12 Replies Latest reply on Jan 9, 2014 10:30 AM by noor

    Need to commission someone to configure Adtran 3448 for failover

    listed1st New Member

      I have an adtran 3448, I've got it set up, but I'm unable to comprehend the guide to create a failover.

       

      2 DHCP connections through eth 0/1 and 0/2

       

      Eth 0/1 is primary, eth 0/2 is backup

       

      I would need to ping 8.8.8.8 to show that it's up

       

       

      Here's my complete config, I need a complete config I can just copy and paste (I know how to do that lol) Contact me and let me know what you would charge? Thanks!

       

       

      !

      !

      ! ADTRAN, Inc. OS version R10.9.0

      ! Boot ROM version 13.03.00.SB

      ! Platform: NetVanta 3448, part number 1200821E1

      ! Serial number **************

      !

      !

      hostname "ADM"

      enable password password

      !

      clock timezone -6-Central-Time

      !

      ip subnet-zero

      ip classless

      ip routing

      ipv6 unicast-routing

      !

      !

      domain-proxy

      name-server 8.8.8.8 4.2.2.2

      !

      !

      no auto-config

      !

      event-history on

      no logging forwarding

      no logging email

      !

      no service password-encryption

      !

      username "admin" password "password"

      !

      banner motd #

      Authorized access only. #

      !

      !

      ip firewall

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      no ip firewall alg sip

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      !

      !

      !

      ip dhcp pool "LANPool"

        network 10.10.10.0 255.255.255.0

        dns-server 8.8.8.8 4.2.2.2 3.3.3.3 5.5.5.5

        default-router 10.10.10.1

        ntp-server 199.36.250.70

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      vlan 1

        name "Default"

      !

      !

      !

      no ethernet cfm

      !

      interface eth 0/1

        description Primary

        ip address dhcp

        ip mtu 1500

        ip access-policy Public

        media-gateway ip primary

        no awcp

        no shutdown

      !

      !

      interface eth 0/2

        description Backup

        ip address dhcp

        ip mtu 1500

        ip access-policy Public

        no shutdown

      !

      !

      !

      interface switchport 0/1

        no shutdown

      !

      interface switchport 0/2

        no shutdown

      !

      interface switchport 0/3

        no shutdown

      !

      interface switchport 0/4

        no shutdown

      !

      interface switchport 0/5

        no shutdown

      !

      interface switchport 0/6

        no shutdown

      !

      interface switchport 0/7

        no shutdown

      !

      interface switchport 0/8

        no shutdown

      !

      !

      !

      interface vlan 1

        ip address  10.10.10.1  255.255.255.0

        ip access-policy Private

        no shutdown

      !

      !

      !

      !

      !

      !

      !

      ip access-list standard NAT

        permit any

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended acleth0/1QosWizSignal21

        permit udp any  any eq 5060  

        permit tcp any  any eq 5060 

      !

      ip access-list extended DstAdptRTP

        permit udp any  any range 19560 24560    log

      !

      ip access-list extended DstAdptSIP

        permit udp any  any range 8933 8950    log

      !

      ip access-list extended PrivateSelf

        permit ip any  any     log

      !

      ip access-list extended self

        remark Traffic to NetVanta

        permit ip any  any     log

      !

      ip access-list extended SrcAdptRTP

        permit udp any range 19560 24560 any     log

      !

      ip access-list extended SrcAdptSIP

        permit udp any range 8933 8950 any     log

      !

      ip access-list extended wizard-pfwd-1

        remark Port Forward 1

        permit tcp any  host 192.168.0.43 eq www   log

      !

      !

      !

      !

      ip policy-class Private

        allow list self self

        nat source list wizard-ics interface eth 0/2 overload

      !

      ip policy-class Public

        nat destination list wizard-pfwd-1 address 10.10.10.201

      !

      !

      !

      no tftp server

      no tftp server overwrite

      http server

      http secure-server

      no snmp agent

      no ip ftp server

      ip ftp server default-filesystem flash

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      !

      sip udp 5060

      sip tcp 5060

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no ip rtp firewall-traversal

      !

      line con 0

        login

      !

      line telnet 0 4

        login

        no shutdown

      line ssh 0 4

        login local-userlist

        line-timeout 120

        no shutdown

      !

      sntp server north-america.pool.ntp.org

      !

      !

      !

      !

      !

      !

      end

        • Re: Need to commission someone to configure Adtran 3448 for failover
          jayh Hall_of_Fame

          This is a tough one, primarily because your primary connection is DHCP.

           

          In trying to construct a probe that will succeed if 8.8.8.8 is reachable from the primary WAN but NOT succeed if it is reachable from the secondary, I ran into what seems to be an inconsistency in the way AOS handles self-sourced packets.

           

          The first problem is in constructing the probe.

           

          probe primary-probe icmp-echo

            destination 8.8.8.8

            period 3

            timeout 500

            tolerance consecutive fail 3 pass 3

            no shutdown


          With "Brand C" I would add the configuration

            source-interface eth 0/1

          which would send source the pings from the source interface.  That option isn't available in AOS, only source-address. But because it's DHCP we don't know a source address at configuration time.

           

          So then I tried an access policy on the secondary to block pings to 8.8.8.8 so that the probe would only succeed from the primary.

           

          ip access-list extended no-primary-list

            deny   icmp host 8.8.8.8  any   

            deny   icmp any host 8.8.8.8 
            permit ip any any

          Then I applied this to the backup interface policy.

           

          ip policy-class Public-bkup

            allow list no-primary-list self


          interface eth 0/2

            ip address dhcp 100

            ip access-policy Public-bkup

            no shutdown

           

          But, the probe still succeeded when the primary went down.

           

          Then I tried a route-map.

           

          ip access-list extended local-test-list

            permit icmp any  host 8.8.8.8   

          !

          route-map local-primary-map permit 10

            match ip address local-test-list

            set interface eth 0/1

          !

          ip local policy route-map local-primary-map


          Traffic STILL went out the backup interface and caused the probe to succeed when the primary was down.


          This would be a trivial problem if any of the following were possible:

           

          • The primary connection is a static IP and not DHCP
          • The primary is DHCP within a known pool with a known gateway - in which case we would probe the gateway and not 8.8.8.8
          • Adtran gave us the source-interface command on probes
          • route-maps and ACLs were applied to self-generated probes
          • I stop doing something stupid and there's another way to make this work.

           

          I am very curious if anyone has solved this specific problem - detect reachability failure of a DHCP primary connection where the physical interface stays up and the gateway isn't known.

           

          Another issue, once this one is solved - continue to probe a remote host via the primary even if the default route flips to the secondary.  A route-map should solve this but a local route map should also fix the other issue.

           

          My tests were on a TA900e running R10.5.3 but the same logic should apply to other devices.

           

           

           


          1 of 1 people found this helpful
            • Re: Need to commission someone to configure Adtran 3448 for failover
              listed1st New Member

              We can definitely make the primary a static. in fact, done. The static is 192.168.0.2

                • Re: Need to commission someone to configure Adtran 3448 for failover
                  jayh Hall_of_Fame

                  Try this - may need some tweaks as I haven't tested it.

                   

                  Assumption is that your gateway on the primary side is 192.168.0.1 with a /24 (255.255.255.0) mask. If not change the 0.0.0.0/0 default route.

                   

                  Changes to your config in bold italics.

                   

                  Note that you are doing NAT behind a device that is already behind a NAT.  This isn't generally recommended, particularly with SIP involved.  You might want to redesign to avoid this. 

                   

                   

                  ! ADTRAN, Inc. OS version R10.9.0

                  ! Boot ROM version 13.03.00.SB

                  ! Platform: NetVanta 3448, part number 1200821E1

                  ! Serial number **************

                  !

                  !

                  hostname "ADM"

                  enable password password

                  !

                  clock timezone -6-Central-Time

                  !

                  ip subnet-zero

                  ip classless

                  ip routing

                  ipv6 unicast-routing

                  !

                  !

                  domain-proxy

                  name-server 8.8.8.8 4.2.2.2

                  !

                  !

                  no auto-config

                  !

                  event-history on

                  no logging forwarding

                  no logging email

                  !

                  no service password-encryption

                  !

                  username "admin" password "password"

                  !

                  banner motd #

                  Authorized access only. #

                  !

                  !

                  ip firewall

                  no ip firewall alg msn

                  no ip firewall alg mszone

                  no ip firewall alg h323

                  no ip firewall alg sip

                  !

                  probe primary-probe icmp-echo

                    destination 8.8.8.8

                    period 3

                    timeout 500

                    source-address 192.168.0.2

                    tolerance consecutive fail 3 pass 40

                    no shutdown

                  !

                  track primary-track

                    test if primary-probe

                    no shutdown

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  no dot11ap access-point-control

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  ip dhcp pool "LANPool"

                    network 10.10.10.0 255.255.255.0

                    dns-server 8.8.8.8 4.2.2.2 3.3.3.3 5.5.5.5

                    default-router 10.10.10.1

                    ntp-server 199.36.250.70

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  vlan 1

                    name "Default"

                  !

                  !

                  !

                  no ethernet cfm

                  !

                  interface eth 0/1

                    description Primary

                    ip address 192.168.0.2 255.255.255.0

                    ip mtu 1500

                    ip access-policy Public-primary

                    media-gateway ip primary

                    no awcp

                    no shutdown

                  !

                  !

                  interface eth 0/2

                    description Backup

                    ip address dhcp 100

                    ip mtu 1500

                    ip access-policy Public-backup

                    media-gateway ip primary

                    no shutdown

                  !

                  !

                  !

                  interface switchport 0/1

                    no shutdown

                  !

                  interface switchport 0/2

                    no shutdown

                  !

                  interface switchport 0/3

                    no shutdown

                  !

                  interface switchport 0/4

                    no shutdown

                  !

                  interface switchport 0/5

                    no shutdown

                  !

                  interface switchport 0/6

                    no shutdown

                  !

                  interface switchport 0/7

                    no shutdown

                  !

                  interface switchport 0/8

                    no shutdown

                  !

                  !

                  !

                  interface vlan 1

                    ip address  10.10.10.1  255.255.255.0

                    ip access-policy Private

                    no shutdown

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  ip access-list extended NAT-primary

                    permit ip any any track primary-track

                  !

                  ip access-list standard NAT-backup

                  permit any

                  !

                  ip access-list standard wizard-ics

                    remark Internet Connection Sharing

                    permit any

                  !

                  !

                  ip access-list extended acleth0/1QosWizSignal21

                    permit udp any  any eq 5060  

                    permit tcp any  any eq 5060 

                  !

                  ip access-list extended DstAdptRTP

                    permit udp any  any range 19560 24560    log

                  !

                  ip access-list extended DstAdptSIP

                    permit udp any  any range 8933 8950    log

                  !

                  ip access-list extended PrivateSelf

                    permit ip any  any     log

                  !

                  ip access-list extended self

                    remark Traffic to NetVanta

                    permit ip any  any     log

                  !

                  ip access-list extended SrcAdptRTP

                    permit udp any range 19560 24560 any     log

                  !

                  ip access-list extended SrcAdptSIP

                    permit udp any range 8933 8950 any     log

                  !

                  ip access-list extended wizard-pfwd-1

                    remark Port Forward 1

                    permit tcp any  host 192.168.0.43 eq www   log

                  !

                  !

                  !

                  !

                  ip policy-class Private

                    allow list self self

                    nat source list NAT-primary interface eth 0/1 overload

                    nat source list NAT-backup interface eth 0/2 overload

                  !

                  ip policy-class Public-primary

                    nat destination list wizard-pfwd-1 address 10.10.10.201

                  !

                  ip policy-class Public-backup

                    nat destination list wizard-pfwd-1 address 10.10.10.201

                  !

                  no tftp server

                  no tftp server overwrite

                  http server

                  http secure-server

                  no snmp agent

                  no ip ftp server

                  ip ftp server default-filesystem flash

                  no ip scp server

                  no ip sntp server

                  !

                  ip firewall fast-nat-failover

                  !

                  ip route 0.0.0.0 0.0.0.0 192.168.0.1 track primary-track

                  !

