cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ctltech
New Contributor II

Need To Setup Two WAN Connections NetVanta 3448

Jump to solution

This should be simple, but I am spinning my wheels. I have a customer that has a 3448 that has three VLAN's configured. Two need to go out the primary route and one needs to go out over the DSL connection. I know I should be able to accomplish this using Policy Based Routing, but none of the examples in the documentation match what I am trying to accomplish. Any help would be appreciated.

Labels (1)
Tags (1)
0 Kudos
1 Solution

Accepted Solutions
ctltech
New Contributor II

Re: Need To Setup Two WAN Connections NetVanta 3448

Jump to solution

Thanks for the replies. I've got a config working now.

Building configuration...

!

!

! ADTRAN, Inc. OS version R10.9.2

! Boot ROM version 13.03.00.SB

! Platform: NetVanta 3448, part number 1200821E1

! Serial number LBADTN1326FQ168

!

!

hostname "XXXX-ROUTER"

enable password encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

clock timezone -6-Central-Time

!

ip subnet-zero

ip classless

ip routing

ipv6 unicast-routing

!

!

name-server 205.171.203.226 205.171.2.226

!

!

no auto-config

auto-config authname adtran encrypted password xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

event-history on

no logging forwarding

no logging console

no logging email

!

service password-encryption

!

username "xxxxxxx" password encrypted "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

!

!

ip firewall

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

!

!

!

!

!     

!

!

!

!

!

dot11ap access-point-control

!

!

!

!

!

!

!

ip dhcp excluded-address 10.10.10.1 10.10.10.99

ip dhcp excluded-address 10.10.10.200 10.10.10.254

ip dhcp excluded-address 192.168.254.1 192.168.254.50

ip dhcp excluded-address 192.168.254.150 192.168.254.254

ip dhcp excluded-address 192.168.110.1 192.168.110.50

ip dhcp excluded-address 192.168.110.150 192.168.110.254

!

ip dhcp pool "Management"

  network 10.10.10.0 255.255.255.0

  domain-name "centurylink.com"

  dns-server 205.171.203.226 205.171.2.226

  default-router 10.10.10.254

!

ip dhcp pool "LAN"

  network 192.168.254.0 255.255.255.0

  domain-name "xxxx.org"

  dns-server 205.171.203.226 205.171.2.226

  default-router 192.168.254.254

!

ip dhcp pool "Guest-Wireless"

  network 192.168.110.0 255.255.255.0

  domain-name "centurylink.com"

  dns-server 205.171.203.226 205.171.2.226

  default-router 192.168.110.254

!

!

!

!

!

!

!

!

!     

!

!

!

vlan 1

  name "Default"

!

vlan 10

  name "Management"

!

vlan 101

  name "LAN"

!

vlan 110

  name "Guest-Wireless"

!

!

!

no ethernet cfm

!

interface eth 0/1

  description METRO Ethernet Circuit xx.xxxx.xxxxxx..xxxx

  speed 100

  ip address  xxx.xxx.xxx.xxx  255.255.255.248

  ip address range  xxx.xxx.xxx.xxx  xxx.xxx.xxx.xxx  255.255.255.248  secondary

  ip access-policy Public

  no shutdown

!

!

interface eth 0/2

  description DSL for Guest network

  ip address  <DSL IP>  255.255.255.128

  ip access-policy Public

  no shutdown

!

!

!

interface switchport 0/1

  description link to customer LAN

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 101

!

interface switchport 0/2

  description link to customer WAP

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 10

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  shutdown

!

interface switchport 0/5

  shutdown

!

interface switchport 0/6

  shutdown

!

interface switchport 0/7

  shutdown

!

interface switchport 0/8

  description Management

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 10

!

!

!

interface vlan 1

  no ip address

  shutdown

!

interface vlan 10

  description Management

  ip address  10.10.10.254  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 101

  description LAN

  ip address  192.168.254.254  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 110

  description Guest-Wireless

  ip address  192.168.110.254  255.255.255.0

  ip policy route-map Guest

  ip access-policy Private

  no shutdown

!

!

interface dot11ap 1 ap-type nv16x

  access-point mac-address xx:xx:xx:xx:xx:xx

  name XXXX

  ip address 10.10.10.2 255.255.255.0

  ip default-gateway 10.10.10.254

  encapsulation 802.1q awcp-vlan 10 native priority 7

!

!

interface dot11ap 1/1 radio-type 802.11bg

  no shutdown

!

!

interface dot11ap 1/1.1

  description XXXX-Secure

  vlan-id 101

  ssid broadcast-mode "XXXX-Secure"

  security mode wpa tkip aes-ccmp psk xxxxxxxx

  no shutdown

!

interface dot11ap 1/1.2

  description XXXX-Guest

  vlan-id 110

  ssid broadcast-mode "XXXX-Guest"

  security mode wpa tkip aes-ccmp psk xxxxxxxx

  no shutdown

!

!

interface dot11ap 1/2 radio-type 802.11a

  shutdown

!

!

!

!

!

route-map Guest permit 10

  match ip address Guest-Wireless

  set ip next-hop <DSL Gateway>

  set interface eth 0/2

!

