cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rbrouillette
New Contributor

Using Netvanta 4430 LAN as WAN

Jump to solution

Inherited a 4430 router (w/o any NIMs) to use as a simple DHCP and Internet access router for a SMB setup.  The current config is to use the giga eth 0/1 was the WAN interface and the giga eth 0/2 as the private interface.  Even with much google-fu and insight from actual IT professional friends, I can not seem to provide access to the office.  The 0/1 interface and 0/2 interface can ping outside websites, but devices within the LAN can not get access.  Any help would be much appreciated.  Config below:

!

!

! ADTRAN, Inc. OS version 18.02.02.SC.E

! Boot ROM version 17.04.01.00

! Platform: NetVanta 4430, part number 1700630E1

! Serial number LBADTN1131AT083

!

!

hostname "Router"

enable password

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip default-gateway 50.243.192.86

ip routing

ipv6 unicast-routing

!

!

ip name-server 75.75.75.75 76.76.76.76

!

!

auto-config

!

event-history on

no logging forwarding

no logging email

!

no service password-encryption

!

username "admin" password ""

ip forward-protocol udp time

ip forward-protocol udp nameserver

ip forward-protocol udp tacacs

ip forward-protocol udp tftp

ip forward-protocol udp netbios-ns

ip forward-protocol udp netbios-dgm

!

!

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

!

!

!

!

!

!

!

!

!

no dot11ap access-point-control

!

!

!

!

ip dhcp-server excluded-address 192.168.178.0

ip dhcp-server excluded-address 192.168.178.255

!

ip dhcp-server pool "Private"

  network 192.168.178.0 255.255.255.0

  dns-server 192.168.178.254

  default-router 192.168.178.254

  lease 1

!

ip urlfilter Web_Http_Filter http

!

!

!

!

!

!

!

!

!

no ethernet cfm

!

interface eth 0/1

  ip address 10.10.10.1 255.255.255.0

  no awcp

  no shutdown

!

!

!

interface gigabit-eth 0/1

  description Public

  ip address 50.243.192.82 255.255.255.248

  ip mtu 1500

  ip access-policy Public

  ! IPv4 access-policy will not be used until IPv4 firewall is enabled

  no rtp quality-monitoring

  no awcp

  no shutdown

!

!

interface gigabit-eth 0/2

  description Private

  ip address 192.168.178.254 255.255.255.0

  ip mtu 1500

  ip helper-address 192.168.178.254

  ip access-policy Private

  ! IPv4 access-policy will not be used until IPv4 firewall is enabled

  ip urlfilter Web_Http_Filter in

  ip urlfilter Web_Http_Filter out

  ! URL filter disabled until a port is defined and IP firewall is enabled

  ip flow ingress

  ip flow egress

  no awcp

  no shutdown

!

!

!

!

!

router rip

  network 192.168.178.0 255.255.255.0

!

!

!

!

!

!

!

ip access-list standard MATCHALL

  permit any

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any any log

!

ip access-list extended web-acl-5

  permit ip any any 

!

ip access-list extended wizard-pfwd-1

  remark Port Forward 1

  permit tcp any host 50.243.192.82 log

!

ip access-list extended wizard-remote-access

  remark do not hand edit this ACL

  permit tcp any any eq www log

  permit tcp any any eq ssh log

  permit tcp any any eq ftp log

  permit tcp any any eq telnet log

  permit icmp any any echo log

  permit tcp any any eq https log

  remark do not hand edit this ACL

  permit tcp any any range www www log

  permit tcp any any range telnet telnet log

  permit tcp any any range ssh ssh log

  permit tcp any any range ftp ftp log

  permit icmp any any echo log

  permit tcp any any range https https log

!

!

!

!

ip policy-class Private

  allow list self self

  nat source list wizard-ics interface gigabit-ethernet 0/1 overload

!

ip policy-class Public

  nat destination list wizard-pfwd-1 address 192.168.178.233

!

!

!

ip route 0.0.0.0 0.0.0.0 50.243.192.86

!

no tftp server

no tftp server overwrite

ip http server

no ip http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

!

ip sip udp 5060

ip sip tcp 5060

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

line con 0

  login

  password

!

line telnet 0 4

  login

  password

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

!

!

!

end

0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: Using Netvanta 4430 LAN as WAN

Jump to solution

You won't be able to do NAT until you enable IP firewall.

In global config mode type "ip firewall" and you should be good to go. If you're connected by telnet or ssh you'll probably get kicked off but you should be able to get back in from the private side.  If you're on console no problem.

If you get locked out and can't get back in, rebooting will wipe out any unsaved changes and get you back to where you were. You can anticipate this possibility with the command "reload in 10" before making changes remotely. If something goes wrong, the box will reboot in ten minutes and all unsaved changes erased. If all goes well, type "reload cancel" and "write memory" to kill the scheduled reboot and save your changes.

View solution in original post

0 Kudos
3 Replies
jayh
Honored Contributor
Honored Contributor

Re: Using Netvanta 4430 LAN as WAN

Jump to solution

You won't be able to do NAT until you enable IP firewall.

In global config mode type "ip firewall" and you should be good to go. If you're connected by telnet or ssh you'll probably get kicked off but you should be able to get back in from the private side.  If you're on console no problem.

If you get locked out and can't get back in, rebooting will wipe out any unsaved changes and get you back to where you were. You can anticipate this possibility with the command "reload in 10" before making changes remotely. If something goes wrong, the box will reboot in ten minutes and all unsaved changes erased. If all goes well, type "reload cancel" and "write memory" to kill the scheduled reboot and save your changes.

View solution in original post

0 Kudos
Anonymous
Not applicable

Re: Using Netvanta 4430 LAN as WAN

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Eric

bababouy
New Contributor

Re: Using Netvanta 4430 LAN as WAN

Jump to solution

Im trying to do something similar with a Netvanta 4430. I bought the unit new about 1 1/2 years ago. The gig 0/1 and gig 0/2 ports were configured for two seperate ISPs to be a fail over. We are using eth 0/1 for LAN which only seems to be 100Mbps. We ended up not using gig 0/2 and have expanded our network and our connection to a 250Mbps, but it seems that I have a bottle neck going through the ETH 0/1 port. Can I change GIG 0/2 to LAN to give my network full GIG service? If so, how? I'm not super familiar with this GUI, but I can figure it out.