[lug] Cisco 678 and NAT

Nate Duehr nate at natetech.com
Tue Jan 3 16:48:32 MST 2006 

Dan Ferris wrote:
> I have experience with 2 Cisco 678s.  I think they are the best DSL
> modem out there personally.
> 
> The best way to use one is to get a seperate router and run them in
> bridging mode.  I do that with a Soekris box running m0n0wall and it
> NEVER crashes.
> 
> Just my $.02
> 
> Dan

Both bridging and PPPoA has benefits and problems.

While it's true that bridged mode is the most convenient for those of us 
that like messing with our own firewalls, etc... because we're just 
seeing all the way to our upstream router, and it means we don't have to 
deal with routing between the firewall and the modem...

Bridged mode rarely recovers correctly from a line failure without 
power-cycling the 678.

Also depending on your ISP, they can whack up their ARP tables during 
router/switch software upgrades and you'll find that even though you 
have physical layer and what appears to be logical layer connectivity... 
nothing works until you do the magical power-cycle of the 678 to force 
some ARP'ing for stuff to straighten out their end.

I used to have a bridged-mode SDSL circuit long ago, and these were both 
"common" problems... probably twice or three times a year.

PPPoA (or PPPoE - whatever) will reconnect more cleanly and with more 
chance of recovery if the circuit is bouncing or power to the DSLAM is 
bouncing.  (Summertime... t-storms, etc.)

If you're running static IP's and have more than one range, bridged 
setups can become a bit confused with that setup, also.

I've had two /28's routed to my 678 for a number of years now over PPPoA 
and I can't remember *ever* having to reset my 678 to clear a down 
connection, ever.  PPPoA has simply taken care of it.  I've reset the 
678 only to move it or change power connections.

Some of that might have something to do with connecting to a VERY good 
ISP with a clue, also... this is NOT on Qwest ISP service.  Qwest 
transport to Front Range Internet (FRII).

The downside?  Not huge... I have to add a default route from the 
firewall to the 678.  I'd have to point it upstream to the ISP's default 
router for the bridged network anyway, so no additional work needed 
there.  I had to put a username and password into the 678 also, of 
course... that's about the only difference from my end of the connection.

Nate

More information about the LUG mailing list