cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

Netvanta 3448 routing and port setup

Jump to solution

I have a Netvanta 3448 that was installed and configured by my ISP. ETH 0/2 connects to my VOIP system. I don't want to affect or change anything on that VOIP side.There is no firewall, polices or security zones on the Adtran. I don't have control or access to the VOIP side. What I would like to do is connect my firewall (SonicWall) to one of the 8 ethernet switch ports and have my firewall route traffic to the Adtran if my primary internet line goes down.

Can I configure one of the 8 ethernet ports to route traffic out ETH0/1 without changing any configuration on ETH0/2 (pretty sure this part is simple)?

Can I configure the Adtran to route any incoming traffic destined for 1 or more specific public IP addresses to a specific ethernet port, again without affecting or changing anything on ETH0/2?

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Anonymous
Not applicable

Re: Netvanta 3448 routing and port setup

Jump to solution

Robert,

Based on the configuration, the default route is already pointing out eth 0/1. Also, it appears that the VLAN 5 is configured correctly for the Sonicwall to plug into swx 0/5. It just needs to be enabled. The only thing you are missing is a NAT policy for your VLAN 5 traffic to get out to the internet. The configuration would look something like this:

ip access-list extended matchall

    permit ip any any

!

ip policy-class sonicwall

    allow list matchall self

    nat source list matchall interface eth 0/1 overload

!

int vlan 5

   access-policy sonicwall

   no shutdown

!

ip firewall

Please let us know if you have any questions.

Thanks,

Noor

View solution in original post

0 Kudos
Reply
5 Replies
Highlighted
New Contributor

Re: Netvanta 3448 routing and port setup

Jump to solution

No suggestions?

0 Kudos
Highlighted
Anonymous
Not applicable

Re: Netvanta 3448 routing and port setup

Jump to solution

Robert,

Thanks for posting your question on the forum!

First off, I may be able to provide better details if I could look at your configuration. If you don't mind, could you post it to this thread and please remember to remove any sensitive information.


Second, could you clarify whether the Sonicwall routing traffic to the Adtran is the same traffic you want to go out eth 0/1?

If yes, the easiest way to setup the Sonicwall to go into one of the ethernet switchports and be routed out eth 0/1 is to do the following:


- Set up a VLAN interface and assign the VLAN to the switchport on the NetVanta you would like to plug the Sonicwall into.

- Create a route-map that routes traffic out eth 0/1 and assign it to the VLAN interface. Configuring Policy Based Routing in AOS


Regarding the last question about routing incoming traffic, the NetVanta cannot control which WAN interface a traffic will ingress from. This is dependent on the ISP routing setup and will more than likely require a multihoming setup. If you are referring to controlling the interface which LAN interface traffic will egress from, this is dependent on the NetVanta route table.


Please do not hesitate to let us know if you have any further questions. Thanks.


Sincerely,

Noor

0 Kudos
Highlighted
New Contributor

Re: Netvanta 3448 routing and port setup

Jump to solution

Thanks Noor. Yes, I want the sonicwall to route traffic out through eth 0/1 and not affect anything coming from eth 0/2. My config is posted below. Switchport 5 is where the sonicwall would be connected (though it could be any switchport 1-8). I don't have it connected now, so the VLAN5 and other related settings could be ignored.

Thanks for taking a look at this.

!

! ADTRAN, Inc. OS version 18.03.01.00

! Boot ROM version 13.03.00.SB

! Platform: NetVanta 3448, part number 1200821E1

! Serial number LBADTNxxx

!

hostname "20450736"

enable password encrypted

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip routing

ipv6 unicast-routing

!

name-server 198.6.100.125 198.6.1.60

!

no auto-config

!

event-history on

no logging forwarding

no logging console

no logging email

!

service password-encryption

!

username xxx password encrypted xxx

!

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

no dot11ap access-point-control

!

vlan 1

  name "Default"

!

vlan 5

  name "CogentData"

!

no ethernet cfm

!

interface eth 0/1

  description To Verizon

  speed 100

  ip address  157.xx.xx.66  255.255.255.252

  no shutdown

!

interface eth 0/2  description To Local LAN

  ip address  65.xx.xx.9  255.255.255.248

  no awcp

  no shutdown

!

interface switchport 0/1

  no shutdown

!

interface switchport 0/2

  shutdown

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  no shutdown

!

interface switchport 0/5

  description Cogent Failover

  spanning-tree edgeport

  no shutdown

  switchport access vlan 5

  switchport voice vlan 5

  qos default-cos 5

!

interface switchport 0/6

  no shutdown

!

interface switchport 0/7

  no shutdown

!

interface switchport 0/8

  no shutdown

!

interface vlan 5

  description CogentVLAN

  ip address  10.10.200.1  255.255.255.0

  ip mtu 1500

  shutdown

!

!

ip access-list standard Star2Star

  permit host 199.xx.xx.143 log

  permit hostname sna.xxx.com log

!

ip access-list extended web-acl-2

  remark starallowpolicy

  permit ip host 199.xx.xx.143  65.xx.xx.8 0.0.0.7   

!

ip policy-class Star2Star

  allow list web-acl-2 stateless

!

!

ip route 0.0.0.0 0.0.0.0 157.xx.xx.65

!

no tftp server

no tftp server overwrite

no http server

http session-limit 2

http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!

ip sip udp 5060

ip sip tcp 5060

!

!

line con 0

  login

  password encrypted

!

line telnet 0 4

  login

  password encrypted

  line-timeout 30

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

end

0 Kudos
Highlighted
Anonymous
Not applicable

Re: Netvanta 3448 routing and port setup

Jump to solution

Robert,

Based on the configuration, the default route is already pointing out eth 0/1. Also, it appears that the VLAN 5 is configured correctly for the Sonicwall to plug into swx 0/5. It just needs to be enabled. The only thing you are missing is a NAT policy for your VLAN 5 traffic to get out to the internet. The configuration would look something like this:

ip access-list extended matchall

    permit ip any any

!

ip policy-class sonicwall

    allow list matchall self

    nat source list matchall interface eth 0/1 overload

!

int vlan 5

   access-policy sonicwall

   no shutdown

!

ip firewall

Please let us know if you have any questions.

Thanks,

Noor

View solution in original post

0 Kudos
Reply
Highlighted
Anonymous
Not applicable

Re: Netvanta 3448 routing and port setup

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor

0 Kudos