!     

!

!

ip access-list extended Guest-Wireless

  permit ip 192.168.110.0 0.0.0.255  any     log

!

ip access-list extended LAN

  permit ip 192.168.254.0 0.0.0.255  any     log

!

ip access-list extended Management

  permit ip 10.10.10.0 0.0.0.255  any     log

!

ip access-list extended remote-access

  permit tcp any  any eq ssh   log

  permit icmp any  any  echo   log

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any  any     log

!

!

!

!

ip policy-class Private

  allow list self self

  nat source list Management address xxx.xxx.xxx.xxx overload

  nat source list LAN address xxx.xxx.xxx.xxx overload

  nat source list Guest-Wireless address <DSL IP> overload

!

ip policy-class Public

  allow list remote-access

!

!

!

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

!

no tftp server

no tftp server overwrite

no http server

no http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!     

!

!

!

!

!

!

!

sip udp 5060

sip tcp 5060

!

!

!

!

!

!

!

!

!

!

!

!

!

!     

!

!

!

!

!

!

line con 0

  login local-userlist

!

line telnet 0 4

  no login

  shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

ntp server pool.ntp.org prefer

!

!

!

!

!     

end

View solution in original post

0 Kudos
3 Replies
petersjncv
Contributor
Contributor

Re: Need To Setup Two WAN Connections NetVanta 3448

Jump to solution

I believe your config should look something like this.  Substitute the correct IP addressing where appropriate, of course.  I also am assuming that you intend to NAT out your 3448, but if not you can ignore the firewall policies and just substitute the public IPs of your connections into each ACL and route map where appropriate. 

interface eth 0/1

  description WAN1

  ip address  WAN.1.IP.Address  255.255.255.xxx

  ip access-policy Public1

  no shutdown

!

!

interface eth 0/2

  description WAN to DSL

  ip address  DSL.WAN.IP.Address  255.255.255.xxx

  ip access-policy Public_DSL

  no shutdown

interface vlan 10

  description Customer LAN

  ip address  192.168.1.1  255.255.255.0

  ip policy route-map VLAN10_OUT

  ip access-policy Private

  no shutdown

!

interface vlan 20

  description IAD for Voice

  ip address  192.168.2.1  255.255.255.0

  ip policy route-map VLAN20_OUT

  ip access-policy Private

  no shutdown

!

interface vlan 30

  description IAD for Voice

  ip address  192.168.3.1  255.255.255.0

  ip policy route-map VLAN30_OUT

  ip access-policy Private_DSL

  no shutdown

!

route-map VLAN10_OUT permit 20

  match ip address LAN1

  set ip next-hop "gw.add.WAN.1"

  set interface null 0

route-map VLAN20_OUT permit 20

  match ip address LAN_2

  set ip next-hop "gw.add.WAN.1"

  set interface null 0

route-map VLAN30_OUT permit 20

  match ip address LAN_3

  set ip next-hop "gw.add.WAN.2"

  set interface null 0

!

!

ip access-list extended LAN_1

  permit ip 192.168.1.0 0.0.0.255  any

!

ip access-list extended LAN_2

  permit ip 192.168.2.0 0.0.0.255  any

!

ip access-list extended LAN_3

  permit ip 192.168.3.0 0.0.0.255  any

!

ip policy-class Private1

  allow list self self

  nat source list LAN_1 address WAN.1.IP.Address overload policy Public1

!

ip policy-class Private1

  allow list self self

  nat source list LAN_2 address WAN.1.IP.Address overload policy Public1

!

ip policy-class Private_DSL

  allow list self self

  nat source list LAN_3 address DSL.WAN.IP.Address overload policy Public_DSL

You will still need to have your default route built on the router.  If you intend to initiate traffic from a particular interface out to the internet, you may also need to build a PBR for anything originating from the none default route interface. 

Also, another approach that may work would be to build the route maps into the same policy and apply that policy as the local route map policy to the router.  Would save you the trouble of applying a separate map to each interface, although I like to keep certain config pieces as separate as possible.

Hope this helps.

aaron_integra
New Contributor

Re: Need To Setup Two WAN Connections NetVanta 3448

Jump to solution

I would suggest using VRF's to accomplish what you want to do. I have implemented it on several occasions and it works great.

https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/1652-102-8-8245/Configuring%20Mult...

ctltech
New Contributor II

Re: Need To Setup Two WAN Connections NetVanta 3448

Jump to solution

Thanks for the replies. I've got a config working now.

Building configuration...

!

!

! ADTRAN, Inc. OS version R10.9.2

! Boot ROM version 13.03.00.SB

! Platform: NetVanta 3448, part number 1200821E1

! Serial number LBADTN1326FQ168

!

!

hostname "XXXX-ROUTER"

enable password encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

clock timezone -6-Central-Time

!

ip subnet-zero

ip classless

ip routing

ipv6 unicast-routing

!

!

name-server 205.171.203.226 205.171.2.226

!

!

no auto-config

auto-config authname adtran encrypted password xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

event-history on

no logging forwarding

no logging console

no logging email

!

service password-encryption

!

username "xxxxxxx" password encrypted "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

!

