[c-nsp] router and transparent bridging help needed.

Aaron ml at proficuous.com
Mon Dec 3 14:31:07 EST 2007 

> ISP|unknown router|serial(Frame)|address 1.2.3.4
>                          |
>                    ______|_______
>                         wic-1t
>                 some cisco router
>                        ethernet1.2.3.5
> ip route 10.0.0.0 255.255.255.0 10.0.0.1 <--this should send all you LAN
> traffic to INT RTR/FW
>                  ---------|-------------
>                           |
>                     10.0.0.1eth0
>               internal router/firewall
> or
> u could use a secondary address on router's ethernet1
>  interface Ethernet1
>  ip address 10.0.0.2 255.255.255.0 secondary <--puts router interface in
> same network as INT RTR/FW
>  ip address 1.2.3.5 (subnet mask)
>
>                  ---------|-------------
>                           |
>                     10.0.0.1eth0
>               internal router/firewall
>
> hope this is what you want.

Thanks Brad, but this is what I was hoping to avoid.  as I indicated
before, I was hoping the cisco in the middle would be transparent (like a
hub or switch).  Part of the reasoning is I want to have to worry as
little as possible with ios vulnerabilities/patches etc.  If the cisco is
not doing routing and doesn't have an IP and can't be connected to via
tcp, the less I'll have to worry about the aforementioned.

Is making the cisco transparent with frame a possibility?  Anyone?

Also, I'm still not sure what hardware I should be looking at.  Will a
cisco 1600 suffice?  does it matter if it's a 1601, 1602, 1604?

Thanks again.

Aaron

>
> ----- Original Message -----
> From: "Aaron" <ml at proficuous.com>
> To: <cisco-nsp at puck.nether.net>
> Sent: Monday, December 03, 2007 10:29 AM
> Subject: [c-nsp] router and transparent bridging help needed.
>
>
>>I have run into a situation where i need to bridge my incoming
>> frame-relay t1 directly to an internal router's ethernet interface.
>>
>> I have no practical experience with cisco so i'm hoping the list can
>> give me some pointers and suggestions and ideally i'll only get 2nd
>> degree burns from the flames.
>>
>> The situation as i need it is as such:..
>> My isp has a ptp address of 1.2.3.4 and my assigned address is 1.2.3.5
>> (ips sanitized of course).  I want to pass the 1.2.3.5 address directly
>> through to my internal router eth0 interface. (sorry in adv. for the
>> crappy ascii art)
>>
>> ISP|unknown router|serial(Frame)|address 1.2.3.4
>>                         |
>>                   ______|_______
>>                        wic-1t
>>                some cisco router
>>                       ethernet
>>                 ---------|-------------
>>                          |
>>                    1.2.3.5eth0
>>              internal router/firewall
>>
>> I have seen some examples but honestly i'm not even sure what hardware I
>> should be looking at.  The example from the archives
>> http://marc.info/?l=cisco-nsp&m=115982463524342&w=2 was talking about a
>> cisco 1601, but that was a ppp based connection.
>>
>> Another thread i found http://marc.info/?t=118667690000005&r=1&w=2
>> talked about a frame connection but then they were using a 2600 and the
>> replies seemed a little mixed as one guy said he should switch to ppp in
>> half-bridging and someone else replied about something called IRB
>> approach.  I'm not sure if switching to ppp is an option here so I'd
>> like to concentrate on frame.
>>
>> I don' need/want  routing, blocking, natting at all to happen on the
>> cisco,
>> essentially I want it to act like a hub/switch connected to my internal
>> firewall/router.
>>
>> The reasoning behind this is, and please correct me if i'm wrong, I want
>> as simple and worry free a setup on the cisco as possible.  After
>> configuring it I won't be fiddling with configs unless something were to
>> break.  My internal router will do all the natting/firewalling and
>> routing, and i am confident when configuring that.  I believe the
>> ability
>> on the OS is much more important than the OS.  I will not need to
>> connect
>> to the cisco via tcp at all, all connects will be via the management
>> console.
>>
>> Any suggestions on hardware (less expensive the better), IOS version
>> i'll need and probably most importantly, config suggestions, example or
>> link to pertinent material(i'm willing to learn to fish) would be most
>> appreciated.
>>
>> Thanks in advance.
>>
>> Aaron
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>

More information about the cisco-nsp mailing list