0

I have a Cisco ISR router C899G with LTE Cellular interface. I'd like to bridge the LTE into one of the eth ports in order to tap the wan link into my firewall device. When I try the BVI method as follows:

interface Cellular0 bridge-group 1

The device complains that the interface does not support bridging. How can I achieve simple transparent LTE Layer3 to ethernet routing? Could this somehow be achieved through dialer interfaces? I'm quite lost with this.

EDIT: by "bridging" I mean that IP traffic should be "bridged" transparently such that the public ip address is assigned to the firewall sitting behind the ISR LTE router in a same manner that many consumer appliance support (transparent connection on L3). IP communication should be transparent between wan and the firewall.

I have tried the following but the device behind GigabitEthernet9 does not get an ip:

! bridge irb bridge 1 protocol ieee bridge 1 route ip ! interface Cellular0 no ip address ip virtual-reassembly in encapsulation slip ip tcp adjust-mss 1318 dialer in-band dialer pool-member 1 async mode interactive routing dynamic ! interface GigabitEthernet9 no ip address duplex auto speed auto bridge-group 1 ! interface Dialer1 !ip address negotiated !With this we get an ip for the dialer interface no ip address dialer pool 1 dialer idle-timeout 0 dialer string lte dialer persistent no cdp enable bridge-group 1 !
Improve this question
4
  • 1
    LTE and ethernet cannot be transparently bridged because the frame formats are different. You need to route between the interfaces. Commented Oct 18, 2023 at 17:01
  • @RonMaupin Okay, how is the bridge mode implemented in multiple different consumer LTE routers then? I just need an ip layer bridge such that I can do all the rest routing and nat rules etc. on my firewall. Commented Oct 18, 2023 at 18:23
  • 1
    LTE routers route, which is what routers do. Routing is at layer-3, bridging is at layer-2. IP is at layer-3, and it is routed, so an IP bridge is not really what you mean. If you want to bridge, you use a switch (switch was originally a marketing term for a high-port-density bridge). Commented Oct 18, 2023 at 18:26
  • @RonMaupin okay, I understand that the terminology was wrong. Anyways any idea how to achieve this L3 transparency? Commented Oct 19, 2023 at 3:31

1 Answer 1

Reset to default
1

I think that's an X/Y-problem. What you need to do is route from LTE to IPoE (transparently or NATed) and then connect your firewall for analysis and filtering.

Bridging happens on the data link layer (L2) and that's impossible between LTE and IP due to framing differences. LTE encapsulates IP and IPoLTE to IPoE needs to be routed.

After all, there's little point in jumping through hoops trying to capture from the LTE interface (more or less directly) when you don't do any significant filtering before the firewall.

Edit: Here is a tested config for the isr router to achieve this passthrough routing with 1 to 1 nat:

! interface Cellular0 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation slip ip tcp adjust-mss 1318 dialer in-band dialer idle-timeout 0 dialer string lte dialer-group 1 ! dialer-list 1 protocol ip permit dialer-list 1 protocol ipv6 permit ! interface GigabitEthernet9 ip address 10.1.1.2 255.255.255.252 ip nat inside duplex auto speed auto ! ip nat inside source static 10.1.1.1 interface Cellular0 ip route 0.0.0.0 0.0.0.0 Cellular0 !

This works when the firewall/router wan interface is plugged into the isr routers ge9 port and the wan interface is configured with 10.1.1.1 ip address.

Improve this answer
3
  • Thanks, could you add example on how to do that on Cisco IOS? Commented Oct 19, 2023 at 11:06
  • 1
    Found out by myself a way to achieve this with 1 to 1 nat which satifies my needs, added working config to your otherwise good answer Commented Oct 19, 2023 at 16:57
  • Someone could add a transparent routing version as an answer if it is feasible. Commented Oct 19, 2023 at 16:59

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.