!

ip firewall

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

!

!

!

!

!     

!

!

!

!

!

dot11ap access-point-control

!

!

!

!

!

!

!

ip dhcp excluded-address 10.10.10.1 10.10.10.99

ip dhcp excluded-address 10.10.10.200 10.10.10.254

ip dhcp excluded-address 192.168.254.1 192.168.254.50

ip dhcp excluded-address 192.168.254.150 192.168.254.254

ip dhcp excluded-address 192.168.110.1 192.168.110.50

ip dhcp excluded-address 192.168.110.150 192.168.110.254

!

ip dhcp pool "Management"

  network 10.10.10.0 255.255.255.0

  domain-name "centurylink.com"

  dns-server 205.171.203.226 205.171.2.226

  default-router 10.10.10.254

!

ip dhcp pool "LAN"

  network 192.168.254.0 255.255.255.0

  domain-name "xxxx.org"

  dns-server 205.171.203.226 205.171.2.226

  default-router 192.168.254.254

!

ip dhcp pool "Guest-Wireless"

  network 192.168.110.0 255.255.255.0

  domain-name "centurylink.com"

  dns-server 205.171.203.226 205.171.2.226

  default-router 192.168.110.254

!

!

!

!

!

!

!

!

!     

!

!

!

vlan 1

  name "Default"

!

vlan 10

  name "Management"

!

vlan 101

  name "LAN"

!

vlan 110

  name "Guest-Wireless"

!

!

!

no ethernet cfm

!

interface eth 0/1

  description METRO Ethernet Circuit xx.xxxx.xxxxxx..xxxx

  speed 100

  ip address  xxx.xxx.xxx.xxx  255.255.255.248

  ip address range  xxx.xxx.xxx.xxx  xxx.xxx.xxx.xxx  255.255.255.248  secondary

  ip access-policy Public

  no shutdown

!

!

interface eth 0/2

  description DSL for Guest network

  ip address  <DSL IP>  255.255.255.128

  ip access-policy Public

  no shutdown

!

!

!

interface switchport 0/1

  description link to customer LAN

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 101

!

interface switchport 0/2

  description link to customer WAP

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 10

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  shutdown

!

interface switchport 0/5

  shutdown

!

interface switchport 0/6

  shutdown

!

interface switchport 0/7

  shutdown

!

interface switchport 0/8

  description Management

  spanning-tree edgeport

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 10

!

!

!

interface vlan 1

  no ip address

  shutdown

!

interface vlan 10

  description Management

  ip address  10.10.10.254  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 101

  description LAN

  ip address  192.168.254.254  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 110

  description Guest-Wireless

  ip address  192.168.110.254  255.255.255.0

  ip policy route-map Guest

  ip access-policy Private

  no shutdown

!

!

interface dot11ap 1 ap-type nv16x

  access-point mac-address xx:xx:xx:xx:xx:xx

  name XXXX

  ip address 10.10.10.2 255.255.255.0

  ip default-gateway 10.10.10.254

  encapsulation 802.1q awcp-vlan 10 native priority 7

!

!

interface dot11ap 1/1 radio-type 802.11bg

  no shutdown

!

!

interface dot11ap 1/1.1

  description XXXX-Secure

  vlan-id 101

  ssid broadcast-mode "XXXX-Secure"

  security mode wpa tkip aes-ccmp psk xxxxxxxx

  no shutdown

!

interface dot11ap 1/1.2

  description XXXX-Guest

  vlan-id 110

  ssid broadcast-mode "XXXX-Guest"

  security mode wpa tkip aes-ccmp psk xxxxxxxx

  no shutdown

!

!

interface dot11ap 1/2 radio-type 802.11a

  shutdown

!

!

!

!

!

route-map Guest permit 10

  match ip address Guest-Wireless

  set ip next-hop <DSL Gateway>

  set interface eth 0/2

!

!     

!

!

ip access-list extended Guest-Wireless

  permit ip 192.168.110.0 0.0.0.255  any     log

!

ip access-list extended LAN

  permit ip 192.168.254.0 0.0.0.255  any     log

!

ip access-list extended Management

  permit ip 10.10.10.0 0.0.0.255  any     log

!

ip access-list extended remote-access

  permit tcp any  any eq ssh   log

  permit icmp any  any  echo   log

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any  any     log

!

!

!

!

ip policy-class Private

  allow list self self

  nat source list Management address xxx.xxx.xxx.xxx overload

  nat source list LAN address xxx.xxx.xxx.xxx overload

  nat source list Guest-Wireless address <DSL IP> overload

!

ip policy-class Public

  allow list remote-access

!

!

!

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

!

no tftp server

no tftp server overwrite

no http server

no http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!     

!

!

!

!

!

!

!

sip udp 5060

sip tcp 5060

!

!

!

!

!

!

!

!

!

!

!

!

!

!     

!

!

!

!

!

!

line con 0

  login local-userlist

!

line telnet 0 4

  no login

  shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

ntp server pool.ntp.org prefer

!

!

!

!

!     

end

View solution in original post

0 Kudos