Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tbayne
New Contributor
‎06-24-2013 01:53 PM

Segregating two routed sub-nets and provide internet connectivity (inbound and outbound)

Jump to solution

Good afternoon,

Stating for the record that I am a newb at net working, and with Adtran switches.

I have a 1534P switch.  I have two sub-nets which need to share a single internet connection.

Currently I have internet (50 Mbps) connection terminating at the 1534, port 1, and the subnets at ports 3 and 5.  Each subnet has it's own firewall equipment (Sonicwall in one case, Cisco in the other).

After a bit of playing around things are working, but performance is terrible - roughly 1/10th (or less) of what it should be.  I have "protection" enabled on the ports to which the subnets are connected.

Any suggestions?

Terry

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎06-27-2013 02:07 PM

Re: Segregating two routed sub-nets and provide internet connectivity (inbound and outbound)

Jump to solution

:

There are several things I suggest you change.

  • Configure three separate VLANs for each subnet (instead of secondary subnets on one VLAN)
  • Configure the ports to be assigned to the VLANs
  • Add the command ip route-cache express to each VLAN interface
  • Configure the VLAN connected to the Internet connect to 50 Mbps
  • Also make sure the ports connected to the firewalls are negotiated to the proper speed and duplex

Here is an example:

interface vlan 1

description INTERNET CONNECTION

  ip address  24.214.206.174  255.255.255.252

  traffic-shape rate 50000000

  ip route-cache express

  no shutdown

interface vlan 2

description FIREWALL 1

  ip address 69.73.18.113  255.255.255.240

  ip route-cache express

  no shutdown

interface vlan 2

description FIREWALL 2

  ip address  207.98.167.65  255.255.255.248

  ip route-cache express

  no shutdown

interface gigabit-switchport 0/3

  description SED

  no shutdown

  switchport access vlan 2

  switchport protected

!

interface gigabit-switchport 0/5

  description Trident

  no shutdown

  switchport access vlan 3

  switchport protected


I hope that makes sense, but let me know what additional questions you have. 


Levi

View solution in original post

0 Kudos
Reply
4 Replies
Anonymous
Not applicable
‎06-26-2013 02:54 PM

Re: Segregating two routed sub-nets and provide internet connectivity (inbound and outbound)

Jump to solution

Terry:

Thank you for asking this question in the support community.  Hopefully, we will be able to get things back up to speed for you.  If you get a chance to reply to this post and attach a current version of the ADTRAN's firmware, I will be happy to review it for you (please, remember to remove any pieces of the configuration that is sensitive to the organization).

Are you able to plug a device directly into the ADTRAN unit (bypassing the firewalls) and obtain performance that meets your expectations?

Levi

0 Kudos
Accept as Solution Reply
tbayne
New Contributor
‎06-27-2013 12:31 PM

Re: Segregating two routed sub-nets and provide internet connectivity (inbound and outbound)

Jump to solution

Levi,

Thanks for the response.  Directly plugging into the switch (bypassing the firewall equipment) does not improve performance.

Further, I borrowed a router (dedicated small PC running pFSense), configured it, plugged both networks into it, and connected it's WAN port to our WAN connection - removing the Adtran switch.  In this configuration performance is as expected.  So in my opinion it is the configuration of the switch - or the capabilities of the switch to function in this capacity (mostly as a router).

Message was edited by: levi (Removed config. and added as attachment)

Switch Config.txt.zip
0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎06-27-2013 02:07 PM

Re: Segregating two routed sub-nets and provide internet connectivity (inbound and outbound)

Jump to solution

:

There are several things I suggest you change.

  • Configure three separate VLANs for each subnet (instead of secondary subnets on one VLAN)
  • Configure the ports to be assigned to the VLANs
  • Add the command ip route-cache express to each VLAN interface
  • Configure the VLAN connected to the Internet connect to 50 Mbps
  • Also make sure the ports connected to the firewalls are negotiated to the proper speed and duplex

Here is an example:

interface vlan 1

description INTERNET CONNECTION

  ip address  24.214.206.174  255.255.255.252

  traffic-shape rate 50000000

  ip route-cache express

  no shutdown

interface vlan 2

description FIREWALL 1

  ip address 69.73.18.113  255.255.255.240

  ip route-cache express

  no shutdown

interface vlan 2

description FIREWALL 2

  ip address  207.98.167.65  255.255.255.248

  ip route-cache express

  no shutdown

interface gigabit-switchport 0/3

  description SED

  no shutdown

  switchport access vlan 2

  switchport protected

!

interface gigabit-switchport 0/5

  description Trident

  no shutdown

  switchport access vlan 3

  switchport protected


I hope that makes sense, but let me know what additional questions you have. 


Levi

0 Kudos
Reply
Anonymous
Not applicable
‎09-05-2013 03:27 PM

Re: Segregating two routed sub-nets and provide internet connectivity (inbound and outbound)

Jump to solution

- I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor

0 Kudos
Accept as Solution Reply