4 Replies Latest reply on Jul 22, 2019 5:38 PM by jayh

    908e no incoming call issue

    ccozze New Member

      i have this 908e connected to the PBX on the T4 port and the ETH02 to the Internet

       

       

       

      i can do outgoing calls but incoming doesn't work

      This is my config can anyone point me whats wrong

       

      !

      !

      ! ADTRAN, Inc. OS version R13.2.0.E

      ! Boot ROM version R10.9.3.B1

      ! Platform: Total Access 908e (3rd Gen), part number 4243908F1

      ! Serial number CFG1320056

      !

      !

      hostname "Forensic_Risk"

      enable password encrypted 3f37ea7402d74f14b05451e8b4b7bcfd4720

      !

      !

      clock timezone -5-Eastern-Time

      !

      ip subnet-zero

      ip classless

      ip default-gateway 8.41.206.161

      ip routing

      ipv6 unicast-routing

      !

      !

      name-server 209.244.0.3 209.244.0.4

      !

      !

      auto-config

      auto-config authname adtran encrypted password 20285ee6ba26759765370843433612c1bdfd

      !

      event-history on

      no logging forwarding

      no logging console

      no logging email

      !

      service password-encryption

      !

      username "admin" password encrypted "2129e8d017dc3e1677b962b5796c652c338a"

      !

      banner motd ^

      *************************************************************

      *****   This is a PRIVATE NETWORK FACILITY              *****

      ***** You are attempting to access a RESTRICTED DEVICE. *****

      ***** Access to this device is restricted to authorized *****

      ***** personnel only. All login attempts to this device *****

      ***** are logged and monitored. Violators will be       *****

      ***** prosecuted to the fullest extent of the law!      *****

      *****                                                   *****

      *************************************************************^

      !

      ip policy-timeout udp all-ports 90

      !

      ip firewall local-traffic-only

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      !

      !

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      !

      !

      ip dhcp pool "Private"

        network 10.10.10.0 255.255.255.0

        default-router 8.41.206.161

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      qos map VOIP 10

        match ip list SIP-SERVER

        set dscp ef

      !

      !

      !

      !

      interface eth 0/1

        description Internal Access

        ip address  10.10.10.1  255.255.255.0

        ip access-policy Private

        no shutdown

      !

      !

      interface eth 0/2

        description WAN Link

        ip address 8.41.206.175 255.255.255.224

        ip mtu 1500

        ip access-policy Public

        ip flow ingress ADMIN

        ip flow egress ADMIN

        no awcp

        no shutdown

        media-gateway ip primary

      !

      !

      !

      interface gigabit-eth 0/1

        ip address dhcp hostname "TA908e"

        ip address  10.10.10.1  255.255.255.0  secondary

        ip access-policy Private

        no shutdown

      !

      !

      !

      !

      interface t1 0/1

        shutdown

      !

      interface t1 0/2

        shutdown

      !

      interface t1 0/3

        description Test POrt

        shutdown

      !

      interface t1 0/4

        description PRI TO PBX

        tdm-group 1 timeslots 1-24 speed 64

        no shutdown

      !

      !

      interface pri 1

        description PRI to PBX

        role network b-channel-restarts enable

        isdn name-delivery setup

        connect t1 0/4 tdm-group 1

        no shutdown

      !

      !

      interface fxs 0/1

        shutdown

      !

      interface fxs 0/2

        shutdown

      !

      interface fxs 0/3

        shutdown

      !

      interface fxs 0/4

        shutdown

      !

      interface fxs 0/5

        shutdown

      !

      interface fxs 0/6

        shutdown

      !

      interface fxs 0/7

        shutdown

      !

      interface fxs 0/8

        shutdown

      !

      !

      isdn-group 1

        connect pri 1

      !

      !

      !

      !

      !

      !

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended ADMIN

        permit tcp any  any eq ssh

        permit tcp any  any eq www

        permit icmp any  any  

      !

      ip access-list extended self

        remark Traffic to Total Access

        permit ip any  any     log

      !

      ip access-list extended SIP-SERVER

        permit udp hostname a2east.sipregistration.com  any eq 5060 

        permit udp any range 5060 5065 any range 5060 5065    log

      !

      !

      !

      !

      ip policy-class Private

        allow list self self

        nat source list wizard-ics interface eth 0/2 overload

      !

      ip policy-class Public

        ! Implicit discard

      !

      !

      !

      ip route 0.0.0.0 0.0.0.0 1.1.1.2

      !

      no tftp server

      no tftp server overwrite

      http server

      http secure-server

      no snmp agent

      no ip ftp server

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      sip

      sip udp 5060

      no sip tls

      !

      !

      !

      voice feature-mode network

      voice forward-mode network

      !

      !

      !

      !

      !

      !

      !

      !

      voice dial-plan 1 local NXX-NXX-XXXX

      voice dial-plan 2 extensions MXXX

      !

      !

      !

      !

      !

      voice codec-list VOICE

        default

        codec g711alaw

        codec g711ulaw

      !

      !

      !

      voice trunk T01 type sip

        description "SIP Trunk"

        sip-server primary a2east.sipregistration.com

        registrar threshold absolute 15

        registrar expire-time 350

        domain "a2east.sipregistration.com"

        sip-keep-alive options 1800

        register sip0000001_adtefra auth-name "sip0000001_adtefra" password encrypted "1815896e89e080e105e5d08d8e0378b2371d"

        trust-domain

        codec-list VOICE both

        authentication username "sip0000001_adtefra" password encrypted "29242d4d60daa6fc1d117ae61bdccc7967cd"

      !

      voice trunk T02 type isdn

        description "ISDN Link to Customer PBX Equipment"

        resource-selection linear ascending

        connect isdn-group 1

        rtp delay-mode adaptive

        rtp qos dscp 46

        codec-list VOICE

      !