                  !

                  !

                  !

                  !

                  !

                  sip udp 5060

                  sip tcp 5060

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  !

                  no ip rtp firewall-traversal

                  !

                  line con 0

                    login

                  !

                  line telnet 0 4

                    login

                    no shutdown

                  line ssh 0 4

                    login local-userlist

                    line-timeout 120

                    no shutdown

                  !

                  sntp server north-america.pool.ntp.org

                  !

                  !

                  !

                  !

                  !

                  !

                  end

                    • Re: Need to commission someone to configure Adtran 3448 for failover
                      listed1st New Member

                      Hmm, doesn't seem to work.

                       

                      What's interesting is when I unplug ETH0/1 the eth 0/2 light turns yellow.

                       

                      I was reading a few points in the guide they gave:

                       

                      https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCkQFjAA&url=https%3A%2F%2Fsupportforums.adtran.com%2Fservlet%2FJiveServlet%2FpreviewBody%2F2299-102-1-2428%2FConfiguring%2520Multiple%2520WAN%2520Connection%2520Failover%2520in%2520AOS.pdf&ei=AeIoUtSpNumoyAHuy4C4BQ&usg=AFQjCNFrVWGMEtMBDAd7NnBM4ay6MsiLDQ&bvm=bv.51773540,d.aWc&cad=rja

                       

                      Page 3 made mention of the route settings and having a administrative distance of 10 seconds

                      Then there was the segment of "Force the traffic out the correct interface"

                       

                       

                      thoughts?

                      • Re: Need to commission someone to configure Adtran 3448 for failover
                        listed1st New Member

                        Hmm, doesn't seem to work.

                         

                        What's interesting is when I unplug ETH0/1 the eth 0/2 light turns yellow.

                         

                        I was reading a few points in the AOS Guide: "configure multiple wan connections is aos"

                        (I can't share the link, it drop my response in moderation status)

                         

                         

                         

                        Page 3 made mention of the route settings and having a administrative distance of 10 seconds

                        Then there was the segment of "Force the traffic out the correct interface"

                         

                         

                        thoughts?

                          • Re: Need to commission someone to configure Adtran 3448 for failover
                            jayh Hall_of_Fame

                            listed1st wrote:

                             

                            Hmm, doesn't seem to work.

                             

                            What's interesting is when I unplug ETH0/1 the eth 0/2 light turns yellow.

                             

                            Page 3 made mention of the route settings and having a administrative distance of 10 seconds

                            Then there was the segment of "Force the traffic out the correct interface"

                             

                             

                            thoughts?

                             

                            Connect both circuits, wait two minutes, and capture the output of the following:

                             

                            sh track

                            sh probe

                            sh ip route

                            sh int eth 0/1

                            sh int eth 0/2

                             

                            Try, from a machine on the LAN to ping 4.2.2.2 and then capture "sh ip policy-session"

                             

                            Then unplug or shut down the primary connection, wait 30 seconds, and run all of the same tests.

                             

                            Post results.

                             

                            As to the guide setting administrative distance to 10 (it is just a number with no units), my configuration was similar except I specified 100.  Anything greater than 1 up to 254 is fine.  The idea is to make the backup route less favored (farther away, with a greater distance...)

                              • Re: Need to commission someone to configure Adtran 3448 for failover
                                listed1st New Member

                                Okay here it is is (Also, clicking through I see that both eth 0/1 and 0/2 have the "primary" as the address tpye in the Media Gateway section, don't know if that makes a difference

                                 

                                A side note for anyone using this guide in teh future, I tried some of the commands, and they said invalid command I have to run the "enable" command to enable those commands

                                 

                                 

                                 

                                ADM>sh track

                                Track primary-track:

                                  Current State: PASS     (Admin: UP)

                                  Testing:

                                    (NO TESTS)

                                  Dampening Interval: 1 seconds

                                  Time in current state: 4 days, 0 hours, 4 minutes, 16 seconds

                                  Track State Changes: 0

                                  Tracking:

                                    ip route 0.0.0.0 0.0.0.0 192.168.0.1

                                    ip access-list extended NAT-primary

                                      permit ip any any

                                 

                                 

                                ADM>sh probe

                                Probe primary-probe:

                                  Current State: FAIL  Admin. Status: UP

                                  Type: ICMP Echo  Period: 3 sec  Timeout: 5 msec

                                  Source: 192.168.0.2  Destination: 8.8.8.8

                                  Data size: 0

                                  Tracked by: Nothing

                                  Tests Run: 972273  Failed: 972271

                                  Tolerance: 0 consecutive successes currently, 40 needed to PASS

                                  Time in current state: 4 days, 0 hours, 4 minutes, 41 seconds

                                 

                                 

                                ADM>sh ip route

                                Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP

                                       E1 - OSPF external type 1, E2 - OSPF external type 2

                                       IA - OSPF inter area

                                 

                                Gateway of last resort is 192.168.0.1 eth 0/1

                                 

                                S    0.0.0.0/0 [1/1/0] via 192.168.0.1, eth 0/1

                                C    10.10.10.0/24 is directly connected, vlan 1

                                C    192.168.0.0/24 is directly connected, eth 0/1

                                C    192.168.11.0/24 is directly connected, eth 0/2

                                 

                                 

                                 

                                ADM>sh int eth 0/1

                                eth 0/1 is UP, line protocol is UP

                                  Description: Primary

                                  Hardware address is 00:A0:C8:48:94:0F

                                  Ip address is 192.168.0.2, netmask is 255.255.255.0

                                  IP MTU is 1500 bytes

                                  BW is 100000 Kbit

                                  100Mb/s, negotiated full-duplex, configured full-duplex

                                  ARP type: ARPA; ARP timeout is 20 minutes

                                  Last clearing of "show interface" counters: never

                                  5 minute input rate 3344 bits/sec, 4 packets/sec

                                  5 minute output rate 864 bits/sec, 2 packets/sec

                                    Queueing method: fifo

                                    Output queue: 0/256/0 (size/max total/drops)

                                    Interface Shaper: NOT ENABLED

                                    1677939 packets input, 288828936 bytes

                                    1270783 unicasts, 307240 broadcasts, 99916 multicasts input

                                    0 unknown protocol, 0 symbol errors, 0 discards

                                    1 input errors, 0 runts, 0 giants

                                    0 no buffer, 0 overruns, 0 internal receive errors

                                    0 alignment errors, 1 crc errors

                                    1337074 packets output, 98321443 bytes

                                    1324603 unicasts, 834 broadcasts, 11637 multicasts output

                                    0 output errors, 0 deferred, 0 discards

                                    0 single, 0 multiple, 0 late collisions

                                    0 excessive collisions, 0 underruns

                                    0 internal transmit errors, 0 carrier sense errors

                                    0 resets, 0 throttles

                                 

                                 

                                ADM>sh int eth 0/2

                                eth 0/2 is UP, line protocol is UP

                                  Description: Backup

                                  Hardware address is 00:A0:C8:48:94:10

                                  Internet address is 192.168.11.32, netmask is 255.255.255.0  (via DHCP)

                                  IP MTU is 1500 bytes

                                  BW is 100000 Kbit

                                  100Mb/s, negotiated full-duplex, configured full-duplex

                                  ARP type: ARPA; ARP timeout is 20 minutes

                                  Last clearing of "show interface" counters: never

                                  5 minute input rate 0 bits/sec, 0 packets/sec

                                  5 minute output rate 64 bits/sec, 0 packets/sec

                                    Queueing method: fifo

                                    Output queue: 0/256/0 (size/max total/drops)

                                    Interface Shaper: NOT ENABLED

                                    9 packets input, 2130 bytes

                                    6 unicasts, 3 broadcasts, 0 multicasts input

                                    0 unknown protocol, 0 symbol errors, 0 discards

                                    0 input errors, 0 runts, 0 giants

                                    0 no buffer, 0 overruns, 0 internal receive errors

                                    0 alignment errors, 0 crc errors

                                    42916 packets output, 1949121 bytes

                                    42799 unicasts, 7 broadcasts, 110 multicasts output

                                    0 output errors, 0 deferred, 0 discards

                                    0 single, 0 multiple, 0 late collisions

                                    0 excessive collisions, 0 underruns

                                    0 internal transmit errors, 0 carrier sense errors

                                    0 resets, 0 throttles

                                 

                                ADM#sh ip policy-session

                                 

                                Src Vrf (if not default), Src policy class:

                                Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class

                                  Src IP Address  Src Port Dest IP Address Dst Port NAT IP Address    NAT Port

                                  --------------- -------- --------------- -------- ----------------- --------

                                 

                                Policy class "Private":

                                icmp (53) -> Public-primary

                                  10.10.10.4      25759    8.8.4.4         25759    s 192.168.0.2     25759  

                                udp (46) -> Public-primary

                                  10.10.10.4      53931    8.8.8.8         53       s 192.168.0.2     53931  

                                udp (53) -> Public-primary

                                  10.10.10.4      56609    8.8.8.8         53       s 192.168.0.2     56609  

                                udp (39) -> Public-primary

                                  10.10.10.4      63978    8.8.8.8         53       s 192.168.0.2     63978  

                                tcp (600) -> self

                                  10.10.10.4      59089    10.10.10.1      23                       

                                udp (53) -> self

                                  10.10.10.4      5353     10.10.10.1      5351                     

                                udp (53) -> self

                                  10.10.10.4      61697    10.10.10.1      1900                     

                                tcp (474) -> Public-primary

                                  10.10.10.4      59342    17.149.36.104   5223     s 192.168.0.2     1038   

                                tcp (544) -> Public-primary

                                  10.10.10.4      59380    37.221.194.97   9911     s 192.168.0.2     1066   

                                tcp (593) -> Public-primary

                                  10.10.10.4      59476    46.37.22.20     8333     s 192.168.0.2     1135   

                                tcp (544) -> Public-primary

                                  10.10.10.4      59423    50.57.128.122   9911     s 192.168.0.2     1095   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59455    54.227.107.222  9911     s 192.168.0.2     1172   

                                tcp (586) -> Public-primary

                                  10.10.10.4      59400    64.74.103.177   443      s 192.168.0.2     1077   

                                tcp (544) -> Public-primary

                                  10.10.10.4      59471    64.206.181.54   9911     s 192.168.0.2     1131   

                                tcp (579) -> Public-primary

                                  10.10.10.4      59460    74.125.193.189  443      s 192.168.0.2     1123   

                                tcp (502) -> Public-primary

                                  10.10.10.4      59417    74.125.225.169  80       s 192.168.0.2     1092   

                                tcp (572) -> Public-primary

                                  10.10.10.4      59433    74.125.225.189  443      s 192.168.0.2     1104   

                                tcp (502) -> Public-primary

                                  10.10.10.4      59416    74.125.225.206  80       s 192.168.0.2     1091   

                                tcp (551) -> Public-primary

                                  10.10.10.4      59405    74.125.225.207  443      s 192.168.0.2     1082   

                                tcp (593) -> Public-primary

                                  10.10.10.4      59431    74.125.225.213  443      s 192.168.0.2     1102   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59440    78.31.106.19    9911     s 192.168.0.2     1162   

                                tcp (544) -> Public-primary

                                  10.10.10.4      59379    91.156.102.128  9911     s 192.168.0.2     1065   

                                tcp (537) -> Public-primary

                                  10.10.10.4      59478    91.190.218.54   12350    s 192.168.0.2     1136   

                                tcp (572) -> Public-primary

                                  10.10.10.4      59438    106.187.48.6    9911     s 192.168.0.2     1107   

                                tcp (565) -> Public-primary

                                  10.10.10.4      59340    108.160.162.116 80       s 192.168.0.2     1036   

                                tcp (572) -> Public-primary

                                  10.10.10.4      59341    108.160.163.46  80       s 192.168.0.2     1037   

                                tcp (586) -> Public-primary

                                  10.10.10.4      59437    111.93.187.74   9911     s 192.168.0.2     1105   

                                tcp (586) -> Public-primary

                                  10.10.10.4      59352    134.170.24.158  443      s 192.168.0.2     1048   

                                tcp (593) -> Public-primary

                                  10.10.10.4      59368    144.76.60.229   80       s 192.168.0.2     1060   

                                tcp (572) -> Public-primary

                                  10.10.10.4      59344    157.55.130.154  40028    s 192.168.0.2     1040   

                                tcp (572) -> Public-primary

                                  10.10.10.4      59378    173.230.155.65  9911     s 192.168.0.2     1064   

                                tcp (544) -> Public-primary

                                  10.10.10.4      59421    184.106.170.17  9911     s 192.168.0.2     1093   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59497    192.168.1.39    6690     s 192.168.0.2     1163   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59445    192.168.50.1    443      s 192.168.0.2     1165   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59446    192.168.50.1    443      s 192.168.0.2     1164   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59447    192.168.50.1    443      s 192.168.0.2     1167   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59448    192.168.50.1    443      s 192.168.0.2     1166   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59450    192.168.50.1    443      s 192.168.0.2     1169   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59451    192.168.50.1    443      s 192.168.0.2     1168   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59452    192.168.50.1    443      s 192.168.0.2     1171   

                                tcp (6) -> Public-primary

                                  10.10.10.4      59453    192.168.50.1    443      s 192.168.0.2     1170   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59462    192.168.50.1    443      s 192.168.0.2     1179   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59463    192.168.50.1    443      s 192.168.0.2     1180   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59466    192.168.50.1    443      s 192.168.0.2     1181   

                                tcp (20) -> Public-primary

                                  10.10.10.4      59469    192.168.50.1    443      s 192.168.0.2     1184   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59516    192.168.50.1    443      s 192.168.0.2     1175   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59517    192.168.50.1    443      s 192.168.0.2     1176   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59518    192.168.50.1    443      s 192.168.0.2     1177   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59519    192.168.50.1    443      s 192.168.0.2     1178   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59523    192.168.50.1    443      s 192.168.0.2     1182   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59524    192.168.50.1    443      s 192.168.0.2     1183   

                                tcp (20) -> Public-primary

                                  10.10.10.4      59525    192.168.50.1    443      s 192.168.0.2     1185   

                                tcp (20) -> Public-primary

                                  10.10.10.4      59526    192.168.50.1    443      s 192.168.0.2     1186   

                                tcp (600) -> Public-primary

                                  10.10.10.4      59454    201.8.193.233   8333     s 192.168.0.2     1120   

                                tcp (13) -> Public-primary

                                  10.10.10.4      59515    223.21.223.107  8333     s 192.168.0.2     1174   

                                 

                                Policy class "self":

                                icmp (60) -> Public-primary

                                  192.168.0.2     1        8.8.8.8         1                 

                                ADM#

                                2013.09.09 15:00:02 FIREWALL id=firewall time="2013-09-09 15:00:02" fw=ADM pri=1 rule=4  proto=https src=10.10.10.4 dst=192.168.50.1 msg="Zero bytes transferred for connection Src 59516 Dst 443 from Private policy-class on interface vlan 1" agent=AdFirewall

                                 

                                 

                                Okay, primary unplugged, rerun of tests:




                                ADM#sh track

                                Track primary-track:

                                  Current State: PASS     (Admin: UP)

                                  Testing:

                                    (NO TESTS)

                                  Dampening Interval: 1 seconds

                                  Time in current state: 4 days, 0 hours, 17 minutes, 47 seconds

                                  Track State Changes: 0

                                  Tracking:

                                    ip route 0.0.0.0 0.0.0.0 192.168.0.1

                                    ip access-list extended NAT-primary

                                      permit ip any any

                                 

                                 

                                 

                                ADM#sh probe

                                Probe primary-probe:

                                  Current State: FAIL  Admin. Status: UP

                                  Type: ICMP Echo  Period: 3 sec  Timeout: 5 msec

                                  Source: 192.168.0.2  Destination: 8.8.8.8

                                  Data size: 0

                                  Tracked by: Nothing

                                  Tests Run: 1067791  Failed: 1067789

                                  Tolerance: 0 consecutive successes currently, 40 needed to PASS

                                  Time in current state: 4 days, 0 hours, 18 minutes, 28 seconds

                                 

                                ADM#sh ip route

                                Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP

                                       E1 - OSPF external type 1, E2 - OSPF external type 2

                                       IA - OSPF inter area

                                 

                                Gateway of last resort is 192.168.11.2 eth 0/2

                                 

                                S    0.0.0.0/0 [100/1/0] via 192.168.11.2, eth 0/2

                                C    10.10.10.0/24 is directly connected, vlan 1

                                C    192.168.11.0/24 is directly connected, eth 0/2

                                 

                                 

                                ADM#sh ip route

                                Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP

                                       E1 - OSPF external type 1, E2 - OSPF external type 2

                                       IA - OSPF inter area

                                 

                                Gateway of last resort is 192.168.11.2 eth 0/2

                                 

                                S    0.0.0.0/0 [100/1/0] via 192.168.11.2, eth 0/2

                                C    10.10.10.0/24 is directly connected, vlan 1

                                C    192.168.11.0/24 is directly connected, eth 0/2

                                 

                                 

                                 

                                 

                                 

                                ADM#sh int eth 0/1

                                eth 0/1 is DOWN, line protocol is DOWN

                                  Description: Primary

                                  Hardware address is 00:A0:C8:48:94:0F

                                  Ip address is 192.168.0.2, netmask is 255.255.255.0

                                  IP MTU is 1500 bytes

                                  BW is 0 Kbit

                                  ?b/s, negotiated ? duplex, configured full-duplex

                                  ARP type: ARPA; ARP timeout is 20 minutes

                                  Last clearing of "show interface" counters: never

                                  5 minute input rate 0 bits/sec, 0 packets/sec

                                  5 minute output rate 0 bits/sec, 0 packets/sec

                                    Queueing method: fifo

                                    Output queue: 0/256/0 (size/max total/drops)

                                    Interface Shaper: NOT ENABLED

                                    1681894 packets input, 290714006 bytes

                                    1274286 unicasts, 307573 broadcasts, 100035 multicasts input

                                    0 unknown protocol, 0 symbol errors, 0 discards

                                    1 input errors, 0 runts, 0 giants

                                    0 no buffer, 0 overruns, 0 internal receive errors

                                    0 alignment errors, 1 crc errors

                                    1341219 packets output, 98894081 bytes

                                    1328683 unicasts, 890 broadcasts, 11646 multicasts output

                                    0 output errors, 0 deferred, 0 discards

                                    0 single, 0 multiple, 0 late collisions

                                    0 excessive collisions, 0 underruns

                                    0 internal transmit errors, 0 carrier sense errors

                                    0 resets, 0 throttles

                                 

                                 

                                ADM#sh int eth 0/2

                                eth 0/2 is UP, line protocol is UP

                                  Description: Backup

                                  Hardware address is 00:A0:C8:48:94:10

                                  Internet address is 192.168.11.32, netmask is 255.255.255.0  (via DHCP)

                                  IP MTU is 1500 bytes

                                  BW is 100000 Kbit

                                  100Mb/s, negotiated full-duplex, configured full-duplex

                                  ARP type: ARPA; ARP timeout is 20 minutes

                                  Last clearing of "show interface" counters: never

                                  5 minute input rate 0 bits/sec, 0 packets/sec

                                  5 minute output rate 82976 bits/sec, 226 packets/sec

                                    Queueing method: fifo

                                    Output queue: 0/256/0 (size/max total/drops)

                                    Interface Shaper: NOT ENABLED

                                    10 packets input, 2190 bytes

                                    7 unicasts, 3 broadcasts, 0 multicasts input

                                    0 unknown protocol, 0 symbol errors, 0 discards

                                    0 input errors, 0 runts, 0 giants

                                    0 no buffer, 0 overruns, 0 internal receive errors

                                    0 alignment errors, 0 crc errors

                                    164403 packets output, 7444314 bytes

                                    164258 unicasts, 8 broadcasts, 137 multicasts output

                                    0 output errors, 0 deferred, 0 discards

                                    0 single, 0 multiple, 0 late collisions

                                    0 excessive collisions, 0 underruns

                                    0 internal transmit errors, 0 carrier sense errors

                                    0 resets, 0 throttles

                                 

                                 

                                ADM#sh ip policy-session

                                 

                                Src Vrf (if not default), Src policy class:

                                Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class

                                  Src IP Address  Src Port Dest IP Address Dst Port NAT IP Address    NAT Port

                                  --------------- -------- --------------- -------- ----------------- --------

                                 

                                Policy class "Private":

                                icmp (60) -> Public-backup

                                  10.10.10.4      43167    8.8.4.4         43167    s 192.168.0.2     43167  

                                udp (60) -> Public-backup

                                  10.10.10.4      51595    8.8.4.4         53       s 192.168.0.2     1311   

                                udp (60) -> Public-backup

                                  10.10.10.4      51614    8.8.4.4         53       s 192.168.0.2     1313   

                                udp (11) -> Public-backup

                                  10.10.10.4      51807    8.8.4.4         53       s 192.168.0.2     51807  

                                udp (39) -> Public-backup

                                  10.10.10.4      53365    8.8.4.4         53       s 192.168.0.2     53365  

                                udp (18) -> Public-backup

                                  10.10.10.4      54709    8.8.4.4         53       s 192.168.0.2     1308   

                                udp (60) -> Public-backup

                                  10.10.10.4      57962    8.8.4.4         53       s 192.168.0.2     57962  

                                udp (11) -> Public-backup

                                  10.10.10.4      63070    8.8.4.4         53       s 192.168.0.2     63070  

                                udp (46) -> Public-backup

                                  10.10.10.4      63451    8.8.4.4         53       s 192.168.0.2     63451  

                                udp (60) -> Public-backup

                                  10.10.10.4      63993    8.8.4.4         53       s 192.168.0.2     1312   

                                udp (53) -> Public-backup

                                  10.10.10.4      51595    8.8.8.8         53       s 192.168.0.2     51595  

                                udp (53) -> Public-backup

                                  10.10.10.4      51614    8.8.8.8         53       s 192.168.0.2     51614  

                                udp (39) -> Public-backup

                                  10.10.10.4      51807    8.8.8.8         53       s 192.168.0.2     1307   

                                udp (32) -> Public-backup

                                  10.10.10.4      53365    8.8.8.8         53       s 192.168.0.2     1309   

                                udp (32) -> Public-backup

                                  10.10.10.4      63451    8.8.8.8         53       s 192.168.0.2     1310   

                                udp (53) -> Public-backup

                                  10.10.10.4      63993    8.8.8.8         53       s 192.168.0.2     63993  

                                tcp (600) -> self

                                  10.10.10.4      59089    10.10.10.1      23                       

                                tcp (6) -> Public-backup

                                  10.10.10.4      60803    23.20.77.213    9911     s 192.168.0.2     60803  

                                tcp (19) -> Public-primary

                                  10.10.10.4      59380    37.221.194.97   9911     s 192.168.0.2     1066   

                                tcp (593) -> Public-primary

                                  10.10.10.4      59476    46.37.22.20     8333     s 192.168.0.2     1135   

                                tcp (13) -> Public-backup

                                  10.10.10.4      61024    54.200.18.186   9911     s 192.168.0.2     61024  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60816    58.69.101.41    9911     s 192.168.0.2     60816  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60993    64.4.23.165     80       s 192.168.0.2     60993  

