Manualshelf

User manual

ManualsBrandsCradlepoint ManualsComputer equipmentCBA750B
12345678910
Configuring the ADTRAN Router ADTRAN Routers with CradlePoint CBA750B
8 Copyright © 2014 ADTRAN, Inc. 6AOSSG0011-42A
To configure policy classes and access lists for the primary and WAN failover connections, enter the
following commands at the specified command prompts:
(config)#ip access-list extended self
(config-ext-nacl)#permit ip any any
(config)#ip access-list extended AdminAccess
(config-ext-nacl)#permit tcp any any eq https log
(config-ext-nacl)#permit tcp any any eq ssh log
(config)#ip access-list extended NAT1
(config-ext-nacl)#permit ip any any
(config)#ip access-list extended NAT2
(config-ext-nacl)#permit ip any any
(config)#ip policy-class Public
(config-ext-nacl)#allow list AdminAccess
(config)#ip policy-class Public2
(config-ext-nacl)#allow list AdminAccess
(config)#ip policy-class Private
(config-ext-nacl)#allow list self self
(config-ext-nacl)#nat source list NAT1 interface eth 0/1 overload policy Public
(config-ext-nacl)#nat source list NAT2 interface eth 0/2 overload policy Public2
Step 5: Configure Fast NAT Failover
Enable Fast NAT failover mode to force the ADTRAN router to clear all current IPv4 firewall policy
sessions during failover. This allows the router to immediately send traffic to the failover interface.
Otherwise, the router tries to send traffic from existing allowed policy sessions out from the failed IP
address until the session times out, resulting in a loss of connectivity.
The IPv4 firewall must be enabled for fast NAT failover to be enabled. For more information
about configuring the firewall, refer to Configuring the Firewall (IPv4) in AOS available
from the ADTRAN support community at https://supportforums.adtran.com.
To enable fast NAT failover, enter the ip firewall fast-nat-failover command from the Global
Configuration mode:
(config)#ip firewall fast-nat-failover
Step 6: Configure the WAN Failover Interface to the CradlePoint CBA750B
Configure the Ethernet interface to the CradlePoint CBA750B to learn its IP address using DHCP, and
assign it an administrative distance greater than 1. The ADTRAN router will treat this learned route as a
secondary WAN connection, since the default distance for the primary WAN connection is 1. Additionally,
the Public2 ACP created in Step 4: Configure Policy Classes and Access Lists for Each WAN Connection
on page 7 should be assigned to the interface to allow only HTTPS and SSH traffic for ADTRAN router
management through the WAN failover interface.
The Public2 policy and all associated configurations are added as a best practice. Since the
IP address the AOS device receives from the 3G/4G network is not publicly accessible, it is
not required in most cases.