Create BVI on Cisco 1800 series router 1

[gmail2]

Hi All

I'm out of practice big time on Cisco, so bear with me ! We have a Cisco 1841 router at a branch office. FA0/0 is the LAN side and S0/0/0 is the WAN side. Now we have a new requirement to connect FA0/0 into a high availability environment where it needs to a cluster of firewalls. Because of this, we need two physical interfaces to connect to the two members of the firewall cluster.

We are thinking the ideal solution is to bond FA0/0 & FA0/1 together so they act as a switch with one virtual interface for IP layer stuff. From what I've read so far, this is a BVI (feel free to correct me if I'm wrong)

I've been googling this to find config examples or just POC that this can actually be done - preferably from Cisco website. But so far my search is mainly bringing up stuff about wireless (not too sure why) and routers with WIC cards in them.

Can anybody confirm if this is possible or not with the 1841 router ? And if anybody has any links to Cisco website for this, that would be great

Thanks in advance

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau

 

[burtsbees]

You could also make

1.Sub-interfaces
2.Secondary IP address
3.Sub-interfaces for VLANs

These may work better, so that you can keep the WAN and have layer 3 functionality in the router. But yes, that would be a BVI. Just do the command "no ip routing".

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[gmail2]

Thanks for the reply burstbees ... I think maybe I didn't explain my question properly though ! I think sub-interfaces would be the opposite of what I need. I need to physically connect the router to two firewalls (in high availability). So the only way to do this (that I can see) is

1. Connect the two firewalls & router to a switch
2. Bind the two interfaces on the 1841 so that they act as a switch

or am I missing out on something here ?

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau

 

[unclerico]

It would be easiest to do option #1, but yes you can create a bridge-group, assign it to each FE interface, create the bvi and assign the IP related information there. It would be something like this (going from memory so the actual commands may be wrong):

Router(config)# bridge irb
Router(config)# bridge 1 route ip
Router(config)# int f0/0
Router(config-if)# bridge-group 1
Router(config)# int f0/1
Router(config-if)# bridge-group 1
Router(config)# int bvi1
Router(config-if)# ip add 192.168.1.1 255.255.255.0

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[gmail2]

Thanks for the reply unclerico - that's what I was after. I know that option 1 is easier, but there are a few reasons we want to go with option 2 of possible (I won't bore you with the details ... some political !)

Recently however, somebody said to me that doing it this way (as opposed to just using on FE interface) may have some implications for running iBGP on the router. Personally I don't understand why, but I just wondered if anybody here knew why that might be ? iBGP woud only be enabled on the serial interface

Anybody have any thoughts ?

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau