Re: How do I Bridge WAN0 with 4 LAN ports on ISR1111-8P

PermanentStudent · ‎05-22-2020

Hello Experts,

My ISP is assigning only public IPs (up to 5 IPs) via DHCP as I cant get static from them.

Now, I want to bridge the WAN0 (GigabitEthernet0/0/0) with 4 LAN ports (GigabitEthernet0/1/0-3) on my ISR1111-8P.

Currently only WAN0 is UP and received IP from ISP, as shown below. Now, how do I make this uplink/WAN0 to bridge with 4 other LAN ports so that all those connected devices LAN receive a public IP?

Cisco IOS XE Software, Version 17.02.01r

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 100.100.100.x YES DHCP up up
GigabitEthernet0/0/1 unassigned YES NVRAM down down
GigabitEthernet0/1/0 unassigned YES unset down down - should be part of a bridge
GigabitEthernet0/1/1 unassigned YES unset down down - should be part of a bridge
GigabitEthernet0/1/2 unassigned YES unset down down - should be part of a bridge
GigabitEthernet0/1/3 unassigned YES unset down down - should be part of a bridge
GigabitEthernet0/1/4 unassigned YES unset down down
GigabitEthernet0/1/5 unassigned YES unset down down
GigabitEthernet0/1/6 unassigned YES unset down down
GigabitEthernet0/1/7 unassigned YES unset down down
Vlan1 unassigned YES unset up down
ISR1100#

marce1000 · ‎05-22-2020

- Check if this thread is helpful :

https://community.cisco.com/t5/other-network-architecture/bridging-on-cisco-c1111-8p/td-p/3830930

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

PermanentStudent · ‎05-22-2020

thanks, I saw this but I need some guidance as this is the first time I want to do in the Cisco device. I would probably need step by step guide :)

balaji.bandi · ‎05-22-2020

I am trying to understand the use case here.

ISP offering 5 Public IP's - but is 5 Public is good enough for your requiremet ?

you do not have any LAN network ?

In general you only need 1 Public IP on WAN side and rest you NAT from Internal side. By doing Bridge your Router to get ISP IP address, you do not need Router personally, you can connect any HUB and device should able to get DHCP Address from ISP (Hope it should work as expected)

So we need more information what is the final achivement here ?

just you want to bridge the domain you can configure as below : ( test and advise any issue) ?

interface GigabitEthernet0/0/0

no ip address

negotiation auto

cdp enable

service instance 100 ethernet

encapsulation untagged

bridge-domain 100

!

interface GigabitEthernet0/1/0

no ip address

negotiation auto

cdp enable

service instance 100 ethernet

encapsulation untagged

bridge-domain 100

So On.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PermanentStudent · ‎05-22-2020

Hi Balaji,

I would be hosting 3 websites with different 3 public IPs and a guest Wifi should be also different public IP.
Currently, I am using an 8port switch but I want to reduce the switches and utilize the ISR1111 available ports.
I am reading about "bridge irb" and not sure if this can help me achieve the goal?

thanks,

balaji.bandi · ‎05-22-2020

Ok i understand your requirement you mentioned ISP offer only DHCP, how to manage this Dynamic IP they keep changing right ?

how you going to secure these web site , since they are directly expose to internet, you have lot of DoS attacks ?

Are you thinking any FW or you looking ASR to fullfill your request ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PermanentStudent · ‎05-22-2020

I would be using Virtual firewall and they would be connected to vCenter :)

balaji.bandi · ‎05-22-2020

ok i would come to security aspect later.

have you tried above config i proposed to test and please test and advise is that works ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PermanentStudent · ‎05-22-2020

For WAN ports it worked but for LAN port I do get an error when I run those.

ISR1100(config)#interface GigabitEthernet0/1/0
ISR1100(config-if)#no ip address
ISR1100(config-if)#negotiation auto
Half-duplex or Full-duplex (sub)command not supported for GigabitEthernet0/1/0.
ISR1100(config-if)#cdp enable
ISR1100(config-if)#service instance 100 ethernet
^
% Invalid input detected at '^' marker.

ISR1100(config-if)#encapsulation untagged
^
% Invalid input detected at '^' marker.

ISR1100(config-if)#bridge-domain 100

balaji.bandi · ‎05-22-2020

Can you post full running config

show run

show version

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PermanentStudent · ‎05-23-2020

Balaji, Thanks for trying to help.

Are you familiar with IOS XE ISR router?

The command, you provided is only working on the WAN interface but not LAN as the error clearly shows, it might be for ASR router. If you are familiar with XE ISR then you would know. I clearly stated my IOS version. I don't think show ver or running-config would help here.

balaji.bandi · ‎05-23-2020

May be some syntax not supporting or missing order of operation

try below document :

https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/200650-Understanding-Bridge-Virtual-Interface.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help