cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jokes54321
New Contributor

Router on a stick?

Jump to solution

I've acquired a network that is running Adtran 4305 routers. We are migrating to another MPLS provider and a new router and firewall are in place to support this connectivity going forward. Currently all the hosts (192.168.0.x/24) behind the Adtran 4305(192.168.0.1) have the Adtran set as their default gateway, which makes sense, since the bulk of the remote subnets are still accessed via this Adtran. For the one new remote location, I added a route on the Adtran to forward the traffic to an ASA 5505 on the same subnet (192.168.0.2.)

I tried pinging a host on the remote subnet from a server on the 192.168.0.x subnet and all were lost. I added an entry to the server's routing table to route directly to the ASA for this remote subnet and I started receiving ping replies.

It seems to indicate the 4305 isn't forwarding the traffic out the same interface it came in on. Does the Adtran 4305 not support router on a stick?

Thanks,

Denny

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
bcrinehart
New Contributor III

Re: Router on a stick?

Jump to solution

By default, Adtran routers prevent "router on a stick" operation. You can enable it via the command line:

RTR> enable

RTR# config t

RTR(config) ip firewall check reflexive-traffic

Be aware that this is turned off by default as a network security measure.

You can read more about this in the AOS V18 manual.

Brad

View solution in original post

0 Kudos
10 Replies
Anonymous
Not applicable

Re: Router on a stick?

Jump to solution

Denny,

The 4305 is able to support 'router on a stick'. Generally, this is done by setting up intervlan routing on the 4305. More information regarding how to do this can be found in the link below:

https://supportforums.adtran.com/docs/DOC-2281

I would be more than happy to review your configuration to attempt to determine why adding the route to the Adtran did not work for you. If you attach your configuration, please be sure to remove any sensitive information regarding your network from the file.

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

jokes54321
New Contributor

Re: Router on a stick?

Jump to solution

Hi Noor,

Thank you for responding. I did read that article but was hoping I wouldn't have to setup VLAN's to pull this off. Eventually the ASA will become the default gw for the clients one we finish migrating the remaining circuits to the new router.

Is this the ONLY way to get the Adtran to perform 'router on a stick' routing?

Denny

Anonymous
Not applicable

Re: Router on a stick?

Jump to solution

Denny,

Typically, the term 'router on a stick' refers to intervlan routing. However, in your case, it seems there was an issue with general routing. To troubleshoot further, it would be helpful to see

the following:

- Route table of the 4305 with the new route in place.

- Are you able to ping 192.168.0.2 from the 4305 (assuming the ASA allows pings)?

- Are there any other routes on the 4305 using 192.168.0.2 as the next hop that are functioning?

- An output to a traceroute from the server while it is using the 4305 as its default gateway. If this is not possible, then a traceroute from the CLI of the 4305 will work as well.

Let us know if you have any questions.

Thanks,

Noor

jokes54321
New Contributor

Re: Router on a stick?

Jump to solution

Hi Noor,

I appreciate the offer to help troubleshoot my configs. All I'm really looking for is confirmation on whether or not the Adtran will route out the same interface the traffic came in on? I know the Cisco ASA won't unless you issue a command to tell it to allow this. I'm wondering if the Adtran is similar.

I can ping the ASA from the Adtran

I can ping the remote from the Adtran

Denny

bcrinehart
New Contributor III

Re: Router on a stick?

Jump to solution

By default, Adtran routers prevent "router on a stick" operation. You can enable it via the command line:

RTR> enable

RTR# config t

RTR(config) ip firewall check reflexive-traffic

Be aware that this is turned off by default as a network security measure.

You can read more about this in the AOS V18 manual.

Brad

View solution in original post

0 Kudos
bcrinehart
New Contributor III

Re: Router on a stick?

Jump to solution

Additional info from Brad...

This command allows the firewall to process traffic from one subnet to another on the same interface through the firewall. It uses the access policy on that interface to determine what actions to take. You may have to create and apply an access policy on that interface if you do not already have one.

Anonymous
Not applicable

Re: Router on a stick?

Jump to solution

:

Thank you for participating in this post.  I would like to add clarification to the ip firewall check reflexive-traffic command. When the AOS firewall receives the first packet in a new flow, it performs a route lookup on the destination IP address.  If the destination interface for the packet is the same as the ingress interface, the unit will classify the traffic as reflexive traffic.  Such traffic only receives further firewall and access-policy processing if ip firewall check reflexive-traffic is enabled. If the check is disabled (which it is by default), such traffic is forwarded without further processing from the firewall. 

The command is not needed to route traffic that arrives on an interface back out that interface to another subnet when firewall processing is not necessary.

Note:  If the firewall is on, you will need to make the appropriate configurations to allow traffic that comes in one port and is routed back out the same port.

Please, let me know if you have any questions about this command.  I will be happy to "branch" this to another discussion if necessary.

Levi

Anonymous
Not applicable

Re: Router on a stick?

Jump to solution

:

Yes, the ADTRAN will route traffic out the same interface that traffic came in on, as long as there is a route to that destination out that interface.  A caveat to this is if the firewall is configured to discard or NAT, or policy-based routing is configured to manipulate the routing that arrives on the interface.  If you would like to attach a copy of the configuration, I will be happy to review it for you.

Levi

Anonymous
Not applicable

Re: Router on a stick?

Jump to solution

:


I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

Levi

jokes54321
New Contributor

Re: Router on a stick?

Jump to solution

This worked great. Sorry for the late reply, I've been extremely swamped.