Configuration While Ha Is Operational; Configuring Firewall Allowed Rules - AudioCodes Mediant 4000 SBC User Manual
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
CHAPTER 32 HA Configuration
●
●
Configuration while HA is Operational
When the devices are operating in HA state, subsequent configuration is as follows:
■
All configuration, including HA, is done on the active device only.
■
Non-HA configuration on the active device is automatically updated on the redundant device
(through the Maintenance interface).
■
HA-related configuration on the active device is automatically updated on the redundant
device:
●
Maintenance interface:
◆
◆
◆
●
'Preempt Mode' parameter.
●
'Preempt Priority' parameter is set for the active device.
●
Modified 'Redundant Preempt Priority' value is set for the redundant device.
If the HA system is already in HA Preempt mode and you want to change the priority of
the device, to ensure that system service is maintained and traffic is not disrupted, it is
recommended to set the higher priority to the redundant device and then reset it. After it
synchronizes with the active device, it initiates a switchover and becomes the new
active device (the former active device resets and becomes the new redundant device).
Configuring Firewall Allowed Rules
If you want to configure firewall rules (see
traffic, you must first configure firewall rules that allow traffic needed in your deployment.
Therefore, in addition to allowing basic traffic (such as OAMP, SIP signalling, and media), you must
also allow HA maintenance traffic between the Active and Redundant devices:
■
UDP ports 669, 670 and 680 (HA synchronization and keep alive)
■
TCP ports 2442 and 80 (HA control and data)
Please configure firewall rules 10 through 17, as shown below, where 10.31.4.61 is the IP address
of the Maintenance interface ("HA_IF") of the Redundant device and 10.31.4.62 the IP address of
the Maintenance interface ("HA_IF") of the Active device.
If the HA Preempt feature is enabled, the device with the highest priority becomes
the active unit. If the HA Preempt feature is not enabled, the first device to load the
file becomes the active unit, or if both load the file simultaneously, the device with
the "highest" IP address becomes the active unit.
When configuration is applied to the device whose MAC is the value of the
HARemoteMAC parameter, all HA configuration is swapped between local and
remote parameters, including the IP address of the Maintenance interface, which is
swapped with the address configured for the HARemoteAddress parameter.
Modified Maintenance interface address of the active device: The address is set as
the new 'HA Remote Address' value on the redundant device.
Modified 'HA Remote Address' value on the active device: The address is set as the
new Maintenance interface address on the redundant device (requires a device reset).
Modifications on all other Maintenance interface parameters (e.g., Default Gateway
and VLAN ID): updated to the Maintenance interface on the redundant device.
Configuring Firewall
Rules) that block specific network
- 641 -
Mediant 4000 SBC | User's Manual
Advertisement
Table of Contents
Troubleshooting
