Hello All,
I have a 1224str pwr switch with several vlans uplinking to cisco router. Yes, I know the adtran I have can act as a firewall/router. The Cisco (Meraki) is an addon. We didn't see the need to replace the Adtran as it is a managed poe device. The problem I have is that it still seems to need ip interfaces defined in order to pass traffic. The uplink ports on the Cisco and the Adtran are defined as trunk ports and have the data vlan (10) set as native. The Adtran however is interfereing with the router in that the switch is doing inter vlan router in spite of configuring the Cisco router to retrict the traffc.
How can I make the adtran to stop acting as a L3 device? The following commands are in the config (partial sample not revealing vlans) Any suggestions?
ip subnet-zero
ip classless
no ip routing
no auto-config
ip forward-protocol udp time
ip forward-protocol udp nameserver
ip forward-protocol udp tacacs
ip forward-protocol udp tftp
ip forward-protocol udp netbios-ns
ip forward-protocol udp netbios-dgm
ip policy-timeout udp all-ports 300
no ip firewall alg ftp
no ip firewall alg msn
no ip firewall alg pptp
no ip firewall alg h323
no ip firewall alg sip
"no ip routing" should do it and just work. I'd also turn off the "ip forward-protocol" and just go to a straight "no ip firewall". In essence, no-out all IP statements other than the one where you apply an address to the management VLAN and "ip default-gateway" pointing to the upstream router for management.
The only need for any ip configuration on a layer-2 switch is for the ability to connect to it and manage it via SSH / telnet / http(s).
"no ip routing" should do it and just work. I'd also turn off the "ip forward-protocol" and just go to a straight "no ip firewall". In essence, no-out all IP statements other than the one where you apply an address to the management VLAN and "ip default-gateway" pointing to the upstream router for management.
The only need for any ip configuration on a layer-2 switch is for the ability to connect to it and manage it via SSH / telnet / http(s).
acl:
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it, and select another in its place, with the applicable buttons.
Thanks,
Levi