3 Replies Latest reply on Dec 27, 2018 12:13 PM by yredovich

    How to push firmware from N-Command to 1234 behind router

    hoorah New Member

      Hi All,

       

      I was wondering in the example setup below if it is possible to have N-Command push firmware directly to the switch behind a router.

       

      Setup: Adtran 6355 > Adtran 1234 POE

        • Re: How to push firmware from N-Command to 1234 behind router
          iana Employee

          As long as the device is able to check in to the nCommand server, you would create a Scheduled Job with the task to Push Firmware with the file you wish to apply to the unit. There are a few variables involving what to do with the older firmware files which are explained in the n-Command MSP Manual.

          • Re: How to push firmware from N-Command to 1234 behind router
            hoorah New Member

            Hi Iana,

             

            No it cannot communicate with the NCommand Server...

             

            The Adtran 3430 can, but the 1234 Switch behind the 3430 cannot.

             

            I checked, and not seeing any policy lists, or ACLs that could be blocking. Maybe it's because it is on a different VLAN.

             

            Eth 0/2           802.1q Encapsulation

            Eth 0/2.2        Data

            Eth 0/2.101    Management

            Eth 0/2.102    Phones

             

            interface eth 0/2.101

              description SWITCH_MANAGEMENT_VLAN

              vlan-id 99

              ip address  192.168.101.1  255.255.255.0

              ip access-policy Private

              no shutdown

            !

            end

             

            20/331651#sh ip policy-class Private

            Policy-class "Private":

              21 current sessions (13500 max)

              Discards/Allows/NAT: 0/771/689

              Entry 1 - allow list MATCH_ALL self

              Entry 2 - nat source list VOIP interface loop 1 overload

              Entry 3 - allow list DATA stateless

             

            20/331651#sh ip access-list standard MATCH_ALL

            Standard IP access list MATCH_ALL

               permit any (1 matches)

            Standard IP access list DATA

               permit any (7913 matches)

             

            Here is what the 1234 sees.

             

            2000.11.03 14:37:57 HTTP_CLIENT Timeout connecting to service at <PUBLIC IP>

            14:37:57 AUTOLINK OnWaitForReply.

            14:37:57 AUTOLINK OnDiscoveryFailed: Discovery failed.

            14:37:57 AUTOLINK Failed to contact <PUBLIC IP>:443 (Primary Server - <PUBLIC IP>)

            14:37:57 AUTOLINK Failure reason: HTTP: Timed out.

            14:37:57 AUTOLINK closeHttpClientAndDeleteStreams().

            14:37:57 AUTOLINK closeHttpConnection().

            14:37:57 AUTOLINK deleteHttpClientStreams().

            14:37:57 AUTOLINK closeHttpClientAndDeleteStreams().

            14:37:57 AUTOLINK closeHttpConnection().

            14:37:57 AUTOLINK deleteHttpClientStreams().

            14:37:57 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().

            14:37:57 AUTOLINK Discovery failed. Could not contact server at <PUBLIC IP>.

            14:37:57 AUTOLINK Adding address (<PUBLIC IP>:443) to penalty box.

            14:37:57 AUTOLINK No failover servers remaining. No servers were contacted.

            14:37:57 AUTOLINK closeHttpClientAndDeleteStreams().

            14:37:57 AUTOLINK closeHttpConnection().

            14:37:57 AUTOLINK deleteHttpClientStreams().

            14:37:57 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().

            14:39:10 AUTOLINK HeartbeatTimerEvent::attemptExecution scheduledExecution == true.

            14:39:10 AUTOLINK HeartbeatTimerEvent::attemptExecution _client->start().

            14:39:10 AUTOLINK HeartbeatTimerEvent::createDefaultPeriodicTimer.

            14:39:10 AUTOLINK HeartbeatTimerEvent::getRetryTimer() == 3600.

            14:39:11 AUTOLINK OnSendDiscovery.

            14:39:11 AUTOLINK resetHttpClientStreams().

            14:39:11 AUTOLINK closeHttpConnection().

            14:39:11 AUTOLINK deleteHttpClientStreams().

            14:39:11 AUTOLINK Sending initial discovery message to <PUBLIC IP>/al/DiscoveryProcessor?action=devinfo.

