7 Replies Latest reply on Oct 26, 2012 12:32 PM by matt

    Remote Phones R10

    jwable Frequent Visitor


      Has anyone gotten remote phones working?  I followed the orginal remote phone config guide for R10, not work.  Just found the update released 10/12/2010 and followed it still not working.  This is what I have:

       

      Adtran Demo unit with Public IP on ETH 0

      Show Ver:

      ADTRAN, Inc. OS version R10.3.1.E

      Hardware version 10A

      Boot ROM version A2.06.B1.01

       

      Upgraded to R 4.12 from 4.03

      Upgraded again from R4.12 to R10.3

      Following is scrubed Config:

       

      ip subnet-zero

      ip classless

      ip routing

      ipv6 unicast-routing

      domain-name "adtrandemo.catg.com"

      domain-proxy

      name-server x.x.x.x

      no auto-config

      !

      event-history on

      no logging forwarding

      logging email on

      logging email priority-level fatal

      logging email receiver-ip smtp.youremailserver.com auth-username your_username auth-password your_password

      logging email address-list you@youremailserver.com

      logging email exception-report address-list admin@yourserver.com

      logging email ip urlfilter top-websites address-list your_email@your_server.com

      logging email ip urlfilter top-websites send-time 23:59:59

      logging email sender NetVanta7100

      !

      service password-encryption

      !

      portal-list "IPPhoneFTP" ftp

      username "ftpuser" portal-list "IPPhoneFTP" password encrypted ""

      username "polycomftp" portal-list "IPPhoneFTP" password encrypted ""

      ip firewall

      ip firewall stealth

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      !

      ip dhcp database local

      !

      ip dhcp pool "VoIP_pool"

        network 10.10.20.0 255.255.255.0

        dns-server 10.10.20.1

        netbios-node-type h-node

        default-router 10.10.20.1

        tftp-server tftp://10.10.20.1

        ntp-server 10.10.20.1

        timezone-offset -6:00

        option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.20.1:/ADTRAN,FtpLogin=ftpuser,FtpPassword=ftppassword,Layer2Tagging=True,VlanID=2

      !

      ip dhcp pool "LAN_pool"

        network 10.10.10.0 255.255.255.0

        dns-server 10.10.10.1

        netbios-node-type h-node

        default-router 10.10.10.1

        tftp-server tftp://10.10.10.1

        ntp-server 10.10.10.1

        timezone-offset -6:00

        option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.20.1:/ADTRAN,FtpLogin=ftpuser,FtpPassword=ftppassword,Layer2Tagging=True,VlanID=2

      !

      !

      !

      !

      ip urlfilter Web_Http_Filter http

      ip urlfilter allowmode

      ip urlfilter top-website

      !

      !

      !

      !

      !

      qos map ConfigWizardQoSMap 20

        match dscp 46

        priority 2000

        set dscp 46

        set cos 7

      !

      !

      !

      !

      vlan 1

        name "Default"

      !

      vlan 2

        name "VoIP"

      !

      !

      !

      interface eth 0/0

        ip address  X.X.X.X  255.255.255.248

        media-gateway ip primary

        no shutdown

        no lldp send-and-receive

      !

      interface vlan 1

        ip address  10.10.10.1  255.255.255.0

        ip access-policy Private

        ip urlfilter Web_Http_Filter in

        ip urlfilter Web_Http_Filter out

        media-gateway ip primary

        no shutdown

      !

      interface vlan 2

        ip address  10.10.20.1  255.255.255.0

        ip access-policy Private

        media-gateway ip primary

        no shutdown

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended InterVLAN

        permit ip 10.10.10.0 0.0.0.255  10.10.20.0 0.0.0.255   

      --MORE--          permit ip 10.10.20.0 0.0.0.255  10.10.10.0 0.0.0.255   

      !

      ip access-list extended self

        remark Traffic to Netvanta

        permit ip any  any     log

      !

      ip access-list extended SIP

        remark Simple Remote Phone SIP Traffic

        permit udp host X.X.X.X  any eq 5060 (X.X.X.X = remote end public IP) 

        permit ip host X.X.X.X  any    (X.X.X.X = remote end public IP)

      !

      ip access-list extended web-acl-3

        remark Close http and ftp when on Internet

        permit tcp any  any eq www   log

        permit tcp any  any eq telnet   log

        permit tcp any  any eq https   log

        permit tcp any  any eq ssh   log

        permit tcp any  any eq ftp   log

        permit icmp any  any  echo   log

      !

      ip access-list extended web-acl-5

        remark Remote Phone Access 5060

        permit udp any  any eq 5060  

        permit tcp any  any eq 5060   log

      !

      !

      !

      !

      ip policy-class Private

        allow list self self

        allow list InterVLAN

        nat source list wizard-ics interface eth 0/0 overload

      !

      ip policy-class Public

        allow list web-acl-3 self

        allow list web-acl-5 stateless

        allow list SIP self

      !

      !

      ip route 0.0.0.0 0.0.0.0 X.X.X.X

      !

      tftp server

      tftp server overwrite

      http server

      http session-timeout 1800

      http secure-server

      no snmp agent

      ip ftp server

      ip ftp server default-filesystem cflash

      ip scp server

      ip sntp server

      ip sntp server send-unsynced

      !

      ip sip

      ip sip udp 5060

      ip sip tcp 5060

      !

      !

      !

       

      voice user 5555

        connect sip

        cos "executive_users"

        first-name "John"

        last-name "Test"

        password encrypted ""

        group-ring-call-waiting

        sip-authentication password encrypted ""

        remote-phone

        codec-group g711_first

        voicemail auth-mode password

        voicemail password encrypted ""

        voicemail notify schedule Sunday 12:00 am

      !

      ip sip authenticate

      !

