[c-nsp] router and transparent bridging help needed.

Bruce Pinsky bep at whack.org
Thu Dec 6 17:38:28 EST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aaron wrote:
> Ibrahim Abo Zaid wrote:
>> Dear Aaron
>>  
>>  
>> regarding the bridging frame directly to your internal router via your 
>> firewall , the below Cisco documents shows transparent bridging over 
>> many scenarios including frame-relay to ethernet
>> bridging
>>  
>> http://www.cisco.com/en/US/tech/tk331/tk660/technologies_tech_note09186a0080094471.shtml
>>  
>> regarding the HW point , i believe that any cisco router support 
>> frame-relay will do it
>> starting from Cisco 805
>>  
>> i hope you will find that useful in that case
>>  
>> best regards
>> -- Abo Zaid
>>
> Thanks Abo, that seems to be exactly what I was needing and will
> do exactly what I was wanting.
> 
> I wonder why so many different thoughts on what the IOS can and can't do.
> 

Because the person citing that doc fails to understand that the doc
describes bridging from one router to another that is also bridging.  What
I thought you described (and I think others thought) is that you need a
situation where one of the routers is bridging and the other downstream
router is routing.  That won't work.  A frame encap'd IPv4 packet will be
rejected by an interface that is expecting a frame encap'd bridge packet
(and vice versa).

So in the original example:

> ISP|unknown router|serial(Frame)|address 1.2.3.4
>                          |
>                    ______|_______
>                         wic-1t
>                 some cisco router
>                        ethernet
>                  ---------|-------------
>                           |
>                     1.2.3.5eth0
>               internal router/firewall


packets from "unknown router" will be frame encap'd with NLPID of 0xCC
indicating IPv4 over frame relay.  If wic-1t router is bridging, it is
expecting to receive a frame encap'd packet with an NLPID of 0x80 with an
OUI and PID indicating the type of MAC layer encapsulation to be expecting
within the frame relay packet.  NLPID's won't match so the packet will be
rejected.

If "unknown router" can bridge IP instead of routing it, then this could
work with "some cisco router" acting as a pure bridge.  But if that is the
ISP router (as indicated), that isn't likely to happen.

So, you're best choice here is probably to readdress "internal router",
place address 1.2.3.5 on the wic-1t interface, and make "some cisco router"
routing between your ISP and the "internal router".

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHWHnkE1XcgMgrtyYRAivIAJsF9q55N8u3pjmgOqVRPQOdhMju6gCgoDQ6
hpt8F3FNfJb4DTu4s8roIDs=
=NUvC
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list