            14:39:11 AUTOLINK HeartbeatTimerEvent::attemptExecution scheduledExecution == false.

            14:39:11 AUTOLINK HeartbeatTimerEvent::createDefaultPeriodicTimer.

            14:39:11 AUTOLINK HeartbeatTimerEvent::getRetryTimer() == 3600.

            14:39:11 AUTOLINK OnWaitForReply.

            14:39:12 AUTOLINK OnWaitForReply.

            14:39:13 AUTOLINK OnWaitForReply.

            14:39:14 AUTOLINK OnWaitForReply.

            14:39:15 AUTOLINK OnWaitForReply.

            14:39:16 AUTOLINK OnWaitForReply.

            14:39:17 AUTOLINK OnWaitForReply.

            14:39:18 AUTOLINK OnWaitForReply.

            14:39:19 AUTOLINK OnWaitForReply.

            14:39:20 AUTOLINK OnWaitForReply.

            14:39:21 AUTOLINK OnWaitForReply.

            14:39:22 AUTOLINK OnWaitForReply.

            14:39:23 AUTOLINK OnWaitForReply.

            14:39:24 AUTOLINK OnWaitForReply.

            14:39:25 AUTOLINK OnWaitForReply.

            14:39:26 AUTOLINK OnWaitForReply.

            14:39:27 AUTOLINK OnWaitForReply.

            14:39:28 AUTOLINK OnWaitForReply.

            14:39:29 AUTOLINK OnWaitForReply.

            14:39:30 AUTOLINK OnWaitForReply.

            2000.11.03 14:39:31 HTTP_CLIENT Timeout connecting to service at  <Public IP>

            14:39:31 AUTOLINK OnWaitForReply.

            14:39:31 AUTOLINK OnDiscoveryFailed: Discovery failed.

            14:39:31 AUTOLINK Failed to contact <PUBLIC IP>:443 (Primary Server - <PUBLIC IP>)

            14:39:31 AUTOLINK Failure reason: HTTP: Timed out.

            14:39:31 AUTOLINK closeHttpClientAndDeleteStreams().

            14:39:31 AUTOLINK closeHttpConnection().

            14:39:31 AUTOLINK deleteHttpClientStreams().

            14:39:31 AUTOLINK closeHttpClientAndDeleteStreams().

            14:39:31 AUTOLINK closeHttpConnection().

            14:39:31 AUTOLINK deleteHttpClientStreams().

            14:39:31 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().

            14:39:31 AUTOLINK Discovery failed. Could not contact server at <PUBLIC IP>.

            14:39:32 AUTOLINK Adding address (<PUBLIC IP>:443) to penalty box.

            14:39:32 AUTOLINK No failover servers remaining. No servers were contacted.

            14:39:32 AUTOLINK closeHttpClientAndDeleteStreams().

            14:39:32 AUTOLINK closeHttpConnection().

            14:39:32 AUTOLINK deleteHttpClientStreams().

            14:39:32 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().

            • Re: How to push firmware from N-Command to 1234 behind router
              yredovich New Member

              Hi hoorah,

               

              If you want to use N-command to continuously manage your 1234, and provided your N-command server is on a public IP, it may be necessary to setup a NAT on the 6355 router with appropriate ACLs, so that 1234 can check in with N-command on a regular basis. While this still won't let you "push" firmware from N-command to 1234, you could at least schedule upgrade jobs on your N-command and let the 1234 "pull" the firmware, as directed. See the N-Command manual for the list of ports used by the N-command, to help with the ACL setup.

               

              If this is a one-time upgrade to your 1234, and you don't need the management functionality of N-command, a simple way to get the code onto it would be using the 6355 to serve the image file to 1234 using TFTP.

               

              To do this

              - On 6355, copy the 1234 image into local flash. This can be done via CLI using the "copy <remote file location> flash" or by using the Web GUI (much easier, if you're not hosting the file anywhere)

              - enable TFTP server on the 6355 using the "tftp server"command,

              - finally, download the firmware file from 6355 to 1234 using the "copy tftp flash" command.

               

              Be sure to turn off the TFTP server on the 6355 after this is done, as the protocol is not secure.

               

              Of course, another option for a one-time upgrade would be to add a public IP to the 1234, grab the firmware and upgrade, then re-IP it again with the private IP.

               

              Hope this helps

              Yan.