Thank you for asking this question, as well as providing the configuration for reference. I think I can explain the symptoms you are experiencing as well as how to correct them. First, most likely, the device on the other end of the link is expecting a packet tagged with a certain VLAN. When you assign a port to a particular VLAN, the VLAN tag does not get inserted until it traverses a trunk.
Therefore, in this application, you will have to configure the link as a trunk port, so the VLAN tag will be inserted and sent to the upstream connection. The traffic from VLAN 1 (the native VLAN) will be NAT'ed to the IP address assigned to VLAN 1003 and tagged with the VLAN ID of 1003 (not VLAN 1), when it is destined to be sent out the "Public" policy-class interface (switchport 0/1 in your configuration).
I hope that makes sense, but please do not hesitate to reply to this post with additional information or questions. I will be happy to help in any way I can.
I am not quite understanding exactly how to resolve this. Here is what was happening. We are installing 2 3120s with the same config as above but with different vlans. When I leave switchport 1 as trunk on these I will sometimes get dhcp from the remote one and not mine because vlan 1 apparently is all tied together now. How are you saying that I can keep vlan 1 traffic inside the 3120 when I set switchport 1 to trunk? If we need to get on a call about this I would like to do that this afternoon. I opened a tt up as well.
If I understand your application properly, then there are a few ways to make it work. What is happening is the DHCP broadcast traffic on the WAN is being allowed through the ISPs Layer 2 switch, and forwarded to the ADTRAN, which is incorrect. That traffic should be blocked by the ISP and never received by the ADTRAN on the trunk port. You can get around this by either having the ISP prevent this traffic from traversing the trunk port, or you can prevent it on the Layer 2 portion of the ADTRAN's configuration.
To prevent this traffic on the ADTRAN, do the following on the trunk port:
1.) Allow the LAN VLAN to be sent out the trunk port.
2.) Create a unused VLAN as the native VLAN on the trunk (this will prevent the default native VLAN 1 from being allowed out the trunk port for Layer 2 traffic (this does not affect routed traffic, as described in my previous post)).
interface switchport 0/1
switchport mode trunk
switchport trunk native vlan <RANDOM VLAN ID NOT IN USE>
switchport trunk allowed vlan 1003
Again, this traffic should be prevented on the ISP side, but it can be resolved in the ADTRAN as well. I hope this makes sense, but let me know if you have any further questions.
I marked this post as "assumed answered," but if you have additional questions on this topic, please do not hesitate to reply.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.