cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ccozze
New Contributor

908e no incoming call issue

i have this 908e connected to the PBX on the T4 port and the ETH02 to the Internet

i can do outgoing calls but incoming doesn't work

This is my config can anyone point me whats wrong

!

!

! ADTRAN, Inc. OS version R13.2.0.E

! Boot ROM version R10.9.3.B1

! Platform: Total Access 908e (3rd Gen), part number 4243908F1

! Serial number CFG1320056

!

!

hostname "Forensic_Risk"

enable password encrypted 3f37ea7402d74f14b05451e8b4b7bcfd4720

!

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip default-gateway 8.41.206.161

ip routing

ipv6 unicast-routing

!

!

name-server 209.244.0.3 209.244.0.4

!

!

auto-config

auto-config authname adtran encrypted password 20285ee6ba26759765370843433612c1bdfd

!

event-history on

no logging forwarding

no logging console

no logging email

!

service password-encryption

!

username "admin" password encrypted "2129e8d017dc3e1677b962b5796c652c338a"

!

banner motd ^

*************************************************************

*****   This is a PRIVATE NETWORK FACILITY              *****

***** You are attempting to access a RESTRICTED DEVICE. *****

***** Access to this device is restricted to authorized *****

***** personnel only. All login attempts to this device *****

***** are logged and monitored. Violators will be       *****

***** prosecuted to the fullest extent of the law!      *****

*****                                                   *****

*************************************************************^

!

ip policy-timeout udp all-ports 90

!

ip firewall local-traffic-only

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

!

!

!

!

!

!

!

no dot11ap access-point-control

!

!

!

!

!

!

!

ip dhcp pool "Private"

  network 10.10.10.0 255.255.255.0

  default-router 8.41.206.161

!

!

!

!

!

!

!

!

!

!

!

!

qos map VOIP 10

  match ip list SIP-SERVER

  set dscp ef

!

!

!

!

interface eth 0/1

  description Internal Access

  ip address  10.10.10.1  255.255.255.0

  ip access-policy Private

  no shutdown

!

!

interface eth 0/2

  description WAN Link

  ip address 8.41.206.175 255.255.255.224

  ip mtu 1500

  ip access-policy Public

  ip flow ingress ADMIN

  ip flow egress ADMIN

  no awcp

  no shutdown

  media-gateway ip primary

!

!

!

interface gigabit-eth 0/1

  ip address dhcp hostname "TA908e"

  ip address  10.10.10.1  255.255.255.0  secondary

  ip access-policy Private

  no shutdown

!

!

!

!

interface t1 0/1

  shutdown

!

interface t1 0/2

  shutdown

!

interface t1 0/3

  description Test POrt

  shutdown

!

interface t1 0/4

  description PRI TO PBX

  tdm-group 1 timeslots 1-24 speed 64

  no shutdown

!

!

interface pri 1

  description PRI to PBX

  role network b-channel-restarts enable

  isdn name-delivery setup

  connect t1 0/4 tdm-group 1

  no shutdown

!

!

interface fxs 0/1

  shutdown

!

interface fxs 0/2

  shutdown

!

interface fxs 0/3

  shutdown

!

interface fxs 0/4

  shutdown

!

interface fxs 0/5

  shutdown

!

interface fxs 0/6

  shutdown

!

interface fxs 0/7

  shutdown

!

interface fxs 0/8

  shutdown

!

!

isdn-group 1

  connect pri 1

!

!

!

!

!

!

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended ADMIN

  permit tcp any  any eq ssh

  permit tcp any  any eq www

  permit icmp any  any  

!

ip access-list extended self

  remark Traffic to Total Access

  permit ip any  any     log

!

ip access-list extended SIP-SERVER

  permit udp hostname a2east.sipregistration.com  any eq 5060 

  permit udp any range 5060 5065 any range 5060 5065    log

!

!

!

!

ip policy-class Private

  allow list self self

  nat source list wizard-ics interface eth 0/2 overload

!

ip policy-class Public

  ! Implicit discard

!

!

!

ip route 0.0.0.0 0.0.0.0 1.1.1.2

!

no tftp server

no tftp server overwrite

http server

http secure-server

no snmp agent

no ip ftp server

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

!

sip

sip udp 5060

no sip tls

!

!

!

voice feature-mode network

voice forward-mode network

!

!

!

!

!

!

!

!

voice dial-plan 1 local NXX-NXX-XXXX

voice dial-plan 2 extensions MXXX

!

!

!

!

!

voice codec-list VOICE

  default

  codec g711alaw

  codec g711ulaw

!

!

!

voice trunk T01 type sip

  description "SIP Trunk"

  sip-server primary a2east.sipregistration.com

  registrar threshold absolute 15

  registrar expire-time 350

  domain "a2east.sipregistration.com"

  sip-keep-alive options 1800

  register sip0000001_adtefra auth-name "sip0000001_adtefra" password encrypted "1815896e89e080e105e5d08d8e0378b2371d"

  trust-domain

  codec-list VOICE both

  authentication username "sip0000001_adtefra" password encrypted "29242d4d60daa6fc1d117ae61bdccc7967cd"

!

voice trunk T02 type isdn

  description "ISDN Link to Customer PBX Equipment"

  resource-selection linear ascending

  connect isdn-group 1

  rtp delay-mode adaptive

  rtp qos dscp 46

  codec-list VOICE

!

