cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
543
Views
0
Helpful
5
Replies

877W Router, IRB, VLANs, ATM

abolis
Level 1
Level 1

Hello, all. I'm having difficulty setting up a VLAN to be on the same subnet as my ATM0.1 interface. I have static IPs provided by my ISP, the last one is the router, and I want the first one on my server. I recently upgraded my flash from 24M to 28M and installed the c870-advipservicesk9-mz.124-9.T to get VLAN capability, amongst other things. I can bridge my VLAN1 and DOT110, move the IP address and the ip nat commands to BVI1, and add the "bridge 1 route ip" command and my wireless seams together perfectly with my fastether ports, which can all get out to the internet. I can also create a second bridge group with the ATM0.1 interface and VLAN2, again assigning the ip address and ip nat commands to BVI2. Any fastether port on VLAN2 in this config can get to the outside world. I can even setup a DHCP pool for my remaining IPs and connect clients using DHCP. BUT, VLAN1 can no longer communicate with VLAN2. What other IOS commands do I need to issue? I've looked at some of the config on my Cisco's at work, noticed things like "ip classless" and routes to the various VLANs, and "vlan access-map XXX XX <CR> action forward", but I just can't figure out how to get BVI1 and BVI2 to talk.

1 Accepted Solution

Accepted Solutions

Hello,

I made a few adjustments to your config, can you try and see if this works for you ? Basically, the outside interface is moved to the Dialer. You need to add the networks that you have configured for BVI1 and BVI2 to access list 1, in order for those networks to be translated.

ip cef

bridge irb

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

interface ATM0.1 point-to-point

no ip address

no snmp trap link-status

pvc 0/32

encapsulation aal5snap ppp dialer

dialer pool-member 1

interface FastEthernet0

switchport access vlan 2

interface FastEthernet1

interface Dot11Radio0

no ip address

ssid ##########

authentication open

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

Interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

Interface Vlan2

no ip address

bridge-group 2

bridge-group 2 spanning-disabled

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username yourname@adsl-planet password 7 005C

interface BVI1

ip address a.b.c.d w.x.y.z

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

interface BVI2

ip address a.b.c.d w.x.y.z

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip nat inside source list 1 interface Dialer 0 overload

!

access-list 1 permit x.x.x.x

dialer-list 1 protocol ip permit

!

bridge 1 route ip

bridge 2 route ip

Does that make sense ? Let me know if you need more help...

Regards,

GNT

View solution in original post

5 Replies 5

globalnettech
Level 5
Level 5

Hello Andrew,

can you post your configuration, the one you got so far ? You might be missing a small piece...

Regards,

GNT

No problem... As a note, I pulled out my VPN, DNS, DHCP, and NTP config...

ip cef

bridge irb

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

interface ATM0.1 point-to-point

no ip address

no snmp trap link-status

atm route-bridged ip

pvc 0/32

encapsulation aal5snap

bridge-group 2

bridge-group 2 spanning-disabled

interface FastEthernet0

switchport access vlan 2

interface FastEthernet1

interface Dot11Radio0

no ip address

ssid ##########

authentication open

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

Interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

Interface Vlan2

no ip address

bridge-group 2

bridge-group 2 spanning-disabled

interface BVI1

ip address a.b.c.d w.x.y.z

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

interface BVI2

ip address a.b.c.d w.x.y.z

ip nat outside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

ip route 0.0.0.0 0.0.0.0 BVI2

bridge 1 route ip

bridge 2 route ip

Hello,

I made a few adjustments to your config, can you try and see if this works for you ? Basically, the outside interface is moved to the Dialer. You need to add the networks that you have configured for BVI1 and BVI2 to access list 1, in order for those networks to be translated.

ip cef

bridge irb

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

interface ATM0.1 point-to-point

no ip address

no snmp trap link-status

pvc 0/32

encapsulation aal5snap ppp dialer

dialer pool-member 1

interface FastEthernet0

switchport access vlan 2

interface FastEthernet1

interface Dot11Radio0

no ip address

ssid ##########

authentication open

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

Interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

Interface Vlan2

no ip address

bridge-group 2

bridge-group 2 spanning-disabled

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username yourname@adsl-planet password 7 005C

interface BVI1

ip address a.b.c.d w.x.y.z

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

interface BVI2

ip address a.b.c.d w.x.y.z

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip nat inside source list 1 interface Dialer 0 overload

!

access-list 1 permit x.x.x.x

dialer-list 1 protocol ip permit

!

bridge 1 route ip

bridge 2 route ip

Does that make sense ? Let me know if you need more help...

Regards,

GNT

I'm going to try the "ip nat inside source list 1 int (BVI2) overload" command, I don't require a login to my DSL provider, but I will try the Dialer0 config as a last resort. I noticed the ip nat inside command in previous config files, but it mentioned SDM in description so I thought it referred to the IPSec VPN I set up through SDM. Do I need the access-list, as well? I'll try all of these when I have the opportunity to bring the connection down. Thanks for your help!

Thanks for your help. After adding the ip nat inside source item (already had the ACL from an earlier portion of the config), everything went swimmingly. I happen to not need the Dialer interface because I don't login (DSL provider/Phone company own and run all aspects of DSL).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: