[c-nsp] Bridge group woes and IRB

Mark Borchers mborchers at igillc.com
Wed Apr 20 10:25:35 EDT 2005 

David,
Bridging your two vlans together is effectively the same as
putting both switches and the router all in the same vlan.
If you're not willing to do that, then you probably don't
want to bridge either, which basically turns the router into
a layer 2 device within the scope of the bridged domains.

Perhaps the way to get the redundancy you are looking for 
is to create vlans x and y on both of your switches.  If you
bridge the respective vlans using BVIx and BVIy, IRB will sort
out your traffic as you expect it to.


> -----Original Message-----
> 
> I have a 7507 w/ RSP4 (12.3(13a) right now), which I am using to route
> traffic between VLANs which enter the router via a 
> FastEthernet PA on a
> VIP2-50 using 802.1q. Using the basic sub-interface 
> configuration, I am
> able to route between VLANs and all that good stuff. 
> Everything is happy.
> 
> With the idea that I could take two trunks into seperate switches and
> use bridge groups on the router to bundle it all together, in order to
> have some redundency if a switch fails, I enabled IRB on the router,
> configured bridge groups for each VLAN and set the bridge-group option
> within the sub-interfaces. All IP configurations from the 
> sub-interface
> was moved onto the BVI.
> 
> My issue is that with a configuration using IRB and BVIs, packets will
> be bridged between VLANs (e.g. when I do a traceroute from one VLAN to
> the other, I don't see the router as a hop as it would when I 
> was using
> sub-interfaces). Doing a 'no bridge 100 bridge ip' seems to break
> everything, since I assume it will want t 'bridge' from the Fast
> Ethernet sub-interface to the BVI. The bridging of packets between
> VLANs, rather than routeing, is breaking quite a few things 
> as I have a
> FE on the same router which connects into VLAN 100 at another point
> (yes, I know this isn't ideal, but it's part of a migration process).
> Ultimatly, we end up with a Layer 2 loop in the network, even 
> though the
> non-trunked FE is not part of a bridge group at all and just has an IP
> allocated.
> 
> Is IOS supposed to bridge frames between two bridge groups, 
> or is this a
> side effect of a misconfiguration or IOS bug? Alternativly, any better
> suggestions as to how to have two redundent 802.1q trunks out to
> switches would be welcomed. I know I can put the IP address on
> thesub-interface and include it in a bridge group, rather than using a
> BVI, but then the IP is dependent upon the link state of the FE.
> 
> Thanks,
> David
> 
> -- 
> David J. Coulson    email: david at n2net.net
> Operations Manager  voice: (216) 619-2000
> N2Net, Inc.         web:   http://www.n2net.net/
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list