cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jhaab
New Contributor

Adtran 4430 Firewall and Routing of VLAN Issues

I am looking for some guidance on my router setup that I am having issues getting the local interfaces to get past the public interface. Below is a sample of what I am trying to accomplish and have show my current config. I also have the applicable ports on the Adtran Layer 2 switch.

  • I have a DHCP Scope for most VLAN's as called out on config
  • VLAN2 is Private VLAN and can communicate with VLAN1, VLAN4 and VLAN5
  • VLAN4 is IP Camera VLAN and can communicate to VLAN2 and have Internet access
  • VLAN5 is VOIP VLAN and can communicate with VLAN2
  • VLAN7 is GUEST VLAN and can only get out to the Internet
  • VLAN8 is Home Automation VLAN and can only get out to the Internet
  • VLAN9 is A/V VLAN and can only get out to the Internet
  • VLAN10 is FLIGHT RADAR VLAN and can only get out to the Internet.

 

!
!
! ADTRAN, Inc. OS version R13.1.0.HA
! Boot ROM version 17.04.01.00
! Platform: NetVanta 4430, part number 1700630E1
! Serial number LBADTN1305AE280
!
!
hostname "Router"
enable password **********
!
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip default-gateway 69.174.173.1
ip routing
ipv6 unicast-routing
!
!
name-server 208.38.252.3 184.170.172.131
!
!
auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password "******"
!
ip policy-timeout tcp echo 60
!
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.1.20
ip dhcp excluded-address 10.10.2.1 10.10.2.20
ip dhcp excluded-address 10.10.4.1 10.10.4.20
ip dhcp excluded-address 10.10.5.1 10.10.5.20
ip dhcp excluded-address 10.10.7.1 10.10.7.20
ip dhcp excluded-address 10.10.8.1 10.10.8.20
ip dhcp excluded-address 10.10.9.1 10.10.9.20
ip dhcp excluded-address 10.10.10.1 10.10.10.20
!
ip dhcp pool "Management DHCP"
  network 10.10.1.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.1.1
!
ip dhcp pool "Private Data DHCP"
  network 10.10.2.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.2.1
!
ip dhcp pool "IP Camera DHCP Pool"
  network 10.10.4.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.4.1
!
ip dhcp pool "VOIP DHCP Pool"
  network 10.10.5.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.5.1
!
ip dhcp pool "Guest DHCP Pool"
  network 10.10.7.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.7.1
!
ip dhcp pool "Home Automation DHCP Pool"
  network 10.10.8.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.8.1
!
ip dhcp pool "A/V DHCP Pool"
  network 10.10.9.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.9.1
!
ip dhcp pool "Flight Radar DHCP Pool"
  network 10.10.10.0 255.255.255.0
  dns-server 208.38.252.3
  default-router 10.10.10.1
!
!
!
!
!
!
!
!
!
!
!
!
!
no ethernet cfm
!
interface eth 0/1
  ip address  10.10.200.1  255.255.255.0
  no awcp
  no shutdown
!
!
!
interface gigabit-eth 0/1
  description Private LAN
  encapsulation 802.1q
  no shutdown
!
!
interface gigabit-eth 0/1.1
  description Mgmt VLAN
  vlan-id 1 native
  ip address  10.10.1.1  255.255.255.0
  ip mtu 1500
  ip access-policy MGMT
  no shutdown
!
interface gigabit-eth 0/1.2
  description Private Data VLAN
  vlan-id 2
  ip address  10.10.2.1  255.255.255.0
  ip mtu 1500
  ip access-policy PRIVATE
  no shutdown
!
interface gigabit-eth 0/1.4
  description IP Cameras
  vlan-id 4
  ip address  10.10.4.1  255.255.255.0
  ip mtu 1500
  ip access-policy IP CAMERAS
  no shutdown
