Collaboration

POTS DialPeer – Block Inbound Calls Based On CLID (Whitelist Example)

Simon Birtles

POTS DialPeer – Block Inbound Calls Based On CLID (Whitelist Example)

This is applies to a POTS port for incoming calls from the connected PSTN (ISDN) Peer. So the router receiving the call will check the CLID is in the valid range assigned to the site and allow the call otherwise block it. This is like a PSTN carrier ensuring the customer site does not use a CLID of anything other than the E164 numbers assigned to the site.

First we create a translation profile that checks for the CLID to be in the correct DID range for the site. In this case the DID range assigned to the connected site is:

BR3 –
DID Range : +44 1244 301 XXX

In the voice translation-rule 110;
Rule 1 checks to see if the CLID is in the correct range and if so, translates to the same CLID provided.
Rule 2 is a catch all for CLID’s that are not in the customer assigned range and sets the CLID to empty (null).

Voice translation-rule 110 is applied to a profile called BR3-INBOUND. This is specific to the customer site BR3, this is the whitelist.

!
voice translation-rule 110
rule 1 /(^441244301…$)/ /1/
rule 2 /.*/ //
!
voice translation-profile BR3-INBOUND
translate calling 110
!

We next apply this to the voice port of the POTS interface. This ensures we catch all the inbound calls on this port and are processed by the above translation profile before any other processing by dial peers etc.

!
voice-port 0/3/1:15
description Customer BR3
translation-profile incoming BR3-INBOUND
!

Now we create a second translation profile which rejects any calls with a null (empty) CLID as set by the previous translation profile. This is not site specific but is applied to the matching incoming dial peer for the customer connected port.

!
voice translation-rule 111
rule 1 reject /^$/
!
voice translation-profile NO-CLID-BLOCK
translate calling 111
!

We apply the profile using the ‘call-block’ command and set the disconnect cause to the ‘user-busy’ so when a call is made from the site with an invalid CLID which is set to null (empty) at the voice port level, the caller will hear a fast busy tone (ISDN Q931: Cause i = 0x8295 – Call rejected).

!
dial-peer voice 110 pots
description to UK BR3
call-block translation-profile incoming NO-CLID-BLOCK
call-block disconnect-cause incoming call-reject
direct-inward-dial
port 0/3/1:15

!

Simon Birtles

I have been in the IT sector for over 20 years with a primary focus on solutions around networking architecture & design in Data Center and WAN. I have held two CCIEs (#20221) for over 12 years with many retired certifications with Cisco and Microsoft. I have worked in demanding and critical sectors such as finance, insurance, health care and government providing solutions for architecture, design and problem analysis. I have been coding for as long as I can remember in C/C++ and Python (for most things nowadays). Locations that I work without additional paperwork (incl. post Brexit) are the UK and the EU including Germany, Netherlands, Spain and Belgium.