1 Reply Latest reply on Jan 6, 2014 10:42 AM by david

    Urgent help needed please - Adtran 908e configured with WAN failover

    tetu04 New Member

      Hello all,

       

      I am working on implementing a new Adtran 908e for a customer's new hosted VoIP system. They already have a DSL connection and would like to use the T1 fed into the 908e for voice only with the DSL connection set up as failover. I have completed the configuration and I was hoping if someone can check it for me and let me know if I am missing anything. The WAN failover was a last minute decision and I am planning on going on site early next week to set this up. Thank you in advance!

       

       

      hostname "mas.ta908e-1"

      enable password encrypted xxxxxxxxxxx

      !

      !

      clock timezone -5-Eastern-Time

      !

      ip subnet-zero

      ip classless

      ip routing

      ipv6 unicast-routing

      !

      !

      domain-name "maspremium.com"

      domain-proxy

      name-server 8.8.8.8

      !

      ip local policy route-map icmp-pbr

      !

      no auto-config

      auto-config authname adtran encrypted password 2721bf4deba3bd798dc1839aa58a7da49d2f

      !

      event-history on

      no logging forwarding

      no logging email

      !

      service password-encryption

      !

      username "xxxxx" password encrypted xxxxxxxxx

      username "xxxxx" password encrypted  xxxxxxxxxx

      username "xxxxxxx" password encrypted xxxxxxxxx

      !

      banner motd !

      Authorized Access Only

       

       

      !

      !

      !

      ip firewall

      ip firewall fast-nat-failover

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      !

      no dot11ap access-point-control

      !

      !

      probe Failover icmp-echo

        destination 8.8.8.8

        source-address X.X.113.238

        period 5

        tolerance consecutive fail 5 pass 2

        no shutdown

      !

      track Wantrack

        snmp trap state-change

        test if probe Failover

        no shutdown

      !

      !

      !

      interface eth 0/1

        description Voice Lan interface

        ip address  192.168.5.80  255.255.255.0 ( IP given to me from the site's system admin for their LAN)

        ip access-policy lan-policy

        media-gateway ip primary

        no shutdown

      !

      !

      interface eth 0/2

        description Failover interface

        ip address  X.X.203.80  255.255.255.192  (IP of their fiber provider)

        ip access-policy dsl-policy

        media-gateway ip primary

        no shutdown

      !

      !

      interface t1 0/1

        tdm-group 1 timeslots 1-24 speed 64

        no shutdown

      !

      interface t1 0/2

        shutdown

      !

      interface t1 0/3

        shutdown

      !

      interface t1 0/4

        shutdown

      !

      !

      interface fxs 0/1

        no shutdown

      !

      interface fxs 0/2

        no shutdown

      !

      interface fxs 0/3

        no shutdown

      !

      interface fxs 0/4

        no shutdown

      !

      interface fxs 0/5

        no shutdown

      !

      interface fxs 0/6

        no shutdown

      !

      interface fxs 0/7

        no shutdown

      !

      interface fxs 0/8

        no shutdown

      !

      !

      interface fxo 0/0

        no shutdown

      !

      interface ppp 1

        ip address  X.X.113.238  255.255.255.252

        ip access-policy wan-policy

        media-gateway ip primary

        no shutdown

        cross-connect 1 t1 0/1 1 ppp 1

      !

      !

      !

      !

      !

      route-map icmp-pbr permit 10

        match ip address pingprobe-acl

        set ip next-hop X.X.113.237

      !

      !

      !

      !

      ip access-list extended icmp-acl

        permit icmp any  any

      !

      ip access-list extended nat-acl

        permit ip any  any

      !

      ip access-list extended permit-acl

        permit ip any  any

      !

      ip access-list extended pingprobe-acl

        permit icmp any  host 8.8.8.8

      !

      ip access-list extended remote-admin-acl

        remark This is for remote SSH and HTTPS sessions

        permit ip 207.54.171.0 0.0.0.15  any     log

      !

      ip access-list extended sip-server-acl

        permit udp hostname voip-b.evolveip.net  any

      !

      !

      !

      !

      ip policy-class dsl-policy

        allow list icmp-acl

        allow list sip-server-acl

        allow list remote-admin-acl

      !

      ip policy-class lan-policy

        nat source list nat-acl address X.X.113.238 overload policy wan-policy

        nat source list nat-acl address X.X.203.80 overload policy dsl-policy

      !

      ip policy-class wan-policy

        allow list icmp-acl

        allow list sip-server-acl

        allow list remote-admin-acl

      !

      !

      !

      ip route 0.0.0.0 0.0.0.0 162.213.113.237 track Wantrack

      ip route 0.0.0.0 0.0.0.0 70.62.203.1 10

      ip route 192.168.1.0 255.255.255.0 192.168.1.1  (subnets from current LAN infrastructure)

      ip route 192.168.2.0 255.255.255.0 192.168.2.1

      ip route 192.168.5.0 255.255.255.0 192.168.5.1

      ip route 192.168.11.0 255.255.255.0 192.168.11.1

      ip route 192.168.12.0 255.255.255.0 192.168.12.1

      !

      no tftp server

      no tftp server overwrite

      no http server

      http secure-server

      no snmp agent

      no ip ftp server

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      auto-link

      auto-link server 207.54.171.6

      !

      !

      ip sip

      ip sip udp 5060

      no ip sip tcp

      !

      !

      !

      voice feature-mode network

      voice forward-mode network

      !

      !

      !

      ip sip proxy

      ip sip proxy transparent

      !

      !

      ip rtp quality-monitoring

      ip rtp quality-monitoring udp

      ip rtp quality-monitoring sip

      !

      ip rtp quality-monitoring reporter "DCTn-command"

        collector primary 207.54.171.6

        no shutdown

      !

      line con 0

        no login

        line-timeout 0

      !

      line telnet 0 4

        login local-userlist

        password encrypted 262e62f350fac67818df30ef9ce2abebb767

        shutdown

      line ssh 0 4

        login local-userlist

        no shutdown

      !

      sntp server 207.54.171.10

      !

      !

      !

      !

      end

        • Re: Urgent help needed please - Adtran 908e configured with WAN failover
          david Employee

          Tetu04,

           

          I believe you worked this issue through Adtran Technical Support, but I just wanted to put an update on this post.  We made several configuration changes including the following.

           

          1. Removed static route for directly connected subnet.

          2. Added "no ip policy-class wan-policy rfp-check" so that probe responses can be received on a interface when route table was in the failover mode.

          3. We also discussed how we needed to see a new registration from the SIP phone once the failover had taken place.  This is to edit the SIP proxy database within the Adtran unit and to also signal to the softswitch that the phones reside at a new public IP address.

           

          Thanks!

          David