07-31-2013 10:08 AM - edited 03-07-2019 02:41 PM
Hi,
I'm trying to bridge an HWIC-4ESW to FastEthernet0/1 in an 1811 router. I've followed indtructions I've foundf on m any sites, but none of my inside ports are picking up DHCP from my router, or passing any traffic. Here is my lab config. Any help would be appreciated.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname QA1841
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$Wpcr$C7dTXPFFQKM29ktFR2RuP0
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.31.1 192.168.31.99
ip dhcp excluded-address 192.168.31.200 192.168.31.254
!
ip dhcp pool newguest
import all
network 192.168.31.0 255.255.255.0
default-router 192.168.31.1
!
!
ip inspect name cbac1 dns
ip inspect name cbac1 ftp
ip inspect name cbac1 h323
ip inspect name cbac1 https
ip inspect name cbac1 icmp
ip inspect name cbac1 imap
ip inspect name cbac1 pop3
ip inspect name cbac1 netshow
ip inspect name cbac1 rcmd
ip inspect name cbac1 realaudio
ip inspect name cbac1 rtsp
ip inspect name cbac1 esmtp
ip inspect name cbac1 sqlnet
ip inspect name cbac1 sqlnet
ip inspect name cbac1 streamworks
ip inspect name cbac1 tftp
ip inspect name cbac1 tcp router-traffic
ip inspect name cbac1 udp
ip inspect name cbac1 vdolive
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
!
no spanning-tree vlan 1
archive
log config
hidekeys
!
!
!
!
!
!
class-map match-any ratelimitclassmap
match any
!
!
policy-map trafficrate
class class-default
shape average 1024000
!
bridge irb
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip access-group inboundfilters in
ip access-group outboundfilters out
ip nat outside
ip inspect cbac1 out
ip virtual-reassembly
duplex full
speed auto
no mop enabled
service-policy output trafficrate
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Vlan1
no ip address
bridge-group 1
!
interface BVI1
ip address 192.168.31.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list 5 interface FastEthernet0/0 overload
!
ip access-list extended inboundfilters
permit udp any any eq bootps
permit udp any any eq bootpc
deny ip any any
ip access-list extended outboundfilters
permit ip any any
!
access-list 5 permit 192.168.31.0 0.0.0.255
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
!
!
!
!
!
!
line con 0
session-timeout 35791
exec-timeout 35791 0
line aux 0
line vty 0 4
session-timeout 35791
exec-timeout 35791 0
etc....
08-01-2013 01:08 AM
Hello Simon,
I've just concocted a quick-and-dirty test in my Dynagen environment and I was actually able to get it running with a configuration very similar to yours. This is the configuration I have added to a completely clean configuration and that was proven to work:
bridge irb
!
int fa0/0
bridge-group 1
no shutdown
!
int vlan 1
shutdown
bridge-group 1
no shutdown
!
bridge 1 route ip
!
int bvi1
ip addr 10.0.0.254 255.255.255.0
no shut
!
ip dhcp pool Test
network 10.0.0.0 /24
default-router 10.0.0.254
This worked for me. Note a couple of differences to your setup:
I also suggest configuring all your Fa0/3/x ports as static access ports:
switchport mode access
If nothing of this helps, can you at least make sure that your BVI1 interface is up/up?
Best regards,
Peter
08-01-2013 11:05 AM
Peter,
Thanks for your response. I now have this working - it turnes out I needed to cycle the interface (actually a reload), and everything started working.
Simon
08-01-2013 11:08 AM
Hi Simon,
Thanks for letting me know. Yeah, I had also some troubles at the beginning to get the bridging working - and all out of a sudden, after deactivating and reactivating interfaces, it jumped into action. Looks like a buggy code...
Best regards,
Peter
08-01-2013 01:45 PM
OK, my issue actually was adding "service-policy output trafficrate" to the BVI1 - adding a service policy basically breaks bridgeing until reboot...
I'll try this on a 15 verison of IOS.
Simon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide