1701 bridging 2 ip subnets

davidresponse · ‎08-30-2006

Can anyone advise please. ISP has assigned a single static ip address of xxx.xxx.xxx.xxx . They have now assigned 6 more static addresses but on another subnet. The router is configured for rfc 1483 bridging with the single static ip assigned to both ATM and FastEthernet. This works fine but how can I add the second subnet of ip's so that traffic is passed from the router to the firewall's public address which is one of the additional 6 static ip's. Your help is much appreciated.

desai.jaideep · ‎08-31-2006

Hi

Can you post the config?

Regards

JD

davidresponse · ‎08-31-2006

JD

Thanks for replying. Config is below. I have had to change the ip addresses for security reasons. The second subnet given to me by the ISP as we required 2 static addresses is xxx.xxx.xxx.xxx/29. Can I just use 1 of the new addresses for the interfaces or do I need to route to them? I would really like to AVOID using NAT as we will have ipsec VPN terminating on the firewall.

Thanks your help is much appreciated.

!

version 12.3

no service pad

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname visitorXS

!

boot-start-marker

boot-end-marker

!

username xxxxxxx privilege 15 password 0 xxxxxx

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

!

no ip cef

!

interface ATM0

mac-address 000f.f72d.ae77

ip address 193.77.193.186 255.255.255.255

no ip route-cache

no atm ilmi-keepalive

bundle-enable

dsl operating-mode ansi-dmt

hold-queue 224 in

pvc 8/35

encapsulation aal5snap

!

interface FastEthernet0

ip address 193.77.193.186 255.255.255.255

no ip route-cache

speed auto

bridge-group 1

!

ip classless

no ip http server

!

control-plane

!

bridge 1 protocol ieee

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

end

Edison Ortiz · ‎08-31-2006

interface ATM0

mac-address 000f.f72d.ae77

ip address 193.77.193.186 255.255.255.255

ip address [new ip address block] secondary

no ip route-cache

no atm ilmi-keepalive

bundle-enable

dsl operating-mode ansi-dmt

hold-queue 224 in

pvc 8/35

encapsulation aal5snap

!

interface FastEthernet0

ip address 193.77.193.186 255.255.255.255

ip address [new ip address block] secondary

no ip route-cache

speed auto

bridge-group 1

davidresponse · ‎09-01-2006

You can have multiple IP addresses assigned to an interface? Thats great. I will give it a go. Thanks for the help.

desai.jaideep · ‎09-01-2006

Hi

In my opinion, the if an ISP is able to give a different network pool for you then they must have made routing arrengements for you in their setup.Hence, if you give directly the new subnet's ip to your firewall, then it should work without giving secondary IP in your router.

Can you give it a try...try giving that IP in any of your PC, without giving that secondary IP?Make sure that the PC is connected to the same switch to which your router is connected to...

Pls rate helpful posts.

Regards

JD

Edison Ortiz · ‎09-02-2006

JD,

The router in question is the edge device between the customer and the ISP. How the new IP subnet would be bridged to the customer's DMZ devices ?

davidresponse · ‎09-02-2006

JD

Thanks. I shall give that a go first. I was thinking along the same lines but wasnt sure if the router needed to know about the extra subnet as a bridge has to be on the same subnet?

Edison Ortiz · ‎09-02-2006

Yes, make sure to use the 'secondary' keyword on the command.

Please rate helpful posts.

Thanks