I have a strange request from a customer. They are getting a block of 32 IP addresses routed from a static on a Metro Ethernet connection and they want the Adtran 3120 th Hand these out using DHCP over their wireless units. They want to use th 4 sw ports for the wireless AP's so I need to keep all 4 available, and use the eth 0/1 for the metro E connection coming in. They want NO NAT, or firewall. is this able to be done and please throw me some hints. I have been unsuccessful in programing the router to do this. Any ideas would be most helpful.
So you put the 4 switch ports and the eth0/1 interface in the same vlan (broadcast domain)? Created a DHCP pool for that subnet?
Yes that is what I origonally tried to do but was unable to make it work.
DId you ask them why they want this configuration? Sounds dangerous to me.
I agree with danb and I'm pretty curious why?
Did you apply the public security zone as well? If you post your config we'll try to help. Remember to take out any sensitive information...
I can actually give the answer as to why. They are a hotel and they use a secondary tech support (not us) for their guests when they have trouble. The tech support company would usually provide the internet as well but this being rural they are unable to provide the speeds needed. When they provide the internet access they do it through a circuit and everything is transparent between the guest and the tech support as it goes out to the internet. However since they are not the providor this time they want the same transparency when they have to help a guest with an internet trouble. That means the guest has to have a public address with no nat or firewall. I personally don't like this setup but I am not the one making the decisions. I will be out at the location again today and will pull a config and post it as soon as I can. Thank you so much for the replies.
I sure hope they know the risk and understand the liability of putting guest computers directly on the internet without any protection! I would resist being involved with this.
Configuring this without NAT concerns me less than the lack of a firewall to protect these users from uninitiated access to their PCs.
Just my 2 cents,
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.