cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
toddm
New Contributor

Metro Ethernet with Advanta 3430 router

Jump to solution

3430
All:

     I have a customer who is changing internet services from a private MPLS network through their provider to a Metro Ethernet connection. The issue I am having is configuring the 3430 1st GEN  SW 17.08.02.00 (will upgrade soon) to allow subnet traffic. The customer currently has 5 locations.

     Main:             192.168.0.xxx

     Remote 1:     192.169.2.xxx

     and so on.

     I have the 3430 configured eth 0/1 on the local subnet 192.168.2.10 with DHCP (this is working), I have the Metro-E link assigned to eth 0/2 on 192.168.0.100 (this will direct connect to the main location). While I can ping across and talk from the .2 subnet to the main .0 network, I can not send traffic the other way .0 to .2. I have tried assigning static routes, as well as the firewall ACL suggestion in the discussion on "LAN to LAN routing" to no avail. Any help would be much appreciated.

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

First issue:  Your default route points to the eth 0/2 interface of the router itself. It should point to the IP address of the interface of the main site connected to the metro-e.

Assuming that the main site has 192.168.0.1 connected to its metro-ethernet, then:

no ip route 0.0.0.0 0.0.0.0 192.168.0.100

ip route 0.0.0.0 0.0.0.0 192.168.0.1

Add the command "no ip firewall" to disable the firewall.

On the main site, add a static route to your local LAN along the lines of:

ip route 192.168.2.0 255.255.255.0 192.168.0.100

More scalable and full mesh - add a new subnet for solely the metro ethernet, use statics at each site to all other sites, or better a dynamic routing protocol such as ospf.

View solution in original post

0 Kudos
6 Replies
Anonymous
Not applicable

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

Can you drop your config file (minus sensitive info) into this thread? 

toddm
New Contributor

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

Here is the .cfg, it is very basic, all log ins are default. Again, eth 0/1 is set to 192.168.2.10 /24  eth 0/2 is set to 192.168.0.100 /24. I can pass traffic from the .2.xxx side to the .0.xxx side, but not the other way.

Anonymous
Not applicable

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

Looking at the config file, ETH 0/2 is in the Public policy class.  That policy class has nothing in it, and therefore will implicitly deny all traffic accessing the router on ETH 0/2..

If devices on the other end of the metroE (a branch office, etc.), then you would need to allow the remote network to access the addresses on the 192.168.2.x network in the Private policy. 

toddm
New Contributor

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

One step closer to a solution. I added the any to any rule to the Public COS and I can now receive ping responses from the eth 0/1 interface, but not beyond. The AOS documentation stated that the firewall rules were not needed in a LAN to LAN configuration, but this is still not working. I am sure that I am missing something very simple, but can not seem to figure it out.

jayh
Honored Contributor
Honored Contributor

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

First issue:  Your default route points to the eth 0/2 interface of the router itself. It should point to the IP address of the interface of the main site connected to the metro-e.

Assuming that the main site has 192.168.0.1 connected to its metro-ethernet, then:

no ip route 0.0.0.0 0.0.0.0 192.168.0.100

ip route 0.0.0.0 0.0.0.0 192.168.0.1

Add the command "no ip firewall" to disable the firewall.

On the main site, add a static route to your local LAN along the lines of:

ip route 192.168.2.0 255.255.255.0 192.168.0.100

More scalable and full mesh - add a new subnet for solely the metro ethernet, use statics at each site to all other sites, or better a dynamic routing protocol such as ospf.

0 Kudos
toddm
New Contributor

Re: Metro Ethernet with Advanta 3430 router

Jump to solution

jayh,

     Thank you for the response, as soon as I cleared the firewall traffic passed like a charm.