6 Replies Latest reply on Aug 23, 2013 6:27 PM by toddm

    Metro Ethernet with Advanta 3430 router

    toddm New Member

      3430
      All:

       

           I have a customer who is changing internet services from a private MPLS network through their provider to a Metro Ethernet connection. The issue I am having is configuring the 3430 1st GEN  SW 17.08.02.00 (will upgrade soon) to allow subnet traffic. The customer currently has 5 locations.

       

           Main:             192.168.0.xxx

           Remote 1:     192.169.2.xxx

           and so on.

       

           I have the 3430 configured eth 0/1 on the local subnet 192.168.2.10 with DHCP (this is working), I have the Metro-E link assigned to eth 0/2 on 192.168.0.100 (this will direct connect to the main location). While I can ping across and talk from the .2 subnet to the main .0 network, I can not send traffic the other way .0 to .2. I have tried assigning static routes, as well as the firewall ACL suggestion in the discussion on "LAN to LAN routing" to no avail. Any help would be much appreciated.

        • Re: Metro Ethernet with Advanta 3430 router
          vmaxdawg05 Past_Featured_Member

          Can you drop your config file (minus sensitive info) into this thread? 

            • Re: Metro Ethernet with Advanta 3430 router
              toddm New Member

              Here is the .cfg, it is very basic, all log ins are default. Again, eth 0/1 is set to 192.168.2.10 /24  eth 0/2 is set to 192.168.0.100 /24. I can pass traffic from the .2.xxx side to the .0.xxx side, but not the other way.

                • Re: Metro Ethernet with Advanta 3430 router
                  vmaxdawg05 Past_Featured_Member

                  Looking at the config file, ETH 0/2 is in the Public policy class.  That policy class has nothing in it, and therefore will implicitly deny all traffic accessing the router on ETH 0/2..

                  If devices on the other end of the metroE (a branch office, etc.), then you would need to allow the remote network to access the addresses on the 192.168.2.x network in the Private policy. 

                  1 of 1 people found this helpful
                    • Re: Metro Ethernet with Advanta 3430 router
                      toddm New Member

                      One step closer to a solution. I added the any to any rule to the Public COS and I can now receive ping responses from the eth 0/1 interface, but not beyond. The AOS documentation stated that the firewall rules were not needed in a LAN to LAN configuration, but this is still not working. I am sure that I am missing something very simple, but can not seem to figure it out.

                        • Re: Metro Ethernet with Advanta 3430 router
                          jayh Hall_of_Fame

                          First issue:  Your default route points to the eth 0/2 interface of the router itself. It should point to the IP address of the interface of the main site connected to the metro-e.

                           

                          Assuming that the main site has 192.168.0.1 connected to its metro-ethernet, then:

                           

                          no ip route 0.0.0.0 0.0.0.0 192.168.0.100

                          ip route 0.0.0.0 0.0.0.0 192.168.0.1

                           

                          Add the command "no ip firewall" to disable the firewall.

                           

                          On the main site, add a static route to your local LAN along the lines of:

                           

                          ip route 192.168.2.0 255.255.255.0 192.168.0.100

                           

                          More scalable and full mesh - add a new subnet for solely the metro ethernet, use statics at each site to all other sites, or better a dynamic routing protocol such as ospf.