Hi Jody

Thanks for responding to my post. Bridging is essential in our configuration as this is the main thing we are trying to achieve.

I have tried different way of trying to get this to work.

we tried adding the Bridge group1 to the dialer 1 interface and moved the IP address to the BVI interface but this seemed to break the connection. I was unable to ping any address. When I added the command Bridge 1 route IP command. I was then able to ping the address.

We have a /29 Internet address range assigned by our ISP. What we need is to be able to attach a device to an Ethernet port which has one of those IP addresses and is reachable over the internet using that address,

If the Internet range was say 1.2.3.0 /29

I want the router to be accessed and managed using 1.2.3.1

and my device to be configured to have an address 1.2.3.2

We have configured a dialer to have the address 1.2.3.1

We have added this to Bridge group 1

We have added an Ethernet port to Bridge group 1 and plugged a PC into this Ethernet port and given it an address 1.2.3.2 /29

We are not sure whether to configure the PC to have 1.2.3.1 as its default gateway or to configure the ISP provided default gateway.

If we configure a default route 0.0.0.0 0.0.0.0 dialer 1 into the router this does not show up in the routing table.

With this configuration we can ping the router address from the Internet but we cannot ping the internet or the router address (on the same subnet) from the laptop.

If we move the IP address to the BVI1 interface then we can ping the local address from the laptop but then cannot ping the router from the Internet.

Let's get to the point where you can ping your router from the Internet and work from there. Can you post your router's configuration (editing out IP addresses, usernames and passwords, of course) when it is in this state?

Hi Jody

Thanks for getting back to me. I have been playing around with the configuration to try and get a better understanding of the problem. So the configuration has changed since the last post.

RouterA#sh run
Building configuration...

Current configuration : 1781 bytes
!
! Last configuration change at 13:29:28 UTC Wed Nov 5 2014 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret 5
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 ip address 83.xx.x 255.255.255.248
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0
 no cdp enable
 bridge-group 1
!
interface BVI1
 no ip address
 ip mtu 1462
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

RouterA#

You mentioned that you had it reachable when the IPv4 address was assigned to the ATM0/0/0.1 interface. What did the configuration look like then?

Hi Jody

For trail and error purposes I have changed the configuration since that discussion. However for investigation purpose I have added this back to the configuration for you to review.

outerA#sh run
Building configuration...

Current configuration : 1807 bytes
!
! Last configuration change at 14:17:49 UTC Wed Nov 5 2014
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 ip address 83.x.x.x 255.255.255.248
 bridge-group 1
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 no ip address
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0 
 no cdp enable
!
interface BVI1
 no ip address
 ip mtu 1462
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

RouterA#

There is no way I can think of that this configuration would be reachable from the Internet. Your default route is via a connection that doesn't even have an IP address. Can you move back to the configuration that was successfully tested from the Internet?

Hi Jody

After some painstaking investigations and research via the internet and some input from my CCIE colleagues I managed to get this working!                        

I can now browse to the internet and am able to ping out to google.com etc.

I can also remotely access this from another office which is a totally separate network.

Here is the current working configuration.

RouterA#sh run
Building configuration...

Current configuration : 1784 bytes
!
! Last configuration change at 15:33:34 UTC Wed Nov 5 2014
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0 
 no cdp enable
!
interface BVI1
 ip address x.x.x.107 255.255.255.248
 ip mtu 1462
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

RouterA#

Good! That's why I was asking if you had the Dialer1 interface set to "ip address negotiated" in my initial comment. When an ISP hands out a /29 over a PPPoE connection, they route that network over a negotiated point-to-point network, so you didn't need bridging at all... at least not for the ISP connection. I see that you're using it to put G0/0 and G0/1 on the same network, but that's a different application.

Because you're running a smaller MTU on the link due to the use of PPPoE, you will want to add "ip tcp adjust-mss 1422" to your Dialer1 interface to avoid fragmentation problems.

I'm glad to hear you got it sorted.

Hi All,

I'm trying to do this with VDSL using the VDSL HWIC but having no luck can anyone out there help ?

router#show running
Building configuration...

Current configuration : 4452 bytes
!
! Last configuration change at 18:14:49 UTC Thu Dec 11 2014 by
! NVRAM config last updated at 17:51:13 UTC Thu Dec 11 2014 by
! NVRAM config last updated at 17:51:13 UTC Thu Dec 11 2014 by
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 5 $1$x8zv$8L3F4KzWHvjgXVBnRd60e.
enable password EXSSPjuPFRklGRj6nV32
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip name-server 8.8.8.8
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1958678
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1958678
 revocation-check none
 rsakeypair TP-self-signed-1958678
!
!
crypto pki certificate chain TP-self-signed-1958678
 certificate self-signed 01
  30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  2E312C30 2A060355 04031323 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31393538 36373830 1E170D31 34313230 38313732 3133385A
  170D3230 30313031 30303030 30305A30 2E312C30 2A060355 04031323 494F532D
  53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393538 36373830
  819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 AD5CE76F
  CE0167D3 EB5AB79A 00968C03 FEE43664 E1C5EFA9 1AEC41EB EF2E5DA6 7D2AF734
  380F92B7 385D685D 4B0AFAA3 38B363AA E778B9EB 2790C1A0 46A7849C 7539D023
  5E8779A4 0702A1E1 FE48FEF5 ADD99CAC F01EE47E 16A88142 A0251D5E 30DABFA9
  513F8C55 29750CDC 1A638E82 2456CC06 7F0027D0 94AAF059 43B88BB1 02030100
  01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830
  16801462 F1E1ED6F FB0A88FB 050FFF88 8A2078FA AF408C30 1D060355 1D0E0416
  041462F1 E1ED6FFB 0A88FB05 0FFF888A 2078FAAF 408C300D 06092A86 4886F70D
  01010505 00038181 002FEF12 C1652E31 831774BA AD06FBA4 D871E6A2 C5F3FCDF
  D3230E4A 23F37B0F 7B9F8B6B DEDD09A7 13654C7B BF501EAF 63369A2D 7664353D
  3740A7AD 1C75BC4E CC33AEBD 56D8D4D5 358EDCEC CD732E1E CD9D8D42 75079B72
  2AEA352D BB755BAB DBD23B1E ADB99972 6678871F 5C85126D D1F463B5 3FEDA754
  C1811DA7 2BE95374 95
        quit
license udi pid CISCO1921/K9 sn FCZ1601C34B
!
!
username ************* privilege 15 secret 5 $1$7N5w$hzhrD3WJO8dFowKaj3.440
!
!
controller VDSL 0/0/0
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.44.4.192 255.255.255.0
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 mtu 1492
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0/0/0
 description Connection to BT Infinity (VDSL 0)
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no mop enabled
!
interface Ethernet0/0/0.1
 shutdown
!
interface Ethernet0/0/0.101
 description 802.1Q Tagging for PPPoE (VDSL 0)
 encapsulation dot1Q 101
 ip address x.x.x.222 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip virtual-reassembly in
 pppoe enable group global
 pppoe-client dial-pool-number 1
 bridge-group 1
!
interface Virtual-Template2
 no ip address
 bridge-group 1
!
interface Dialer1
 description Dialler for my FTTC
 mtu 1492
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 keepalive 30
 ppp chap hostname username
 ppp chap password 0 password
 ppp pap sent-username username password 0 password
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
interface BVI1
 no ip address
 ip mtu 1492
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password FfRzZ5TFuBzIW1aWOLsk
 login local
 transport input all
!
scheduler allocate 20000 1000
end

Thanks

Jeff

Hi Jeff

I've been reviewing your configuration as this Bridging topic has become quite hot of late as we have been heavily deploying this method across our client sites. I think what you need to do is assign an IP address to the BVI interface from the /29 range which you have configured on your sub-interface. This is what I did to get the Bridging protocol to work. Give this a go and let me know if this helped you.

interface BVI1
 ip addresss x.x.x.223 255.255.255.248
 ip mtu 1492

Hi

Thanks for the suggestion but you cannot do that:-

I get " *.*.*.216 overlaps with Dialer1 " for any of the addresses in the /29 network.

Can't think why a bridge needs an IP address if its transparent.

Still looking for an answer !

Jeff

Found the answer !

Make sure dialer1 is down before assigning IP address to BVI !!

That simple !

Jeff

Hi

All you are doing is bridging the two ports using a BVI. You are not bridging the ATM. It is undocumented and generates warning message but you can define a GRE tunnel and include it in the bridge but MSS has to be adjusted. The other option is DLSW+

Regards Conwyn