!
interface gigabit-eth 0/1.5
  description VOIP
  vlan-id 5
  ip address  10.10.5.1  255.255.255.0
  ip mtu 1500
  ip access-policy VOIP
  no shutdown
!
interface gigabit-eth 0/1.7
  description Guest Wireless
  vlan-id 7
  ip address  10.10.7.1  255.255.255.0
  ip mtu 1500
  ip access-policy GUEST
  no shutdown
!
interface gigabit-eth 0/1.8
  description Home Automation
  vlan-id 8
  ip address  10.10.8.1  255.255.255.0
  ip mtu 1500
  ip access-policy HOME AUTOMATION
  no shutdown
!
interface gigabit-eth 0/1.9
  description A/V
  vlan-id 9
  ip address  10.10.9.1  255.255.255.0
  ip mtu 1500
  ip access-policy A/V
  no shutdown
!
interface gigabit-eth 0/1.10
  description Flight Radar
  vlan-id 10
  ip address  10.10.10.1  255.255.255.0
  ip mtu 1500
  ip access-policy FLIGHT RADAR
  no shutdown
!
interface gigabit-eth 0/2
  description MetroNet Internet
  ip address  69.174.173.33  255.255.255.192
  ip mtu 1500
  ip access-policy PUBLIC
  no shutdown
!
!
!
!
interface t1 3/1
  shutdown
!
interface t1 3/2
  shutdown
!
interface t1 3/3
  shutdown
!
interface t1 3/4
  shutdown
!
interface t1 3/5
  shutdown
!
interface t1 3/6
  shutdown
!
interface t1 3/7
  shutdown
!
interface t1 3/8
  shutdown
!
!
!
router rip
  version 2
!
!
!
!
!
ip access-list standard WIZARD-ICS
  remark Internet Connection Sharing
  permit any log
!
ip access-list extended SELF
  remark Traffic to NetVanta
  permit ip any any log
!
ip access-list extended VLAN1-VLAN2
  remark Management to Private
  permit ip 10.10.1.0 0.0.0.255  10.10.2.0 0.0.0.255   
  permit ip 10.10.2.0 0.0.0.255  10.10.1.0 0.0.0.255   
!
ip access-list extended VLAN2-VLAN4
  remark PRIVATE to IP CAMERAS
  permit ip 10.10.2.0 0.0.0.255  10.10.4.0 0.0.0.255   
  permit ip 10.10.4.0 0.0.0.255  10.10.2.0 0.0.0.255   
!
ip access-list extended VLAN2-VLAN5
  remark PRIVATE to IP VOIP
  permit ip 10.10.2.0 0.0.0.255  10.10.5.0 0.0.0.255   
  permit ip 10.10.5.0 0.0.0.255  10.10.2.0 0.0.0.255   
!
!
!
!
ip policy-class A/V
  allow list SELF self
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class Flight Radar
  allow list SELF self
  nat source list web-acl-6 interface gigabit-ethernet 0/2 overload

!
ip policy-class GUEST
  allow list SELF self
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class HOME AUTOMATION
  allow list SELF self
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload

!
ip policy-class IP CAMERAS
  allow list SELF self
  allow list VLAN2-VLAN4
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class MGMT
  allow list SELF self
  allow list VLAN1-VLAN2
!
ip policy-class PRIVATE
  allow list SELF self
  allow list VLAN1-VLAN2
  allow list VLAN2-VLAN4
  nat source list WIZARD-ICS interface gigabit-ethernet 0/2 overload
!
ip policy-class VOIP
  allow list SELF self
  allow list VLAN2-VLAN5
!
ip policy-class PUBLIC
  ! Implicit discard
!

!
!
!
no tftp server
no tftp server overwrite
http server 8080
http secure-server 8081
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
sip udp 5060
sip tcp 5060
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
  login
!
line telnet 0 4
  login
  password adtran
  no shutdown
line ssh 0 4
  login local-userlist
  no shutdown
!
!
!
!
!
end

Labels (2)
0 Kudos
1 Reply

Re: Adtran 4430 Firewall and Routing of VLAN Issues

I don't work with this particular model, but don't you need a route added similar to this?:

!

ip route 0.0.0.0 0.0.0.0 10.x.x.x

!