Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cisco 3640 router - setup bridge

Status
Not open for further replies.

mrttn

Technical User
Apr 28, 2009
20
US
for some reason, the 172.16.1.1 is not talking to 192.168.1.1. I can't setup virtual interface vlans on the router so I am setting up bridge instead. however, the two networks are not talking.

I can ping yahoo.com from 192.168.1.1 but cannot from 172.16.1.1. I also cannot ping 172.16.1.1 from 192.168.1.1.

the router config is below.

thanks so much.
Tam



ip name-server 4.2.2.2
!
ip dhcp pool inside
import all
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 4.2.2.2
!
!
bridge irb
!
!
interface FastEthernet0/0
ip address 192.168.1.10 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface TokenRing2/0
no ip address
shutdown
ring-speed 16
!
interface BVI1
ip address 172.16.1.1 255.255.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http authentication local
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password <removed>
!
end
 
I have never seen something done like this before,but it's interesting.Do you have a cable modem in front of the router with the 192.168.1.0 ?Why can't you use one of the Fastethernet for your inside LAN?
Anyway try putting ip nat outside on the interface FastEthernet0/0 and ip nat inside on the BVI.

Regards
 
no luck


ip name-server 4.2.2.2
!
ip dhcp pool inside
import all
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 4.2.2.2
!
!
bridge irb
!
!
interface FastEthernet0/0
ip address 192.168.1.10 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface TokenRing2/0
no ip address
shutdown
ring-speed 16
!
interface BVI1
ip address 172.16.1.1 255.255.0.0
ip nat inside
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http authentication local
!
bridge 1 protocol ieee
!
end

Router#ping 192.168.1.10 source 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
.....
Success rate is 0 percent (0/5)
Router#ping 172.16.1.1 source 192.168.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.10
.....
Success rate is 0 percent (0/5)
Router#
 
Minue---I believe this is why...

"I can't setup virtual interface vlans on the router so I am setting up bridge instead. however, the two networks are not talking.
"

If you want the router to route L2 vlans, then you need to create sub-interfaces, dot1q encapsulation...

interface fa0/1
no ip address
no shutdown
!
interface fa0/1.133
description vlan133_native_management
encapsulation dot1q native 133 (it may not take the "native" command
ip address 172.16.133.1 255.255.255.252---/30 so that only the router and switch can be on this vlan
!
interface fa0/1.10
description vlan10_printers
encapsulation dot1q 10
ip address 172.16.10.1 255.255.255.0
!
interface fa0/1.20
description vlan20_admins
encapsulation dot1q 20
ip address 172.16.20.1 255.255.255.0
!
interface fa0/1.30
description vlan30_users
encapsulation dot1q 30
ip address 172.16.30.0 255.255.255.0

Then on the switch (if it is Cisco)
switch#vlan database
vlan 10 name vlan10
vlan 20 name vlan20
vlan 30 name vlan30
vlan 133 name vlan133
apply

then...

interface fa0/24
description trunk
switchport mode trunk
switchport trunk encapsulation dot1q native ("native" not available on XL switches)
switchport trunk allowed vlans 10,20,30,133
no shutdown
!
interface fa0/1
switchport mode access
switchport access vlan 10
no shutdown
!
on down to vlan 20 switchports...
!
interface fa0/10
switchport mode access
switchport access vlan 20
no shutdown
!
down to vlan 20 ports...
!
interface fa0/16
switchport mode access
switchport access vlan 20
!
etc., for vlan 30, but not 133...

now the SVI/management vlan---only one available on a L2 switch...
!
interface vlan 133
ip address 172.16.133.2 255.255.255.252
no shutdown

you will notice that in show run, you will see...
!
interface vlan 1
no ip address
shutdown
!
since only one SVI can be created---security reasons dictate that you do not want it to be vlan 1, because that is the default management vlan, and thus is easily guessed for attacks...

now the gateway...

ip default-gateway 172.16.133.1 255.255.255.252

If memory serves me correctly, that should be it.

If this is not what you are trying to accomplish, then whoops...disregard or take notes for the CCNA exam...lol

Another option may be a secondary ip address...

interface fa0/1
ip address 172.16.1.0 255.255.0.0
ip address secondary 192.168.69.1 255.255.255.0
no shutdown

The secondary ip address will be routable by virtue of being directly connected.

HTH

/










tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Whoopsie...this

interface fa0/1.30
description vlan30_users
encapsulation dot1q 30
ip address 172.16.30.0 255.255.255.0

should be this

interface fa0/1.30
description vlan30_users
encapsulation dot1q 30
ip address 172.16.30.1 255.255.255.0

ip address instead of network address...:)

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Hi Burt
Thing still aren't clear why create Vlans then to bridge them on a single interface.

For mrttn:
If you explain your network design more clearer and answer the question I posted in my former post,I will have enough info the Lab your setup and find the problem.

Regards


 
Minue, yes the router is behind a Verizon modem.

the idea is pointing all traffic to fa0/0 and fa0/0 is also a gateway for 172.16.1.1 network. you are correct, I can just use one of the other interface but that would make it on the same 192.168.1.1 network and I don't want that. I want the other interface be on different private networks. It should work if I can vlan them but I cannot for some reason, maybe the IOS don't support it. We don't have to bridge them necessary if there's other method.

thanks,
 
instead of bridging, I try loopback and now the two networks are talking but 172.16.100.1 is not talking to the outside world.

see below...

ip name-server 4.2.2.2
!
ip dhcp pool inside
import all
network 172.16.100.0 255.255.255.0
default-router 172.16.100.1
dns-server 4.2.2.2
!
!
bridge irb
!
!
interface Loopback1
ip address 172.16.100.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0
ip address 192.168.1.10 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.100.1 255.255.255.0
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!

!
interface BVI1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http authentication local
!
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password tam
login
!
end

Router#ping 192.168.1.10 source 172.16.100.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
Packet sent with a source address of 172.16.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Router#ping 172.16.100.1 source 192.168.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Router#ping 4.2.2.2 source 172.16.100.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 172.16.100.1
.....
Success rate is 0 percent (0/5)
Router#
 
Hello
I think your'e looking at things from a wrong point of view.The 192.168.1.0 subnet is one subnet between your modem and your Fastethernet0/0.If you put the 172.16.100.0 subnet on the Fastethernet0/1 this would be a separate subnet.Using NAT will convert the IP's on this subnet but it's still a diferent subnet.The 3640 and all other router's doesn't support VLAN's on less they have a builtin or modular switch install.Even if you had this case or an outside switch the concept would be the same.The VLAN's let you segment your indide users.If this is what you want to do,you can even do it better with all the Fastethernet interface you have on this router.
Actually bridging will make things worst because the router becomes a switch on the bridge interface.

Regards
 
so I make fa0/1 network 172.16.10.1 but that network is not talking to the outside world still.



ip name-server 4.2.2.2
!
ip dhcp pool inside
import all
network 172.16.10.0 255.255.255.0
default-router 172.16.10.1
dns-server 4.2.2.2
!
!
bridge irb
!
!
interface Loopback1
ip address 172.16.100.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0
ip address 192.168.1.10 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface TokenRing2/0
no ip address
shutdown
ring-speed 16
!
interface BVI1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http authentication local
!
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password tam
login
!
end

Router#ping 4.2.2.2 source 172.16.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.1
.....
Success rate is 0 percent (0/5)
Router#ping 192.168.1.1 source 172.16.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.1
.....
Success rate is 0 percent (0/5)
Router#
 
Hello
Your'e missing the the line in your conf:

ip nat inside source list 1 fastehernet0/0 overload
access-list 1 permit 172.16.10.0 0.0.0.255

Also post a "show ip nat translation"


Regards
 
no luck,


ip name-server 4.2.2.2
!
ip dhcp pool inside
import all
network 172.16.10.0 255.255.255.0
default-router 172.16.10.1
dns-server 4.2.2.2
!
!
bridge irb
!
!
interface Loopback1
ip address 172.16.100.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0
ip address 192.168.1.10 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface TokenRing2/0
no ip address
shutdown
ring-speed 16
!
interface BVI1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http authentication local
!
access-list 1 permit 172.16.10.0 0.0.0.255
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password tam
login
!
end


Router#sh ip nat translations
Pro Inside global Inside local Outside local Outsideglobal
icmp 192.168.1.10:0 172.16.10.1:0 4.2.2.2:0 4.2.2.2:0

Router#ping 192.168.1.10 source 172.16.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.1
.....
Success rate is 0 percent (0/5)
 
Hello
Try pointing the default to the interface:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Also post a traceroute with source FastEthernet0/1 so as to see where the packet is dying.

Regards
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top