[cisco-nas] Blocking CLID

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sat Mar 26 05:04:30 EST 2005 

Hi,

try this config

resource-pool enable
!
resource-pool group resource ISDN
 ! number of b-channels
 range limit 120
!
resource-pool group resource MODEM
 ! needs to be adapated
 range port 1/0 1/59
 range port 2/0 2/59
!
resource-pool profile customer ALLOWED
 limit base-size all
 limit overflow-size 0
 resource ISDN digital 
 resource MODEM speech 
 resource MODEM V110 
 dnis group default
!
resource-pool profile discriminator BLOCKED
 call-type all
 dnis group blockedDNIS
!
dialer dnis group blockedDNIS
 number 1234567
 number 2345678

Take a look at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft
/121t/121t5/dtclid.htm, this requires 12.3

You might also want to investigate ISDN pre-authentication. This way the
NAS will send an access-request to your Radius server with the dnis or
clid prior to answering the call. If it receives an access-reject, the
call is dropped:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft
/121t/121t2/dtpreaut.htm
I'd somewhat prefer this solution to meet your objectives since you can
configure this centrally on the Radius instead of maintaining the list
of numbers on your NAS..

	oli

Patrik Forsberg <> wrote on Saturday, March 26, 2005 10:07 AM:

> Hi,
> 
> I'm got a AS5300 sitting as a central NAS accepting calls from our
> users. The problem I'm currently facing is that I've got some jerk
> phoning in to my NAS and then cuts the line after like 20s. I would
> like to block these in the NAS and after reading a few web-resources I
> figured that a resource-pool could solve my problem. I did all, from
> what I thought, nessesery configurations and enabled resource-pool.
> What happend after that is that calls get acceptet but they dont seem
> to be sent to the modems for some reason.
> I'm using MICA modules for modems. For whatever reason the modems seem
> to think of these calls as "bad" and those push the bad-counter up and
> then end up reloading its firmware over and over again to try to fix
> the issue. The problem is also that the calls aint identified as
> digital but as speech and thos I had to block them on that level.
> 
> Can someone help me out with a "working" setup for the above
> resource-pool configuration ?
> 
> Please help,
> Patrik
> 
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

More information about the cisco-nas mailing list