Hello all,
I am working on implementing a new Adtran 908e for a customer's new hosted VoIP system. They already have a DSL connection and would like to use the T1 fed into the 908e for voice only with the DSL connection set up as failover. I have completed the configuration and I was hoping if someone can check it for me and let me know if I am missing anything. The WAN failover was a last minute decision and I am planning on going on site early next week to set this up. Thank you in advance!
hostname "mas.ta908e-1"
enable password encrypted xxxxxxxxxxx
!
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
domain-name "maspremium.com"
domain-proxy
name-server 8.8.8.8
!
ip local policy route-map icmp-pbr
!
no auto-config
auto-config authname adtran encrypted password 2721bf4deba3bd798dc1839aa58a7da49d2f
!
event-history on
no logging forwarding
no logging email
!
service password-encryption
!
username "xxxxx" password encrypted xxxxxxxxx
username "xxxxx" password encrypted xxxxxxxxxx
username "xxxxxxx" password encrypted xxxxxxxxx
!
banner motd !
Authorized Access Only
!
!
!
ip firewall
ip firewall fast-nat-failover
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
no dot11ap access-point-control
!
!
probe Failover icmp-echo
destination 8.8.8.8
source-address X.X.113.238
period 5
tolerance consecutive fail 5 pass 2
no shutdown
!
track Wantrack
snmp trap state-change
test if probe Failover
no shutdown
!
!
!
interface eth 0/1
description Voice Lan interface
ip address 192.168.5.80 255.255.255.0 ( IP given to me from the site's system admin for their LAN)
ip access-policy lan-policy
media-gateway ip primary
no shutdown
!
!
interface eth 0/2
description Failover interface
ip address X.X.203.80 255.255.255.192 (IP of their fiber provider)
ip access-policy dsl-policy
media-gateway ip primary
no shutdown
!
!
interface t1 0/1
tdm-group 1 timeslots 1-24 speed 64
no shutdown
!
interface t1 0/2
shutdown
!
interface t1 0/3
shutdown
!
interface t1 0/4
shutdown
!
!
interface fxs 0/1
no shutdown
!
interface fxs 0/2
no shutdown
!
interface fxs 0/3
no shutdown
!
interface fxs 0/4
no shutdown
!
interface fxs 0/5
no shutdown
!
interface fxs 0/6
no shutdown
!
interface fxs 0/7
no shutdown
!
interface fxs 0/8
no shutdown
!
!
interface fxo 0/0
no shutdown
!
interface ppp 1
ip address X.X.113.238 255.255.255.252
ip access-policy wan-policy
media-gateway ip primary
no shutdown
cross-connect 1 t1 0/1 1 ppp 1
!
!
!
!
!
route-map icmp-pbr permit 10
match ip address pingprobe-acl
set ip next-hop X.X.113.237
!
!
!
!
ip access-list extended icmp-acl
permit icmp any any
!
ip access-list extended nat-acl
permit ip any any
!
ip access-list extended permit-acl
permit ip any any
!
ip access-list extended pingprobe-acl
permit icmp any host 8.8.8.8
!
ip access-list extended remote-admin-acl
remark This is for remote SSH and HTTPS sessions
permit ip 207.54.171.0 0.0.0.15 any log
!
ip access-list extended sip-server-acl
permit udp hostname voip-b.evolveip.net any
!
!
!
!
ip policy-class dsl-policy
allow list icmp-acl
allow list sip-server-acl
allow list remote-admin-acl
!
ip policy-class lan-policy
nat source list nat-acl address X.X.113.238 overload policy wan-policy
nat source list nat-acl address X.X.203.80 overload policy dsl-policy
!
ip policy-class wan-policy
allow list icmp-acl
allow list sip-server-acl
allow list remote-admin-acl
!
!
!
ip route 0.0.0.0 0.0.0.0 162.213.113.237 track Wantrack
ip route 0.0.0.0 0.0.0.0 70.62.203.1 10
ip route 192.168.1.0 255.255.255.0 192.168.1.1 (subnets from current LAN infrastructure)
ip route 192.168.2.0 255.255.255.0 192.168.2.1
ip route 192.168.5.0 255.255.255.0 192.168.5.1
ip route 192.168.11.0 255.255.255.0 192.168.11.1
ip route 192.168.12.0 255.255.255.0 192.168.12.1
!
no tftp server
no tftp server overwrite
no http server
http secure-server
no snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
!
!
!
!
!
auto-link
auto-link server 207.54.171.6
!
!
ip sip
ip sip udp 5060
no ip sip tcp
!
!
!
voice feature-mode network
voice forward-mode network
!
!
!
ip sip proxy
ip sip proxy transparent
!
!
ip rtp quality-monitoring
ip rtp quality-monitoring udp
ip rtp quality-monitoring sip
!
ip rtp quality-monitoring reporter "DCTn-command"
collector primary 207.54.171.6
no shutdown
!
line con 0
no login
line-timeout 0
!
line telnet 0 4
login local-userlist
password encrypted 262e62f350fac67818df30ef9ce2abebb767
shutdown
line ssh 0 4
login local-userlist
no shutdown
!
sntp server 207.54.171.10
!
!
!
!
end
Tetu04,
I believe you worked this issue through Adtran Technical Support, but I just wanted to put an update on this post. We made several configuration changes including the following.
1. Removed static route for directly connected subnet.
2. Added "no ip policy-class wan-policy rfp-check" so that probe responses can be received on a interface when route table was in the failover mode.
3. We also discussed how we needed to see a new registration from the SIP phone once the failover had taken place. This is to edit the SIP proxy database within the Adtran unit and to also signal to the softswitch that the phones reside at a new public IP address.
Thanks!
David