5 Replies Latest reply on Jun 30, 2015 12:05 PM by noor

    Netvanta 3448 routing and port setup

    rsobelman New Member

      I have a Netvanta 3448 that was installed and configured by my ISP. ETH 0/2 connects to my VOIP system. I don't want to affect or change anything on that VOIP side.There is no firewall, polices or security zones on the Adtran. I don't have control or access to the VOIP side. What I would like to do is connect my firewall (SonicWall) to one of the 8 ethernet switch ports and have my firewall route traffic to the Adtran if my primary internet line goes down.

       

      Can I configure one of the 8 ethernet ports to route traffic out ETH0/1 without changing any configuration on ETH0/2 (pretty sure this part is simple)?

      Can I configure the Adtran to route any incoming traffic destined for 1 or more specific public IP addresses to a specific ethernet port, again without affecting or changing anything on ETH0/2?

        • Re: Netvanta 3448 routing and port setup
          rsobelman New Member

          No suggestions?

            • Re: Netvanta 3448 routing and port setup
              Employee

              Robert,

               

              Thanks for posting your question on the forum!

               

              First off, I may be able to provide better details if I could look at your configuration. If you don't mind, could you post it to this thread and please remember to remove any sensitive information.


              Second, could you clarify whether the Sonicwall routing traffic to the Adtran is the same traffic you want to go out eth 0/1?

               

              If yes, the easiest way to setup the Sonicwall to go into one of the ethernet switchports and be routed out eth 0/1 is to do the following:


              - Set up a VLAN interface and assign the VLAN to the switchport on the NetVanta you would like to plug the Sonicwall into.

              - Create a route-map that routes traffic out eth 0/1 and assign it to the VLAN interface. Configuring Policy Based Routing in AOS


              Regarding the last question about routing incoming traffic, the NetVanta cannot control which WAN interface a traffic will ingress from. This is dependent on the ISP routing setup and will more than likely require a multihoming setup. If you are referring to controlling the interface which LAN interface traffic will egress from, this is dependent on the NetVanta route table.


              Please do not hesitate to let us know if you have any further questions. Thanks.


              Sincerely,

              Noor

                • Re: Netvanta 3448 routing and port setup
                  rsobelman New Member

                  Thanks Noor. Yes, I want the sonicwall to route traffic out through eth 0/1 and not affect anything coming from eth 0/2. My config is posted below. Switchport 5 is where the sonicwall would be connected (though it could be any switchport 1-8). I don't have it connected now, so the VLAN5 and other related settings could be ignored.

                   

                  Thanks for taking a look at this.

                   

                  !

                  ! ADTRAN, Inc. OS version 18.03.01.00

                  ! Boot ROM version 13.03.00.SB

                  ! Platform: NetVanta 3448, part number 1200821E1

                  ! Serial number LBADTNxxx

                  !

                  hostname "20450736"

                  enable password encrypted

                  !

                  clock timezone -5-Eastern-Time

                  !

                  ip subnet-zero

                  ip classless

                  ip routing

                  ipv6 unicast-routing

                  !

                  name-server 198.6.100.125 198.6.1.60

                  !

                  no auto-config

                  !

                  event-history on

                  no logging forwarding

                  no logging console

                  no logging email

                  !

                  service password-encryption

                  !

                  username xxx password encrypted xxx

                  !

                  no ip firewall alg msn

                  no ip firewall alg mszone

                  no ip firewall alg h323

                  !

                  no dot11ap access-point-control

                  !

                  vlan 1

                    name "Default"

                  !

                  vlan 5

                    name "CogentData"

                  !

                  no ethernet cfm

                  !

                  interface eth 0/1

                    description To Verizon

                    speed 100

                    ip address  157.xx.xx.66  255.255.255.252

                    no shutdown

                  !

                  interface eth 0/2  description To Local LAN

                    ip address  65.xx.xx.9  255.255.255.248

                    no awcp

                    no shutdown

                  !

                  interface switchport 0/1

                    no shutdown

                  !

                  interface switchport 0/2

                    shutdown

                  !

                  interface switchport 0/3

                    no shutdown

                  !

                  interface switchport 0/4

                    no shutdown

                  !

                  interface switchport 0/5

                    description Cogent Failover

                    spanning-tree edgeport

                    no shutdown

                    switchport access vlan 5

                    switchport voice vlan 5

                    qos default-cos 5

                  !

                  interface switchport 0/6

                    no shutdown

                  !

                  interface switchport 0/7

                    no shutdown

                  !

                  interface switchport 0/8

                    no shutdown

                  !

                  interface vlan 5

                    description CogentVLAN

                    ip address  10.10.200.1  255.255.255.0

                    ip mtu 1500

                    shutdown

                  !

                  !

                  ip access-list standard Star2Star

                    permit host 199.xx.xx.143 log

                    permit hostname sna.xxx.com log

                  !

                  ip access-list extended web-acl-2

                    remark starallowpolicy

                    permit ip host 199.xx.xx.143  65.xx.xx.8 0.0.0.7   

                  !

                  ip policy-class Star2Star

                    allow list web-acl-2 stateless

                  !

                  !

                  ip route 0.0.0.0 0.0.0.0 157.xx.xx.65

                  !

                  no tftp server

                  no tftp server overwrite

                  no http server

                  http session-limit 2

                  http secure-server

                  no snmp agent

                  no ip ftp server

                  ip ftp server default-filesystem flash

                  no ip scp server

                  no ip sntp server

                  !

                  !

                  ip sip udp 5060

                  ip sip tcp 5060

                  !

                  !

                  line con 0

                    login

                    password encrypted

                  !

                  line telnet 0 4

                    login

                    password encrypted

                    line-timeout 30

                    no shutdown

                  line ssh 0 4

                    login local-userlist

                    no shutdown

                  !

                  !

                  end

                    • Re: Netvanta 3448 routing and port setup
                      Employee

                      Robert,

                       

                      Based on the configuration, the default route is already pointing out eth 0/1. Also, it appears that the VLAN 5 is configured correctly for the Sonicwall to plug into swx 0/5. It just needs to be enabled. The only thing you are missing is a NAT policy for your VLAN 5 traffic to get out to the internet. The configuration would look something like this:

                       

                      ip access-list extended matchall

                          permit ip any any

                      !

                      ip policy-class sonicwall

                          allow list matchall self

                          nat source list matchall interface eth 0/1 overload

                      !

                      int vlan 5

                         access-policy sonicwall

                         no shutdown

                      !

                      ip firewall

                       

                      Please let us know if you have any questions.

                       

                      Thanks,

                      Noor

                        • Re: Netvanta 3448 routing and port setup
                          Employee

                          I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                           

                          Thanks,

                          Noor