1

I have a Cisco 877 in bridged mode acting as an ADSL2 modem only. My firewall is doing PPPOE and the internet works great.

What I would like to do is give vlan1 on the Cisco 877 an IP address e.g. 10.10.10.1/24 and then give my firewall a secondary WAN IP of 10.10.10.2 so that I can connect to the Cisco 877 and manage it without having to use the console port (kick off a reboot from the LAN side).

My working bridge config is

!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
!
interface Vlan1
no ip address
bridge-group 1
!
bridge 1 protocol ieee
!

in order to do what I want, I would have thought I could simply add an IP to vlan1 e.g. 

!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
bridge-group 1
!
bridge 1 protocol ieee
!

however, this simply does not work. I see nothing in the ARP table on the firewall WAN interface that has a secondary IP of 10.10.10.2

I followed Cisco 877 as PPPoA/PPPoE bridge (no routing) - how to make it listen to IP for management? which suggests to use 

bridge irb

and then 

bridge 1 protocol ieee
bridge 1 bridge ip

Anyone able to help, thanks!

Community
  • 1
user158798
  • 23
  • 4

1 Answers1

0

You need to create a BVI interface and then give that BVI interface an ip address, e.g.:

config term
int BVI1
ip address 10.10.10.1 255.255.255.0

By virtue of putting both adapters in bridge group 1, you've bridged them together. By creating a BVI1 interface, you allow your router to have an ip address on that same bridge (The number after BVI coincides with the bridge group you've defined)

Peter Grace
  • 3,446
  • 1
  • 26
  • 42