cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Valued Contributor
Valued Contributor

Re: 908e Vlan routing

Southfork21,

Routing should allow your setup to work, but the added complexity of another router/PBX will make troubleshooting a little more difficult.  If for whatever reason you must set the router/PBX as the default gateway for the phones, it might be a good idea to setup another laptop on a VLAN 200 access port on the switch.  Test with the laptop on VLAN 200 having either default gateway.  This will allow you to easily issue things like ping and traceroute, from the phone's perspective.  Also, you can get packet captures on the laptop to find out how the router/PBX is responding.  Often the router/PBX in this scenario will just respond with ICMP messages such as a Destination Unreachable (routing isn't working) or a Redirect.  The redirect would tell the sender, "There is a better router (TA900) for this traffic on the directly connected subnet.  Send your traffic to that device."  One concern is that the phone may not properly handle this type of ICMP message.

Regardless, the second laptop, or setting up monitor ports on the switch to get packet captures, will give you more information about what is actually happening.  If you have further questions, you may want to consider opening a ticket with ADTRAN Technical Support.  You can open a ticket by calling 888-423-8726 or sending an email to support@adtran.com.

Thanks!

David

Highlighted
New Contributor II

Re: 908e Vlan routing

Solved!

Yes, the routing was setup correctly.

The problem was with the Security Zone "Private".  The policy for "Traffic to Total Access", "Destination Security Zone" was set to "Self Bound".  I changed the "Destination Security Zone" to "Private" and everything is working.

Thanks for the help Jayh and David.

Highlighted
Valued Contributor
Valued Contributor

Re: 908e Vlan routing

Southfork21,

I'm glad you resolved the issue.  You will definitely want some policy that allows traffic between the two VLANs.  The "allow list VLANS stateless" shown above would be an even better option since there will be no filtering or sessions expiring between the two VLANs.  I went ahead and flagged this post as "Assumed Answered".  If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.

Thanks!

David