                                tcp (544) -> Public-primary

                                  10.10.10.4      59544    67.9.89.138     8333     s 192.168.0.2     1198   

                                tcp (6) -> Public-backup

                                  10.10.10.4      60995    79.233.140.67   8333     s 192.168.0.2     60995  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60937    81.169.167.53   9911     s 192.168.0.2     60937  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61011    84.255.204.25   9911     s 192.168.0.2     61011  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60983    89.235.159.62   9911     s 192.168.0.2     60983  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60840    91.190.218.54   12350    s 192.168.0.2     60840  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60845    91.190.218.54   443      s 192.168.0.2     60845  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60850    91.190.218.54   80       s 192.168.0.2     60850  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60994    91.210.235.78   9911     s 192.168.0.2     60994  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61007    111.221.74.18   33033    s 192.168.0.2     61007  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61013    111.221.74.18   443      s 192.168.0.2     61013  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61019    111.221.74.18   80       s 192.168.0.2     61019  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61012    128.175.89.92   8333     s 192.168.0.2     61012  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60992    157.55.130.146  40018    s 192.168.0.2     60992  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60996    157.55.130.146  443      s 192.168.0.2     60996  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60999    157.55.130.146  80       s 192.168.0.2     60999  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60835    183.64.239.21   9911     s 192.168.0.2     60835  

                                udp (46) -> Public-backup

                                  10.10.10.4      53709    192.168.0.12    161      s 192.168.0.2     53709  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61014    192.168.50.1    443      s 192.168.0.2     61014  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61015    192.168.50.1    443      s 192.168.0.2     61015  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60947    192.241.186.111 9911     s 192.168.0.2     60947  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61025    199.71.213.209  8333     s 192.168.0.2     61025  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60811    204.93.75.136   443      s 192.168.0.2     60811  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60812    204.93.75.136   443      s 192.168.0.2     60812  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60813    204.93.75.136   443      s 192.168.0.2     60813  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60814    204.93.75.136   443      s 192.168.0.2     60814  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60817    204.93.75.136   443      s 192.168.0.2     60817  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60818    204.93.75.136   443      s 192.168.0.2     60818  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60829    204.93.75.136   443      s 192.168.0.2     60829  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60830    204.93.75.136   443      s 192.168.0.2     60830  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60831    204.93.75.136   443      s 192.168.0.2     60831  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60832    204.93.75.136   443      s 192.168.0.2     60832  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60847    204.93.75.136   443      s 192.168.0.2     60847  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60848    204.93.75.136   443      s 192.168.0.2     60848  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60942    204.93.75.136   443      s 192.168.0.2     60942  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60943    204.93.75.136   443      s 192.168.0.2     60943  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60944    204.93.75.136   443      s 192.168.0.2     60944  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60945    204.93.75.136   443      s 192.168.0.2     60945  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60952    204.93.75.136   443      s 192.168.0.2     60952  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60953    204.93.75.136   443      s 192.168.0.2     60953  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60960    204.93.75.136   443      s 192.168.0.2     60960  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60961    204.93.75.136   443      s 192.168.0.2     60961  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60962    204.93.75.136   443      s 192.168.0.2     60962  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60963    204.93.75.136   443      s 192.168.0.2     60963  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60970    204.93.75.136   443      s 192.168.0.2     60970  

                                tcp (13) -> Public-backup

                                  10.10.10.4      60971    204.93.75.136   443      s 192.168.0.2     60971  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60979    204.93.75.136   443      s 192.168.0.2     60979  

                                tcp (20) -> Public-backup

                                  10.10.10.4      60980    204.93.75.136   443      s 192.168.0.2     60980  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60997    204.93.75.136   443      s 192.168.0.2     60997  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60998    204.93.75.136   443      s 192.168.0.2     60998  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61000    204.93.75.136   443      s 192.168.0.2     61000  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61001    204.93.75.136   443      s 192.168.0.2     61001  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61020    204.93.75.136   443      s 192.168.0.2     61020  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61021    204.93.75.136   443      s 192.168.0.2     61021  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61022    204.93.75.136   443      s 192.168.0.2     61022  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61023    204.93.75.136   443      s 192.168.0.2     61023  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61026    204.93.75.136   443      s 192.168.0.2     61026  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61027    204.93.75.136   443      s 192.168.0.2     61027  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61031    204.93.75.136   443      s 192.168.0.2     61031  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61032    204.93.75.136   443      s 192.168.0.2     61032  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61033    204.93.75.136   443      s 192.168.0.2     61033  

                                tcp (13) -> Public-backup

                                  10.10.10.4      61034    204.93.75.136   443      s 192.168.0.2     61034  

                                tcp (20) -> Public-backup

                                  10.10.10.4      61037    204.93.75.136   443      s 192.168.0.2     61037  

                                tcp (20) -> Public-backup

                                  10.10.10.4      61038    204.93.75.136   443      s 192.168.0.2     61038  

                                tcp (6) -> Public-backup

                                  10.10.10.4      60965    210.45.121.32   9911     s 192.168.0.2     60965  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61008    213.199.179.145 443      s 192.168.0.2     61008  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61016    213.199.179.145 80       s 192.168.0.2     61016  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61010    213.199.179.149 443      s 192.168.0.2     61010  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61018    213.199.179.149 80       s 192.168.0.2     61018  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61009    213.199.179.154 443      s 192.168.0.2     61009  

                                tcp (6) -> Public-backup

                                  10.10.10.4      61017    213.199.179.154 80       s 192.168.0.2     61017  

                                 

                                Policy class "self":

                                icmp (60) -> Public-backup

                                  192.168.0.2     1        8.8.8.8         1

                                 

                                 

                                 

                                And it keeps echoing this

                                ADM#

                                2013.09.09 15:10:53 FIREWALL id=firewall time="2013-09-09 15:10:53" fw=ADM pri=1 rule=4  proto=https src=10.10.10.4 dst=204.93.75.136 msg="Zero bytes transferred for connection Src 60856 Dst 443 from Private policy-class on interface vlan 1" agent=AdFirewall

