3 Replies Latest reply on Apr 7, 2014 8:38 AM by levi

    Dual WAN/LAN configuration

    telarin New Member

      I currently have a NetVanta 1335P connected to an AT&T fiber Internet connection, this works fine.

      What I want to do is setup a second WAN connection connected to my Comcast business line. Eventually this will be setup as a failover connection, but for the time being, it will just be a second ISOLATED WAN connection that should only be accessible from a specific port on the NetVanta.

       

      The corportate LAN (VLAN2) should sent all traffic through the AT&T WAN (VLAN1) (this is configured and working).

      The test LAN (VLAN6) should send all traffic through the Comcast WAN (VLAN5) (this is what I am trying to setup).

       

      I have the following configuration setup now that is not working correctly:

      VLAN 5:

      Enabled

      Name: Comcast WAN

      Type: Static

      VLAN Interface: Enabled

      L3 Switching: Disabled

      AWCP: Disabled

      VLAN Interface Configuration: Enabled

      Interface Mode: IP Routing

      Address Type: Static

      IP Address: 173.11.200.73

      Subnet Mask: 255.255.255.248

       

      VLAN 6:

      Enabled

      Name: Comcast LAN

      Type: Static

      VLAN Interface: Enabled

      L3 Switch: Disabled

      AWCP: Disabled

      VLAN Interface Configuration: Enabled

      Interface Mode: IP Routing

      Address Type: Static

      IP Address: 172.16.2.1

      Subnet Mask: 255.255.255.0

       

      Ports:

      Port 10:

      Edge Mode: Disabled

      Membership: VLAN 5

       

      Port 11:

      Edge Mode: Disabled

      Membership: VLAN 6

       

      Route Table:

      Added static route 0.0.0.0 0.0.0.0 173.11.200.78 10

       

      Security Zones

       

      Interface: Comcast WAN

      Security Zone: Comcast WAN

      No Policies

       

      Interface: Comcast LAN

      Security Zone: Comcast LAN

      Policies:

      Description: Traffic To Netvanta

      Type: Advanced

      Action: Allow

      Destination: <Self Bound>

      Selectors:

      Permit any any any

       

      Description: Comcast NAT

      Type: Advanced

      Action: NAT

      Destination: <Any Security Zone>

      NAT Type: Source with Overloading

      NAT IP Address: Interface VLAN 5

      Selectors:

      Permit any any any

       

      If I connect a laptop to port 11, I receive an IP address in the 172.16.2.x subnet from the DHCP server as expected.

      I can ping Comcast's side of the VLAN 5 connection (173.11.200.78) successfully

      I cannot ping any other IP addresses beyond that IP.

      There is always the possibility that something is setup incorrectly on Comcast's end, but since this connection was working correctly until I had them switch their router to Bridge mode and connected it to the Adtran, I suspect the error is somewhere in my setup. Any pointers at this point would be very welcome.

        • Re: Dual WAN/LAN configuration
          jayh Hall_of_Fame

          The problem is that the default route is still going out to the other ISP.  Because you have one routing table, the default route will use one default route. 

           

          There are two ways to fix this in AOS, but I'm not sure if either or both are supported on the 1335P.

           

          Method one is to use a VRF (Virtual router forwarder), essentially a separate router with its own rules on the same platform. 

           

          In your main configuration add the following:

          ip vrf comcast route-distinguisher 100:100


          Then in your vlan 5 and vlan 6 configurations add the line:

          ip vrf forwarding comcast


          You'll probably have to re-enter the NAT and DHCP specifying the VRF.

           

           

          Method two is policy routing, where you create a policy route map applied to the inside interface specifying the next hop of the Comcast gateway.

          1 of 1 people found this helpful
          • Re: Dual WAN/LAN configuration
            Employee

            telarin - As jayh mentioned in the previous post, policy-based routing would probably be the way to go. You would need to set up a route-map and apply it to VLAN 6. This route-map would match traffic on vlan 6 and set its next-hop to the default gateway of the Comcast connection (vlan 5). The following guide explains how to set this up: Configuring Policy Based Routing in AOS

             

            Please do not hesitate to let us know if you have any questions.

             

            Thanks,

            Noor

            • Re: Dual WAN/LAN configuration
              levi Employee

              telarin:

               

              I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

              Thanks,

               

              Levi