3 Replies Latest reply on Feb 20, 2014 10:00 AM by ctltech

    Need To Setup Two WAN Connections NetVanta 3448

    ctltech New Member

      This should be simple, but I am spinning my wheels. I have a customer that has a 3448 that has three VLAN's configured. Two need to go out the primary route and one needs to go out over the DSL connection. I know I should be able to accomplish this using Policy Based Routing, but none of the examples in the documentation match what I am trying to accomplish. Any help would be appreciated.

        • Re: Need To Setup Two WAN Connections NetVanta 3448
          petersjncv Visitor

          I believe your config should look something like this.  Substitute the correct IP addressing where appropriate, of course.  I also am assuming that you intend to NAT out your 3448, but if not you can ignore the firewall policies and just substitute the public IPs of your connections into each ACL and route map where appropriate. 

           

          interface eth 0/1

            description WAN1

            ip address  WAN.1.IP.Address  255.255.255.xxx

            ip access-policy Public1

            no shutdown

          !

          !

          interface eth 0/2

            description WAN to DSL

            ip address  DSL.WAN.IP.Address  255.255.255.xxx

            ip access-policy Public_DSL

            no shutdown

           

           

          interface vlan 10

            description Customer LAN

            ip address  192.168.1.1  255.255.255.0

            ip policy route-map VLAN10_OUT

            ip access-policy Private

            no shutdown

          !

          interface vlan 20

            description IAD for Voice

            ip address  192.168.2.1  255.255.255.0

            ip policy route-map VLAN20_OUT

            ip access-policy Private

            no shutdown

          !

          interface vlan 30

            description IAD for Voice

            ip address  192.168.3.1  255.255.255.0

            ip policy route-map VLAN30_OUT

            ip access-policy Private_DSL

            no shutdown

          !

          route-map VLAN10_OUT permit 20

            match ip address LAN1

            set ip next-hop "gw.add.WAN.1"

            set interface null 0

          route-map VLAN20_OUT permit 20

            match ip address LAN_2

            set ip next-hop "gw.add.WAN.1"

            set interface null 0

          route-map VLAN30_OUT permit 20

            match ip address LAN_3

            set ip next-hop "gw.add.WAN.2"

            set interface null 0

          !

          !

          ip access-list extended LAN_1

            permit ip 192.168.1.0 0.0.0.255  any

          !

          ip access-list extended LAN_2

            permit ip 192.168.2.0 0.0.0.255  any

          !

          ip access-list extended LAN_3

            permit ip 192.168.3.0 0.0.0.255  any

          !

          ip policy-class Private1

            allow list self self

            nat source list LAN_1 address WAN.1.IP.Address overload policy Public1

          !

          ip policy-class Private1

            allow list self self

            nat source list LAN_2 address WAN.1.IP.Address overload policy Public1

          !

          ip policy-class Private_DSL

            allow list self self

            nat source list LAN_3 address DSL.WAN.IP.Address overload policy Public_DSL

           

           

          You will still need to have your default route built on the router.  If you intend to initiate traffic from a particular interface out to the internet, you may also need to build a PBR for anything originating from the none default route interface. 

           

          Also, another approach that may work would be to build the route maps into the same policy and apply that policy as the local route map policy to the router.  Would save you the trouble of applying a separate map to each interface, although I like to keep certain config pieces as separate as possible.

           

          Hope this helps.

          • Re: Need To Setup Two WAN Connections NetVanta 3448
            aaron_integra New Member

            I would suggest using VRF's to accomplish what you want to do. I have implemented it on several occasions and it works great.

             

            https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/1652-102-8-8245/Configuring%20Multi-VRF%20in%20AOS.pdf

            • Re: Need To Setup Two WAN Connections NetVanta 3448
              ctltech New Member

              Thanks for the replies. I've got a config working now.

               

              Building configuration...

              !

              !

              ! ADTRAN, Inc. OS version R10.9.2

              ! Boot ROM version 13.03.00.SB

              ! Platform: NetVanta 3448, part number 1200821E1

              ! Serial number LBADTN1326FQ168

              !

              !

              hostname "XXXX-ROUTER"

              enable password encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

              !

              clock timezone -6-Central-Time

              !

              ip subnet-zero

              ip classless

              ip routing

              ipv6 unicast-routing

              !

              !

              name-server 205.171.203.226 205.171.2.226

              !

              !

              no auto-config

              auto-config authname adtran encrypted password xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

              !

              event-history on

              no logging forwarding

              no logging console

              no logging email

              !

              service password-encryption

              !

              username "xxxxxxx" password encrypted "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

              !

              !

              ip firewall

              no ip firewall alg msn

              no ip firewall alg mszone

              no ip firewall alg h323

              !

              !

              !

              !

              !

              !     

              !

              !

              !

              !

              !

              dot11ap access-point-control

              !

              !

              !

              !

              !

              !

              !

              ip dhcp excluded-address 10.10.10.1 10.10.10.99

              ip dhcp excluded-address 10.10.10.200 10.10.10.254

              ip dhcp excluded-address 192.168.254.1 192.168.254.50

              ip dhcp excluded-address 192.168.254.150 192.168.254.254

              ip dhcp excluded-address 192.168.110.1 192.168.110.50

              ip dhcp excluded-address 192.168.110.150 192.168.110.254

              !

              ip dhcp pool "Management"

                network 10.10.10.0 255.255.255.0

                domain-name "centurylink.com"

                dns-server 205.171.203.226 205.171.2.226

                default-router 10.10.10.254

              !

              ip dhcp pool "LAN"

                network 192.168.254.0 255.255.255.0

                domain-name "xxxx.org"

                dns-server 205.171.203.226 205.171.2.226

                default-router 192.168.254.254

              !

              ip dhcp pool "Guest-Wireless"

                network 192.168.110.0 255.255.255.0

                domain-name "centurylink.com"

                dns-server 205.171.203.226 205.171.2.226

                default-router 192.168.110.254

              !

              !

              !

              !

              !

              !

              !

              !

              !     

              !

              !

              !

              vlan 1

                name "Default"

              !

              vlan 10

                name "Management"

              !

              vlan 101

                name "LAN"

              !

              vlan 110

                name "Guest-Wireless"

              !

              !

              !

              no ethernet cfm

              !

              interface eth 0/1

                description METRO Ethernet Circuit xx.xxxx.xxxxxx..xxxx

                speed 100

                ip address  xxx.xxx.xxx.xxx  255.255.255.248

                ip address range  xxx.xxx.xxx.xxx  xxx.xxx.xxx.xxx  255.255.255.248  secondary

                ip access-policy Public

                no shutdown

              !

              !

              interface eth 0/2

                description DSL for Guest network

                ip address  <DSL IP>  255.255.255.128

                ip access-policy Public

                no shutdown

              !

              !

              !

              interface switchport 0/1

                description link to customer LAN

                spanning-tree edgeport

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 101

              !

              interface switchport 0/2

                description link to customer WAP

                spanning-tree edgeport

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 10

              !

              interface switchport 0/3

                no shutdown

              !

              interface switchport 0/4

                shutdown

              !

              interface switchport 0/5

                shutdown

              !

              interface switchport 0/6

                shutdown

              !

              interface switchport 0/7

                shutdown

              !

              interface switchport 0/8

                description Management

                spanning-tree edgeport

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 10

              !

              !

              !

              interface vlan 1

                no ip address

                shutdown

              !

              interface vlan 10

                description Management

                ip address  10.10.10.254  255.255.255.0

                ip access-policy Private

                no shutdown

              !

              interface vlan 101

                description LAN

                ip address  192.168.254.254  255.255.255.0

                ip access-policy Private

                no shutdown

              !

              interface vlan 110

                description Guest-Wireless

                ip address  192.168.110.254  255.255.255.0

                ip policy route-map Guest

                ip access-policy Private

                no shutdown

              !

              !

              interface dot11ap 1 ap-type nv16x

                access-point mac-address xx:xx:xx:xx:xx:xx

                name XXXX

                ip address 10.10.10.2 255.255.255.0

                ip default-gateway 10.10.10.254

                encapsulation 802.1q awcp-vlan 10 native priority 7

              !

              !

              interface dot11ap 1/1 radio-type 802.11bg

                no shutdown

              !

              !

              interface dot11ap 1/1.1

                description XXXX-Secure

                vlan-id 101

                ssid broadcast-mode "XXXX-Secure"

                security mode wpa tkip aes-ccmp psk xxxxxxxx

                no shutdown

              !

              interface dot11ap 1/1.2

                description XXXX-Guest

                vlan-id 110

                ssid broadcast-mode "XXXX-Guest"

                security mode wpa tkip aes-ccmp psk xxxxxxxx

                no shutdown

              !

              !

              interface dot11ap 1/2 radio-type 802.11a

                shutdown

              !

              !

              !

              !

              !

              route-map Guest permit 10

                match ip address Guest-Wireless

                set ip next-hop <DSL Gateway>

                set interface eth 0/2

              !

              !     

              !

              !

              ip access-list extended Guest-Wireless

                permit ip 192.168.110.0 0.0.0.255  any     log

              !

              ip access-list extended LAN

                permit ip 192.168.254.0 0.0.0.255  any     log

              !

              ip access-list extended Management

                permit ip 10.10.10.0 0.0.0.255  any     log

              !

              ip access-list extended remote-access

                permit tcp any  any eq ssh   log

                permit icmp any  any  echo   log

              !

              ip access-list extended self

                remark Traffic to NetVanta

                permit ip any  any     log

              !

              !

              !

              !

              ip policy-class Private

                allow list self self

                nat source list Management address xxx.xxx.xxx.xxx overload

                nat source list LAN address xxx.xxx.xxx.xxx overload

                nat source list Guest-Wireless address <DSL IP> overload

              !

              ip policy-class Public

                allow list remote-access

              !

              !

              !

              ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

              !

              no tftp server

              no tftp server overwrite

              no http server

              no http secure-server

              no snmp agent

              no ip ftp server

              ip ftp server default-filesystem flash

              no ip scp server

              no ip sntp server

              !

              !     

              !

              !

              !

              !

              !

              !

              !

              sip udp 5060

              sip tcp 5060

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !     

              !

              !

              !

              !

              !

              !

              line con 0

                login local-userlist

              !

              line telnet 0 4

                no login

                shutdown

              line ssh 0 4

                login local-userlist

                no shutdown

              !

              !

              ntp server pool.ntp.org prefer

              !

              !

              !

              !

              !     

              end