!

voice grouped-trunk PRI

  description "PRI settings"

  trunk T02

  accept $ cost 0

  accept NXX-NXX-XXXX cost 0

  accept 1-NXX-NXX-XXXX cost 0

  accept 1-800-NXX-XXXX cost 0

  accept 1-888-NXX-XXXX cost 0

  accept 1-877-NXX-XXXX cost 0

  accept 1-866-NXX-XXXX cost 0

  accept 1-855-NXX-XXXX cost 0

  accept 011-$ cost 0

  accept 911 cost 0

  reject NXX-976-XXXX

  reject 1-900-NXX-XXXX

  reject 1-976-NXX-XXXX

  reject 1-NXX-976-XXXX

!

!

voice grouped-trunk SIP

  description "SIP Settings"

  trunk T01

  accept $ cost 0

  accept NXX-NXX-XXXX cost 0

  accept 1-NXX-NXX-XXXX cost 0

  accept 1-800-NXX-XXXX cost 0

  accept 1-888-NXX-XXXX cost 0

  accept 1-877-NXX-XXXX cost 0

  accept 1-866-NXX-XXXX cost 0

  accept 1-855-NXX-XXXX cost 0

  accept 011-$ cost 0

  accept 911 cost 0

  reject NXX-976-XXXX

  reject 1-900-NXX-XXXX

  reject 1-976-NXX-XXXX

  reject 1-NXX-976-XXXX

!

!

!

!

!

!

!

!

!

!

!

!

no sip registrar authenticate

sip registrar default-expires 10800

sip registrar min-expires 3600

!

!

!

!

!

!

!

!

sip timer registration-failure-retry 1500

sip timer T1 100

sip timer T2 1000

!

!

sip grammar require 100rel

!

sip qos dscp 1

!

!

sip database local

!

ip rtp symmetric-filter

ip rtp firewall-traversal policy-timeout 3600

!

!

sip secure remote-user

  no blacklist

!

!

!

line con 0

  login local-userlist

  line-timeout 30

!

line telnet 0 4

  login local-userlist

  password encrypted 222aeb284ee6c87edf82f7fb3ffefdfbaa71

  shutdown

line ssh 0 4

  login local-userlist

  line-timeout 30

  no shutdown

!

sntp server 64.94.196.70

!

!

!

!

end

0 Kudos
4 Replies
cjohnson
New Contributor II

Re: 908e no incoming call issue

Update your Public policy

ip policy-class Public

allow list SIP-SERVER

Re: 908e no incoming call issue

What numbers (digits) are you receiving from telco on sip trunk?  Put those as accept statements on the trunk to the pbx.  I always add accept statements for all my dids as they are handed to me from telco, most of the time 10 digits

Anonymous
Not applicable

Re: 908e no incoming call issue

I would start by checking you PRI configuration to make sure it matches up correctly with the PBX, look at things like number of digits-transferred some PBX only accept 4 if you send more then that the PBX will only look at the first 4 and it wont match.  Check with the PBX vendor exactly what they are expecting from you.  Also I didn't see the timing source normally you would want something like the following: timing-source internal that will then advertise the timing to the PBX.  You can run the following debugs to try and get a better idea if the issue is on the PBX side or the carrier side:

debug isdn l2-formatted

debug voice switchboard

debug sip stack messages

post the results of the debugs if the above doesn't help.

jayh
Honored Contributor
Honored Contributor

Re: 908e no incoming call issue

I can see a few puzzling things with this configuration.

Your interface eth 0/1is configured as 10.10.10.1/24. You have that same IP on interface gigabit-eth 0/1 as secondary. This will cause conflicts, I'm kind of surprised that the configuration parser even allowed you to do this.

Your "Public" policy will deny everything including SIP to the box. This is likely your primary problem. You probably want to add "allow list self self" there. However, this will create some security holes which need to be fixed.

Your SIP-SERVER access-list first allows traffic from your SIP server (good) and then allows SIP from anywhere (not so good). Remove the second line.

You have a default route pointing to 1.1.1.2 and you have "ip default-gateway" pointing to 8.41.206.161. The "ip default-gateway" command is for layer-2 switches and the like without IP routing. Change your default route to "ip route 0.0.0.0 0.0.0.0 8.41.206.161" and remove the "ip default-gateway" command.

In addition, your dhcp pool "private" should have its default-router set to the inside address of the TA900 itself, 10.10.10.1, not your public gateway.

To close some security holes:

Fix the SIP-SERVER access-list to only allow the hostname or (preferably) IP address of the SIP server, it appears to be 198.58.40.228. This can be a standard access-list. You don't need to list ports and protocols. Then add the following command to the global configuration.

sip access-class ip SIP-SERVER in

Create a standard access-list with the IP addresses of your trusted management hosts. This can be the internal subnet as well as any outside addresses that need to get to the unit for management. Name this access-list "admin-access" (or similar).

Then restrict access as follows:

http ip access-class admin-access in

http ip secure-access-class admin-access in

line telnet 0 4

  shutdown

  ip access-class admin-access in

line ssh 0 4

  login local-userlist

  no shutdown

  ip access-class admin-access in

Note that telnet is shut down in the above example as it is in your configuration. This is good, telnet sends everything in clear text.

Make these changes and re-test. If things still don't work we will need to look at some SIP and voice debugs.