Transparent Bridge

[spock9458]

I am trying to follow the instructions of our telcomm people in setting up a "transparent bridge" between our main office and our new satellite office. I have a Cisco 1721 at each location, both have WIC 1T Serial Interface cards, plus the FastEthernet LAN ports.

If I understand this correctly, the Serial conncetion is a "physical" link made through the phone line hooked up by the telcomm company. In the router configuration, when I try to assign an IP address to the Serial0 interface that is on the same network as the FastEthernet0 interface, it says I can't do that.

Does anyone know if I am supposed to assign any IP address to the Serial0 interfaces? I have the lines "bridge-group 1" assigned to each interface, and the global "bridge 1 protocol ieee" configuration correct, but I am still missing a link somewhere?

Can you help?

 

[ADB100]

You don't need to assign an IP address to the serial interface, but you will need to assign an IP address to one of your interfaces that is in the bridge group so you can remotely manage the router. You would normally assign an IP address to the LAN interface, although in reality it doesn't matter.
Any reason why you aren't routing? Bridging over a slow speed WAN circuit isn't a very efficient use of the link; if either of the LAN's has a high broadcast rate it will affect the link. Routing is much more efficient.

HTH

Andy

 

[spock9458]

Thanks for the reply, Andy. The only reason why I'm bridging instead of routing is because the telcomm people told me they have set up this type of "seamless" or "transparent" connection before, and the users at the satellite office will see no difference than when they are here in our office, as far as network resources.

I'll try it this way, but if I see any sign of poor network performance I will investigate the possibility of routing instead.

Can you suggest any free resources for instructions on how to set that up if I need it?


Thanks,
Rob

 

[ADB100]

Can you suggest any free resources for instructions on how to set that up if I need it?

On here.....

Seriously to set this up as a routed link is quite simple. If you have other routers in the mix then you may have to set up some additional routing to 'tell' your existing routers of the new networks (via static or dynamic routing). Usually the more problematic issues are with your applications - i.e. making sure Windows has the correct name resolution settings etc.

Andy

 

[spock9458]

I am still having problems with this transparent bridge, and I wonder if anyone can shed any light on this. I have the physical serial connection done, both routers show that the interface Serial0 is up, and the line protcol is up.

However, network traffic is still not flowing across this connection, I cannot ping from one site to the other. I am expecting my telcomm installer to come and troubleshoot today, but I want to make sure I'm not missing anything in my router config.

Here are the pertinent lines in my router configurations, am I missing anything that would be required to make this work? Do you have any suggestions as to why the network traffic still won't cross this bridge? Thanks for any help.

<portion of config>
!
interface FastEthernet0
description Connected to LAN
ip address 192.168.40.200 255.255.255.0
ip nat inside
no ip route-cache
speed auto
bridge-group 1
!
interface Serial0
no ip address
no ip route-cache
no fair-queue
bridge-group 1
!
router rip
version 2
passive-interface Ethernet0
network 192.168.40.0
no auto-summary
!
ip classless
!
control-plane
!
bridge 1 protocol ieee
!

 

[chipk]

This doesn't sound like the greatest idea to me, and listening to telcom guys when it comes to data networks is never a good idea. Even if you routed instead of bridged the network, the users would see no difference in network access, so the point your telecom guys made of seamlessness and transparency doesn't make sense to me. I support 6 remote sites from our main office all connected by one or more T-1s. We have VOIP at all remote sites and everything (voice and data) works "seamlessly".

 

[spock9458]

OK, guys, I am unable to get the "transparent bridge" connection to work. I am attempting now to route traffic across this connection and I totally need help.

Situation:
Main Office is on ip network 192.168.40.0
Router type is Cisco 1721 with WIC T1 serial card and WIC ETH1 Ethernet card connected to the ISP router for internet.
FastEthernet0 (LAN) address is 192.168.40.200
Serial0 address is 192.168.0.2

Office PCs connect to application servers located at Main Office, and are able to access internet through Ethernet0. There are no problems at the main office.

New Satellite Office:
Set up to same internal ip network as main office (192.168.40.0)
Router type is Cisco 1721 with WIC T1 serial card.
FastEthernet0 (LAN) address is 192.168.40.201
Serial0 address is 192.168.0.1
Office PCs at the Satellite location need to access the application servers at Main Office, and hopefully access internet through the same Ethernet0 interface located at the main office.

Each router can ping successfully to the Serial0 interface at the remote location, but cannot ping LAN addresses at remote site.

Here is my "router rip" entry at each location:
router rip
version 2
network 192.168.0.0
network 192.168.40.0
no auto-summary

I have tried configuring static routes from each local network to the Serial0 address at the remote location. My most recent static routes now look like this:

ip route 192.168.0.0 255.255.255.0 FastEthernet0
ip route 192.168.40.0 255.255.255.0 Serial0

The "show ip route" command reveals both 192.168.0.0 and 192.168.40.0 are Connected.

No matter what I've tried I cannot get the two sites connected. Please, can anyone help me with some quick suggestions? I need this to get working soon...

Thanks

 

[UnaBomber]

What is in the 'cloud' between your two offices? Are you using the T1 wic to dial directly to the T1 wic at your main office from the sat office?

just one thing right now:

You cant put both your main office and sat office on the same subnet, unless you are going to tunnel between them. Right now you have this

Main office
FA0/0 192.168.40.0/24
S0/0 192.168.0.0/24

Sat office
FA0/0 192.168.40.0/24
S0/0 192.168.0.0/24

Your routing wont work like this, a packet destined for 192.168.40.0/24 wont know where to go.

Try changing the Subnet in Sat office to something else like
FA0/0 192.168.41.0/24 and leave the S0/0 ints the same.

By the way, I thought you said you were using ISDN T1's?


-ccnp mcse2k

 

[spock9458]

The 'cloud' between the main and satellite offices is a "fractional T1" line, with some channels being used for the phone system and others used for data. Changing the Subnet at the satellite to 192.168.41.0/24 did the trick as far as routing from one site to the other.

I am now able to make everything work pretty seamlessly, I have all the static routes set up to where it's working really well. There is a slight issue with data transfer "speed", but we are going to try and transfer a couple more channels from the phones to the data and see if that helps.

The last thing I cannot get to work is routing from the Subnet at the satellite office to the Internet, through the Ethernet0 port at the Main office. Let me see if I can explain the setup:

Main Office:
Cisco 1721
int Eth0 has <public ip> physically connected to ISP DSL router <dsl ip>

As far as I know, this is how we get the internet to work in the Main office:

ip route 0.0.0.0 0.0.0.0 <dsl ip>

I "firewall" the Eth0 interface using an access-list that works really well.

The Main office Cisco also now has a static route to the satellite office like so:

ip route 192.168.41.0 255.255.255.0 192.168.0.1

Here is the output of the "show ip route" command at the Main site:
show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS

level-2
ia - IS-IS inter area, * - candidate default, U - per-user static

route
o - ODR, P - periodic downloaded static route

Gateway of last resort is <dsl ip> to network 0.0.0.0

C 192.168.40.0/24 is directly connected, FastEthernet0
S 192.168.41.0/24 [1/0] via 192.168.0.1
<pulic subnet> is subnetted, 1 subnets
C <public network ip> is directly connected, Ethernet0
C 192.168.0.0/24 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via <dsl ip>

I have replaced the actual public ip addresses with <> info.

On the Satellite Cisco I have the following routes:

ip route 0.0.0.0 0.0.0.0 207.66.10.113
ip route 192.168.40.0 255.255.255.0 192.168.0.2
ip route <public network ip> <public network mask> 192.168.0.2

I have tried 'turning on' the internet by adding this:
ip route 0.0.0.0 0.0.0.0 <dsl ip>
and this
ip route 0.0.0.0 0.0.0.0 <public ip of Main Eth0>
(the output of the "show ip route" command on the Satellite Cisco shows all of the correct connections as above)

In both instances I can ping from the satellite subnet to the <public ip of Main Eth0> but I cannot ping to <dsl ip>

I hope someone can tell me what I am missing to get this last 'missing link' working.

Thanks.

 

[chipk]

Is your ACL allowing 192.168.41.0 out on the INternet?

 

[spock9458]

Very nice catch, I hadn't thought of that. I added the "permit" line to the access-list, and then restarted both routers. It still does not ping from satellite subnet to dsl ip.

Should my global 'ip route' command in the satellite router point to the Eth0 interface at the Main office, or to the ip of the dsl router? Like this:
ip route 0.0.0.0 0.0.0.0 <Main Eth0 public ip>
or
ip route 0.0.0.0 0.0.0.0 <dsl ip>

??

I have tried it both ways, and it doesn't seem to make any difference, it still won't go out.

Thanks.

 

[lui3]

Transparent bridge setup

Removed NAT statements

bridge irb
bridge 1 protocol ieee
bridge 1 route ip

interface bvi1
ip address x.x.x.x x.x.x.x (whatever you want for management)
no shut



interface FastEthernet0
description Connected to LAN
no ip route-cache
speed auto
bridge-group 1
!
interface Serial0
no ip address
no ip route-cache
no fair-queue
bridge-group 1


Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[doublea1535]

It sounds like your satellite office (SO) is a stub network. If this is the case then you only need one route, the default route pointing to the NEXT HOP.

For example, remove all pre-existing static-routes at your SO and enter only one of the following :

ip route 0.0.0.0 0.0.0.0 192.168.0.2
-or-
ip route 0.0.0.0 0.0.0.0 Serial0

A stub network (router) is a network (router) that only has one path out of the network. Or viewed another way, a stub router has 1 or more LAN connections, and only 1 WAN connection.

If the SO is not a stub network, then you will need the above default gateway route in addition to other more specific routes pointing to your other subnets. You will need a route to every layer-3 network that is not directly connected.

HTH

-aa