Re: Cisco 871 Bridging and QoS

tolamonia · ‎03-26-2006

Here's a stumper for you. I have a Cisco 871 with 1 Ethernet WAN port and built-in 4 port switch. What I need to do is to use the same subnet on both the WAN and LAN/switched interfaces AND apply a QoS policy to the WAN interface.

My main problem is bridging the subnet from the WAN port to the switched ports. My attempt at this config did not work (see attached config file).

I need to get this running ASAP, since it's for a customer. Any ideas?

Thanks, in advance!

-Todd

Cisco 871 Config

----------------

!

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname tml-871

!

boot-start-marker

boot-end-marker

!

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

no aaa new-model

ip subnet-zero

no ip source-route

ip cef

!

ip tcp synwait-time 10

no ip bootp server

no ip domain lookup

ip domain name yourdomain.com

ip ssh time-out 60

ip ssh authentication-retries 2

ip ips po max-events 100

no ftp-server write-enable

!

interface FastEthernet0

no ip address

duplex full

speed 100

no cdp enable

!

interface FastEthernet1

no ip address

duplex full

speed 100

no cdp enable

!

interface FastEthernet2

no ip address

duplex full

speed 100

no cdp enable

!

interface FastEthernet3

no ip address

duplex full

speed 100

no cdp enable

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

ip address 215.52.112.62 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

traffic-shape rate 2000000 256000 256000 1000

no cdp enable

bridge-group 1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 215.52.112.60 255.255.255.255

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

ip tcp adjust-mss 1452

bridge-group 1

!

ip default-gateway 215.52.112.33

ip classless

ip route 0.0.0.0 0.0.0.0 215.52.112.33

!

logging trap debugging

no cdp run

!

control-plane

!

bridge 1 protocol ieee

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport preferred all

transport output telnet

line aux 0

login local

transport preferred all

transport output telnet

line vty 0 4

privilege level 15

login local

transport preferred all

transport input telnet ssh

transport output all

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

tekha · ‎03-26-2006

Well I'm guessing it would be something like this:

bridge 1 protocol ieee

bridge 1 route ip

!

interface FastEthernet4

bridge-group 1

no ip address

!

interface Vlan1

no ip address

bridge-group 1

!

Interface BVI1

ip address 215.52.112.62 255.255.255.224

tolamonia · ‎03-26-2006

Ahh, the BVI interface, forgot about that guy. Should I use bridge irb or the default crb?

Thanks,

Todd

r.drummond · ‎03-27-2006

i use bridge irb myself. when i originally set mine up, i just chose that from the configuration examples.

tolamonia · ‎03-27-2006

Thanks Tekha, this works as long as you also have "bridge irb" in the config. I appreciate the help!

-Todd