Access bridged modem using Cisco router

I have a Cisco 1811 with a Zyxel P2812HNU-F1 VDSL modem connected to it in bridge mode. The Cisco gets the public IP address through DHCP.

I wanted to access the modem on it’s local IP address of 192.168.1.254. At first, this didn’t seem possible because all traffic out of the WAN interface is translated to the public IP address. To enable access to the modem I did the following:

First, I added a secondary IP address to the WAN interface, Fastethernet0:

interface fastethernet0
ip address 192.168.1.100 255.255.255.0 secondary

Then I added a nat pool to translate internal traffic with 192.168.1.100:

ip nat pool nat_to_modem 192.168.1.100 192.168.1.100 netmask 255.255.255.0

The global NAT command requires an access list to match traffic that is to be NATted. Here I define that all traffic to 192.168.1.0/24 is to be translated:

ip access-list extended nat_to_modem
 permit ip any 192.168.1.0 0.0.0.255
 deny   ip any any

To prevent any traffic to this subnet to be translated to the public IP address I added the same network to my default NAT access list:

ip access-list extended acl_nat
 deny   ip any 192.168.1.0 0.0.0.255

To enable NAT translation I had to add a global NAT command:

ip nat inside source list nat_to_modem pool nat_to_modem overload

Because my default route points to the next hop of the ISP (default routes to interfaces that are not point to point create performance issues due to ARP tables overflowing) I had to add a static route to interface Fa0:

ip route 192.168.1.0 255.255.255.0 FastEthernet0

When using PPPoE this should not be neccesary.

This setup enables me to access the web interface of the modem. Unfortunately, due to a bug it stops functioning after a while or when resetting the WAN interface. Also, the configuration is not shown in the running config so a reload will also mess it up. But I figured out how it can be configured 🙂


Comments are closed.