Adtran
Help
The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jhaab
New Contributor
‎12-09-2017 09:01 PM

Adtran 4430 Firewall and Routing of VLAN Issues

I am looking for some guidance on my router setup that I am having issues getting the local interfaces to get past the public interface. Below is a sample of what I am trying to accomplish and have show my current config. I also have the applicable ports on the Adtran Layer 2 switch.

  • I have a DHCP Scope for most VLAN's as called out on config
  • VLAN2 is Private VLAN and can communicate with VLAN1, VLAN4 and VLAN5
  • VLAN4 is IP Camera VLAN and can communicate to VLAN2 and have Internet access
  • VLAN5 is VOIP VLAN and can communicate with VLAN2
  • VLAN7 is GUEST VLAN and can only get out to the Internet
  • VLAN8 is Home Automation VLAN and can only get out to the Internet
  • VLAN9 is A/V VLAN and can only get out to the Internet
  • VLAN10 is FLIGHT RADAR VLAN and can only get out to the Internet.

 

!
!
! ADTRAN, Inc. OS version R13.1.0.HA
! Boot ROM version 17.04.01.00
! Platform: NetVanta 4430, part number 1700630E1
! Serial number LBADTN1305AE280
!
!
hostname "Router"
enable password **********
!
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip default-gateway 69.174.173.1
ip routing
ipv6 unicast-routing
!
!
name-server 208.38.252.3 184.170.172.131
!
!
auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password "******"
!
ip policy-timeout tcp echo 60
!
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.1.20
ip dhcp excluded-address 10.10.2.1 10.10.2.20
ip dhcp excluded-address 10.10.4.1 10.10.4.20
ip dhcp excluded-address 10.10.5.1 10.10.5.20
ip dhcp excluded-address 10.10.7.1 10.10.7.20
ip dhcp excluded-address 10.10.8.1 10.10.8.20
ip dhcp excluded-address 10.10.9.1 10.10.9.20
ip dhcp excluded-address 10.10.10.1 10.10.10.20
!
ip dhcp pool "Management DHCP"
  network 10.10.1.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.1.1
!
ip dhcp pool "Private Data DHCP"
  network 10.10.2.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.2.1
!
ip dhcp pool "IP Camera DHCP Pool"
  network 10.10.4.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.4.1
!
ip dhcp pool "VOIP DHCP Pool"
  network 10.10.5.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.5.1
!
ip dhcp pool "Guest DHCP Pool"
  network 10.10.7.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.7.1
!
ip dhcp pool "Home Automation DHCP Pool"
  network 10.10.8.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.8.1
!
ip dhcp pool "A/V DHCP Pool"
  network 10.10.9.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.9.1
!
ip dhcp pool "Flight Radar DHCP Pool"
  network 10.10.10.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.10.1
!
!
!
!
!
!
!
!
!
!
!
!
!
no ethernet cfm
!
interface eth 0/1
  ip address  10.10.200.1  255.255.255.0
  no awcp
  no shutdown
!
!
!
interface gigabit-eth 0/1
  description Private LAN
  encapsulation 802.1q
  no shutdown
!
!
interface gigabit-eth 0/1.1
  description Mgmt VLAN
  vlan-id 1 native
  ip address  10.10.1.1  255.255.255.0
  ip mtu 1500
  ip access-policy MGMT
  no shutdown
!
interface gigabit-eth 0/1.2
  description Private Data VLAN
  vlan-id 2
  ip address  10.10.2.1  255.255.255.0
  ip mtu 1500
  ip access-policy PRIVATE
  no shutdown
!
interface gigabit-eth 0/1.4
  description IP Cameras
  vlan-id 4
  ip address  10.10.4.1  255.255.255.0
  ip mtu 1500
  ip access-policy IP CAMERAS
  no shutdown
!
interface gigabit-eth 0/1.5
  description VOIP
  vlan-id 5
  ip address  10.10.5.1  255.255.255.0
  ip mtu 1500
  ip access-policy VOIP
  no shutdown
!
interface gigabit-eth 0/1.7
  description Guest Wireless
  vlan-id 7
  ip address  10.10.7.1  255.255.255.0
  ip mtu 1500
  ip access-policy GUEST
  no shutdown
!
interface gigabit-eth 0/1.8
  description Home Automation
  vlan-id 8
  ip address  10.10.8.1  255.255.255.0
  ip mtu 1500
  ip access-policy HOME AUTOMATION
  no shutdown
!
interface gigabit-eth 0/1.9
  description A/V
  vlan-id 9
  ip address  10.10.9.1  255.255.255.0
  ip mtu 1500
  ip access-policy A/V
  no shutdown
!
interface gigabit-eth 0/1.10
  description Flight Radar
  vlan-id 10
  ip address  10.10.10.1  255.255.255.0
  ip mtu 1500
  ip access-policy FLIGHT RADAR
  no shutdown
!
interface gigabit-eth 0/2
  description MetroNet Internet
  ip address  69.174.173.33  255.255.255.192
  ip mtu 1500
  ip access-policy PUBLIC
  no shutdown
!
!
!
!
interface t1 3/1
  shutdown
!
interface t1 3/2
  shutdown
!
interface t1 3/3
  shutdown
!
interface t1 3/4
  shutdown
!
interface t1 3/5
  shutdown
!
interface t1 3/6
  shutdown
!
interface t1 3/7
  shutdown
!
interface t1 3/8
  shutdown
!
!
!
router rip
  version 2
!
!
!
!
!
ip access-list standard WIZARD-ICS
  remark Internet Connection Sharing
  permit any log
!
ip access-list extended SELF
  remark Traffic to NetVanta
  permit ip any any log
!
ip access-list extended VLAN1-VLAN2
  remark Management to Private
  permit ip 10.10.1.0 0.0.0.255  10.10.2.0 0.0.0.255   
  permit ip 10.10.2.0 0.0.0.255  10.10.1.0 0.0.0.255   
!
ip access-list extended VLAN2-VLAN4
  remark PRIVATE to IP CAMERAS
  permit ip 10.10.2.0 0.0.0.255  10.10.4.0 0.0.0.255   
  permit ip 10.10.4.0 0.0.0.255  10.10.2.0 0.0.0.255   
!
ip access-list extended VLAN2-VLAN5
  remark PRIVATE to IP VOIP
  permit ip 10.10.2.0 0.0.0.255  10.10.5.0 0.0.0.255   
  permit ip 10.10.5.0 0.0.0.255  10.10.2.0 0.0.0.255   
!
!
!
!
ip policy-class A/V
  allow list SELF self
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class Flight Radar
  allow list SELF self
  nat source list web-acl-6 interface gigabit-ethernet 0/2 overload

!
ip policy-class GUEST
  allow list SELF self
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class HOME AUTOMATION
  allow list SELF self
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload

!
ip policy-class IP CAMERAS
  allow list SELF self
  allow list VLAN2-VLAN4
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class MGMT
  allow list SELF self
  allow list VLAN1-VLAN2
!
ip policy-class PRIVATE
  allow list SELF self
  allow list VLAN1-VLAN2
  allow list VLAN2-VLAN4
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class VOIP
  allow list SELF self
  allow list VLAN2-VLAN5
!
ip policy-class PUBLIC
  ! Implicit discard
!

!
!
!
no tftp server
no tftp server overwrite
http server 8080
http secure-server 8081
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
sip udp 5060
sip tcp 5060
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
  login
!
line telnet 0 4
  login
  password adtran
  no shutdown
line ssh 0 4
  login local-userlist
  no shutdown
!
!
!
!
!
end

Labels (2)
Labels
0 Kudos
Reply
1 Reply
virtualsa
New Contributor
‎12-11-2017 09:52 AM

Re: Adtran 4430 Firewall and Routing of VLAN Issues

I don't work with this particular model, but don't you need a route added similar to this?:

!

ip route 0.0.0.0 0.0.0.0 10.x.x.x

!

0 Kudos
Accept as Solution Reply