      !

      voice grouped-trunk PRI

        description "PRI settings"

        trunk T02

        accept $ cost 0

        accept NXX-NXX-XXXX cost 0

        accept 1-NXX-NXX-XXXX cost 0

        accept 1-800-NXX-XXXX cost 0

        accept 1-888-NXX-XXXX cost 0

        accept 1-877-NXX-XXXX cost 0

        accept 1-866-NXX-XXXX cost 0

        accept 1-855-NXX-XXXX cost 0

        accept 011-$ cost 0

        accept 911 cost 0

        reject NXX-976-XXXX

        reject 1-900-NXX-XXXX

        reject 1-976-NXX-XXXX

        reject 1-NXX-976-XXXX

      !

      !

      voice grouped-trunk SIP

        description "SIP Settings"

        trunk T01

        accept $ cost 0

        accept NXX-NXX-XXXX cost 0

        accept 1-NXX-NXX-XXXX cost 0

        accept 1-800-NXX-XXXX cost 0

        accept 1-888-NXX-XXXX cost 0

        accept 1-877-NXX-XXXX cost 0

        accept 1-866-NXX-XXXX cost 0

        accept 1-855-NXX-XXXX cost 0

        accept 011-$ cost 0

        accept 911 cost 0

        reject NXX-976-XXXX

        reject 1-900-NXX-XXXX

        reject 1-976-NXX-XXXX

        reject 1-NXX-976-XXXX

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no sip registrar authenticate

      sip registrar default-expires 10800

      sip registrar min-expires 3600

      !

      !

      !

      !

      !

      !

      !

      !

      sip timer registration-failure-retry 1500

      sip timer T1 100

      sip timer T2 1000

      !

      !

      sip grammar require 100rel

      !

      sip qos dscp 1

      !

      !

      sip database local

      !

      ip rtp symmetric-filter

      ip rtp firewall-traversal policy-timeout 3600

      !

      !

      sip secure remote-user

        no blacklist

      !

      !

      !

      line con 0

        login local-userlist

        line-timeout 30

      !

      line telnet 0 4

        login local-userlist

        password encrypted 222aeb284ee6c87edf82f7fb3ffefdfbaa71

        shutdown

      line ssh 0 4

        login local-userlist

        line-timeout 30

        no shutdown

      !

      sntp server 64.94.196.70

      !

      !

      !

      !

      end

        • Re: 908e no incoming call issue
          cjohnson New Member

          Update your Public policy

           

          ip policy-class Public

          allow list SIP-SERVER

          • Re: 908e no incoming call issue
            chuckjal New Member

            What numbers (digits) are you receiving from telco on sip trunk?  Put those as accept statements on the trunk to the pbx.  I always add accept statements for all my dids as they are handed to me from telco, most of the time 10 digits

            • Re: 908e no incoming call issue
              jwable Frequent Visitor

              I would start by checking you PRI configuration to make sure it matches up correctly with the PBX, look at things like number of digits-transferred some PBX only accept 4 if you send more then that the PBX will only look at the first 4 and it wont match.  Check with the PBX vendor exactly what they are expecting from you.  Also I didn't see the timing source normally you would want something like the following: timing-source internal that will then advertise the timing to the PBX.  You can run the following debugs to try and get a better idea if the issue is on the PBX side or the carrier side:

               

              debug isdn l2-formatted

              debug voice switchboard

              debug sip stack messages

               

              post the results of the debugs if the above doesn't help.

              • Re: 908e no incoming call issue
                jayh Hall_of_Fame

                I can see a few puzzling things with this configuration.

                 

                Your interface eth 0/1is configured as 10.10.10.1/24. You have that same IP on interface gigabit-eth 0/1 as secondary. This will cause conflicts, I'm kind of surprised that the configuration parser even allowed you to do this.

                 

                Your "Public" policy will deny everything including SIP to the box. This is likely your primary problem. You probably want to add "allow list self self" there. However, this will create some security holes which need to be fixed.

                 

                Your SIP-SERVER access-list first allows traffic from your SIP server (good) and then allows SIP from anywhere (not so good). Remove the second line.

                 

                You have a default route pointing to 1.1.1.2 and you have "ip default-gateway" pointing to 8.41.206.161. The "ip default-gateway" command is for layer-2 switches and the like without IP routing. Change your default route to "ip route 0.0.0.0 0.0.0.0 8.41.206.161" and remove the "ip default-gateway" command.

                 

                In addition, your dhcp pool "private" should have its default-router set to the inside address of the TA900 itself, 10.10.10.1, not your public gateway.

                 

                To close some security holes:

                 

                Fix the SIP-SERVER access-list to only allow the hostname or (preferably) IP address of the SIP server, it appears to be 198.58.40.228. This can be a standard access-list. You don't need to list ports and protocols. Then add the following command to the global configuration.

                sip access-class ip SIP-SERVER in

                 

                Create a standard access-list with the IP addresses of your trusted management hosts. This can be the internal subnet as well as any outside addresses that need to get to the unit for management. Name this access-list "admin-access" (or similar).

                 

                Then restrict access as follows:

                 

                http ip access-class admin-access in

                http ip secure-access-class admin-access in

                line telnet 0 4

                  shutdown

                  ip access-class admin-access in

                line ssh 0 4

                  login local-userlist

                  no shutdown

                  ip access-class admin-access in

                 

                Note that telnet is shut down in the above example as it is in your configuration. This is good, telnet sends everything in clear text.

                 

                Make these changes and re-test. If things still don't work we will need to look at some SIP and voice debugs.