Support
Community

ccozze · ‎07-15-2019

i have this 908e connected to the PBX on the T4 port and the ETH02 to the Internet

i can do outgoing calls but incoming doesn't work

This is my config can anyone point me whats wrong

!

! ADTRAN, Inc. OS version R13.2.0.E

! Boot ROM version R10.9.3.B1

! Platform: Total Access 908e (3rd Gen), part number 4243908F1

! Serial number CFG1320056

!

hostname "Forensic_Risk"

enable password encrypted 3f37ea7402d74f14b05451e8b4b7bcfd4720

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip default-gateway 8.41.206.161

ip routing

ipv6 unicast-routing

!

name-server 209.244.0.3 209.244.0.4

!

auto-config

auto-config authname adtran encrypted password 20285ee6ba26759765370843433612c1bdfd

!

event-history on

no logging forwarding

no logging console

no logging email

!

service password-encryption

!

username "admin" password encrypted "2129e8d017dc3e1677b962b5796c652c338a"

!

banner motd ^

*************************************************************

***** This is a PRIVATE NETWORK FACILITY *****

***** You are attempting to access a RESTRICTED DEVICE. *****

***** Access to this device is restricted to authorized *****

***** personnel only. All login attempts to this device *****

***** are logged and monitored. Violators will be *****

***** prosecuted to the fullest extent of the law! *****

***** *****

*************************************************************^

!

ip policy-timeout udp all-ports 90

!

ip firewall local-traffic-only

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

no dot11ap access-point-control

!

ip dhcp pool "Private"

network 10.10.10.0 255.255.255.0

default-router 8.41.206.161

!

qos map VOIP 10

match ip list SIP-SERVER

set dscp ef

!

interface eth 0/1

description Internal Access

ip address 10.10.10.1 255.255.255.0

ip access-policy Private

no shutdown

!

interface eth 0/2

description WAN Link

ip address 8.41.206.175 255.255.255.224

ip mtu 1500

ip access-policy Public

ip flow ingress ADMIN

ip flow egress ADMIN

no awcp

no shutdown

media-gateway ip primary

!

interface gigabit-eth 0/1

ip address dhcp hostname "TA908e"

ip address 10.10.10.1 255.255.255.0 secondary

ip access-policy Private

no shutdown

!

interface t1 0/1

shutdown

!

interface t1 0/2

shutdown

!

interface t1 0/3

description Test POrt

shutdown

!

interface t1 0/4

description PRI TO PBX

tdm-group 1 timeslots 1-24 speed 64

no shutdown

!

interface pri 1

description PRI to PBX

role network b-channel-restarts enable

isdn name-delivery setup

connect t1 0/4 tdm-group 1

no shutdown

!

interface fxs 0/1

shutdown

!

interface fxs 0/2

shutdown

!

interface fxs 0/3

shutdown

!

interface fxs 0/4

shutdown

!

interface fxs 0/5

shutdown

!

interface fxs 0/6

shutdown

!

interface fxs 0/7

shutdown

!

interface fxs 0/8

shutdown

!

isdn-group 1

connect pri 1

!

ip access-list standard wizard-ics

remark Internet Connection Sharing

permit any

!

ip access-list extended ADMIN

permit tcp any any eq ssh

permit tcp any any eq www

permit icmp any any

!

ip access-list extended self

remark Traffic to Total Access

permit ip any any log

!

ip access-list extended SIP-SERVER

permit udp hostname a2east.sipregistration.com any eq 5060

permit udp any range 5060 5065 any range 5060 5065 log

!

ip policy-class Private

allow list self self

nat source list wizard-ics interface eth 0/2 overload

!

ip policy-class Public

! Implicit discard

!

ip route 0.0.0.0 0.0.0.0 1.1.1.2

!

no tftp server

no tftp server overwrite

http server

http secure-server

no snmp agent

no ip ftp server

no ip scp server

no ip sntp server

!

sip

sip udp 5060

no sip tls

!

voice feature-mode network

voice forward-mode network

!

voice dial-plan 1 local NXX-NXX-XXXX

voice dial-plan 2 extensions MXXX

!

voice codec-list VOICE

default

codec g711alaw

codec g711ulaw

!

voice trunk T01 type sip

description "SIP Trunk"

sip-server primary a2east.sipregistration.com

registrar threshold absolute 15

registrar expire-time 350

domain "a2east.sipregistration.com"

sip-keep-alive options 1800

register sip0000001_adtefra auth-name "sip0000001_adtefra" password encrypted "1815896e89e080e105e5d08d8e0378b2371d"

trust-domain

codec-list VOICE both

authentication username "sip0000001_adtefra" password encrypted "29242d4d60daa6fc1d117ae61bdccc7967cd"

!

voice trunk T02 type isdn

description "ISDN Link to Customer PBX Equipment"

resource-selection linear ascending

connect isdn-group 1

rtp delay-mode adaptive

rtp qos dscp 46

codec-list VOICE

!

voice grouped-trunk PRI

description "PRI settings"

trunk T02

accept $ cost 0

accept NXX-NXX-XXXX cost 0

accept 1-NXX-NXX-XXXX cost 0

accept 1-800-NXX-XXXX cost 0

accept 1-888-NXX-XXXX cost 0

accept 1-877-NXX-XXXX cost 0

accept 1-866-NXX-XXXX cost 0

accept 1-855-NXX-XXXX cost 0

accept 011-$ cost 0

accept 911 cost 0

reject NXX-976-XXXX

reject 1-900-NXX-XXXX

reject 1-976-NXX-XXXX

reject 1-NXX-976-XXXX

!

voice grouped-trunk SIP

description "SIP Settings"

trunk T01

accept $ cost 0

accept NXX-NXX-XXXX cost 0

accept 1-NXX-NXX-XXXX cost 0

accept 1-800-NXX-XXXX cost 0

accept 1-888-NXX-XXXX cost 0

accept 1-877-NXX-XXXX cost 0

accept 1-866-NXX-XXXX cost 0

accept 1-855-NXX-XXXX cost 0

accept 011-$ cost 0

accept 911 cost 0

reject NXX-976-XXXX

reject 1-900-NXX-XXXX

reject 1-976-NXX-XXXX

reject 1-NXX-976-XXXX

!

no sip registrar authenticate

sip registrar default-expires 10800

sip registrar min-expires 3600

!

sip timer registration-failure-retry 1500

sip timer T1 100

sip timer T2 1000

!

sip grammar require 100rel

!

sip qos dscp 1

!

sip database local

!

ip rtp symmetric-filter

ip rtp firewall-traversal policy-timeout 3600

!

sip secure remote-user

no blacklist

!

line con 0

login local-userlist

line-timeout 30

!

line telnet 0 4

login local-userlist

password encrypted 222aeb284ee6c87edf82f7fb3ffefdfbaa71

shutdown

line ssh 0 4

login local-userlist

line-timeout 30

no shutdown

!

sntp server 64.94.196.70

!

end

cjohnson · ‎07-18-2019

Update your Public policy

ip policy-class Public

allow list SIP-SERVER

chuckjal · ‎07-18-2019

What numbers (digits) are you receiving from telco on sip trunk? Put those as accept statements on the trunk to the pbx. I always add accept statements for all my dids as they are handed to me from telco, most of the time 10 digits

Anonymous · ‎07-18-2019

I would start by checking you PRI configuration to make sure it matches up correctly with the PBX, look at things like number of digits-transferred some PBX only accept 4 if you send more then that the PBX will only look at the first 4 and it wont match. Check with the PBX vendor exactly what they are expecting from you. Also I didn't see the timing source normally you would want something like the following: timing-source internal that will then advertise the timing to the PBX. You can run the following debugs to try and get a better idea if the issue is on the PBX side or the carrier side:

debug isdn l2-formatted

debug voice switchboard

debug sip stack messages

post the results of the debugs if the above doesn't help.

jayh · ‎07-22-2019

I can see a few puzzling things with this configuration.

Your interface eth 0/1is configured as 10.10.10.1/24. You have that same IP on interface gigabit-eth 0/1 as secondary. This will cause conflicts, I'm kind of surprised that the configuration parser even allowed you to do this.

Your "Public" policy will deny everything including SIP to the box. This is likely your primary problem. You probably want to add "allow list self self" there. However, this will create some security holes which need to be fixed.

Your SIP-SERVER access-list first allows traffic from your SIP server (good) and then allows SIP from anywhere (not so good). Remove the second line.

You have a default route pointing to 1.1.1.2 and you have "ip default-gateway" pointing to 8.41.206.161. The "ip default-gateway" command is for layer-2 switches and the like without IP routing. Change your default route to "ip route 0.0.0.0 0.0.0.0 8.41.206.161" and remove the "ip default-gateway" command.

In addition, your dhcp pool "private" should have its default-router set to the inside address of the TA900 itself, 10.10.10.1, not your public gateway.

To close some security holes:

Fix the SIP-SERVER access-list to only allow the hostname or (preferably) IP address of the SIP server, it appears to be 198.58.40.228. This can be a standard access-list. You don't need to list ports and protocols. Then add the following command to the global configuration.

sip access-class ip SIP-SERVER in

Create a standard access-list with the IP addresses of your trusted management hosts. This can be the internal subnet as well as any outside addresses that need to get to the unit for management. Name this access-list "admin-access" (or similar).

Then restrict access as follows:

http ip access-class admin-access in

http ip secure-access-class admin-access in

line telnet 0 4

shutdown

ip access-class admin-access in

line ssh 0 4

login local-userlist

no shutdown

ip access-class admin-access in

Note that telnet is shut down in the above example as it is in your configuration. This is good, telnet sends everything in clear text.

Make these changes and re-test. If things still don't work we will need to look at some SIP and voice debugs.

Support
Community

908e no incoming call issue

Re: 908e no incoming call issue

Re: 908e no incoming call issue

Re: 908e no incoming call issue

Re: 908e no incoming call issue

SupportCommunity

908e no incoming call issue

Re: 908e no incoming call issue

Re: 908e no incoming call issue

Re: 908e no incoming call issue

Re: 908e no incoming call issue

Support
Community