Support
Community

Anonymous · ‎04-17-2013

I have a Netvanta 1335 that I have IP Firewall Enabled. I am using vlan 1, 2 and 200 in the 1335. I have vlan 2 and 200 setup with the Private Access policy overloading to vlan 1 which is setup for my Public Policy. All in the 1335 is working correct, I can get on the internet from any vlan. I also have a DHCP server on vlan 1. I have a trunk port configured on port 0/23 going to a 1234 Netvanta. The Trunk is setup to allow vlan 1,2 and 200. Firewall in the 1335 is not allowing clients in vlan 1 on the 1234 to get DHCP.

Interface vlan 1 on the 1335 is 192.168.0.254, interface vlan 1 on the 1234 is 192.168.0.253. I can ping int vlan 1 on the 1234 from the 1335 but cant ping from the 1234 back to int vlan 1 on the 1335 unless I turn off the ip firewall in the 1335. What could I do to correct this? Below is the configs for both switches

Thanks

Anonymous · ‎04-19-2013

I needed to create a couple of ACL's and apply then to the Public policy-class. This allowed the access that I needed from Vlan 1 to 200.

interface vlan 1

description Customer_Data

ip address 192.168.0.254 255.255.255.0

ip access-policy Public

ip route-cache express

no shutdown

!

interface vlan 2

description RSVP

ip address 192.168.2.254 255.255.255.0

ip access-policy Private

ip route-cache express

no shutdown

!

interface vlan 200

description Voice

ip address 192.168.200.254 255.255.255.0

ip access-policy Private

ip route-cache express

no shutdown

!

ip access-list standard PUBLIC

permit any

!

ip access-list standard wizard-ics

remark Internet Connection Sharing

permit any

!

ip access-list extended Remote

remark do not hand edit this ACL

permit tcp any any eq www log

permit tcp any any eq telnet log

permit tcp any any eq ssh log

permit tcp any any eq ftp log

permit icmp any any echo log

permit tcp any any eq https log

!

ip access-list extended self

remark Traffic to NetVanta

permit ip any any log

!

ip access-list extended web-acl-5

remark Vlan_1_TO_Vlan_200

permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255

!

ip access-list extended web-acl-7

remark Admin_Access

permit tcp 192.168.0.0 0.0.0.255 any eq www log

permit tcp 192.168.0.0 0.0.0.255 any eq telnet log

permit tcp 192.168.0.0 0.0.0.255 any eq https log

permit tcp 192.168.0.0 0.0.0.255 any eq ssh log

permit tcp 192.168.0.0 0.0.0.255 any eq ftp log

permit icmp 192.168.0.0 0.0.0.255 any echo log

!

ip policy-class Private

allow list self self

nat source list wizard-ics interface vlan 1 overload

!

ip policy-class Public

allow list web-acl-5

allow list web-acl-7 self

!

View solution in original post

Anonymous · ‎04-19-2013

- Thanks for posting on the forum!

It looks like you have opened a ticket with Adtran Tech Support regarding this question. If you don't mind, please post the resolution to your question so others can benefit from it.

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

Anonymous · ‎04-19-2013

I needed to create a couple of ACL's and apply then to the Public policy-class. This allowed the access that I needed from Vlan 1 to 200.

interface vlan 1

description Customer_Data

ip address 192.168.0.254 255.255.255.0

ip access-policy Public

ip route-cache express

no shutdown

!

interface vlan 2

description RSVP

ip address 192.168.2.254 255.255.255.0

ip access-policy Private

ip route-cache express

no shutdown

!

interface vlan 200

description Voice

ip address 192.168.200.254 255.255.255.0

ip access-policy Private

ip route-cache express

no shutdown

!

ip access-list standard PUBLIC

permit any

!

ip access-list standard wizard-ics

remark Internet Connection Sharing

permit any

!

ip access-list extended Remote

remark do not hand edit this ACL

permit tcp any any eq www log

permit tcp any any eq telnet log

permit tcp any any eq ssh log

permit tcp any any eq ftp log

permit icmp any any echo log

permit tcp any any eq https log

!

ip access-list extended self

remark Traffic to NetVanta

permit ip any any log

!

ip access-list extended web-acl-5

remark Vlan_1_TO_Vlan_200

permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255

!

ip access-list extended web-acl-7

remark Admin_Access

permit tcp 192.168.0.0 0.0.0.255 any eq www log

permit tcp 192.168.0.0 0.0.0.255 any eq telnet log

permit tcp 192.168.0.0 0.0.0.255 any eq https log

permit tcp 192.168.0.0 0.0.0.255 any eq ssh log

permit tcp 192.168.0.0 0.0.0.255 any eq ftp log

permit icmp 192.168.0.0 0.0.0.255 any echo log

!

ip policy-class Private

allow list self self

nat source list wizard-ics interface vlan 1 overload

!

ip policy-class Public

allow list web-acl-5

allow list web-acl-7 self

!

Anonymous · ‎07-09-2013

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor

Support
Community

Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

SupportCommunity

Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Re: Netvanta 1335 Firewall question

Support
Community