Re: Bridge T1 over Ethernet to Pix?

MagellanTX · ‎08-28-2006

I have a 1841 that I want to use to bridge my T1 over to ethernet so I can assign my T1 IP address to the outside interface of my pix.

I have the 1841 with an Internal CSU and a crossover cable going from FA0/0 to the Pix outside. I have disabled ip routing on the 1841 and set both s0/0/0 and fa0/0 to bridge group 1. I have set the bridging protocol to ieee but I cannot ping from the PIX. Is what I'm trying to setup possible?

Thanks!

sundar.palaniappan · ‎08-28-2006

Yes, it's possible. However, for you to test connectivity using pings you need to permit icmp echo reply packets on your outside interface.

If you don't have an ACL applied already on the outside interface then configure the following on the PIX and test.

access-list 101 permit icmp any any echo-reply

access-group 101 in interface outside

HTH,

Sundar

MagellanTX · ‎08-28-2006

Thank you for the reply. I do have ICMP permitted on the pix I actually had it in use on a cable modem before this T1 went in place. I think the problem I have is in the bridging on the router. I see that I am getting RX packets but no TX packets when I do a 'sho bridge'

sundar.palaniappan · ‎08-28-2006

Got it.

Traffic local to the outside subnet of the PIX will only be getting bridged. If you want to ping and route IP on the outside router then you need to configure something called IRB (Integrated Routing & Bridging).

Here's a couple of links that can help you with that.

http://www.cisco.com/en/US/products/hw/switches/ps298/products_configuration_example09186a0080093e4f.shtml

http://www.cisco.com/en/US/products/hw/switches/ps5304/products_configuration_guide_chapter09186a00800f0a86.html#xtocid4

HTH,

Sundar

MagellanTX · ‎08-29-2006

I guess either I am configuring it wrong or misunderstanding bridging. Attached is the config my router has. The IP address that's normally assigned to S0/0/0 I have assigned to the outside of the PIX. (The FA0/1 on the router address is only there for management. My PIX is directly connected to FA0/0. I want the PIX to handle all the routing and the 1841 simply to pass the traffic to the T1. Do I still need IRB for this or can I use simple bridging?

Thanks for all the help!

Building configuration...

Current configuration : 1000 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ATT

!

boot-start-marker

boot-end-marker

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

no ip routing

no ip cef

!

no ftp-server write-enable

!

interface FastEthernet0/0

no ip address

no ip route-cache

speed 100

full-duplex

bridge-group 1

!

interface FastEthernet0/1

ip address 172.32.1.254 255.255.255.0

no ip route-cache

duplex auto

speed auto

!

interface Serial0/0/0

bandwidth 1536

no ip address

encapsulation ppp

no ip route-cache

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable

service-module t1 fdl both

bridge-group 1

!

ip classless

ip http server

!

control-plane

!

bridge 1 priority 1

bridge 1 protocol ieee

!

line con 0

line aux 0

line vty 0 4

exec-timeout 0 0

login

!

end

tmoffett · ‎07-22-2008

Did you ever get this to work? I am looking to do the same thing...

Giuseppe Larosa · ‎07-22-2008

Hello Sundar,

I don't think it is possible to do bridging in this scenario.

the typical scenario is that ethernet frames are bridged over a FR PVC for example to be delivered at a remote end LAN segment

see

http://www.cisco.com/en/US/docs/ios/11_0/router/configuration/guide/ctb.html#wp2326

But here there is a T1 link and a firewall in a ethernet segment.

T1 encapsulation can be HDLC, PPP, FR but it is doing IP over HDLC or PPP or FR.

I may be wrong but to work the provider router should take part in the bridging over the wan

Hope to help

Giuseppe