I have a main office and branch office on separate subnets and ISP connections. They are currently networked together via VPN. I want to replace the VPN (or keep it as a failover) with a microwave link. Both sites have 3140 routers. How do I configure the routers? I am not using port 2 on either router.
first some questions.
1.is your microwave secure or do you need to encrypt the traffic? most the point to point microwave systems support encryption. I am going to assume that you will encrypt outside the Adtran, if you need to encrypt let me know.
2. that your microwave connection is a point to point and you have two ip's on the same subnet (layer 2 connection). if this isn't the case then we need to address other solutions. the following assumes this connection
3. Your existing VPN connection is a point to point non-routing connection?
with assumptions listed above here is the sequence (high level):
1. set up a layer II connection between the two sites - this will require a minimum of 4 IP addresses.
2.create a Ping / Track to make a decision as to which link should be used - Assuming that you want the radio then you ping to validate that radio link is up.
3. add a route with the following characteristics:
A. that the tag value of the radio link is higher (lower number) than the VPN link
B. that the tracking is set on the route such that the route is not active except when the radio link is operational
with these steps the routers will automatically switch between the wireless and VPN connection (failover time is based upon the Ping / track fail time).
Below is a detailed sequence. I hope that helps.
create a point to point layer 2 link on port 2 of the 3140
set up on the unused port 2 the an IP address range of /29 (255.255.255.248). this will provide you a total of 6 usable IP addresses. you want to assign IP addresses to (1) both Adtrans, (2) both radios. this will create a point to point connection between the two Adtran's.
Set up the route
now set up IP routes on how to get to the other side. If you want just the radio to work, assign it a higher (lower numeric) tag for the radio link than your existing VPN in the "IP route command and traffic will start going over the radio. basically the higher priority of the tag will be used first by the router. Here is the problem, if the radio link fails and the radio doesn't drop the ethernet link it won't fail over.
set up the Probe / track
To solve this you can set up a probe on the radio link (if you need help on setting up the probe and tracking there are a bunch of writeups within the support community that should help you). Anyway set up a probe that is checking for the radio link. you want to setup the probe so that it uses as the source two adtran's as the source and destination IP and you need to make sure that it doesn't use the VPN link to respond to the ping. You can play around with different ways of accomplishing this (for example the ping source is the Adtran source IP of the radio link and the destination IP address is the radio at the far end). The other way require to implement would be to use the route-map feature to direct the ping routing. Once you get the probe working correctly, on the IP route that pushes the data over the radio link you add the Track function, the Adtran will automatically switch between the radio and VPN connection.
Some things to note.
1) make sure that you configure the same functions symmetrically on both Adtran's.
2) make sure that your Ping and track functions match.
3) make sure the IP route command (the one forces the traffic to route over the VPN) has a higher tag (lower number) for the radio (this will force the traffic to go over the radio verses the VPN) and set up a track on the route so that route is only available if the radio link is up.
4) make sure that your firewall works for allowing the traffic to go through the two different routes (I am assuming that you are using a firewall - needed to support VPN.
Good luck. If you want to post your shot at the configurations of the two routers, might be able to help debug if it doesn't work