cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4050
Views
0
Helpful
9
Replies

Configure Cisco 877 like bridge

Hi

I need to configure a Cisco 877 router like a bridge. I have a firewall SA520 before the cisco 877.

I need to configure the public IP on the interface WAN on the firewall, and I can´t configure any NAT on the router.

I try to configure the cisco 877 like the explanation of this post: https://supportforums.cisco.com/message/3554381#3554381

But it doesn´t work.

My scenario is:

ADSL <------> Cisco 877 <-----> Cisco SA520 Firewall <----> LAN

The ADSL connection is an public IP of Telefonica Spain. I have the public IP and the mask for this public IP.

Anyone can help me?

9 Replies 9

paolo bevilacqua
Hall of Fame
Hall of Fame

Post your config.

Note: you can as well use the ISP modem as bridge, and save the money spent for the 877.

Even better, configure the 877 with some security, as it does that much better than the SA520.

This is the configuration that I config on the Cisco 877:

interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/32
  encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
no ip address
bridge-group 1
!

bridge 1 protocol ieee

On my computer I configure the public IP: x.x.x.7, the mask 255.255.255.0 and the default gateway x.x.x.1


This configuration doesn´t work.

Now we configure the ISP router and it´s working. But we must use the Cisco 877 and the SA520.

Thanks for your help

I've used this config with success:

interface Ethernet0
ip address
no ip route-cache
bridge-group 1
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
bridge-group 1
pvc 0/35
  encapsulation aal5snap
!
!        
!
bridge 1 protocol ieee

you've eventually to change the pvc setting for those of your operator.

The ip address on the ethernet interface is only for router management, it's not needed for bridge mode. You've also to configure the device behind the 877 (the SA520 or a PC) in PPPoE mode for internet access.

Regards

"The ip address on the ethernet interface is only for router management, it's not needed for bridge mode. You've also to configure the device behind the 877 (the SA520 or a PC) in PPPoE mode for internet access."

But my ADSL is not PPPoE, it´s  static IP, so on the device behind the 877 I configure the public IP.

Correct. Start checking "show dsl interface".

Check also the encapsulation used by your ISP or use encapsulation auto on the ATM0 interface

I configure the 877 with this two configurations, and it doesn´t work.

Conf 1

interface vlan1
ip address 192.168.1.1 255.255.255.0
no ip route-cache
bridge-group 1
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
bridge-group 1
pvc 8/32
  encapsulation aal5snap
!    
!
bridge 1 protocol ieee

Conf 2

interface vlan1

ip address 192.168.1.1 255.255.255.0

no ip route-cache

bridge-group 1

hold-queue 100 out

!

interface ATM0

no ip address

no ip route-cache

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

bridge-group 1

pvc 8/32

  encapsulation aal5snap

!

!        

!

bridge 1 protocol ieee

I don´t know what I need next, because one of this configuration must work, isn´t it?

Regards

Looking for internet i found a different configuration and it´s working, but i don´t know if it realy it´s the same idea, or not, but I think that can be work on my scenario.

The configuration is:

version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
no ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
policy-map wfq
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip unnumbered Vlan1
pvc 8/32
  oam-pvc manage
!
service-policy output wfq
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address (myIP(AND)mymask)+1 mymask

hold-queue 100 out
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

Router#

Now on my computer configured with the public IP I have internet.

What do you think? Can be a good configuration for my scenario?

Thanks for your help

Best Regards

If that config works, it means enpsulation is routed, not bridged IP.

You should see the same in ISP router.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: