cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
acl
New Contributor

1224str to act strictly as a L2 switch how to?

Jump to solution

Hello All,

I have a 1224str pwr switch with several vlans uplinking to cisco router. Yes, I know the adtran I have can act as a firewall/router. The Cisco (Meraki) is an addon. We didn't see the need to replace the Adtran as it is a managed poe device. The problem I have is that it still seems to need ip interfaces defined in order to pass traffic. The uplink ports on the Cisco and the Adtran are defined as trunk ports and have the data vlan (10) set as native. The Adtran however is interfereing with the router in that the switch is doing inter vlan router in spite of configuring the Cisco router to retrict the traffc.

How can I make the adtran to stop acting as a L3 device? The following commands are in the config (partial sample not revealing vlans)  Any suggestions?

ip subnet-zero

ip classless

no ip routing

no auto-config

ip forward-protocol udp time

ip forward-protocol udp nameserver

ip forward-protocol udp tacacs

ip forward-protocol udp tftp

ip forward-protocol udp netbios-ns

ip forward-protocol udp netbios-dgm

ip policy-timeout udp all-ports 300

no ip firewall alg ftp

no ip firewall alg msn

no ip firewall alg pptp

no ip firewall alg h323

no ip firewall alg sip

Labels (1)
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: 1224str to act strictly as a L2 switch how to?

Jump to solution

"no ip routing" should do it and just work. I'd also turn off the "ip forward-protocol" and just go to a straight "no ip firewall".  In essence, no-out all IP statements other than the one where you apply an address to the management VLAN and "ip default-gateway" pointing to the upstream router for management.

The only need for any ip configuration on a layer-2 switch is for the ability to connect to it and manage it via SSH / telnet / http(s).

View solution in original post

0 Kudos
2 Replies
jayh
Honored Contributor
Honored Contributor

Re: 1224str to act strictly as a L2 switch how to?

Jump to solution

"no ip routing" should do it and just work. I'd also turn off the "ip forward-protocol" and just go to a straight "no ip firewall".  In essence, no-out all IP statements other than the one where you apply an address to the management VLAN and "ip default-gateway" pointing to the upstream router for management.

The only need for any ip configuration on a layer-2 switch is for the ability to connect to it and manage it via SSH / telnet / http(s).

View solution in original post

0 Kudos
Anonymous
Not applicable

Re: 1224str to act strictly as a L2 switch how to?

Jump to solution

acl:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it, and select another in its place, with the applicable buttons. 

Thanks,

Levi