Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3683
Views
25
Helpful
16
Replies

Full bridge mode WAN with GigabitEthernet interface?

Go to solution
jbrown129
Level 1
Level 1

‎09-11-2022 03:03 AM - edited ‎09-13-2022 11:39 AM

Can the WAN interface be bridged with a LAN port? I've already got a router on my network and I want to use the C1117 just for it's VDSL interface. With the old Cisco 877 I used a bridge group on the ATM0 interface and BVI but it seems that's not supported on IOS-XE.

I would like to be able to bridge my VDSL WAN with GigabitEthernet0/1/0, so that any device I plug in to GigabitEthernet0/1/0 gets the single global WAN IP from my ISP

I thought maybe it was possible to do something with Ethernet0/2/0 which is created as some kind of virtual interface for ATM0/2/0 (apparently you can't bridge ATM interfaces. My config so far:

I'd appreciate a reply, i posted another thread but got nothing.

!
! Last configuration change at 18:18:54 UTC Tue Sep 13 2022 by admin
!
version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname cisco.rt2
!
boot-start-marker
boot system bootflash:c1100-universalk9.17.06.03a.SPA.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
!
aaa session-id common
ip options drop
!
!
!
!
!
!
!
ip name-server {{ censored }}
ip domain name home.arpa
ip dhcp excluded-address 192.168.1.0 192.168.1.4
!
ip dhcp pool dhcp-1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
ip dhcp pool opnsense
host 192.168.1.2 255.255.255.0
hardware-address {{ censored }}
dns-server {{ censored }}
default-router 192.168.1.1
!
!
!
login on-success log
ipv6 icmp error-interval 50 20
ipv6 unicast-routing
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
license udi pid C1117-4P sn {{ censored }}
memory free low-watermark processor 70173
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 {{ censored }}
!
redundancy
mode none
!
controller VDSL 0/2/0
operating mode vdsl2
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Management port
ip address 192.168.2.1 255.255.255.0
negotiation auto
no cdp enable
!
interface GigabitEthernet0/1/0
no cdp enable
!
interface GigabitEthernet0/1/1
no cdp enable
!
interface GigabitEthernet0/1/2
no cdp enable
!
interface GigabitEthernet0/1/3
no cdp enable
!
interface ATM0/2/0
no ip address
atm oversubscribe factor 2
!
interface ATM0/2/0.1 point-to-point
!
interface Ethernet0/2/0
description Internet Interface
ip dhcp client request classless-static-route
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
ip access-group WAN4_IN in
no negotiation auto
ipv6 address dhcp
ipv6 address pd-ipv6 ::1/64
ipv6 address autoconfig default
ipv6 enable
ipv6 dhcp client pd pd-ipv6
ipv6 traffic-filter WAN6_IN in
!
interface Vlan1
description Local Area Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ipv6 address pd-ipv6 ::1:0:0:0:1/64
ipv6 enable
ip virtual-reassembly
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip nat inside source list NATACL interface Ethernet0/2/0 overload
ip route 192.168.2.0 255.255.255.0 192.168.2.2
ip route 192.168.30.0 255.255.255.0 192.168.2.2 2
ip route 192.168.31.0 255.255.255.0 192.168.2.2 2
ip ssh version 2
ip scp server enable
!
!
ip access-list standard NATACL
10 permit 192.168.1.0 0.0.0.255
ip access-list standard SNMPACL
10 permit 192.168.50.253
20 permit 192.168.50.252
30 deny any
ip access-list standard WAN4_IN
!
ip access-list extended SSH_ACL
10 permit tcp 192.168.30.0 0.0.0.255 any eq 22
20 permit tcp 192.168.31.0 0.0.0.255 any eq 22
30 permit tcp 192.168.2.0 0.0.0.255 any eq 22
40 deny tcp any any eq 22
!
!
snmp-server community public RO SNMPACL
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
access-class SSH_ACL in
privilege level 15
transport input ssh
line vty 5 14
access-class SSH_ACL in
privilege level 15
transport input ssh
!
!
!
!
!
!
end 
Labels:
0 Helpful
16 Replies 16

Go to solution
jbrown129
Level 1
Level 1
In response to MHM Cisco World

‎09-18-2022 09:14 AM - edited ‎09-18-2022 09:19 AM

YES! it works. I feel stupid for not noticing that honestly, I should have. I knew it was close to working!

This is the complete config:

!
! Last configuration change at 15:55:39 UTC Sun Sep 18 2022 by admin
!
version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname cisco.bsmt-rt2
!
boot-start-marker
boot system bootflash:c1100-universalk9.17.06.03a.SPA.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
!
aaa session-id common
ip options drop
!
!
!
!
!
!
!
ip name-server {{ censored }}
ip domain name home.arpa
ip dhcp excluded-address 192.168.1.0 192.168.1.4
!
ip dhcp pool dhcp-1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
ip dhcp pool opnsense
host 192.168.1.2 255.255.255.0
hardware-address {{ censored }}
dns-server {{ censored }}
default-router 192.168.1.1
!
!
!
login on-success log
ipv6 icmp error-interval 50 20
ipv6 unicast-routing
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
license udi pid C1117-4P sn {{ censored }}
memory free low-watermark processor 70173
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 {{ censored }}
!
redundancy
mode none
!
controller VDSL 0/2/0
operating mode vdsl2
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
no cdp enable
service instance 100 ethernet
encapsulation untagged
bridge-domain 100
!
!
interface GigabitEthernet0/1/0
no cdp enable
!
interface GigabitEthernet0/1/1
no cdp enable
!
interface GigabitEthernet0/1/2
no cdp enable
!
interface GigabitEthernet0/1/3
no cdp enable
!
interface ATM0/2/0
no ip address
atm oversubscribe factor 2
!
interface ATM0/2/0.1 point-to-point
!
interface Ethernet0/2/0
no ip address
no negotiation auto
no cdp enable
service instance 100 ethernet
encapsulation untagged
bridge-domain 100
!
!
interface Vlan1
description Local Area Network
ip address 192.168.1.1 255.255.255.0
ip virtual-reassembly
!
interface BDI100
no ip address
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 192.168.1.0 255.255.255.0 192.168.1.2 2
ip route 192.168.30.0 255.255.255.0 192.168.1.2 2
ip route 192.168.31.0 255.255.255.0 192.168.1.2 2
ip ssh version 2
ip scp server enable
!
!
ip access-list standard SNMPACL
10 permit 192.168.50.253
20 permit 192.168.50.252
30 deny any
ip access-list standard WAN4_IN
!
ip access-list extended SSH_ACL
10 permit tcp 192.168.30.0 0.0.0.255 any eq 22
20 permit tcp 192.168.31.0 0.0.0.255 any eq 22
30 permit tcp 192.168.1.0 0.0.0.255 any eq 22
40 deny tcp any any eq 22
!
!
snmp-server community public RO SNMPACL
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
access-class SSH_ACL in
privilege level 15
transport input ssh
line vty 5 14
access-class SSH_ACL in
privilege level 15
transport input ssh
!
!
!
!
!
end

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to jbrown129

‎09-18-2022 09:20 AM

You are so so welcome any time

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card