I am a little new to this but here is what I am hoping to achieve. I have an Adtran TA908e that I am managing as an ISP router. I am hoping to create a vLan to be able to attach it to my LAN for management purposes. Here is what I have done so far, but the LAN vLan does not work.
!
interface eth 0/1
description Publicly Routable LAN
encapsulation 802.1q
no shutdown
!
interface eth 0/1.1
description Publicly Routable LAN
vlan-id 1 native
ip address 216.5.156.185 255.255.255.248
no shutdown
interface eth 0/1.100
vlan-id 100
ip address 172.31.9.244 255.255.255.0
no shutdown
!
interface eth 0/2
description WAN
ip address 216.157.108.103 255.255.255.252
no shutdown
!
eth 0/1.1 is publicly routable and I already have two devices using .186 and .187 functioning. They are attached to an 8 port unmanaged switch attached to eth 0/1. I have another cable from that unmanaged switch to one of the switches on my LAN. That's why I setup the vlan-id 100 on eth 0/1.100 to match the vlan on my LAN. I cannot access the Adtran router through the 172.31.9.244.
This Adtran is there to route the traffic from the public range of IP's that the ISP gave me to there equipment. This is working exactly as it should. What I need is a way to manage the Adtran from my LAN. Any help or recommendations would be greatly appreciated.
Joshua
Best Answer
There are a few things wrong.
Your unmanaged switch doesn't understand vlan tagging. You need a managed switch that supports vlan tagging in order to make this work.
You need an ACL or other method of filtering traffic to block access to your management interface. As you have it now, anyone can access it.
You need to insure that your static routing is configured correctly so that your management traffic only goes to to internal network.