Solved

Adtran config with metro ethernet

Posted on 2008-09-30
6
1,866 Views
Last Modified: 2013-11-16
Experts,

I am going with a metro ethernet connection upgrade tomorrow, I have to supply the router and I would like to make sure my config looks good before the switch. There is a firewall behind this adtran router. This router will just be basic between the circuit and our watchguard firebox.

I have changed the ip's to random ip's but you have the idea.

I am curious if this config looks right or if I am missing somthing big. All I need this router to do is pass between the circuit and firebox.

66.15.127.202  is the public side of the router that connects to the circuit.
66.33.27.1  is the private side of the router that connects to the firewall.
66.15.127.201 is the ip of the telco not sure but needs a route from any to them 0.0.0.0 to 66.15.127.201
66.33.27.2 is the public side of the our watchgaurd firebox firewall.

!
!
! ADTRAN OS version 17.02.03.00.E
! Boot ROM version 14.04.00
! Platform: NetVanta 3120, part number 1700600L2
! Serial number LBADTN0740AJ831
!
!
hostname "Raleigh Main"
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip routing
ip domain-proxy
ip name-server 205.152.37.23 205.152.132.23
!
!
no auto-config
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
service password-encryption
!
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg h323
!
aaa on
ftp authentication LoginUseLocalUsers
!
!
aaa authentication login LoginUseTacacs group tacacs+
aaa authentication login LoginUseRadius group radius
aaa authentication login LoginUseLocalUsers local
aaa authentication login LoginUseLinePass line
!
aaa authentication enable default enable
!
aaa authentication port-auth default local
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
!
!
!
!
!
!
vlan 1
  name "Default"
!
!
interface eth 0/1
  description Public
  speed 100
  ip address  66.15.127.202  255.255.255.252
  access-policy Public
  no shutdown
  no lldp send-and-receive
!
!
interface switchport 0/1
  speed 100
  no shutdown
!
interface switchport 0/2
  no shutdown
!
interface switchport 0/3
  no shutdown
!
interface switchport 0/4
  no shutdown
!
!
!
interface vlan 1
  description Private
  ip address  66.33.27.1  255.255.255.128
  access-policy Private
  no shutdown
!
interface modem 0/1
  dialin
  no shutdown
!
!
!
!
!
ip access-list standard wizard-ics
  remark Internet Connection Sharing
  permit any
!
!
ip access-list extended Any
  permit ip any  any     log
!
ip access-list extended self
  remark Traffic to NetVanta
  permit ip any  any     log
!
ip access-list extended wizard-pfwd-1
  remark Port Forward 1
  permit ip any  host 66.15.127.202     log
!
ip policy-class Private
  allow list self self
  nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
  nat destination list wizard-pfwd-1 address 66.33.27.2
!
!
!
ip route 0.0.0.0 0.0.0.0 66.15.127.201
!
no ip tftp server
no ip tftp server overwrite
ip http authentication LoginUseLocalUsers
no ip http server
ip http secure-server
no ip snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
  login authentication LoginUseLinePass
  password encrypted
line con 1
!
line telnet 0 4
  login authentication LoginUseLinePass
  password encrypted
  shutdown
line ssh 0 4
  login authentication LoginUseLocalUsers
  shutdown
!
!
!
!
!
!
!
!
end


0
Comment
Question by:cbossert
  • 3
  • 3
6 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22613247
It looks fine except it appears you have NAT configured on the Adtran which you don't need if the Watchguard is handling NAT for the network.  I would also verify with your provider the speed and duplex settings for the metro ethernet connection.
0
 

Author Comment

by:cbossert
ID: 22613432
Jfrederick,

I am not sure how I would go about turning off the NAT, the Watchguard does NAT but I don't see it as an option to turn off. Do you happen to know this?

I set the speeds to 100 full per the telco requests, they were defaulted to auto before I changed them.

Thanks!
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22613484
Not overly familiar with Adtran but hopefully this takes care of it.

ip policy-class Private
no nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
no nat destination list wizard-pfwd-1 address 66.33.27.2
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:cbossert
ID: 22613711
I don't think this will work. when I turn off the NAT in those policy classes the fwd to 66.33.27.2 goes away and is replaced with an allow.

ip policy-class Private
allow list self self
allow list wizard-ics

ip policy-class public
allow list wizard-pfwd-1
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22614638
You don't need the forward since you are routing the two subnets, i.e. a request comes into 66.33.27.2, your ISP routes it to the Adtran via 66.15.127.202 and the Adtran routes it to the Watchguard.  The only thing I am not sure about is if you don't have an access-policy on the interface, is all traffic denied by default or allowed.  I am hoping allowed.  The Firewall will be doing the filtering...
0
 

Author Comment

by:cbossert
ID: 22623390
Jfredrick,

Thank you for your help. I was not able to test any of this out because the Adtran would not work with the ISP setup. The circuit needed to connect to the Adtran via a crossover cable and when we did this the adtran reported the ethernet line being down, so we couldn't get past that. I wound up taking a new Cisco 1811 router that we had purchased for another reason and used that.

I will award points to you but I was not able to verify

Thanks so much!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now