Hi Jurgen, Many thanks for your informative response.
The firewall cannot terminate the PPP sessions so I will need to confirm from the client the ISP details in terms of what exactly is supported. >From my experience with PPPoA a public address is assigned to the ATM WAN interface and typically you NAT this one address to share among the LAN. If the ISP provides a separate address to the ATM interface I will be able to use the /29 block on the inside (wasting one address on the LAN interface of the router). IP unnumbered definitely sounds like the go but this is just a consumer grade router not a Cisco :) "It also may be your Provider has direct IP over the ATM PVC. Here, the device with the DSL-Modem acts as a router and has the /29 on it's LAN side." I hope this is the case. Thanks for your help. Cheers, -Aaron. -----Original Message----- From: Jurgen Marenda [mailto:[email protected]] Sent: Thursday, 2 June 2011 3:39 PM To: 'Aaron Riemer' Cc: [email protected] Subject: RE: [c-nsp] ADSL Bridging over Ethernet Hi Aaron, > This is not really a cisco specific question. I just need > some clarification > on ADSL bridging. > > I have a situation where an ISP will deliver a /29 address > block over an > ADSL connection. I assume the ADSL connection will be PPPoA / > PPPoE based. > > The ADSL router is a simple consumer grade product and a > firewall will sit > behind with a public IP address on an Ethernet interface > within this /29 > block. > > My question is if I have this /29 block how can the ADSL > router be addressed > LAN/WAN? I assume the only way to do this is to bridge the > ADSL connection > to the Ethernet network? > > If I bridge the connection does this mean the firewall will > need to run the > PPPoE/PPPoA protocol? > I am confused as to where the encapsulation / > de-encapsulation occurs with > this type of design. The ADSL router or the firewall? Can I > have the ADSL > router take care of all the necessary PPP functions such as > authentication > etc with bridging? > > Can someone please shed some light? If it's PPPoA, the device with the DSL-Modem has the ATM-PVC over which the PPP session runs. Clearly, that device is a router having the /29 on it's LAN If it's PPPoE, the DSL-Modem may act like as a router as in the PPPoA Scenario. (Here, the PPPoE frames are bridged to the ISP thru the ATM PVC.) But the DSL-Modem may also act as a simple bridge. In this case, the "firewall" must terminate the PPPoE Session and may have the /29 on and DMZ Lan or use each of the 8 IP-Adresses for terminating (and NATting) Services. It also may be your Provider has direct IP over the ATM PVC. Here, the device with the DSL-Modem acts as a router and has the /29 on it's LAN side. My (el cheapo) alcatel/ST/thomson classical "adsl" Modem works in all modes fine; so even customer grade CPEs may work; all those scenarios may be set up with Cisco 876/877 (iff you get the nessassary information from your ISP). WAN side does not really need to have an ip-adress (if its PPP=point-to-point) but may borrow the LAN's ip adress ( ip unmbered ...) Hope this helps, Juergen. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
