Solved: Re: Cisco 867 half-bridged mode

Tim Roelands · ‎04-19-2011

Hi!

I'm a Cisco newbie and I'm in the following situation:

1>The router (867) must connect to my ISP in 1483 bridged (2684 bridged) mode, LLC, VPI/VCI 0/35

2>WAN IP will be assigned by ISP (DHCP)

3>No username and password required to establish the connection

4>MAC-Cloning is advised, not required

5>Firewall behind 867, WAN IP should be assigned to WAN interface firewall, connection established by 867

6>867 router will be used as a switch, so no NAT required. NAT will be setup on the firewall

7>Connection type: Analog (annex A)

The required setup can be fixed by configuring the 867 in half-bridged mode, but I don't no how and I don't know exactly how to config the 867 in bridged mode.

First, it's even hard to setup a good bridged config. Maybe something like this?:

version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname router1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 ****
!
no aaa new-model
memory-size iomem 10
clock timezone GMT 1
clock summer-time GMT date Mar 30 2010 1:00 Oct 26 2035 1:59
!
!
no ip source-route
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name domain.local
!
!
!
!
username admin privilege 15 secret 5 ***
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
!
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
logging trap debugging
access-list 23 remark TTY security
access-list 23 permit 192.168.10.0 0.0.0.255
access-list 23 remark name
access-list 23 permit ***.***.0.0 0.0.255.255
access-list 23 permit ***.***.255.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run

!
control-plane
!
banner login ^CCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Any help is appreciated !!

paolo bevilacqua · ‎04-21-2011

aal5snap is the default, so doesn't matter.

Look at the commands indicated above.

View solution in original post

paolo bevilacqua · ‎04-20-2011

Using a cisco router in that situation is wasted money. Use whatever modem the ISP gives for free, connect firewall ethernet to it.

Tim Roelands · ‎04-21-2011

Well, I agree, but the router was already presented. Must be possible to set it up I guess?

I already found out how to set it up in half bridge mode, but I guess I made a mistake in the config setup?

VPI VCI = 0 / 35

2684 bridged mode mode (formerly known as 1483 bridged)

Multiplexing: LLC

WAN Automatic assigned by ISP

NAT Disabled

IP handling by Firewall behind the Cisco router.

What is wrong with the config below, because it doesn't work, DHCP client on Firewall does not get WAN IP assigned. Please Help!

#########################################################

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco-r1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
no ip routing
!
!
!
!
no ip cef
!
!
!
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
bridge-group 1
pvc 0/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
no ip address
no ip route-cache
bridge-group 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
bridge 1 protocol ieee
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

paolo bevilacqua · ‎04-21-2011

Try:

interface ATM0
no bridge-group 1
no pvc 0/35
interface ATM0.35 point-to-point
bridge-group 1
pvc 0/35

If still troubles look at "show dsl interface", "show atm pvc 0/35".

Tim Roelands · ‎04-21-2011

Thanks Paolo,

Last question. Where should I put: encapsulation aal5snap ? Below ATM0, or below ATM0.35? Or should it not be used?

Tim Roelands · ‎04-21-2011

Show run now looks like this:

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco-r1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
no ip routing
!
!
!
!
no ip cef
!
!
!
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
!
interface ATM0.35 point-to-point
no ip route-cache
bridge-group 1
pvc 0/35
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
no ip address
no ip route-cache
bridge-group 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
control-plane
!
bridge 1 protocol ieee
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

paolo bevilacqua · ‎04-21-2011

aal5snap is the default, so doesn't matter.

Look at the commands indicated above.

Tim Roelands · ‎04-22-2011

Thanks m8! It worked!

paolo bevilacqua · ‎04-23-2011

Thank you for the nice rating and good luck!

Tim Roelands · ‎04-22-2011

Last question. Is it necessary to set some 'keeping alive' settings. Looks like connection is lost after long idle time. Thanks!

Tim Roelands · ‎04-23-2011

Sorry, ISP seems to have some stability problems. Working again!