Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mainenetworks
New Contributor
‎10-02-2014 09:26 AM

Netvanta 3120 traffic not traversing between WANs

Jump to solution

I have (2) 3120 routers connected via a layer 2 point to point.  Both routers are configured as follows; eth 0/1 is Internet, Switchport 1 is VLAN1 (LAN), Switchport 2 is VLAN2 (point to point). 

VLAN1 on Router 1 is set with an IP of 10.0.0.254.  VLAN1 on Router 2 is set with an IP of 10.1.0.254.

VLAN2 on Router 1 is set with an IP of 192.168.0.1.  VLAN2 on Router 2 is set with an IP of 192.168.0.2.

Router 1 can ping from VLAN1 (10.0.0.254) to VLAN2 (192.168.0.1).  Router 2 can ping from VLAN1 (10.1.0.254) to VLAN2 (192.168.0.2).

Router 1 can ping from VLAN2 (192.168.0.1) to Router 2 VLAN2 (192.168.0.2).  Router 2 can ping from VLAN2 (192.168.0.2) to Router 1 VLAN2 (192.168.0.1).

However, Router 1 VLAN1 (10.0.0.254) ping fails to Router 2 VLAN1 (10.1.0.254).

I have static route entries for 10.1.0.0/16 and 10.0.0.0/16

Both VLAN1 and VLAN2 are in the same Private access policy with extended access lists that should allow traffic to flow.  I've read the Quick Start Guide on Intervlan routing and am not sure what I am missing.  Any insight is appreciated.

Here are my configs:

Router 1:

! ADTRAN OS version R11.4.1.E

! Boot ROM version 17.01.01.00

! Platform: NetVanta 3120, part number 1700601G2

! Serial number LBADTN1320AM847

!

hostname "Westbrook"

enable password password

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip routing

domain-name "mainenet.local"

domain-proxy

name-server 69.49.138.3 72.55.232.3 

!

no auto-config

!

event-history on

no logging forwarding

logging forwarding priority-level info

no logging email

!

no service password-encryption

!

username "admin" password "password"

username "root" password "password"

!

ip policy-timeout tcp 1723 14400

!

ip firewall

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

no ip firewall alg sip

!

no dot11ap access-point-control

!

qos map "DSCP 46" 1

  match any

!

vlan 1

  name "Default" 

!

vlan 2

  name "Westbrook - Brewer" 

!

interface eth 0/1

  description Oxford Networks

  ip address  69.49.134.204  255.255.255.248 

  ip access-policy Public

  qos-policy in "DSCP 46"

  qos-policy out "DSCP 46"

  no awcp

  no shutdown

  no lldp send-and-receive

!

interface switchport 0/1

  no shutdown

!

interface switchport 0/2

  no shutdown

  switchport access vlan 2

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  no shutdown

!

interface vlan 1

  ip address  10.0.0.254  255.255.0.0 

  ip access-policy Private

  no shutdown

!

interface vlan 2

  ip address  192.168.0.1  255.255.255.0 

  ip mtu 1500

  ip access-policy Private

  no rtp quality-monitoring

  no awcp

  no shutdown

!

ip access-list standard ics

  remark NAT list ics

  permit any

  remark Internet Connection Sharing

!

ip access-list extended Data

  permit ip any  any    

  remark allow Non Voice

!

ip access-list extended gre-allow

  remark GRE-allow

  permit gre any  host 69.49.134.204     log

!

ip access-list extended http-allow

  remark vmail

  permit tcp any  host 69.49.134.204 eq www   log

!

ip access-list extended https-allow

  remark https-allow

  permit tcp any  host 69.49.134.204 eq https   log

!

ip access-list extended phone-allow

  remark phone port 5001

  permit tcp any  host 69.49.134.204 eq 5001   log

!

ip access-list extended phone1-allow

  remark non-vpnphone-allow

  permit udp any  host 69.49.134.204 range 6004 6999    log

!

ip access-list extended phone2-allow

  remark non-vpnphone-allow

  permit tcp any  host 69.49.134.204 eq 50000   log

!

ip access-list extended pptp-allow

  remark PPTP

  permit tcp any  host 69.49.134.204 eq 1723   log

!

ip access-list extended rdp-allow

  remark RDP-allow

  permit tcp 69.49.134.200 0.0.0.7  host 69.49.134.204 eq 3389   log

!

ip access-list extended self

  remark Traffic to UNIT

  permit ip any  any     log

!

ip access-list extended smtp-allow

  remark smtp-allow

  permit tcp any  host 69.49.134.204 eq smtp   log

!

ip access-list extended smtp-block

  remark block all except server

  permit tcp host 10.0.0.1  any eq smtp   log

  deny   tcp any  any eq smtp   log

!

ip access-list extended vmail-allow

  remark vmail-allow

  permit tcp any  host 24.39.42.18 eq 13777   log

!

ip access-list extended VLAN1-to-VLAN2

  remark Allow VLAN1 to VLAN2

  permit ip 10.0.0.0 0.255.255.255  192.168.0.0 0.0.0.255    

!

ip access-list extended VLAN2-toVLAN1

  remark Allow VLAN2 to VLAN1

  permit ip 192.168.0.0 0.0.0.255  10.0.0.0 0.255.255.255    

!

ip policy-class Private

  allow list self self

  allow list VLAN1-to-VLAN2 stateless

  allow list VLAN1-to-VLAN2 stateless

  nat source list ics interface eth 0/1 overload

  allow list smtp-block

!

ip policy-class Public

  nat destination list smtp-allow address 10.0.0.1

  nat destination list gre-allow address 10.0.0.1

  nat destination list pptp-allow address 10.0.0.1

  nat destination list https-allow address 10.0.0.1

  nat destination list http-allow address 10.0.0.162

  nat destination list vmail-allow address 10.0.0.162

  nat destination list phone-allow address 10.0.0.160

  nat destination list phone2-allow address 10.0.0.160

  nat destination list phone1-allow address 10.0.0.161

!

!

ip route 0.0.0.0 0.0.0.0 69.49.134.201

ip route 10.1.0.0 255.255.0.0 192.168.0.1

!

no tftp server

no tftp server overwrite

http server

http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

sip udp 5060

sip tcp 5060

!

line con 0

  login

!

line telnet 0 4

  login local-userlist

  password password

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

ntp peer 10.0.0.1

!

end

__________________________________________________________________

Router 2:

! ADTRAN OS version R11.4.1.E

! Boot ROM version 17.01.01.00

! Platform: NetVanta 3120, part number 1700601G2

! Serial number LBADTN1413AM003

!

hostname "Brewer"

enable password password

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip routing

domain-name "mainenet.local"

domain-proxy

name-server 69.49.138.3 72.55.232.129 

!

no auto-config

!

event-history on

no logging forwarding

logging forwarding priority-level info

no logging email

!

no service password-encryption

!

username "admin" password "password"

username "root" password "password"

!

ip policy-timeout tcp 1723 14400

!

ip firewall

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

no ip firewall alg sip

!

no dot11ap access-point-control

!

ip dhcp excluded-address 10.1.0.1 10.1.0.254

!

ip dhcp pool "Private"

  network 10.1.0.0 255.255.0.0

  domain-name "colonialadj.local"

  dns-server 10.0.0.1 10.1.0.254 69.49.138.3 72.55.232.3

  netbios-name-server 10.0.0.1

  netbios-node-type h-node

  default-router 10.1.0.254

  ntp-server 10.0.0.1

!

qos map "DSCP 46" 1

  match any

!

vlan 1

  name "Default" 

!

vlan 2

  name "Westbrook-Brewer" 

!

interface eth 0/1

  description Oxford Networks

  ip address  69.49.134.205  255.255.255.248 

  ip access-policy Public

  no rtp quality-monitoring

  no awcp

  no shutdown

  no lldp send-and-receive

!

interface switchport 0/1

  no shutdown

!

interface switchport 0/2

  no shutdown

  switchport access vlan 2

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  no shutdown

!

interface vlan 1

  ip address  10.1.0.254  255.255.0.0 

  ip access-policy Private

  no shutdown

!

interface vlan 2

  ip address  192.168.0.2  255.255.255.0 

  ip access-policy Private

  no awcp

  no shutdown

!

ip access-list standard ics

  remark NAT list ics

  permit any

  remark Internet Connection Sharing

!

!

ip access-list extended Data

  permit ip any  any    

  remark allow Non Voice

!

ip access-list extended self

  remark Traffic to UNIT

  permit ip any  any     log

!

ip access-list extended smtp-block

  remark Block SMTP

  deny   tcp any  any eq smtp   log

!

ip access-list extended P2P1

  remark Allow VLAN1-to-VLAN2

  permit ip 10.0.0.0 0.255.255.255  192.168.0.0 0.0.0.255    

!

ip access-list extended P2P2

  remark Allow VLAN2-to-VLAN1

  permit ip 192.168.0.0 0.0.0.255  10.0.0.0 0.255.255.255      

!

ip policy-class Private

  allow list self self

  allow list P2P1 stateless

  allow list P2P2 stateless

  nat source list ics interface eth 0/1 overload

  allow list smtp-block

!

ip policy-class Public

  ! Implicit discard

!

!

ip route 0.0.0.0 0.0.0.0 69.49.134.201

ip route 10.0.0.0 255.255.0.0 192.168.0.2

!

no tftp server

no tftp server overwrite

http server

http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

sip udp 5060

sip tcp 5060

!

line con 0

  login

!

line telnet 0 4

  login local-userlist

  password password

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

ntp peer 10.0.0.1

ntp peer ntp.colby.edu

!

end

Tags (2)
0 Kudos
Reply
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor
‎10-04-2014 11:58 AM

Re: Netvanta 3120 traffic not traversing between WANs

Jump to solution

Your next-hop on the static routes points to the local device instead of the remote. 

On router 1:

no ip route 10.1.0.0 255.255.0.0 192.168.0.1

ip route 10.1.0.0 255.255.0.0 192.168.0.2


On router 2:

no ip route 10.0.0.0 255.255.0.0 192.168.0.2

ip route 10.0.0.0 255.255.0.0 192.168.0.1

View solution in original post

Reply
3 Replies
jayh
Honored Contributor
Honored Contributor
‎10-04-2014 11:58 AM

Re: Netvanta 3120 traffic not traversing between WANs

Jump to solution

Your next-hop on the static routes points to the local device instead of the remote. 

On router 1:

no ip route 10.1.0.0 255.255.0.0 192.168.0.1

ip route 10.1.0.0 255.255.0.0 192.168.0.2


On router 2:

no ip route 10.0.0.0 255.255.0.0 192.168.0.2

ip route 10.0.0.0 255.255.0.0 192.168.0.1

Reply
mainenetworks
New Contributor
‎10-06-2014 08:48 AM

Re: Netvanta 3120 traffic not traversing between WANs

Jump to solution

Gateways of the static routes were incorrect as jayh noted.

In addition I had to add the following access-lists:

ip access-list extended P2P

    permit ip 10.0.0.0 0.255.255.255  10.0.0.0 0.255.255.255

assign the access list to Private:

  ip policy-class Private

    allow list P2P

assign the Private policy to the interfaces:

  interface vlan 1

    ip address  10.0.0.254  255.255.0.0

    ip access-policy Private

  interface vlan 2

    ip address  192.168.0.1  255.255.255.0

    ip access-policy Private

Accept as Solution Reply
Anonymous
Not applicable
‎10-07-2014 01:33 PM

Re: Netvanta 3120 traffic not traversing between WANs

Jump to solution

mainenetworks:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi

0 Kudos
Accept as Solution Reply