[c-nsp] router and transparent bridging help needed.

Aaron ml at proficuous.com
Mon Dec 3 18:03:48 EST 2007 

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aaron wrote:
>> I have run into a situation where i need to bridge my incoming
>> frame-relay t1 directly to an internal router's ethernet interface.
>>
>> I have no practical experience with cisco so i'm hoping the list can
>> give me some pointers and suggestions and ideally i'll only get 2nd
>> degree burns from the flames.
>>
>> The situation as i need it is as such:..
>> My isp has a ptp address of 1.2.3.4 and my assigned address is 1.2.3.5
>> (ips sanitized of course).  I want to pass the 1.2.3.5 address directly
>> through to my internal router eth0 interface. (sorry in adv. for the
>> crappy ascii art)
>>
>> ISP|unknown router|serial(Frame)|address 1.2.3.4
>>                          |
>>                    ______|_______
>>                         wic-1t
>>                 some cisco router
>>                        ethernet
>>                  ---------|-------------
>>                           |
>>                     1.2.3.5eth0
>>               internal router/firewall
>>
>> I have seen some examples but honestly i'm not even sure what hardware I
>> should be looking at.  The example from the archives
>> http://marc.info/?l=cisco-nsp&m=115982463524342&w=2 was talking about a
>> cisco 1601, but that was a ppp based connection.
>>
>> Another thread i found http://marc.info/?t=118667690000005&r=1&w=2
>> talked about a frame connection but then they were using a 2600 and the
>> replies seemed a little mixed as one guy said he should switch to ppp in
>> half-bridging and someone else replied about something called IRB
>> approach.  I'm not sure if switching to ppp is an option here so I'd
>> like to concentrate on frame.
>>
>> I don' need/want  routing, blocking, natting at all to happen on the
>> cisco,
>> essentially I want it to act like a hub/switch connected to my internal
>> firewall/router.
>>
>> The reasoning behind this is, and please correct me if i'm wrong, I want
>> as simple and worry free a setup on the cisco as possible.  After
>> configuring it I won't be fiddling with configs unless something were to
>> break.  My internal router will do all the natting/firewalling and
>> routing, and i am confident when configuring that.  I believe the
>> ability
>> on the OS is much more important than the OS.  I will not need to
>> connect
>> to the cisco via tcp at all, all connects will be via the management
>> console.
>>
>> Any suggestions on hardware (less expensive the better), IOS version
>> i'll need and probably most importantly, config suggestions, example or
>> link to pertinent material(i'm willing to learn to fish) would be most
>> appreciated.
>>
>> Thanks in advance.
>>
>
> What you want is local switching of layer 2, but I don't think there is
> support for frame-relay to ethernet switching.
>
> Your other possibility would be PPP half-bridge but not sure if you can do
> PPP half-bridge over a frame relay connection or not.
>
> Wouldn't it be simpler to add a serial interface to the internal
> router/firewall?
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHVHVyE1XcgMgrtyYRAvR2AKDOoyzX37FKuafDBwFFE8gMV/K2igCfS4iI
> uDBewgyVXQCTDqkTJmqE0es=
> =IKmJ
> -----END PGP SIGNATURE-----
>

Thanks for the reply everyone.

I think the bridging is going to be a little bit cumbersome and the
unnumberd interface isn't exactly what i'm shooting for either, so i'll
just shoot for a simple routed solution.

so from above...

>> ISP|unknown router|serial(Frame)|address 1.2.3.4
>>                          |
>>                    ______|_______
>>                         wic-1t
>>                 some cisco router
>>                        ethernet
>>                  ---------|-------------
>>                           |
>>                     1.2.3.5eth0
>>               internal router/firewall

will be

ISP|unknown router|serial(Frame)|address 1.2.3.4
                         |
                   ______|_______
             wic-1t| address 1.2.3.5
                some cisco router
                       ethernet
                   address 192.168.x.1
                 ---------|-------------
                          |
                    192.168.x.2eth0
              internal router/firewall

I can't put a serial interface on the internal router and still accomplish
what i'm after (unfortunately).

Now that i've come to the conclusion of how to get the addresses I need:
a. to know what router will work for my scenario.  still a 1600 (does it
matter what model)?

b. configuration pointers.  I just want my side ptp address from my ISP on
the serial interface and any non-public address on the ethernet interface.
 I suppose that from my lan wich will be connected to my internal router,
the cisco will have to do the natting as well?  I want all remote access
via IP turned off directly to the router itself.

Thanks in advance.

Aaron

More information about the cisco-nsp mailing list