Thank you for your response Paolo. Yes, no ports use vlan1, is this a problem ?

I'll try to drop the mss-adjust to see. But even with the following setup it doesn't work

interface Dialer0

ip nat inside

!

ip nat inside source route-map isp1 interface dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0

Any idea ?

PS: Tthe problem is only with the NAT because I can ping the world from the router with the ADSL link. It just doesn't work from the LAN.

Message was edited by: Adrien Pujol

I see now that vlan2 is in bridge group 1, so that is OK. Anyway, the ip nat comment in my previous post still apply.

And alos, it's unlikey that you can assing an arbitraty address to dialer, should be ip address negotiated.

Please refraing from leaving half-scale ratings to posts made with the will to to help when the issue has just begun being worked on.

Sorry for the rating, it was a miss-click on the page, I've tried to remove/change it but there's no way, really sorry .

The dialer have the IP address of the BVI. It's a fixed IP address from the subnet of my ISP.

I've made all the changes you've say but it still doesn't work, any idea ? I've really no idea remaining..

Here is the updated config:

version 12.4

!

ip cef

!

((( here I've stripped ok track config )))

!

bridge irb

!

interface FastEthernet0/0

description LAN /w NAT inet and failover

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Demon's network 193.195.220.x

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/2/0

switchport access vlan 2

!

interface FastEthernet0/2/1

switchport access vlan 2

!

interface FastEthernet0/2/2

switchport access vlan 2

!

interface FastEthernet0/2/3

switchport access vlan 2

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Vlan1

no ip address

!

interface Vlan2

description BT's network 217.36.70.x

no ip address

no ip unreachables

bridge-group 1

!

interface Dialer0

ip unnumbered BVI1

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname XXXXXXXXXX

ppp chap password 7 XXXXXXXXXX

ppp pap sent-username XXXXXXXXXX password 7 XXXXXXXXXX

!

interface BVI1

description BT's network 217.36.70.x

ip address 217.36.70.157 255.255.255.248

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 track 101

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250

ip route 8.8.4.4 255.255.255.255 Dialer0

ip route 109.159.248.158 255.255.255.255 Dialer0

!

ip nat inside source route-map isp1 interface Dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

ip access-list extended LAN_RANGE

permit ip 10.0.0.0 0.0.0.255 any

!

route-map isp2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0

!

bridge 1 protocol ieee

bridge 1 route ip

!

end

Again, thank you for your help and sorry for the rating.

The thing is that dialer0 is not referenced anywhere. It should be under vlan 2.

Also you have to check if the connction and address to 'main wan' d is PPPoE or bridge. It can't be both.

I don't know how to add a dialer to a vlan, so I've tried to add bridge-group 1 to the ATM interface as vlan 2 is member of the bridge group.. But it doesn't work. Is there other way to do that ?

The main wan works, I can ping the world through it. It's just the NAT who doesn't work.

Thank you of keep trying helping me and my weird thing

Can you send "show ip int brief"

#sh ip int brief

Interface                  IP-Address            OK? Method Status                Protocol

FastEthernet0/0        10.0.0.1             YES NVRAM  up                    up

FastEthernet0/1        193.195.220.236 YES NVRAM  up                    down

FastEthernet0/2/0     unassigned      YES unset  up                    down

FastEthernet0/2/1     unassigned      YES unset  up                    down

FastEthernet0/2/2     unassigned      YES unset  up                    down

FastEthernet0/2/3     unassigned      YES unset  up                    down

ATM0/1/0                 unassigned        YES NVRAM  down               down

ATM0/1/0.1              unassigned      YES unset  down                  down

Vlan1                      unassigned         YES NVRAM  up                 down

Vlan2                      unassigned         YES NVRAM  up                 down

NVI0                       unassigned          NO  unset  up                    up

BVI1                      217.36.70.157     YES manual up                   up

Virtual-Access1          unassigned      YES unset  up                  up

Dialer0                    217.36.70.157   YES TFTP   up                    up

I think the router is confused having the same address on two interfaces. Also note virtual access interface dos not receive an address.

If your "main wan" connection is PPP, coinfigure pppoe-client under vlan interface.

If it is regular ethernet, configure ip address unde vlan interface.

But not the two things at the same time, and you don't need BVI at all.

But I do need to have the public range of my ISP bridged on the WIC card plugged in (HWIC-4ESW). I'll plug some devices on it as soon as it work !

This is actually part of my question. I know how to configure a router in failover with two "classic" interfaces, I need help for the NAT on a bridged interface.

If anyone have a suggestion... Thanks.

That is fine, you don't need to configure bridging, as you have a switch module that does everything, just assing an address on the vlan interface.

You created VLAN 2, but that is not needed, you can use the default of VLAN 1

Ok, I think I see where you want to go now. But I didn't know we can do that and I still can't make it work.

Thank you a lot. If it work, let me buy you a beer

I need to change the route on vlan 1, do I ?

Here is the new *lighter* config...

ip cef

!

interface FastEthernet0/0

description LAN /w NAT inet and failover

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1

description Demon's network 193.195.220.x

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/2/0

!

interface FastEthernet0/2/1

!

interface FastEthernet0/2/2

!

interface FastEthernet0/2/3

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Vlan1

description BT's network 217.36.70.x

ip address 217.36.70.157 255.255.255.248

!

interface Dialer0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname xxxx

ppp chap password 7 xxxxx

ppp pap sent-username xxxxx password 7 xxxxx

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 track 101

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250

ip route 8.8.4.4 255.255.255.255 Dialer0

ip route 109.159.248.158 255.255.255.255 Dialer0

!

!

ip nat inside source route-map isp1 interface Dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

ip access-list extended LAN_RANGE

permit ip 10.0.0.0 0.0.0.255 any

!

route-map isp2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0

----------------------------------------------------------------

#sh ip int brief

Interface                        IP-Address      OK? Method Status                Protocol

FastEthernet0/0            10.0.0.1        YES NVRAM  up                    up

FastEthernet0/2/0          unassigned      YES unset  up                    down

FastEthernet0/2/1          unassigned      YES unset  up                    down

FastEthernet0/2/2          unassigned      YES unset  up                    down

FastEthernet0/2/3          unassigned      YES unset  up                    up

ATM0/1/0                     unassigned      YES NVRAM  up                    up

ATM0/1/0.1                 unassigned      YES unset  up                    up

Vlan1                         217.36.70.157   YES manual up                    up

NVI0                          unassigned      NO  unset  up                    up

Virtual-Access1            unassigned      YES unset  up                    up

Virtual-Access2            unassigned      YES unset  up                    down

Dialer0                         unassigned      YES TFTP   up                    up

You should be able to ping default gateway as given to you by ISP.

If you don't, take a step back, can you post the connections detail as given to you by ISP ?

I can ping the web through the DSL, yes. Everything also work fine on the lan Fa0/0.

But when I try to plug a device on the WIC switch (HWIC-4ESW) It doesn't work (I want these ports to serve the /28 of my ISP). Have I missed something ? Thanks.