Aloha AdTran Support Community!
My goal is to use the wireless functionality of the cable modem, while having the AdTran provide DHCP & QoS to the wired and wireless networks.
I'm using a 3448 behind a Motorola SURFboard SBG6580 Residential Gateway cable modem that includes built-in Wifi and 4 Ethernet switchports.
When using the default configuration, the public IP address is assigned to the cable modem, which performs NAT and DHCP for the rest of the network.
This does not allow the AdTran to QoS the Wifi traffic, which has impacted the voice quality of a Polycom phone wired to the AdTran.
On the cable modem I have disabled "NAPT mode" and its DHCP server. I've enabled "Rg PassThrough" and added the AdTran eth 0/1 to the "PassThrough Mac Addresses".
Now the AdTran is able to acquire a public IP address and provide DHCP to the wired network, but the wireless network then does not have any layer 3 connectivity.
I've been able to temporarily restore the wifi by connecting an AdTran switchport to one of the other cable modem switchports.
This allows the AdTran to provide DHCP to the wireless network with the AdTran as the gateway, thereby enforcing QoS on the wireless traffic.
That achieves my goal for a few minutes, and then the AdTran eth 0/1 interface eventually drops the public IP and leases a private IP from itself.
How can I prevent the AdTran from giving itself an IP address?
I've tried an ACL to drop packets coming into eth 0/1 from the private network but that doesn't seem to be effective.
- You are right in both regards. My apologies, that was a slip up on my part. You are right, my example should have looked like this:
ip access-list extended BLOCK-DHCP
deny udp host <LAN DHCP server> any eq 67
deny udp host <LAN DHCP server> any eq 68
permit ip any any
interface eth 0/1
ip address dhcp
ip access-group BLOCK-DHCP in
no shutdown
Your example, however, would be more through and block traffic coming from the entire 172.16.20.x network.
Let us know if you have any further questions.
Thanks,
Noor
- Thanks for posting your question to the forum!
I have a few questions in addition to the information you have already provided:
1. Is the port that NetVanta eth 0/1 port is plugging into a switchport on the Motorola modem or is it a separate routeable interface?
2. What is the private subnet your wireless clients are sitting on?
3. Is the DHCP currently turned on for the Motorola modem for wired or wireless users?
Thanks,
Noor
1. This model of modem only provides four identical switchports. There are no options to configure these ports. This is where the netvanta eth 0/1 and switchport are both connected.
2. When working as intended, all wired and wireless clients are using VLAN 20, 172.16.20.0/24. This is not a requirement, so I can separate them if necessary.
3. The cable modem DHCP server listens to both the wired and wireless networks and does not allow me to set the default gateway, hence the wireless traffic bypassing the AdTran, so it is currently disabled. I can configure static leases, but there is only one pool available.
- I haven't tested this idea but have you tried configuring an access-group to block incoming requests from the VLAN to eth 0/1. The configuration would look a little something like this:
ip access-list extended BLOCK-DHCP
deny tcp host <LAN DHCP server> any eq 67
deny tcp host <LAN DHCP server> any eq 68
permit ip any any
interface eth 0/1
ip address dhcp
ip access-group BLOCK-DHCP in
no shutdown
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
noor wrote:
deny tcp host <LAN DHCP server> any eq 67
deny tcp host <LAN DHCP server> any eq 68
Thanks noor! I should be able to test this in a couple hours.
Should the above be udp rather than tcp?
Would something like this be more thorough?
ip access-list extended BLOCK-LAN
deny ip 172.16.20.0 0.0.0.255 any log
permit ip any any
- You are right in both regards. My apologies, that was a slip up on my part. You are right, my example should have looked like this:
ip access-list extended BLOCK-DHCP
deny udp host <LAN DHCP server> any eq 67
deny udp host <LAN DHCP server> any eq 68
permit ip any any
interface eth 0/1
ip address dhcp
ip access-group BLOCK-DHCP in
no shutdown
Your example, however, would be more through and block traffic coming from the entire 172.16.20.x network.
Let us know if you have any further questions.
Thanks,
Noor
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi