Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Bridging is not forwarding to the WAN interface "PLEASE HELP"

Who ever is going to respond please don't just put duplicate post. and if you are going to put that at least link it to the duplicate article. I'm obviously new to this forum and have not posted much on here. so some guidance or assistance will help.

 

Basically I have a Cisco 1921 which we are using for our ADSL connection. We are wanting to bridge the LAN interface on Gi0/1 and forward all traffic to the ATM0/0/0. I have provided the configuration below as this has been built out from knowledge from the articles.

If we add an IP address to the sub interface of the ATM interface ATM0/0/0.1 then we can ping this externally no problem. However we cant  ping this IP from the bridged interface.

what do I need to do with this configuration to get the LAN on the Bridged interface to forward packets to the ATM interface??

 

RouterA#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer1
      83.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        83.105.125.104/29 is directly connected, Dialer1
L        83.105.125.105/32 is directly connected, Dialer1
      194.159.169.0/32 is subnetted, 1 subnets
C        194.159.169.241 is directly connected, Dialer1

 

RouterA#sh run
Building configuration...

Current configuration : 1732 bytes
!
! Last configuration change at 15:14:42 UTC Tue Nov 4 2014
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret 5
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 bridge-group 1
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 ip address 83.x.x.x 255.255.255.248
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0
 no cdp enable
!
interface BVI1
 no ip address
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input none
!
scheduler allocate 20000 1000
!
end

 

 

 

  • WAN Routing and Switching
Everyone's tags (3)
14 REPLIES

It looks like none of your

It looks like none of your WAN interfaces are in the bridge group, which is going to be a problem. Also, you're bridging from Ethernet to PPP, which may create problems due to the different framing. You can try adding "bridge-group 1" to the Dialer1 interface and moving its IPv4 address to the BVI1 interface and try it, but I will be surprised if it works.

Based on your configuration, bridging may not be necessary here. If you've received a /29 from your ISP, it's not likely to be assigned directly to a PPPoE interface, which is point-to-point. It's more likely to be routed via the Dialer1's point-to-point link.

When you added the IPv4 address to the ATM0/0/0.1 interface and successfully pinged it from the outside, what address did you use for Dialer1? Was it "ip address negotiated" or "ip address dhcp" by chance?

New Member

Hi JodyThanks for responding

Hi Jody

Thanks for responding to my post. Bridging is essential in our configuration as this is the main thing we are trying to achieve.

I have tried different way of trying to get this to work.

we tried adding the Bridge group1 to the dialer 1 interface and moved the IP address to the BVI interface but this seemed to break the connection. I was unable to ping any address. When I added the command Bridge 1 route IP command. I was then able to ping the address.

 

We have a /29 Internet address range assigned by our ISP. What we need is to be able to attach a device to an Ethernet port which has one of those IP addresses and is reachable over the internet using that address,

If the Internet range was say 1.2.3.0 /29

 

I want the router to be accessed and managed using 1.2.3.1

and my device to be configured to have an address 1.2.3.2

We have configured a dialer to have the address 1.2.3.1

We have added this to Bridge group 1

We have added an Ethernet port to Bridge group 1 and plugged a PC into this Ethernet port and given it an address 1.2.3.2 /29

We are not sure whether to configure the PC to have 1.2.3.1 as its default gateway or to configure the ISP provided default gateway.

If we configure a default route 0.0.0.0 0.0.0.0 dialer 1 into the router this does not show up in the routing table.

With this configuration we can ping the router address from the Internet but we cannot ping the internet or the router address (on the same subnet) from the laptop.

If we move the IP address to the BVI1 interface then we can ping the local address from the laptop but then cannot ping the router from the Internet.

 

 

 

 

 

 

 

Let's get to the point where

Let's get to the point where you can ping your router from the Internet and work from there. Can you post your router's configuration (editing out IP addresses, usernames and passwords, of course) when it is in this state?

New Member

Hi JodyThanks for getting

Hi Jody

Thanks for getting back to me. I have been playing around with the configuration to try and get a better understanding of the problem. So the configuration has changed since the last post.

 

RouterA#sh run
Building configuration...

Current configuration : 1781 bytes
!
! Last configuration change at 13:29:28 UTC Wed Nov 5 2014 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret 5
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 ip address 83.xx.x 255.255.255.248
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0
 no cdp enable
 bridge-group 1
!
interface BVI1
 no ip address
 ip mtu 1462
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

RouterA#

You mentioned that you had it

You mentioned that you had it reachable when the IPv4 address was assigned to the ATM0/0/0.1 interface. What did the configuration look like then?

New Member

Hi JodyFor trail and error

Hi Jody

For trail and error purposes I have changed the configuration since that discussion. However for investigation purpose I have added this back to the configuration for you to review.

outerA#sh run
Building configuration...

Current configuration : 1807 bytes
!
! Last configuration change at 14:17:49 UTC Wed Nov 5 2014
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 ip address 83.x.x.x 255.255.255.248
 bridge-group 1
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 no ip address
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0 
 no cdp enable
!
interface BVI1
 no ip address
 ip mtu 1462
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

RouterA#

 

There is no way I can think

There is no way I can think of that this configuration would be reachable from the Internet. Your default route is via a connection that doesn't even have an IP address. Can you move back to the configuration that was successfully tested from the Internet?

New Member

Hi JodyAfter some painstaking

Hi Jody

After some painstaking investigations and research via the internet and some input from my CCIE colleagues I managed to get this working!                        

I can now browse to the internet and am able to ping out to google.com etc.

I can also remotely access this from another office which is a totally separate network.

Here is the current working configuration.

 

RouterA#sh run
Building configuration...

Current configuration : 1784 bytes
!
! Last configuration change at 15:33:34 UTC Wed Nov 5 2014
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1833C2LC
!
!
username Admin secret
!
redundancy
!
!
controller VDSL 0/0/0
no cdp run
!
bridge irb
!
!
!
!
interface Loopback0
 no ip address
 shutdown
!
interface Embedded-Service-Engine0/0
 no ip address
!
interface GigabitEthernet0/0
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet0/1
 mtu 1462
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface ATM0/0/0
 no ip address
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/0/0
 no ip address
!
interface Dialer1
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp chap hostname
 ppp chap password 0 
 no cdp enable
!
interface BVI1
 ip address x.x.x.107 255.255.255.248
 ip mtu 1462
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

RouterA#

Good! That's why I was asking

Good! That's why I was asking if you had the Dialer1 interface set to "ip address negotiated" in my initial comment. When an ISP hands out a /29 over a PPPoE connection, they route that network over a negotiated point-to-point network, so you didn't need bridging at all... at least not for the ISP connection. I see that you're using it to put G0/0 and G0/1 on the same network, but that's a different application.

Because you're running a smaller MTU on the link due to the use of PPPoE, you will want to add "ip tcp adjust-mss 1422" to your Dialer1 interface to avoid fragmentation problems.

I'm glad to hear you got it sorted.

270
Views
0
Helpful
14
Replies