cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
telarin
New Contributor

Dual WAN/LAN configuration

Jump to solution

I currently have a NetVanta 1335P connected to an AT&T fiber Internet connection, this works fine.

What I want to do is setup a second WAN connection connected to my Comcast business line. Eventually this will be setup as a failover connection, but for the time being, it will just be a second ISOLATED WAN connection that should only be accessible from a specific port on the NetVanta.

The corportate LAN (VLAN2) should sent all traffic through the AT&T WAN (VLAN1) (this is configured and working).

The test LAN (VLAN6) should send all traffic through the Comcast WAN (VLAN5) (this is what I am trying to setup).

I have the following configuration setup now that is not working correctly:

VLAN 5:

Enabled

Name: Comcast WAN

Type: Static

VLAN Interface: Enabled

L3 Switching: Disabled

AWCP: Disabled

VLAN Interface Configuration: Enabled

Interface Mode: IP Routing

Address Type: Static

IP Address: 173.11.200.73

Subnet Mask: 255.255.255.248

VLAN 6:

Enabled

Name: Comcast LAN

Type: Static

VLAN Interface: Enabled

L3 Switch: Disabled

AWCP: Disabled

VLAN Interface Configuration: Enabled

Interface Mode: IP Routing

Address Type: Static

IP Address: 172.16.2.1

Subnet Mask: 255.255.255.0

Ports:

Port 10:

Edge Mode: Disabled

Membership: VLAN 5

Port 11:

Edge Mode: Disabled

Membership: VLAN 6

Route Table:

Added static route 0.0.0.0 0.0.0.0 173.11.200.78 10

Security Zones

Interface: Comcast WAN

Security Zone: Comcast WAN

No Policies

Interface: Comcast LAN

Security Zone: Comcast LAN

Policies:

Description: Traffic To Netvanta

Type: Advanced

Action: Allow

Destination: <Self Bound>

Selectors:

Permit any any any

Description: Comcast NAT

Type: Advanced

Action: NAT

Destination: <Any Security Zone>

NAT Type: Source with Overloading

NAT IP Address: Interface VLAN 5

Selectors:

Permit any any any

If I connect a laptop to port 11, I receive an IP address in the 172.16.2.x subnet from the DHCP server as expected.

I can ping Comcast's side of the VLAN 5 connection (173.11.200.78) successfully

I cannot ping any other IP addresses beyond that IP.

There is always the possibility that something is setup incorrectly on Comcast's end, but since this connection was working correctly until I had them switch their router to Bridge mode and connected it to the Adtran, I suspect the error is somewhere in my setup. Any pointers at this point would be very welcome.

Labels (3)
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Dual WAN/LAN configuration

Jump to solution

- As mentioned in the previous post, policy-based routing would probably be the way to go. You would need to set up a route-map and apply it to VLAN 6. This route-map would match traffic on vlan 6 and set its next-hop to the default gateway of the Comcast connection (vlan 5). The following guide explains how to set this up:

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

View solution in original post

0 Kudos
3 Replies
jayh
Honored Contributor
Honored Contributor

Re: Dual WAN/LAN configuration

Jump to solution

The problem is that the default route is still going out to the other ISP.  Because you have one routing table, the default route will use one default route. 

There are two ways to fix this in AOS, but I'm not sure if either or both are supported on the 1335P.

Method one is to use a VRF (Virtual router forwarder), essentially a separate router with its own rules on the same platform. 

In your main configuration add the following:

ip vrf comcast route-distinguisher 100:100


Then in your vlan 5 and vlan 6 configurations add the line:

ip vrf forwarding comcast


You'll probably have to re-enter the NAT and DHCP specifying the VRF.

Method two is policy routing, where you create a policy route map applied to the inside interface specifying the next hop of the Comcast gateway.

Anonymous
Not applicable

Re: Dual WAN/LAN configuration

Jump to solution

- As mentioned in the previous post, policy-based routing would probably be the way to go. You would need to set up a route-map and apply it to VLAN 6. This route-map would match traffic on vlan 6 and set its next-hop to the default gateway of the Comcast connection (vlan 5). The following guide explains how to set this up:

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

0 Kudos
Anonymous
Not applicable

Re: Dual WAN/LAN configuration

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi