I have a Cisco 877 in bridged mode acting as an ADSL2 modem only. My firewall is doing PPPOE and the internet works great.
What I would like to do is give vlan1 on the Cisco 877 an IP address e.g. 10.10.10.1/24 and then give my firewall a secondary WAN IP of 10.10.10.2 so that I can connect to the Cisco 877 and manage it without having to use the console port (kick off a reboot from the LAN side).
My working bridge config is
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
!
interface Vlan1
no ip address
bridge-group 1
!
bridge 1 protocol ieee
!
in order to do what I want, I would have thought I could simply add an IP to vlan1 e.g.
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
bridge-group 1
!
bridge 1 protocol ieee
!
however, this simply does not work. I see nothing in the ARP table on the firewall WAN interface that has a secondary IP of 10.10.10.2
I followed Cisco 877 as PPPoA/PPPoE bridge (no routing) – how to make it listen to IP for management? which suggests to use
bridge irb
and then
bridge 1 protocol ieee
bridge 1 bridge ip
Anyone able to help, thanks!
Best Answer
You need to create a BVI interface and then give that BVI interface an ip address, e.g.:
By virtue of putting both adapters in bridge group 1, you've bridged them together. By creating a BVI1 interface, you allow your router to have an ip address on that same bridge (The number after BVI coincides with the bridge group you've defined)