Thank you for the reply!

I can see that the config you gave for the wireless is similar to the config I'm using currently which is crashing my NAT as severly as every day.

At the moment I'm using vlan1 but have read that Cisco do not recommend to use it.

I have included my current config which does contain the bridge elements but I don't know if it has gone too far by generating some very confusing and strange ACL's.

The question I have to ask now is, would a misconfigured bridge interface cause NAT issues? Or would the NAT issues be due to something else?

Hello Kaya,

your configuration looks like fine.

My suggestion was actually to use two different vlans one for wired ethernet and one for wireless lan.

the NAT configuration then may need to be changed to reflect but it is possible to have two NAT inside interfaces.

This would separate the two broadcast domains and can help.

>> would a misconfigured bridge interface cause NAT issues? Or would the NAT issues be due to something else?

bridging works at OSI layer 2, NAT works at OSI layer 3 to 5 (at least).

But it is difficult to say what is the problem without a detailed analysis.

Hope to help

Giuseppe

Many thanks again!

If I changed my config for the wireless to use say Vlan2, on network 192.168.0.1 255.255.255.0 would that still be able to communicate with the 192.168.1.0/24 network on Vlan1? Or would I need to use inter vlan switching for it as I'm not sure how to do this?

The output of show dsl interface is:

ATM0

Alcatel 20190 chipset information

ATU-R (DS) ATU-C (US)

Modem Status: Showtime (DMTDSL_SHOWTIME)

DSL Mode: ITU G.992.5 (ADSL2+) Annex A

ITU STD NUM: 0x03 0x2

Chip Vendor ID: 'STMI' 'GSPN'

Chip Vendor Specific: 0x0000 0x0010

Chip Vendor Country: 0x0F 0xFF

Modem Vendor ID: 'CSCO' 'GSPN'

Modem Vendor Specific: 0x0000 0x1000

Modem Vendor Country: 0xB5 0xFF

Serial Number Near: FCZ111840K1

Serial Number Far:

Modem VersChip ID: C196 (0)

DFE BOM: DFE3.0 Annex A (1)

Chip ID: C196 (0)

DFE BOM: DFE3.0 Annex A (1)

Capacity Used: 99% 95%

Noise Margin: 11.0 dB 9.0 dB

Output Power: 20.0 dBm 9.5 dBm

Attenuation: 19.5 dB 7.0 dB

Defect Status: None None

Last Fail Code: None

Watchdog Counter: 0xC6

Watchdog Resets: 0

Selftest Result: 0x00

Subfunction: 0x00

Interrupts: 45209 (0 spurious)

PHY Access Err: 0

Activations: 11

LED Status: ON

LED On Time: 100

LED Off Time: 100

Init FW: init_3.0.33_nobist.bin

Operation FW: AMR-3.0.033.bin

FW Source: external

FW Version: 3.0.33

DS Channel1 DS Channel0 US Channel1 US Channel0

Speed (kbps): 0 16689 0 798

Cells: 0 30017316 0 42241457

Reed-Solomon EC: 0 0 0 0

CRC Errors: 0 37786 0 0

Header Errors: 0 29496 0 0

Total BER: 0E-0 3435E-7

Leakage Average BER: 0E-0 7918E-10

Interleave Delay: 0 20 0 52

ATU-R (DS) ATU-C (US)

Bitswap: enabled enabled

Bitswap success: 0 0

Bitswap failure: 0 0

LOM Monitoring : Enabled

LOM watch configured for 200 times

LOM appeared continuously for 0 times

[...]

DSL: Training log buffer capability is not enabled

The error for crc, header and BER values look pretty high is that normal with a dsl line?

Or should a post bakc with a show tech once the system crashes again?

Hello Kaya,

a router when the command

ip routing is configured does its job: that is at least to route traffic between the different connected subnets.

So there shouldn't be problems but only advantages in using two different subnets

About DSL :

the error rate is given by:

37786 / 30017316 = 1,25 10^-3

is actually high

Hope to help

Giuseppe

Thank you!

So now I will deploy a second Vlan for my wireless interface.

Regarding the error rate, that would be caused by the line wouldn't it perhaps by the DSLAM not being provisioned properly?

Should I go and contact my ISP with this and see if they can aleviate the issue?

I mean as long as it's not my box then I know who to contact. Otherwise if it induced by my config somewhere then I will need to sort that.

Oh my I've just learned that the 857 will only support one wired vlan.

Ontop of trying to configure another one.

I'm sorry to have to ask this but would you be able to assist me?

So far I have added:

interface Dot11Radio0

no ip address

!

encryption vlan 2 key 1 size 40bit xxx transmit-key

encryption vlan 2 mode ciphers wep40

interface Dot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 spanning-disabled

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

interface Vlan2

no ip address

interface BVI2

description Bridge between Vlan20 and Dot11Radio0.1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

access-list 1 permit 192.168.0.0 0.0.0.255

bridge 2 protocol ieee

bridge 2 route ip

althuogh it doesn't seem to be working as vlan2 doesn't come up?

Based on this link:

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html

I have attached what I have got so far which doesn't work?

The radio interface doesn't come up?

I am assuming that it is because I haven't got vlan1 configured in a bridge group to interface dot11radio0.1?

Thank you for all your help, Giuseppe!

I really appreciate it. Everything is working fine now, although I think I need to upgrade to a larger router as it seems that I've out grown this one but hopefully when I have the budget for it things will be ok. :))

Best Regards

Kaya