[c-nsp] Bridging using Cisco 3640 routers
Ted Mittelstaedt
tedm at toybox.placo.com
Mon Dec 19 06:06:45 EST 2005
I'll assume you have identifed 0a00.3ef1.b2ed and 0009.5bf7.b69c
as the only machines you wanted broadcasts from forwarded across the
bridge? I'll use them as examples below.
I've never had any luck using short access lists with bridged filters,
try something like this instead:
access-list 1100 permit 0a00.3ef1.b2ed 0000.0000.0000 ffff.ffff.ffff
0000.0000.0000
access-list 1100 permit 0a00.3ef1.b2ed 0000.0000.0000 0000.0000.0000
ffff.ffff.ffff
access-list 1100 permit 0009.5bf7.b69c 0000 0000.0000 ffff.ffff.ffff
0000.0000.0000
access-list 1100 permit 0009.5bf7.b69c 0000 0000.0000 0000.0000.0000
ffff.ffff.ffff
access-list 1100 deny 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000
ffff.ffff.ffff
Let me know if this works, it's been several years since I've had to deal
with
that.
Ted
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Raymond Macharia
>Sent: Monday, December 19, 2005 12:27 AM
>To: cisco-nsp at puck.nether.net
>Subject: [c-nsp] Bridging using Cisco 3640 routers
>
>
>Hello,
>does anyone have any expirience working with Bridges done with Cisco
>routers.
>I have created a bridge between two locations and between the
>two locations
>I have two leased lines ( 1 is HDLC and the scecond is on Frame relay)
>I have also created a circuit group with this two links.
>The problem I have is that once I have the bridge up, I get alot of
>broadcasts traversing the links using up asignificant amount of
>bandwdith.
>I have followed Cisco's transparent bridging documentation for
>this bridge
>including the MAC address filters (extended access lists) which
>they have
>given as an example
>Below is section of the bridging configurations I have:
>
>interface FastEthernet0/0
>
> ip address 192.168.200.1 255.255.255.0
>
> no ip route-cache
>
> duplex auto
>
> speed auto
>
> bridge-group 1
>
>! Apply access list to interface
>
>bridge-group 1 input-address-list 700
>
>!
>
>!
>
>interface Serial1/0:1
>
> ip address 192.168.200.11 255.255.255.0
>
> no ip route-cache
>
> bridge-group 1
>
> bridge-group 1 circuit-group 1
>
>!
>
>interface Serial2/2:1
>
> ip address 192.168.200.21 255.255.255.0
>
> no ip route-cache
>
> bridge-group 1
>
> bridge-group 1 circuit-group 1
>
> !
>
>no ip http server
>
>!
>
>ip classless
>
>!
>
>!*Accesslist to prevent broadcasts across the links*
>
>access-list 700 permit 0a00.3ef1.b2ed 0000.0000.0000
>
>access-list 700 permit 0009.5bf7.b69c 0000.0000.0000
>
>access-list 700 permit FFFF.FFFF.FFFF 0000.0000.0000
>
>access-list 700 deny 0000.0000.0000 FFFF.FFFF.FFFF
>
>!
>
>!
>
>control-plane
>
>!
>
>bridge 1 protocol ieee
>
>bridge 1 circuit-group 1 pause 10
>
>bridge 1 circuit-group 1 source-based
>
>!
>
>!filter out non statically determined hosts
>
>no bridge 1 acquire
>Thanks
>
>--
>Raymond
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date:
>12/16/2005
>
More information about the cisco-nsp
mailing list