Blog of Cody Deluisio

Adtran n-Command AOS Configuration Templates

Adtran n-Command MSP is a true game changer for deploying and administering Adtran products quickly. While getting n-Command was a journey in itself, I had a difficult ordering process; it was very difficult to get any info from their sales team ( they never really returned any of my voicemails, inquiries or emails over ~18 months, and by the time I gave up and just ordered the VMware version it was backordered for about 7 weeks, I wasn’t particularly used to waiting almost 2 months for a license key. While I was hoping something cool came with it when it finally showed up; it was just a sticker on an out of date pamphlet on how to set it up, PS the default password isn’t what the guide states it is.

Luckily Adtran makes products that sell and speak for themselves so I do still love n-Command and think it is an awesome tool! You don’t often walk into Demarcs and see equipment that has been in service 20+ years that is still in service that isn’t Adtran.

One of the most useful tools I have found is the AOS Configuration Templates. Adtran does have a really good guide on setup; however, I thought they were a bit shy on showing how to put a lot of configuration details in. I’m going to show an example that gives plenty of details and looks more familiar if you are proficient in AOS. This isn’t a perfect config and isn’t any of the ones I use but it will show the syntax and usage and give you a great start to build upon. Also note, I showed both ways to insert a password below. Encrypted and not encrypted, they will be encrypted once on the device due to the service password encryption but in order to enter them in the field the password must be unencrypted unless if you know the password hash beforehand. To my knowledge Adtran passwords can only be hashed on an Adtran device. 

<?xml version="1.0" encoding="utf-8"?>
<aos-config-template>
<form id="info"><![CDATA[

Device Info...
Please enter service ID :<input id="hostname" type="text" maxlength="17"
restrict="."/>
WAN 1 SUBNET...
Please enter Main IP (ETH 0/1) : <input id="WAN1IP" type="text" />
Please enter Main Subnet Ex (255.255.255.0)(ETH 0/1) : <input id="WAN1SN" type="text" />
Please enter Main GW (ETH 0/1) : <input id="WAN1GW" type="text" />
WAN 2 SUBNET Do not change if 2 WANs do Not exist...
Please enter WAN 2 IP (ETH 0/2) : <input id="WAN2IP" type="text" value="DHCP" />
Please enter WAN 2 Ex (255.255.255.0)(ETH 0/2) : <input id="WAN2SN" type="text" allowblank=true />
Please enter WAN 2 GW (ETH 0/2) : <input id="WAN2GW" type="text" allowblank=true />
LAN SUBNET...
Please enter LAN IP (GIG ETH 0/1) : <input id="LAN1IP" type="text" value="192.168.1.1" />
Please enter Main Lan Subnet Ex (255.255.255.0)(GIG ETH 0/1) : <input id="LAN1SN" type="text" value="255.255.255.0" />
Device Role...
SIP USER:<input id="sipuser" type="text" maxlength="15" allowblank=true />
Please enter SIP password:<input id="sippassword" type="text" maxlength="15" restrict="A-Za-z0-9!$#\-_" allowblank=true />
Please enter Main Number E911:<input id="mainnumber" type="text" maxlength="15" restrict="A-Za-z0-9!$#\-_" allowblank=true />

]]></form>
<config><![CDATA[
hostname ${hostname}
!
enable password SECUREENABLE
!
username "admin" password "SUPERSECRET"
username "cody" password "MEGASECRET"
!
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
domain-proxy
name-server 8.8.8.8 1.1.1.1 
!
!
no auto-config
auto-config authname adtran encrypted password ajsehfkwlehfdkwqehdflkqweq;lqqo
!
event-history on
logging forwarding on
logging forwarding receiver-ip logs.yourdomain.com
no logging email
!
service password-encryption
!
!
banner motd ^
*************************************************************
*****   This is a PRIVATE NETWORK FACILITY        *****
***** You are attempting to access a RESTRICTED DEVICE. *****
***** Access to this device is restricted to authorized *****
***** personel only. All login attempts to this device  *****
***** are logged and monitored. Violators will be       *****
***** prosecuted to the fullest extent of the law!      *****
*****                                                   *****
*************************************************************^
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
ip route 0.0.0.0 0.0.0.0 ${WAN1GW} 10
!
no tftp server
no tftp server overwrite
no http server
no http secure-server
snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
!
!
!
sip
sip udp 5060
no sip tcp
!
!
!
voice feature-mode network
voice flashhook mode transparent
voice forward-mode network
!
!
!
!
!
!
!
!
voice dial-plan 2 long-distance 1-NXX-NXX-XXXX 
voice dial-plan 3 local NXX-NXX-XXXX 
!
!
!
!
voice codec-list TRUNK
  codec g711ulaw
  codec g729
!
!
voice trunk T01 type sip
  description "SIP TRUNK TO CLOUD "
  match dnis "9XX" replace ani ${mainnumber}
  sip-server primary sbc.yournetwork.com
  registrar primary ${hostname}
  registrar threshold percentage 50
  registrar max-concurrent-reg 1
  outbound-proxy primary sbc.yournetwork.com
  domain ${hostname}
  max-number-calls 23
  register pri auth-name ${sipuser} password ${sippassword}
  trust-domain
  grammar from host domain
  grammar to host domain
  authentication username ${sipuser} password ${sippassword}
  transfer-mode local
!
!
voice trunk T02 type isdn
  description "ISDN PRI"
  resource-selection circular descending
  caller-id-override number-inbound ${mainnumber} if-no-cpn
  caller-id-override emergency-outbound ${mainnumber} 
  connect isdn-group 1
  match dnis "NXX-XXX-XXXX" substitute "1-NXX-XXX-XXXX"
  match ani "1-NXX-NXX-XXXX" substitute "NXX-NXX-XXXX"
  modem-passthrough
  t38
  vad
  rtp delay-mode adaptive
  codec-list TRUNK
!
!
voice grouped-trunk SIP-UPSTREAM
  trunk T01
  accept $ cost 0
!
!
voice grouped-trunk PRI
  trunk T02
  accept $ cost 0
!
!
!
!
auto-link
auto-link server primary adtran.yourdomain.com
auto-link server secondary adtran2.yourdomain.com
!
interface eth 0/1
  ip address  $WAN1IP  $WAN1SN
  no shutdown
!
interface eth 0/2
  ip address  $WAN2IP $WAN2SN
  no shutdown
!
!
!
interface t1 0/1
  shutdown
!
interface t1 0/2
  shutdown
!
interface t1 0/3
  shutdown
!
interface t1 0/4
  description PRI TO PBX
  tdm-group 1 timeslots 1-24 speed 64
  no shutdown
!
!
interface pri 1
  isdn name-delivery
  connect t1 0/4 tdm-group 1
  digits-transferred 4 
  no shutdown
!
!
interface fxs 0/1
  no shutdown
!
interface fxs 0/2
  no shutdown
!
interface fxs 0/3
  no shutdown
!
interface fxs 0/4
  no shutdown
!
interface fxs 0/5
  no shutdown
!
interface fxs 0/6
  no shutdown
!
interface fxs 0/7
  no shutdown
!
interface fxs 0/8
  no shutdown
!
!
interface fxo 0/0
  no shutdown
!
!
isdn-group 1
  connect pri 1
!
ip rtp quality-monitoring
ip rtp quality-monitoring sip
!
ip rtp quality-monitoring reporter "Reporter1"
  collector auto-link
  no shutdown
!
line con 0
  login
  password encrypted ajskfjwoekjfwofjfwlejkf
!
line telnet 0 4
  line-timeout 60
  shutdown
line ssh 0 4
  login local-userlist
  line-timeout 60
  no shutdown
!
!
ntp server time.yourdomain.com prefer
]]></config>
</aos-config-template>

Now this config is for the Adtran 908 third generation, it is simple to add filters to filter this to device types or particular firmware versions. Data validation can also be added to the forms quite simply. I recommend implementing these features but the Adtran guide covers these quite well.

Now lets have a look at what the form looks like from the GUI. In my lab environment I will schedule a config job for a newly discovered device.

Notice that not all of the form is displayed at once, you will need to scroll down on the right to answer all of the questions.

When done filling out the form you would hit create and go through pushing a config job as you would any other job. On the next check in the device would have this config uploaded.

codydeluisio

,
,