When working with ADTRAN Technical Support Engineers, quick and persistent direct access to AOS units may be needed to properly troubleshoot a problem. In the past this required a customer to open or forward ports in their firewall to provide this access, or the use of shared sessions. With the release of R11.4.0, a new feature in AOS NetVanta switches allows a customer to setup direct access from a switch to an ADTRAN server at the request of Technical Support.
Hardware and Software Requirements
The AOS call home feature is available through the use of a R11.4.0 feature called ssh port forwarding. This feature is available on all non end-of-life AOS NetVanta switches on R11.4.0 or greater.
Initiating AOS Call Home
When troubleshooting an issue, if there are AOS NetVanta switches in your network, a Technical Support Engineer may request direct remote access using AOS call home. Despite how many units the network has, generally only one switch called home will be necessary to troubleshoot as the support engineer will be able to jump from unit to unit through the use of Telnet.
For AOS call home to work properly, the switch will need a DNS server specified that is reachable. The DNS client in the switch will also need to be enabled. The below set of commands displays the required commands to turn on the DNS client in the switch as well as set its DNS server to 220.127.116.11 (Google DNS).
Note: The domain-lookup command is on by default in AOS units so it will not show up in the config unless it is disabled.
The switch will also need outbound internet access using the specific port that Technical Support provides, which will be in the range of 50000 - 60000.
To initiate the call home session, you will need the password and the port number from Technical Support. Once that has been provided, use the following commands to provide the access specified by the engineer:
To make telnet available to the remote engineer, enter the following:
# ssh port-forward 23 firstname.lastname@example.org:<Port number here> port 10022
To make SSH available to the remote engineer, enter the following:
# ssh port-forward 22 email@example.com:<Port number here> port 10022
The <port number here> is the port that the Technical Support Engineer will provide to you. Upon entering the command, you should be prompted for the password. Enter the password support provides to you.
Note: Do not attempt to connect units to the AOS call home server without instruction from an ADTRAN Technical Support Engineer. If you have changed the associated services to exist on different ports than the default port, you will need to change the port in the command to that specific one. For example, if using SSH on port 2222, the command would be ssh port-forward 2222 callhome...
In order to check to make sure the session was properly setup, use the showssh port-forward command. The output below should be shown depending on which service was forwarded.
#show ssh port-forward
Local Port: 22
URL of Remote User: firstname.lastname@example.org:50037
Once the ADTRAN Technical Support Engineer is finished with the unit, you can clear the session with the following command:
#clear ssh port-forward <port of service> email@example.com:<port number> port 10022
If you forget to remove the session, it will close the next time the unit is rebooted. The AOS call home server is secure and will not pose any security concerns to a connected unit.
For more information regarding the SSH Port Forwarding feature, please see