cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tetu04
New Contributor III

Urgent help needed please - Adtran 908e configured with WAN failover

Hello all,

I am working on implementing a new Adtran 908e for a customer's new hosted VoIP system. They already have a DSL connection and would like to use the T1 fed into the 908e for voice only with the DSL connection set up as failover. I have completed the configuration and I was hoping if someone can check it for me and let me know if I am missing anything. The WAN failover was a last minute decision and I am planning on going on site early next week to set this up. Thank you in advance!

hostname "mas.ta908e-1"

enable password encrypted xxxxxxxxxxx

!

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip routing

ipv6 unicast-routing

!

!

domain-name "maspremium.com"

domain-proxy

name-server 8.8.8.8

!

ip local policy route-map icmp-pbr

!

no auto-config

auto-config authname adtran encrypted password 2721bf4deba3bd798dc1839aa58a7da49d2f

!

event-history on

no logging forwarding

no logging email

!

service password-encryption

!

username "xxxxx" password encrypted xxxxxxxxx

username "xxxxx" password encrypted  xxxxxxxxxx

username "xxxxxxx" password encrypted xxxxxxxxx

!

banner motd !

Authorized Access Only

!

!

!

ip firewall

ip firewall fast-nat-failover

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

!

no dot11ap access-point-control

!

!

probe Failover icmp-echo

  destination 8.8.8.8

  source-address X.X.113.238

  period 5

  tolerance consecutive fail 5 pass 2

  no shutdown

!

track Wantrack

  snmp trap state-change

  test if probe Failover

  no shutdown

!

!

!

interface eth 0/1

  description Voice Lan interface

  ip address  192.168.5.80  255.255.255.0 ( IP given to me from the site's system admin for their LAN)

  ip access-policy lan-policy

  media-gateway ip primary

  no shutdown

!

!

interface eth 0/2

  description Failover interface

  ip address  X.X.203.80  255.255.255.192  (IP of their fiber provider)

  ip access-policy dsl-policy

  media-gateway ip primary

  no shutdown

!

!

interface t1 0/1

  tdm-group 1 timeslots 1-24 speed 64

  no shutdown

!

interface t1 0/2

  shutdown

!

interface t1 0/3

  shutdown

!

interface t1 0/4

  shutdown

!

!

interface fxs 0/1

  no shutdown

!

interface fxs 0/2

  no shutdown

!

interface fxs 0/3

  no shutdown

!

interface fxs 0/4

  no shutdown

!

interface fxs 0/5

  no shutdown

!

interface fxs 0/6

  no shutdown

!

interface fxs 0/7

  no shutdown

!

interface fxs 0/8

  no shutdown

!

!

interface fxo 0/0

  no shutdown

!

interface ppp 1

  ip address  X.X.113.238  255.255.255.252

  ip access-policy wan-policy

  media-gateway ip primary

  no shutdown

  cross-connect 1 t1 0/1 1 ppp 1

!

!

!

!

!

route-map icmp-pbr permit 10

  match ip address pingprobe-acl

  set ip next-hop X.X.113.237

!

!

!

!

ip access-list extended icmp-acl

  permit icmp any  any

!

ip access-list extended nat-acl

  permit ip any  any

!

ip access-list extended permit-acl

  permit ip any  any

!

ip access-list extended pingprobe-acl

  permit icmp any  host 8.8.8.8

!

ip access-list extended remote-admin-acl

  remark This is for remote SSH and HTTPS sessions

  permit ip 207.54.171.0 0.0.0.15  any     log

!

ip access-list extended sip-server-acl

  permit udp hostname voip-b.evolveip.net  any

!

!

!

!

ip policy-class dsl-policy

  allow list icmp-acl

  allow list sip-server-acl

  allow list remote-admin-acl

!

ip policy-class lan-policy

  nat source list nat-acl address X.X.113.238 overload policy wan-policy

  nat source list nat-acl address X.X.203.80 overload policy dsl-policy

!

ip policy-class wan-policy

  allow list icmp-acl

  allow list sip-server-acl

  allow list remote-admin-acl

!

!

!

ip route 0.0.0.0 0.0.0.0 162.213.113.237 track Wantrack

ip route 0.0.0.0 0.0.0.0 70.62.203.1 10

ip route 192.168.1.0 255.255.255.0 192.168.1.1  (subnets from current LAN infrastructure)

ip route 192.168.2.0 255.255.255.0 192.168.2.1

ip route 192.168.5.0 255.255.255.0 192.168.5.1

ip route 192.168.11.0 255.255.255.0 192.168.11.1

ip route 192.168.12.0 255.255.255.0 192.168.12.1

!

no tftp server

no tftp server overwrite

no http server

http secure-server

no snmp agent

no ip ftp server

no ip scp server

no ip sntp server

!

!

!

!

!

!

auto-link

auto-link server 207.54.171.6

!

!

ip sip

ip sip udp 5060

no ip sip tcp

!

!

!

voice feature-mode network

voice forward-mode network

!

!

!

ip sip proxy

ip sip proxy transparent

!

!

ip rtp quality-monitoring

ip rtp quality-monitoring udp

ip rtp quality-monitoring sip

!

ip rtp quality-monitoring reporter "DCTn-command"

  collector primary 207.54.171.6

  no shutdown

!

line con 0

  no login

  line-timeout 0

!

line telnet 0 4

  login local-userlist

  password encrypted 262e62f350fac67818df30ef9ce2abebb767

  shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

sntp server 207.54.171.10

!

!

!

!

end

0 Kudos
1 Reply
david
Valued Contributor
Valued Contributor

Re: Urgent help needed please - Adtran 908e configured with WAN failover

Tetu04,

I believe you worked this issue through Adtran Technical Support, but I just wanted to put an update on this post.  We made several configuration changes including the following.

1. Removed static route for directly connected subnet.

2. Added "no ip policy-class wan-policy rfp-check" so that probe responses can be received on a interface when route table was in the failover mode.

3. We also discussed how we needed to see a new registration from the SIP phone once the failover had taken place.  This is to edit the SIP proxy database within the Adtran unit and to also signal to the softswitch that the phones reside at a new public IP address.

Thanks!

David