      !

      ip sip registrar

      no ip sip registrar authenticate

      ip sip registrar default-expires 180

      !

      !

      !

      !

      !

      ip sip grammar from host domain

      ip sip grammar to host domain

      !

      ip sip qos dscp 46

      !

      ip sip hmr SIP_GLOBAL_OUT out

      !

      !

      ip sip database local

      !

      ip sdp grammar hold rfc3264

      !

      hmr policy SIP_GLOBAL_OUT

        rule-set REMOTE_PHONE_TWEAKS 10

      !

      !

      hmr rule-set REMOTE_PHONE_TWEAKS

        message-rule CHANGE_EXPIRES_TIME message-type response 10

          match header sip-status-line match-value /200/

          match header from match-value /5\d{3}/

          match header CSeq match-value /REGISTER/i

          modify header expires position first-match new-value /55/ 10

          modify header contact position first-match match-value /(;expires=)\d+/i new-value /\155/ 20

      !

      !

      ip rtp quality-monitoring

      ip rtp quality-monitoring sip

      !

       

      I used the user config to generate a password, then I set the phone IP 706 to connect to the public address of the 7100 for TFTP and FTP.  The phone contacts the TFTP server (Suseccfully) then it changes to the default internal address for FTP even though it is configured for the public address and then it can't download the config.  It seems to me there are some steps missing somewhere maybe on the phone side.  Or does this new setup still require a VPN I was under the impression a VPN was no longer required.

       

      John Wable

        • Re: Remote Phones R10
          jwable Frequent Visitor

          As a test I changed TFTP on the phone to 0.0.0.0 when FTP ran it tried to go to the proper public IP address but it failed to connect, this tells me that the phone is reaching the TFTP server when it is set to the public IP and the 7100 is telling the phone to use the Private Address of the FTP server, which it doesn't know how to get there.  Most other systems that support remote phones have a place where you configure the public IP address of the SIP Server, however other then the TFTP and FTP settings on the phone I do not see anything like that.

           

          John Wable

            • Re: Remote Phones R10
              jwable Frequent Visitor

              Some Additional Information:

               

                  Doing some testing it I have discovered a few additional items of interest.  Since the remote phones are already in the field I started thinking possible the issues could be related to the firmware of the phones not updating through the remote connection, so I setup a computer running an FTP server and a TFTP and put all the files adtran_*.txt files plus the upgraded firmware files the adtran_system.csv file and the iconpixmap.bmp file and then pointed the phone to the local server.  Looking at the FTP logs I noticed that the phone was trying to connect to the FTP using admin for the username instead of the polycomftp, but it did successfully download all the file via TFTP.  Which goes back to the above post of the unit failing to connect to FTP and then changing to the default 10.10.20.1 IP address for TFTP not working.  As an additional experiment I set the FTP server to have a username of admin and password of password and then reset the Adtran phone to Factory Defaults and disabled the local TFTP server, rebooted the phone and it successfully connected via FTP and downloaded all files.  So it appears that you will have to set the DHCP options for FTP credentials on the remote site DHCP server in order for the phone to properly connect via FTP to download the configurations.  Do to an internet issue at the remote site I have not been able to test connectivity to the 7100 yet now that all the config and firmware items have been downloaded to the phone.  However I will let everyone know once it is done.  Also once it is tested and working on the first phone I will add the DHCP options to the remote sites DHCP scope and test the FTP connection again and see if it will then connect to the 7100 and download the needed files.

               

              John Wable

                • Re: Remote Phones R10
                  jwable Frequent Visitor

                  The above manual upgrade and installation of the files resolved the issue allowing the phone to connect remotely with only needing to set the FTP settings in the phone menu.  So if you are deploying remote phones that have not already been connected to the 7100 directly you will need either manualy update the phones, or set the DHCP options including the proper username and password for FTP connections.

                   

                  John Wable

                    • Re: Remote Phones R10
                      Employee

                      John,

                       

                      Thanks for providing this information for everyone to benefit from.  There was another related post that I just responded to here: Re: Adtran IP650 Phone and Simple Remote phone setup

                       

                      Also, manual and DHCP instructions for both Polycom and ADTRAN IP 700 phones can be found in this post: Re: IP 706 Will not download from ftp or tftp server

                       

                      I wanted to link these posts together to help anyone else that needs assistance with this later.  Again thanks for the detailed information.

                       

                      Thanks,
                      Matt

                       

                      Message was edited by: matt - updated to link new post

                      1 of 1 people found this helpful
                        • Re: Remote Phones R10
                          jwable Frequent Visitor

                          Matt,

                              Thanks for the additional information.  I would recommend Adtran add that information to the Remote Configuration guide so others do not have to try and figure it out. The problem I ended up having was the remote site DHCP server did not allow for additional DHCP options and I could not get the phone to upgrade the firmware and since it had already been deployed and was working for internal calls (one way audio on external calls) the answer ended up being manually update the phones with a local ftp server at the remote site.

                           

                          John Wable

                            • Re: Remote Phones R10
                              Employee

                              John,

                               

                              Thanks for the feedback.  I agree that information should be in the guide.  I will work with our Technical Publications group to see if we can add it in a future version.  I also wanted to let you know that I updated the DHCP example in the post I linked to this one.  My original syntax for the tftp-server command was missing the "/polycom" path.

                               

                              Thanks,
                              Matt

                                • Re: Remote Phones R10
                                  Employee

                                  One more thing I wanted to note on this post is that FTP and SIP should be restricted from the outside to only trusted and known IP addresses or hostnames.  In the example configuration above web-acl-3 and web-acl-5 allow those protocols from any source, which could be a risk.  Our NetVanta 7000 Series Security Guide has some good guidelines to follow in this area. 

                                   

                                  Thanks,
                                  Matt