topic bridge mode working on HG633 in Technology

topic bridge mode working on HG633 in Technology https://community.talktalk.co.uk/t5/Technology/bridge-mode-working-on-HG633/m-p/2220054#M25872 Hi Thought I'd post this up as it may be of use, especially anyone who is studying Cisco. I just got bridge mode working on the HG633 (v2.00t firmware). This allows me to effectively switch off NAT/Routing/Firewall/PPP Authentication on the HG633 and bridge or forward it over to another device. No nasty double NAT or anything like that. VPNs still work fine too. In my case it goes ADSL phone line > HG633 > Cisco 3825 router > Cisco 3550 switches > PC The Cisco 3825 takes care of NAT/Routing/Firewall and PPP Authentication. What threw me for a while was that Bridge mode is not the same as Modem mode. I had to configure the Cisco for a lot more than just listening for a public IP on the external interface. Once I got my head around that though, it all worked great. If anyone was wondering if there is a difference in ping or throughput with this setup - there isn't. Everything is the same. When you enable bridge mode on the HG633 the power and broadband lights remain solid green but the Internet light goes red. The ethernet light continues to flash as normal. I assume the red Internet light means no authentication and the green Broadband light means a valid link to the Exchange. Settings on the HG633 are: Internet menu > Internet Connection > Edit button > from Service type untick TR069,  from Connection type drop down list select Bridged  and finally from Link mode drop down list select EoA.  Click save and OK. That's it - just 3 options and it will work. On the Cisco you have to do a *lot* more. This page was really helpful: <A href="https://www.dslreports.com/faq/8199" target="_blank">https://www.dslreports.com/faq/8199</A> The important bits are: interface GigabitEthernet0/0              description ADSL_WAN_PORT  no ip address  no ip redirects  no ip unreachables  no ip proxy-arp  ip virtual-reassembly in  duplex auto  speed auto  media-type rj45  pppoe enable group global  pppoe-client dial-pool-number 1  no cdp enable  no mop enabled interface Dialer1  description ADSL_WAN_Dialer  ip address negotiated  no ip unreachables  ip mtu 1492  ip nat outside  ip virtual-reassembly in  zone-member security out-zone  encapsulation ppp  ip tcp adjust-mss 1452  dialer pool 1  dialer-group 1  ppp authentication chap callin  ppp chap hostname <your phone number>@talktalk.net  ppp chap password <your talktalk broadband password>  ppp ipcp dns request accept  ppp ipcp route default  ppp ipcp address accept  no cdp enable ip nat inside source list NAT interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ip access-list standard NAT  permit <your internal IP network and wildcard mask> dialer-list 1 protocol ip permit   Don't forget to configure your ZBF (zone based firewall). Some instructions for that are here: <A href="https://supportforums.cisco.com/t5/security-documents/ios-zone-based-firewall-step-by-step-basic-configuration/ta-p/3142774" target="_blank">https://supportforums.cisco.com/t5/security-documents/ios-zone-based-firewall-step-by-step-basic-configuration/ta-p/3142774</A>You can perform some basic checking of the firewall using "Shields UP" available here: <A href="https://www.grc.com" target="_blank">https://www.grc.com</A> Hope this helps someone 🙂 Sat, 23 Jun 2018 12:54:44 GMT Anonymous 2018-06-23T12:54:44Z