                                2013.09.09 15:11:21 FIREWALL id=firewall time="2013-09-09 15:11:21" fw=ADM pri=1 rule=4 proto=9911/tcp src=10.10.10.4 dst=202.99.230.232 msg="Zero bytes transferred for connection Src 60915 Dst 9911 from Private policy-class on interface vlan 1" agent=AdFirewall

                                  • Re: Need to commission someone to configure Adtran 3448 for failover
                                    jayh Hall_of_Fame

                                    OK, on your first set of data with the eth 0/1 link connected, your Internet connection is broken or misconfigured.  Note where you have:

                                     

                                    ADM>sh probe

                                    Probe primary-probe:

                                      Current State: FAIL  Admin. Status: UP

                                      Type: ICMP Echo  Period: 3 sec  Timeout: 5 msec

                                      Source: 192.168.0.2  Destination: 8.8.8.8

                                      Data size: 0

                                      Tracked by: Nothing

                                      Tests Run: 972273  Failed: 972271


                                    Your pings from the primary interface are failing.  You indicated that this was a static IP.  In your configs you are using 192.168.0.2 with a gateway of 192.168.0.1.  These are private IPs not found directly on the Internet.  They're used for private networks or behind a NAT.  So the first thing to do is to fix the primary connection.  If you're getting a true static IP from your ISP, it won't begin with any of the following:

                                     

                                    • 10.x.x.x
                                    • 172.16.x.x through 172.31.x.x
                                    • 192.168.x.x

                                     

                                    So you'll need to fix that and get the probe to succeed with eth 0/1 connected.  Everywhere in the config where you have 192.168.0.2 replace it with the static IP from your ISP.  Everywhere you have 192.168.0.1 substitute the gateway from your ISP.

                                     

                                    Second, your track isn't tracking the probe.  You have:

                                     

                                    ADM>sh track

                                    Track primary-track:

                                      Current State: PASS     (Admin: UP)

                                      Testing:

                                        (NO TESTS)

                                      Dampening Interval: 1 seconds


                                    See the "(NO TESTS)" ?  Your track should be testing the probe.  Does your configuration look like: 

                                     

                                    track primary-track

                                      test if primary-probe

                                      no shutdown

                                     

                                    Let us know when you get the probe to succeed and the track to track it.  At this point you should be able to get to the Internet with the primary connection and you can then unplug it and continue testing the backup.

                                     

                                    Doing a NAT (to 10.10.10.x) from behind another NAT (192.168.0.2 is a NAT or private address) is something you really want to avoid, especially if there are SIP devices involved.



                                    1 of 1 people found this helpful
                                      • Re: Need to commission someone to configure Adtran 3448 for failover
                                        listed1st New Member

                                        Okay!

                                         

                                        Got the static IP up, running beautifully, sh probe is working wonderfully:

                                         

                                         

                                        sh probe

                                        Probe primary-probe:

                                          Current State: PASS  Admin. Status: UP

                                          Type: ICMP Echo  Period: 3 sec  Timeout: 500 msec

                                          Source: 50.198.18.173  Destination: 8.8.8.8

                                          Data size: 0

                                          Tracked by: Nothing

                                          Tests Run: 543  Failed: 226

                                          Tolerance: 0 consecutive failures currently, 2 needed to FAIL

                                          Time in current state: 0 days, 0 hours, 9 minutes, 23 seconds

                                        (The fails are when I unplugged it)

                                         

                                         

                                        The problem is the sh track, not working still

                                         

                                         

                                         

                                        ADM#sh track

                                        Track primary-track:

                                          Current State: PASS     (Admin: UP)

                                          Testing:

                                            (NO TESTS)

                                          Dampening Interval: 1 seconds

                                          Time in current state: 0 days, 0 hours, 18 minutes, 32 seconds

                                          Track State Changes: 0

                                          Tracking:

                                            ip route 0.0.0.0 0.0.0.0 50.198.18.173

                                            ip access-list extended NAT-primary

                                              permit ip any any

                                         

                                         

                                         

                                        It's current in my system as:

                                         

                                        !

                                        probe primary-probe icmp-echo

                                          destination 8.8.8.8

                                          period 3

                                          timeout 500

                                          source-address 50.198.18.173

                                          tolerance consecutive fail 2 pass 40

                                          no shutdown

                                        !

                                        track primary-track

                                          test if primary-probe

                                          no shutdown

                                        !

                                        !

                                        !

                                        !

                                        !

                                        !

                                        !

                                        !

                                        !

                                        no dot11ap access-point-control

                                         

                                        (I also tried it with an extra ! added above and another below. I don't know what the ! do)

                                         

                                         

                                        Getting so close! Thank you!

                                          • Re: Need to commission someone to configure Adtran 3448 for failover
                                            jayh Hall_of_Fame

                                            Strange.  According to the configuration, the track should be monitoring the probe.

                                             

                                            See if a reboot fixes it.  Write mem, then reload from the enabled mode. If that doesn't fix it, try shutting down the track and re-enabling it.

                                             

                                            enable

                                            config t

                                            track primary-track

                                            shutdown

                                            no shutdown


                                            Then do a "show track" and see if it is now testing the probe.

                                            If this doesn't fix it, try removing the track completely and then re-add it.  If you do this you might need to redo the other statements that reference the track.

                                            enable

                                            config t

                                            no track primary-track

                                            track primary-track

                                              test if primary-probe

                                              no shutdown

                                            end


                                            With the Adtran CLI it is normal that most commands will fail unless you are in the enable mode.  You can tell what mode you are in by the prompt:


                                            prompt> initial (disabled) mode - limited show commands and non-intrusive tests.

                                            prompt#  enable mode, allows rebooting, saving, all commands, entry to configuration.

                                            prompt(config)# global configuration mode - allows commands to configure system-wide parameters

                                            prompt(config-foo)# subsection configuration mode - allows commands to configure item "foo" (interface, track, etc.)


                                            An exclamation point "!" indicates a comment.  Anything on that line beyond it is ignored, including the "!" itself. Written configurations generated by the device often have multiple blank lines with just a "!" to separate sections for human reading.