Cisco 871 / FE0-2 NATTED / FE3 BRIDGED - it's possible ?

Unanswered Question
Nov 6th, 2008

Hi,

at the moment I have configured the 871 with a simple pppoe negotiation on the WAN port (FE4) and on the FE0-3 I have the private LAN (NATTED).

Now, I want to configure the FE3 in bridge mode with the WAN port, so that I can connect my servers using the other public ip assigned by the ISP.

Its possible to coexist some ports natted with a bridged port ?

this is my basic configuration:

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname <REMOVED>

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 warnings

enable secret 5 <REMOVED>

!

no aaa new-model

!

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

!

no ip domain lookup

ip domain name <REMOVED>

ip name-server 212.x.199.2

ip name-server 212.x.192.190

!

multilink bundle-name authenticated

!

!

username <REMOVED> privilege 15 secret 5 <REMOVED>

!

!

archive

log config

hidekeys

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

no ip address

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname <REMOVED>

ppp chap password 7 <REMOVED>

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

!

ip nat inside source list 101 interface Dialer0 overload

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

End

********************

I think that I need to create a VLAN (ex. vlan10), assign it on the port FE3, enable irb and create a brdige group beetwen wan and FE3.....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ideanet77 Mon, 11/10/2008 - 08:33

Hi,

have tried to configure bridge mode on the Fastethernet3, but doesn't work. anyone can help me ?

this is my configuration: the LAN (Fe0-2) works fine, I have problem only on the dmz (fe3).

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 warnings

enable secret 5

!

no aaa new-model

!

dot11 syslog

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.1.1 10.10.1.59

ip dhcp excluded-address 10.10.1.100 10.10.1.254

!

ip dhcp pool VLAN1

import all

network 10.10.1.0 255.255.255.0

default-router 10.10.1.1

domain-name

dns-server 212.90.199.2 212.90.192.190

lease 0 2

!

!

no ip domain lookup

ip domain name

ip name-server 212.90.199.2

ip name-server 212.90.192.190

!

multilink bundle-name authenticated

!

!

username privilege 15 secret 5

!

!

archive

log config

hidekeys

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

bridge irb

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

switchport access vlan 10

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

no ip address

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Vlan10

no ip address

bridge-group 10

bridge-group 10 spanning-disabled

!

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname

ppp chap password 7

!

interface BVI10

no ip address

ip access-group 102 in

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 101 interface Dialer0 overload

!

access-list 101 permit ip 10.10.1.0 0.0.0.255 any

access-list 102 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

bridge 10 route ip

banner login ^CCAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

End

thank you for help

Luca

Actions

This Discussion