Cisco bridging

[Skud]

Hi all,

I have a Cisco 2600 with a T1 WIC and an Ethernet port. The T1 is an Internet T1, but we only have ONE public I.P. (don't ask). Currently, the Cisco is doing NAT.

I need to be able to use that public I.P. on a Sonicwall.

Usually, I would assign an I.P. from the block to the Ethernet0/0 port on the Cisco and then another on the WAN port of the Sonicwall. In this case though, I only have 1 public I.P. and that gets assigned to the Serial0/0 interface of the Cisco.

I'm trying to bridge the Serial and Ethernet interfaces on the Cisco. So far I have:

- disabled ip routing
- created a bridge group (bridge group 1 protocol ieee)
- removed i.p. addresses from the serial and ethernet interfaces
- added the serial and ethernet interfaces to the bridge group
- disabled NAT

It doesn't work. I've searched and I can find plenty of instances in bridging a point to point T1, but not using a bridge to move the WAN I.P. to another device and basically using the Cisco as a T1 to Ethernet converter.

Any thoughts? This is killing me..

Thanks!!
Riley

 

[edicted]

What model router, version of IOS?

 

[edicted]

Also have you created a BVI?

Configuring the Bridge-Group Virtual Interface

The bridge-group virtual interface resides in the router. It acts like a normal routed interface that does not support bridging, but represents the entire corresponding bridge group to routed interfaces within the router. The bridge-group virtual interface is assigned the number of the bridge group that it represents. The bridge-group virtual interface number is the link between the bridge-group virtual interface and its bridge group. Because the bridge-group virtual interface is a virtual routed interface, it has all the network layer attributes, such as a network address and the ability to perform filtering. Only one bridge-group virtual interface is supported for each bridge group.

When you enable routing for a given protocol on the bridge-group virtual interface, packets coming from a routed interface but destined for a host in a bridged domain are routed to the bridge-group virtual interface, and are forwarded to the corresponding bridged interface. All traffic routed to the bridge-group virtual interface is forwarded to the corresponding bridge group as bridged traffic. All routable traffic received on a bridged interface is routed to other routed interfaces as if it is coming directly from the bridge-group virtual interface.

To create a bridge-group virtual interface, use the following command in interface configuration mode:

Command: Router(config-if)# interface bvi bridge-group

Purpose: Enables a bridge-group virtual interface.

When you intend to bridge and route a given protocol in the same bridge group, you must configure the network-layer attributes of the protocol on the bridge-group virtual interface. Do not configure protocol attributes on the bridged interfaces. No bridging attributes can be configured on the bridge-group virtual interface.

Although it is generally the case that all bridged segments belonging to a bridge group are represented as a single segment or network to the routing protocol, there are situations where several individual networks coexist within the same bridged segment. To make it possible for the routed domain to learn about the other networks behind the bridge-group virtual interface, configure a secondary address on the bridge-group virtual interface to add the corresponding network to the routing process.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.htm

That link may be of help.

 

[Skud]

Got it working and I didn't even have to bridge it.

Here's what I did.

This is the "old" way:

[(192.168.1.1) Ethernet0/0] <----> (Cisco 2600 w/NAT) <-----> [Serial 0/0 (xxx.xxx.xxx.89/30)] <------>Default route xxx.xxx.xxx.90/30 <-----> Intarweb

The new hotness:

[Sonicwall WAN (xxx.xxx.xxx.89/30)] <------> [Ethernet 0/0 (xxx.xxx.xxx.90/30)] <-------> (Cisco 2600) <-----> [Serial 0/0 (ip unnumbered ethernet 0/0)] <------> Default route Serial 0/0 <----> Intarweb

- Move the I.P. that was the default route on the Cisco to the Ethernet 0/0 interface
- used "ip unnumbered Ethernet 0/0" on the Serial interface
- added "ip route 0.0.0.0 0.0.0.0 Serial 0/0"

This lets me use my single public I.P. on the WAN side of my sonicwall.

Riley

 

[WesM63]

Got it working and I didn't even have to bridge it.

Here's what I did.

This is the "old" way:

[(192.168.1.1) Ethernet0/0] <----> (Cisco 2600 w/NAT) <-----> [Serial 0/0 (xxx.xxx.xxx.89/30)] <------>Default route xxx.xxx.xxx.90/30 <-----> Intarweb

The new hotness:

[Sonicwall WAN (xxx.xxx.xxx.89/30)] <------> [Ethernet 0/0 (xxx.xxx.xxx.90/30)] <-------> (Cisco 2600) <-----> [Serial 0/0 (ip unnumbered ethernet 0/0)] <------> Default route Serial 0/0 <----> Intarweb

- Move the I.P. that was the default route on the Cisco to the Ethernet 0/0 interface
- used "ip unnumbered Ethernet 0/0" on the Serial interface
- added "ip route 0.0.0.0 0.0.0.0 Serial 0/0"

This lets me use my single public I.P. on the WAN side of my sonicwall.

Riley

Thats how I would of done it.

 

[Skud]

Thats how I would of done it.

I see HOW it works, but I don't understand WHY it works.

For example, previously the default route was going to xxx.xxx.xxx.90. I would assume that the .90 address is the I.P. of the router on the other side.

I don't understand how I can take that .90 I.P. and assign it to my device.

Riley

 

[Skud]

Bump..

Anyone know why this works?

Riley