3 Replies Latest reply on Mar 8, 2013 2:00 PM by david

    Multiple IP Address Configuration, NAT Help using a NV6355

    ta5000guy77 New Member

      Hello,

      I am trying to configure a NV6355 for Multiple IP Address usage. Let me explain what I am hoping to accomplish.

       

      1. Internet is coming in on a fiber connection, VLAN tagged 61. I am using an SFP module on GIG 0/2. The IP's are gateway: X.X.X.241, NV6355: X.X.X.242, the block is X.X.X.225 - X.X.X.230. All the IP's are on the same subnet.

      2. All the ports are set to trunked. VLAN 61 has been created and assigned the IP address X.X.X.242. An IP route 0.0.0.0 0.0.0.0 X.X.X.241 has been created, and internet access is present on all ports after running the firewall wizard.

      3. The block of IP addresses will be used on other public devices that will be plugged into the 6355. I can add the block as secondary IP address's on the VLAN interface, and ping them all. When I remove the block and add an IP to a public device, the ping times out.

       

      So I am hoping that there is a way to configure the 6355 for the routing of the block of IP address's to the public devices plugged into the unit. I have tried to configure encapsulation 802.1q and sub-interface on GIG 0/2, but get an error stating "could not perform operation."

      If there is not a method of doing this, can anyone recommend an Adtran router that will do this with a fiber connection?

       

      Thanks,

       

      Jack

       

      !

      !

      ! ADTRAN, Inc. OS version R10.5.0.E

      ! Boot ROM version A2.06.B1

      ! Platform: NetVanta 6355, part number 1200740E1

      ! Serial number ***************

      !

      !

      hostname "NV6355"

      enable password ********

      !

      !

      clock timezone -6-Central-Time

      !

      ip subnet-zero

      ip classless

      ip default-gateway 65.113.121.241

      ip routing

      ipv6 unicast-routing

      !

      !

      domain-proxy

      name-server 65.113.120.2 65.113.120.3

      !

      !

      no auto-config

      !

      event-history on

      no logging forwarding

      no logging email

      !

      no service password-encryption

      !

      username "admin" password "********"

      username "polycomftp" password "********"

      ip forward-protocol udp time

      ip forward-protocol udp nameserver

      ip forward-protocol udp tacacs

      ip forward-protocol udp tftp

      ip forward-protocol udp netbios-ns

      ip forward-protocol udp netbios-dgm

      !

      !

      ip firewall

      ip firewall stealth

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      !

      ip dhcp database local

      !

      ip dhcp pool "LAN_pool"

        network 10.10.10.0 255.255.255.0

        dns-server 10.10.10.1

        netbios-node-type h-node

        default-router 10.10.10.1

        tftp-server tftp://10.10.10.1

        ntp-server 10.10.10.1

        timezone-offset -6:00

        option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.20.1:/ADTRAN,FtpLogin=polycomftp,FtpPassword=********,Layer2Tagging=True,VlanID=2

      !

      ip dhcp pool "VoIP_pool"

        network 10.10.20.0 255.255.255.0

        dns-server 10.10.20.1

        netbios-node-type h-node

        default-router 10.10.20.1

        tftp-server tftp://10.10.20.1

        ntp-server 10.10.20.1

        timezone-offset -6:00

        option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.20.1:/ADTRAN,FtpLogin=polycomftp,FtpPassword=********,Layer2Tagging=True,VlanID=2

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      vlan 1

        name "Default"

      !

      vlan 61

        name "VLAN 61"

      !

      !

      interface eth 0/0

        ip address dhcp

        media-gateway ip primary

        no shutdown

        no lldp send-and-receive

      !

      !

      interface eth 0/1

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/2

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/3

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/4

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/5

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/6

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/7

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/8

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/9

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/10

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/11

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/12

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/13

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/14

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/15

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/16

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/17

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/18

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/19

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/20

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/21

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/22

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/23

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      interface eth 0/24

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport voice vlan 2

      !

      !

      !

      interface gigabit-eth 0/1

        no shutdown

        switchport mode trunk

      !

      !

      interface gigabit-eth 0/2

        no shutdown

        switchport mode trunk

      !

      !

      !

      !

      interface vlan 1

        ip address  10.10.10.1  255.255.255.0

        ip access-policy Private

        media-gateway ip primary

        no shutdown

      !

      interface vlan 61

        ip address  65.113.121.242  255.255.255.252

        ip mtu 1500

        ip helper-address  65.113.121.241

        ip access-policy Public

        media-gateway ip primary

        no awcp

        no shutdown

      !

      !

      interface fxs 0/1

        no shutdown

      !

      interface fxs 0/2

        no shutdown

      !

      !

      interface fxo 0/1

        no shutdown

      !

      interface fxo 0/2

        no shutdown

      !

      !

      !

      !

      !

      !

      !

      !

      ip access-list standard NAT

        remark Internet Connection Sharing

        permit any

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended Admin

        remark Admin Access

        permit tcp any  any eq https   log

        permit tcp any  any eq ssh   log

      !

      ip access-list extended InterVLAN

        remark Voice / Data VLAN Traffic

        permit ip 10.10.10.0 0.0.0.255  10.10.20.0 0.0.0.255   

        permit ip 10.10.20.0 0.0.0.255  10.10.10.0 0.0.0.255   

      !

      ip access-list extended self

        remark Traffic to NetVanta

        permit ip any  any     log

      !

      ip access-list extended SIP

        remark SIP Service Provider Traffic

        permit udp any  any eq 5060  

      !

      ip access-list extended web-acl-7

        permit tcp any  any eq telnet   log

        permit tcp any  any eq https   log

        permit icmp any  any  echo   log

      !

      ip access-list extended web-acl-8

        permit tcp any  any eq telnet   log

        permit tcp any  any eq https   log

        permit icmp any  any  echo   log

      !

      !

      !

      !

      ip policy-class Private

        allow list self self

        nat source list wizard-ics interface vlan 61 overload

        allow list web-acl-7 self

      !

      ip policy-class Public

        allow list web-acl-8 self

      !

      !

      !

      ip route 0.0.0.0 0.0.0.0 65.113.121.241

      !

      tftp server

      tftp server overwrite

      http server

      http secure-server

      no snmp agent

      ip ftp server

      ip ftp server default-filesystem flash

      no ip scp server

      ip sntp server

      ip sntp server send-unsynced

      !

      !

      !

      !

      !

      !

      !

      !

      !

      ip sip

      ip sip udp 5060

      no ip sip tcp

      !

      !

      !

      voice feature-mode network

      voice forward-mode network

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      ip sip proxy

      ip sip proxy transparent

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      line con 0

        no login

      !

      line telnet 0 4

        login local-userlist

        no shutdown

      line ssh 0 4

        login local-userlist

        no shutdown

      !

      sntp server time.nist.gov

      !

      !

      !

      !

      !

      !

      end

      NV6355#

        • Re: Multiple IP Address Configuration, NAT Help using a NV6355
          david Employee

          Ta5000guy77,

           

          Thanks for posting!  If I understand this correctly, it sounds like you have just a completely separate /29 subnet you can use.  Generally I would recommend that you create a new VLAN, VLAN 100 for example, and assign one public IP address from that range to the VLAN interface.  So at this point we have VLAN 100 created with IP address x.x.x.225.  Next, I would assign a few ethernet interfaces as access ports (not trunk ports) on VLAN 100.  For example, if you have three device which need public IP addresses, you could change ethernet ports 22,23, and 24 to access ports on VLAN 100.

           

          (config)#interface vlan 100

          (config-intf-vlan 100)#ip address x.x.x.225 255.255.255.248

          (config-intf-vlan 100)#no shutdown

          (config)#interface range eth 0/22-24

          (config-eth 0/22-24)#switchport mode access

          (config-eth 0/22-24)#switchport access vlan 100

           

          Now you should be able to give devices on those ports one of the available public IP addresses and set its default gateway to the Adtran unit's x.x.x.225 IP address.  Your next step will be to make sure the firewall is allowing traffic to and from this subnet.  The following guide goes over setting up a DMZ.

           

          Configuring a DMZ in AOS - Quick Configuration Guide

           

          If you have any further questions, feel free to add those questions to this thread.

           

          Thanks!

          David

          • Re: Multiple IP Address Configuration, NAT Help using a NV6355
            david Employee

            Ta5000guy77,

             

            I just wanted to check back in with you on this post.  Have you been able to find a solution?  Please let me know if you have more questions or need further assistance.

             

            Thanks!

            David

            • Re: Multiple IP Address Configuration, NAT Help using a NV6355
              david Employee

              Ta5000guy77,

               

              I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

               

              Thanks,

              David