Avaya gateway (G450) help needed?

[biglebowski]

I've built a small home lab consisting of (5x licences)

SMGR v8.1
ACM v8.1
ASM v8.1
SBCE v8.1

All the main elements are ok and talking but the G450 will not register with the CM, it's a G450 off ebay so assume I need to install a ID cert but not sure how, can anyone help?

 

[avayaguy23]

Post your media gateway config on CM along with a show run on your media gateway.

 

[Sean655]

The mgc list in the G450 needs to have the IP of CM, it could be that simple.

 

[kyle555]

And the serial number of the gateway has to be in the media gateway form too. Could be that simple too.

 

[biglebowski]

Think I'd already done all of that

G450-???(super)# show running-config

! version 39.27.0
Config info release 39.27.0 time "13:05:25 20 MAR 2023 " serial_number 15OL46690685
 !
encrypted-username lbFd8dPfuVwyFeAGlVYVnw== password rtjtQJm9Sf75oumtRvUZivN9KY8MLJxDm0+wTraac+g= access-type Do2t6hK+P0dxaD1JVD2Whg==
no ip telnet
set vlan 115 name "V115"
set port vlan 115 10/5
set port vlan 115 10/6
!
ds-mode t1
!
interface Vlan 1
 exit
!
interface Vlan 115
 icc-vlan
 ip address 172.16.115.8    255.255.255.192
 pmi
 exit
!
interface FastEthernet 10/3
 exit
!
interface FastEthernet 10/4
 exit
!
interface Console
 exit
!
interface USB-Modem
 description "Default Modem Setup"
 timeout absolute 10
 ppp authentication ras
 no shutdown
 ip address 10.3.248.253    255.255.255.252
 exit
! Avaya Login Confirmation Received.
EASGManage disableEASG
product-id 91bbd4a89c4e99f0a6af93c479b5a262
!
set logging file enable
set logging file condition all Error
set logging file condition BOOT Debug
!
no snmp-server community
!
ip default-gateway 172.16.115.62   1 low
!
set mgc list 172.16.115.11
set mediaserver 172.16.115.11 172.16.115.11 23 telnet
set mediaserver 172.16.115.11 172.16.115.11 5023 sat
rtp-stat qos-trap
no rtp-stat fault
set link-encryption h248reg tls1.1 yes
set link-encryption h248reg tls1.0 yes
!#
!# End of configuration file. Press Enter to continue.

 

[biglebowski]

When I look at the gateway alarms it says:

CURRENTLY ACTIVE FAULTS
--------------------------------------------------------------------------
-- Hardware Faults --
        + MGP power warning, 03/20-13:19:02.00

-- MGP Faults --
        + Registration failure, 03/20-13:05:28.00
        + H248 registration failure, 03/20-13:05:17.00
        + H248 TLS Certificate Error, 03/20-13:19:01.00
          self signed certificate in certificate chain for "default"

Current Alarm Indications, ALM LED is on
--------------------------------------------------------------------------
        + H248 Link
        + AUX Power Warning
        + Registration Failed

and a list-trace shows TLS denial events:

Which is why I was thinking I need the SMGR root CA?

 

[biglebowski]

managed to SCP the root CA from SMGR to the G450 using the command

copy scp root-ca h248reg default.pem <scpserverIP>

now shows a root-ca when I do a "sh root-ca h248reg"

list trace is now saying:

 

[bignose21]

in CM link encryption is set to none but looks like you want to use TLS on the MG settings

 

[Sean655]

Would having the Link Encryption set to 'none' on the media gateway form in CM matter?
Maybe try changing that or set link encryption to unencrypted in the gateway and work forward.

 

[biglebowski]

from what I've read it uses the root CA to register via TLS but normal communication can be none

link-encryption h248reg is set to "all yes"

Have tried all the options but no joy.

Thought it was a naming issue as the node-name didn't match the name in the gateway config or G450 hostname but have made them all match and still no luck

 

[biglebowski]

Got it working

The serial number in the running config is not the same as the one in show system

Changed the ser in the CM gateway config to match that in the sh sys and it connected straight away.