I agree with Jon that an Ether switch module in the router will not be a workable solution. If you could put the external (DSL) connection into the Ether switch along with the 800 router and the SonicWall then it might be a good solution. But the external (DSL) needs to plug into a router interface. And the router interface can not communicate with the vlan on the switch without bridging. And if you need bridging on the router then you need IRB. And if you need IRB then the switch module does not buy you much.

The reason why I would generally not endorse IRB solutions is that IRB takes a router and turns it into an Ethernet bridge (note it is bridge and not switch). And in general you want a router to router rather than bridge. This case is a bit different. You want the router mostly as a protocol translator. You need something to take the DSL and make it into Ethernet (and Ethernet into DSL). I would say that this is probably one of the situations which motivated Cisco to come up with IRB.

HTH

Rick

Just to clarify.

When I said move the NAT to the 2800 I didn't mean just use the existing public IP on the router because then you would get an overlap.

I meant move the public IPs given to the 800 and the Sonicwall to the 2800 as well.

Jon

Note that the original post says that they have tried to implement this without assigning an IP address to the FE interfaces. If a router layer 3 interface does not have an IP address then it will not pass IP traffic. This explains why their attempts have not been successful.

It is not something that I usually would endorse but I believe that the original poster could achieve what they describe by implementing Integrated Routing and Bridging. With IRB all of the interfaces would be in a bridge group, none of the physical interfaces on the router would have IP addresses, and there is a BVI interface on the router which would have the IP address for the router. It would allow all three devices to have IP addresses in that subnet. Whether it would achieve the other things that they need is impossible to know without more information about their network and its requirements. (for example this solution would effectively have the 800 router and the SonicWall talking directly to the WAN device)

HTH

Rick

Rick,

What you described is basically what we were trying to achieve.  However, I have little experience with bridges and using IRB.  I attempted this but was unsuccessful, probably due to an improper config.  I love learning through trial and error, but since this brings our company WAN connection down each time I need to test it, it makes things difficult (small business, but still).

So would FE0/0, FE0/1 and dialer0 all be part of the BVI, with the WAN IP of .174 assigned to the BVI?

Rick

The WAN interface is DSL, can you just simply bridge that to the other interfaces ?

Jon

If you try to do this with bridge groups (without IRB) then you need to disable IP routing (no ip routing) which is a point that many people miss when they try to use bridge groups on a router. With IRB then the three interfaces would all be assigned to the bridge group and the BVI would have the IP address.

Jon

Which ever WAN interface gets the IP address should be able to be assigned to the bridge group. Suspect that it would be the dialer interface rather than the physical DSL.

HTH

Rick