain block of numbers being used by your CER for the ERL masking and you only wanted to allow inbound calls from the PSAP to reach those numbers, not errant calls because the DIDs had been assigned by your provider prior to your assignment. Basically, there are only maybe 100 numbers I would allow that are part of a block, let's say 321-456-78XX and then to block any other numbers inbound for your set of DIDs. Imagine you already have a few hundred DIDs for normal calling concerns. You are trying to avoid your onsite emergency response desk from being overwhelmed with solicitor calls.
Thank you in advance for any reply
Hey,
I am having issues with setting up our 2921 Voice Router to block calls from a particular number. This is what I have added to the router:
voice translation-rule 200
rule 1 reject /225571****/
voice translation-profile Call_Block
translate calling 200
dial-peer voice 10 pots (which is our incoming call dial-peer)
call-block translation-profile incoming Call_Block
call-block disconnect-cause incoming call-reject
Do you see anything I am missing or need to change?
@Joshua Engels I know this is an old post, but I stumbled upon it as I linked to it for a question in the community. While reading it and the comments made by a few I noticed that you did have an error in step 2. You did not specify the rule to use for blocking the calling number in the profile, you had put in one of the commands that you'd use on the dial peer. As I have edit rights to this part of the community, I guess by being a Designated VIP, I took the liberty to edit that part and also remove the comments from others that pointed this error out to you as it's no longer contains that error. Other than that great post.
Current configuration : 8283 bytes
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
!
voice class codec 100
codec preference 1 g711alaw
codec preference 2 g729r8
codec preference 3 g711ulaw
!
voice class h323 200
h225 timeout tcp establish 10
h225 timeout setup 10
!
voice translation-rule 10
rule 1 /^/ /9/ type national national
rule 2 /^/ /90/ type international international
!
voice translation-rule 111
rule 1 reject /^7566440344$/
!
voice translation-profile Block_Call
translate calling 111
!
voice translation-profile PSTN-INCOMING
translate called 2
!
voice translation-profile outbond-calling
translate calling 10
!
voice translation-profile profile1
translate calling 10
application
global
service alternate default
!
!
vxml logging-tag
license udi pid CISCO2911/K9 sn FGL201711BN
hw-module pvdm 0/0
!
!
!
object-group network local_cws_net
!
object-group network local_lan_subnets
any
!
object-group network vpn_remote_subnets
any
!
redundancy
!
!
!
!
!
controller E1 0/0/0
pri-group timeslots 1-31 service mgcp
description *** DID 0777 6666666 ***
!
controller E1 0/0/1
pri-group timeslots 1-31 service mgcp
description *** DID 7777777 ***
!
controller E1 0/1/0
pri-group timeslots 1-31 service mgcp
description *** DID 0777 8888888 ***
!
controller E1 0/1/1
shutdown
pri-group timeslots 1-31 service mgcp
description 0777 8888888
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
interface Tunnel1
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.10.10.254 255.255.0.0
ip helper-address 10.10.10.31
duplex auto
speed auto
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.10.10.254
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:15
no ip address
encapsulation hdlc
no cdp enable
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
interface Serial0/0/1:15
no ip address
encapsulation hdlc
no cdp enable
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
!
interface Serial0/1/0:15
no ip address
encapsulation hdlc
no cdp enable
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
!
interface Serial0/1/1:15
no ip address
encapsulation hdlc
no cdp enable
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 10.10.10.250
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
!
!
!
control-plane
!
!
voice-port 0/0/0:15
!
voice-port 0/1/0:15
!
voice-port 0/1/1:15
!
voice-port 0/0/1:15
!
!
!
!
!
mgcp
mgcp call-agent 10.10.10.31 2427 service-type mgcp version 0.1
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp bind control source-interface GigabitEthernet0/1
mgcp bind media source-interface GigabitEthernet0/1
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
sccp local GigabitEthernet0/1
sccp ccm 10.10.10.31 identifier 1 version 7.0
sccp ccm 10.10.10.30 identifier 2 version 7.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate ccm 2 priority 2
associate profile 2 register transcoder
associate profile 1 register conference
!
ccm-manager music-on-hold
!
ccm-manager fallback-mgcp
ccm-manager redundant-host 10.10.10.30
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager config server 10.10.10.31
ccm-manager config
!
dspfarm profile 2 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
codec g729r8
maximum sessions 3
associate application SCCP
!
dspfarm profile 1 conference
codec g729br8
codec g729r8
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 4
associate application SCCP
!
dial-peer voice 5 pots
!
dial-peer voice 2 pots
!
dial-peer voice 100 pots
call-block translation-profile incoming Block_Call
call-block disconnect-cause incoming call-reject
destination-pattern .T
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input all
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server ntp.iiserb.ac.in
!
end
I tried to use the above highlighted configuration for the blocking of 7566440344 as an incoming call.
But somehow it is not working. I seek any help in this regard to solve this issue. Thank you.
@Vinay Bajpai It looks like your dial peer is not setup as an inbound dial peer. Try adding these two lines.
incoming called-number .
direct-inward-dial
If that doesn't work then turn on these debugs and redo the call and collect the output so that we can look at what's going on.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: