cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dsiomtw
New Contributor II

Router is up/up but can't connect to Internet from LAN

Jump to solution

So as luck would have it my techie is on vacation and they just activated my new T1. I've managed to get the router configured, or so I thought, but I can't connect to the Internet from my LAN so I figure I must have a setting wrong somewhere. If someone could take a look at my config posted below and see what you think I'd REALLY appreciate it. I can ping, traceroute, etc. from the router just fine, and DHCP seems to be working as it's assigning an IP to my laptop, but I just can't connect from the laptop. Eventually I'd like to add my netgear wireless router behind the 3200, but for now I just have my laptop plugged directly into the single ethernet port on the back of the 3200 ...

Router#show run

Building configuration...

!

!

! ADTRAN, Inc. OS version 15.12.00

! Boot ROM version 12.02.00

! Platform: NetVanta 3200, part number 1202860L1

! Serial number LBADTN0651AF993

!

!

hostname "Router"

enable password ********

!

clock timezone -8

!

ip subnet-zero

ip classless

ip name-server 198.6.100.98 198.6.100.25

ip default-gateway 152.179.250.29

no ip routing

!

auto-config

!

event-history on

no logging forwarding

no logging email

logging email priority-level info

!

no service password-encryption

!

username "admin" password "********"

!

!

no ip firewall alg msn

no ip firewall alg h323

!

!

!

!

!

!

!

!

ip dhcp-server database local

ip dhcp-server excluded-address 192.168.1.1

ip dhcp-server excluded-address 192.168.1.197

!

ip dhcp-server pool "Office"

  network 192.168.1.0 255.255.255.0

  dns-server 198.6.100.98

  netbios-node-type h-node

  default-router 192.168.1.1

!

!

!

interface eth 0/1

  ip address  192.168.1.1  255.255.255.0

  no shutdown

!

!

!

!

interface t1 1/1

  tdm-group 1 timeslots 1-24 speed 64

  no shutdown

!

interface ppp 1

  ip address  152.179.250.30  255.255.255.252

  no shutdown

  cross-connect 1 t1 1/1 1 ppp 1

!

!

!

router rip

  version 2

!

!

!

!

!

!

!

no ip tftp server

no ip tftp server overwrite

ip http server

ip http secure-server

no ip snmp agent

no ip ftp server

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

line con 0

  login

  password adtran

!

line telnet 0 4

  login

  password ********

  line-timeout 30

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

end

Router#

0 Kudos
2 Solutions

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Your LAN addresses are private and can't directly route across the Internet.  You need to define access policies to NAT them to the public Internet address of the T1.  Add the following:

ip access-list standard self

  remark Traffic to Adtran

  permit any

ip access-list standard ics

  remark Internet Connection Sharing

  permit any

ip policy-class Public

  allow list self self

 

ip policy-class Private

  allow list self self

  nat source list ics interface ppp 1 overload

Then add the policies to the interfaces and enable the firewall.

interface ppp 1

  access-policy Public

interface eth 0/1

  access-policy Private

ip firewall

View solution in original post

0 Kudos
dsiomtw
New Contributor II

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Doh! Thanks so much for the detailed help I REALLY appreciate it.

Now that I have it working I'd like to add a wireless router to give me more ports and wireless access. Would I simply turn off DHCP on the adtran and turn on DHCP on my wireless router, or is there more that I would need to do?

View solution in original post

0 Kudos
8 Replies
jayh
Honored Contributor
Honored Contributor

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Your LAN addresses are private and can't directly route across the Internet.  You need to define access policies to NAT them to the public Internet address of the T1.  Add the following:

ip access-list standard self

  remark Traffic to Adtran

  permit any

ip access-list standard ics

  remark Internet Connection Sharing

  permit any

ip policy-class Public

  allow list self self

 

ip policy-class Private

  allow list self self

  nat source list ics interface ppp 1 overload

Then add the policies to the interfaces and enable the firewall.

interface ppp 1

  access-policy Public

interface eth 0/1

  access-policy Private

ip firewall

0 Kudos
dsiomtw
New Contributor II

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Doh! Thanks so much for the detailed help I REALLY appreciate it.

Now that I have it working I'd like to add a wireless router to give me more ports and wireless access. Would I simply turn off DHCP on the adtran and turn on DHCP on my wireless router, or is there more that I would need to do?

0 Kudos
jayh
Honored Contributor
Honored Contributor

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

dsiomtw wrote:



Now that I have it working I'd like to add a wireless router to give me more ports and wireless access. Would I simply turn off DHCP on the adtran and turn on DHCP on my wireless router, or is there more that I would need to do?



What I do is add a wireless access point instead of a router.  This allows wired and wireless devices on the LAN to share the same DHCP pool, avoids double NAT, and is cleaner IMHO.

What is weird is that consumer wireless routers are typically priced much lower than access points, most likely due to volume purchasing.  What often works is to get a wireless router, turn off DHCP on it, don't use its "Internet" or WAN port, and connect one of its LAN ports to the ethernet of the Adtran, effectively turning it into an access point and small ethernet switch.

dsiomtw
New Contributor II

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Thanks for the advice. I'll pickup a wireless access point as I definitely don't need to make this any more technical than it needs to be. I'm struggling to keep up as it is.


Last question for now if you have 2 more seconds...


I just noticed my adtran router is accessible via the web if you just type in the IP for my side of the circuit. I definitely don't want this. Any chance you know what I need to do to make my router inaccessible via the WAN?

jayh
Honored Contributor
Honored Contributor

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

dsiomtw wrote:





Last question for now if you have 2 more seconds...




I just noticed my adtran router is accessible via the web if you just type in the IP for my side of the circuit. I definitely don't want this. Any chance you know what I need to do to make my router inaccessible via the WAN?




Most secure and flexible:


ip access-list standard admin-access

  permit 192.168.1.0 0.0.0.255

http ip access-class admin-access in

http ip secure-access-class admin-access in

line telnet 0 4

   ip access-class admin-access in

line ssh 0 4

  ip access-class admin-access in

This allows you to allow specific outside hosts or networks to administer the device by modifying the admin-access list.

Alternatively, remove the line

    allow list self self

from the Public policy-class.  This can bite you later if you add a VPN or voice/dns/other proxy where sources on the Internet need to communicate with the Adtran itself but you don't want to allow remote administration.

Or do both.



dsiomtw
New Contributor II

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Thanks again for the reply. I was able to setup the ACL using the first 2 lines you gave, but couldn't get the rest to take. While in global config mode I get "unrecognized command" when I enter "http ip access-class admin-access in" for example. What am I doing wrong?

jayh
Honored Contributor
Honored Contributor

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

The command syntax has changed slightly as AOS has matured.  With the addition of IPv6, the "ip" keyword has been added or moved slightly in several places.  Try the following variants:

http access-class admin-access in


ip http access-class admin-access in


as well as for the secure-access-class command.

Typing a "?" at any point in configuration mode will give you all of the possible options.

dsiomtw
New Contributor II

Re: Router is up/up but can't connect to Internet from LAN

Jump to solution

Thanks a million, you rock.