Hello,
I am trying to configure a NV6355 for Multiple IP Address usage. Let me explain what I am hoping to accomplish.
1. Internet is coming in on a fiber connection, VLAN tagged 61. I am using an SFP module on GIG 0/2. The IP's are gateway: X.X.X.241, NV6355: X.X.X.242, the block is X.X.X.225 - X.X.X.230. All the IP's are on the same subnet.
2. All the ports are set to trunked. VLAN 61 has been created and assigned the IP address X.X.X.242. An IP route 0.0.0.0 0.0.0.0 X.X.X.241 has been created, and internet access is present on all ports after running the firewall wizard.
3. The block of IP addresses will be used on other public devices that will be plugged into the 6355. I can add the block as secondary IP address's on the VLAN interface, and ping them all. When I remove the block and add an IP to a public device, the ping times out.
So I am hoping that there is a way to configure the 6355 for the routing of the block of IP address's to the public devices plugged into the unit. I have tried to configure encapsulation 802.1q and sub-interface on GIG 0/2, but get an error stating "could not perform operation."
If there is not a method of doing this, can anyone recommend an Adtran router that will do this with a fiber connection?
Thanks,
Jack
!
!
! ADTRAN, Inc. OS version R10.5.0.E
! Boot ROM version A2.06.B1
! Platform: NetVanta 6355, part number 1200740E1
! Serial number ***************
!
!
hostname "NV6355"
enable password ********
!
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip default-gateway 65.113.121.241
ip routing
ipv6 unicast-routing
!
!
domain-proxy
name-server 65.113.120.2 65.113.120.3
!
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password "********"
username "polycomftp" password "********"
ip forward-protocol udp time
ip forward-protocol udp nameserver
ip forward-protocol udp tacacs
ip forward-protocol udp tftp
ip forward-protocol udp netbios-ns
ip forward-protocol udp netbios-dgm
!
!
ip firewall
ip firewall stealth
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
ip dhcp database local
!
ip dhcp pool "LAN_pool"
network 10.10.10.0 255.255.255.0
dns-server 10.10.10.1
netbios-node-type h-node
default-router 10.10.10.1
tftp-server tftp://10.10.10.1
ntp-server 10.10.10.1
timezone-offset -6:00
option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.20.1:/ADTRAN,FtpLogin=polycomftp,FtpPassword=********,Layer2Tagging=True,VlanID=2
!
ip dhcp pool "VoIP_pool"
network 10.10.20.0 255.255.255.0
dns-server 10.10.20.1
netbios-node-type h-node
default-router 10.10.20.1
tftp-server tftp://10.10.20.1
ntp-server 10.10.20.1
timezone-offset -6:00
option 157 ascii TftpServers=0.0.0.0,FtpServers=10.10.20.1:/ADTRAN,FtpLogin=polycomftp,FtpPassword=********,Layer2Tagging=True,VlanID=2
!
!
!
!
!
!
!
!
!
!
!
!
vlan 1
name "Default"
!
vlan 61
name "VLAN 61"
!
!
interface eth 0/0
ip address dhcp
media-gateway ip primary
no shutdown
no lldp send-and-receive
!
!
interface eth 0/1
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/2
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/3
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/4
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/5
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/6
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/7
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/8
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/9
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/10
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/11
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/12
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/13
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/14
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/15
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/16
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/17
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/18
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/19
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/20
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/21
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/22
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/23
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
interface eth 0/24
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport voice vlan 2
!
!
!
interface gigabit-eth 0/1
no shutdown
switchport mode trunk
!
!
interface gigabit-eth 0/2
no shutdown
switchport mode trunk
!
!
!
!
interface vlan 1
ip address 10.10.10.1 255.255.255.0
ip access-policy Private
media-gateway ip primary
no shutdown
!
interface vlan 61
ip address 65.113.121.242 255.255.255.252
ip mtu 1500
ip helper-address 65.113.121.241
ip access-policy Public
media-gateway ip primary
no awcp
no shutdown
!
!
interface fxs 0/1
no shutdown
!
interface fxs 0/2
no shutdown
!
!
interface fxo 0/1
no shutdown
!
interface fxo 0/2
no shutdown
!
!
!
!
!
!
!
!
ip access-list standard NAT
remark Internet Connection Sharing
permit any
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended Admin
remark Admin Access
permit tcp any any eq https log
permit tcp any any eq ssh log
!
ip access-list extended InterVLAN
remark Voice / Data VLAN Traffic
permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip 10.10.20.0 0.0.0.255 10.10.10.0 0.0.0.255
!
ip access-list extended self
remark Traffic to NetVanta
permit ip any any log
!
ip access-list extended SIP
remark SIP Service Provider Traffic
permit udp any any eq 5060
!
ip access-list extended web-acl-7
permit tcp any any eq telnet log
permit tcp any any eq https log
permit icmp any any echo log
!
ip access-list extended web-acl-8
permit tcp any any eq telnet log
permit tcp any any eq https log
permit icmp any any echo log
!
!
!
!
ip policy-class Private
allow list self self
nat source list wizard-ics interface vlan 61 overload
allow list web-acl-7 self
!
ip policy-class Public
allow list web-acl-8 self
!
!
!
ip route 0.0.0.0 0.0.0.0 65.113.121.241
!
tftp server
tftp server overwrite
http server
http secure-server
no snmp agent
ip ftp server
ip ftp server default-filesystem flash
no ip scp server
ip sntp server
ip sntp server send-unsynced
!
!
!
!
!
!
!
!
!
ip sip
ip sip udp 5060
no ip sip tcp
!
!
!
voice feature-mode network
voice forward-mode network
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip sip proxy
ip sip proxy transparent
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
no login
!
line telnet 0 4
login local-userlist
no shutdown
line ssh 0 4
login local-userlist
no shutdown
!
sntp server time.nist.gov
!
!
!
!
!
!
end
NV6355#
Ta5000guy77,
Thanks for posting! If I understand this correctly, it sounds like you have just a completely separate /29 subnet you can use. Generally I would recommend that you create a new VLAN, VLAN 100 for example, and assign one public IP address from that range to the VLAN interface. So at this point we have VLAN 100 created with IP address x.x.x.225. Next, I would assign a few ethernet interfaces as access ports (not trunk ports) on VLAN 100. For example, if you have three device which need public IP addresses, you could change ethernet ports 22,23, and 24 to access ports on VLAN 100.
(config)#interface vlan 100
(config-intf-vlan 100)#ip address x.x.x.225 255.255.255.248
(config-intf-vlan 100)#no shutdown
(config)#interface range eth 0/22-24
(config-eth 0/22-24)#switchport mode access
(config-eth 0/22-24)#switchport access vlan 100
Now you should be able to give devices on those ports one of the available public IP addresses and set its default gateway to the Adtran unit's x.x.x.225 IP address. Your next step will be to make sure the firewall is allowing traffic to and from this subnet. The following guide goes over setting up a DMZ.
Configuring a DMZ in AOS - Quick Configuration Guide
If you have any further questions, feel free to add those questions to this thread.
Thanks!
David
Ta5000guy77,
Thanks for posting! If I understand this correctly, it sounds like you have just a completely separate /29 subnet you can use. Generally I would recommend that you create a new VLAN, VLAN 100 for example, and assign one public IP address from that range to the VLAN interface. So at this point we have VLAN 100 created with IP address x.x.x.225. Next, I would assign a few ethernet interfaces as access ports (not trunk ports) on VLAN 100. For example, if you have three device which need public IP addresses, you could change ethernet ports 22,23, and 24 to access ports on VLAN 100.
(config)#interface vlan 100
(config-intf-vlan 100)#ip address x.x.x.225 255.255.255.248
(config-intf-vlan 100)#no shutdown
(config)#interface range eth 0/22-24
(config-eth 0/22-24)#switchport mode access
(config-eth 0/22-24)#switchport access vlan 100
Now you should be able to give devices on those ports one of the available public IP addresses and set its default gateway to the Adtran unit's x.x.x.225 IP address. Your next step will be to make sure the firewall is allowing traffic to and from this subnet. The following guide goes over setting up a DMZ.
Configuring a DMZ in AOS - Quick Configuration Guide
If you have any further questions, feel free to add those questions to this thread.
Thanks!
David
Ta5000guy77,
I just wanted to check back in with you on this post. Have you been able to find a solution? Please let me know if you have more questions or need further assistance.
Thanks!
David
Ta5000guy77,
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
David