Hi All,
I was wondering in the example setup below if it is possible to have N-Command push firmware directly to the switch behind a router.
Setup: Adtran 6355 > Adtran 1234 POE
As long as the device is able to check in to the nCommand server, you would create a Scheduled Job with the task to Push Firmware with the file you wish to apply to the unit. There are a few variables involving what to do with the older firmware files which are explained in the n-Command MSP Manual.
Hi Iana,
No it cannot communicate with the NCommand Server...
The Adtran 3430 can, but the 1234 Switch behind the 3430 cannot.
I checked, and not seeing any policy lists, or ACLs that could be blocking. Maybe it's because it is on a different VLAN.
Eth 0/2 802.1q Encapsulation
Eth 0/2.2 Data
Eth 0/2.101 Management
Eth 0/2.102 Phones
interface eth 0/2.101
description SWITCH_MANAGEMENT_VLAN
vlan-id 99
ip address 192.168.101.1 255.255.255.0
ip access-policy Private
no shutdown
!
end
20/331651#sh ip policy-class Private
Policy-class "Private":
21 current sessions (13500 max)
Discards/Allows/NAT: 0/771/689
Entry 1 - allow list MATCH_ALL self
Entry 2 - nat source list VOIP interface loop 1 overload
Entry 3 - allow list DATA stateless
20/331651#sh ip access-list standard MATCH_ALL
Standard IP access list MATCH_ALL
permit any (1 matches)
Standard IP access list DATA
permit any (7913 matches)
Here is what the 1234 sees.
2000.11.03 14:37:57 HTTP_CLIENT Timeout connecting to service at <PUBLIC IP>
14:37:57 AUTOLINK OnWaitForReply.
14:37:57 AUTOLINK OnDiscoveryFailed: Discovery failed.
14:37:57 AUTOLINK Failed to contact <PUBLIC IP>:443 (Primary Server - <PUBLIC IP>)
14:37:57 AUTOLINK Failure reason: HTTP: Timed out.
14:37:57 AUTOLINK closeHttpClientAndDeleteStreams().
14:37:57 AUTOLINK closeHttpConnection().
14:37:57 AUTOLINK deleteHttpClientStreams().
14:37:57 AUTOLINK closeHttpClientAndDeleteStreams().
14:37:57 AUTOLINK closeHttpConnection().
14:37:57 AUTOLINK deleteHttpClientStreams().
14:37:57 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().
14:37:57 AUTOLINK Discovery failed. Could not contact server at <PUBLIC IP>.
14:37:57 AUTOLINK Adding address (<PUBLIC IP>:443) to penalty box.
14:37:57 AUTOLINK No failover servers remaining. No servers were contacted.
14:37:57 AUTOLINK closeHttpClientAndDeleteStreams().
14:37:57 AUTOLINK closeHttpConnection().
14:37:57 AUTOLINK deleteHttpClientStreams().
14:37:57 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().
14:39:10 AUTOLINK HeartbeatTimerEvent::attemptExecution scheduledExecution == true.
14:39:10 AUTOLINK HeartbeatTimerEvent::attemptExecution _client->start().
14:39:10 AUTOLINK HeartbeatTimerEvent::createDefaultPeriodicTimer.
14:39:10 AUTOLINK HeartbeatTimerEvent::getRetryTimer() == 3600.
14:39:11 AUTOLINK OnSendDiscovery.
14:39:11 AUTOLINK resetHttpClientStreams().
14:39:11 AUTOLINK closeHttpConnection().
14:39:11 AUTOLINK deleteHttpClientStreams().
14:39:11 AUTOLINK Sending initial discovery message to <PUBLIC IP>/al/DiscoveryProcessor?action=devinfo.
14:39:11 AUTOLINK HeartbeatTimerEvent::attemptExecution scheduledExecution == false.
14:39:11 AUTOLINK HeartbeatTimerEvent::createDefaultPeriodicTimer.
14:39:11 AUTOLINK HeartbeatTimerEvent::getRetryTimer() == 3600.
14:39:11 AUTOLINK OnWaitForReply.
14:39:12 AUTOLINK OnWaitForReply.
14:39:13 AUTOLINK OnWaitForReply.
14:39:14 AUTOLINK OnWaitForReply.
14:39:15 AUTOLINK OnWaitForReply.
14:39:16 AUTOLINK OnWaitForReply.
14:39:17 AUTOLINK OnWaitForReply.
14:39:18 AUTOLINK OnWaitForReply.
14:39:19 AUTOLINK OnWaitForReply.
14:39:20 AUTOLINK OnWaitForReply.
14:39:21 AUTOLINK OnWaitForReply.
14:39:22 AUTOLINK OnWaitForReply.
14:39:23 AUTOLINK OnWaitForReply.
14:39:24 AUTOLINK OnWaitForReply.
14:39:25 AUTOLINK OnWaitForReply.
14:39:26 AUTOLINK OnWaitForReply.
14:39:27 AUTOLINK OnWaitForReply.
14:39:28 AUTOLINK OnWaitForReply.
14:39:29 AUTOLINK OnWaitForReply.
14:39:30 AUTOLINK OnWaitForReply.
2000.11.03 14:39:31 HTTP_CLIENT Timeout connecting to service at <Public IP>
14:39:31 AUTOLINK OnWaitForReply.
14:39:31 AUTOLINK OnDiscoveryFailed: Discovery failed.
14:39:31 AUTOLINK Failed to contact <PUBLIC IP>:443 (Primary Server - <PUBLIC IP>)
14:39:31 AUTOLINK Failure reason: HTTP: Timed out.
14:39:31 AUTOLINK closeHttpClientAndDeleteStreams().
14:39:31 AUTOLINK closeHttpConnection().
14:39:31 AUTOLINK deleteHttpClientStreams().
14:39:31 AUTOLINK closeHttpClientAndDeleteStreams().
14:39:31 AUTOLINK closeHttpConnection().
14:39:31 AUTOLINK deleteHttpClientStreams().
14:39:31 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().
14:39:31 AUTOLINK Discovery failed. Could not contact server at <PUBLIC IP>.
14:39:32 AUTOLINK Adding address (<PUBLIC IP>:443) to penalty box.
14:39:32 AUTOLINK No failover servers remaining. No servers were contacted.
14:39:32 AUTOLINK closeHttpClientAndDeleteStreams().
14:39:32 AUTOLINK closeHttpConnection().
14:39:32 AUTOLINK deleteHttpClientStreams().
14:39:32 AUTOLINK closeHttpFileTransferClientAndDeleteStreams().
Hi hoorah,
If you want to use N-command to continuously manage your 1234, and provided your N-command server is on a public IP, it may be necessary to setup a NAT on the 6355 router with appropriate ACLs, so that 1234 can check in with N-command on a regular basis. While this still won't let you "push" firmware from N-command to 1234, you could at least schedule upgrade jobs on your N-command and let the 1234 "pull" the firmware, as directed. See the N-Command manual for the list of ports used by the N-command, to help with the ACL setup.
If this is a one-time upgrade to your 1234, and you don't need the management functionality of N-command, a simple way to get the code onto it would be using the 6355 to serve the image file to 1234 using TFTP.
To do this
- On 6355, copy the 1234 image into local flash. This can be done via CLI using the "copy <remote file location> flash" or by using the Web GUI (much easier, if you're not hosting the file anywhere)
- enable TFTP server on the 6355 using the "tftp server"command,
- finally, download the firmware file from 6355 to 1234 using the "copy tftp flash" command.
Be sure to turn off the TFTP server on the 6355 after this is done, as the protocol is not secure.
Of course, another option for a one-time upgrade would be to add a public IP to the 1234, grab the firmware and upgrade, then re-IP it again with the private IP.
Hope this helps
Yan.