[c-nsp] transparent bridging, correct approach?

lee.e.rian at census.gov lee.e.rian at census.gov
Thu Feb 8 13:58:17 EST 2007 

Hi Peter,

Do you have an input access list on either device?

If you're able to route through the device an access list problem is the
best reason I can think of for not being able to ping the device.

Regards,
Lee


cisco-nsp-bounces at puck.nether.net wrote on 02/08/2007 01:05:03 PM:

> Hi Lee,
>    I went with this config, and it seems to work, but I'm having a
> weird problem as a result.
>
>    The upstream GSR that attempts to talk to this 6500 for its BGP and
> OSPF sessions is unable to ping the box, establish ospf, or bgp
sessions..
>
> Feb  7 16:42:31: %OSPF-5-ADJCHG: Process 1, Nbr x on
GigabitEthernet6/0.12
> from EXSTART to DOWN, Neighbor Down: Too many DBD retransmitions
> Feb  7 16:43:31: %OSPF-5-ADJCHG: Process 1, Nbr x on
GigabitEthernet6/0.12
> from DOWN to DOWN, Neighbor Down: Ignore timer expired
>
>    However, things routing through the GSR are not having problems
> reaching the 6500
>
> Rtr-elsewhere:~# ping x
> PING x (x) 56(84) bytes of data.
> 64 bytes from x: icmp_seq=1 ttl=254 time=1.21 ms
> 64 bytes from x: icmp_seq=2 ttl=254 time=1.29 ms
>
>    And the 6500 itself seems to be able to hear the outside world just
> fine (via its default route, since OSPF and BGP don't seem to be working
> with the upstream GSR)
>
> Rtr-6500# ping www.google.com
>
> Translating "www.google.com"...domain server (204.11.104.2) [OK]
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 66.102.7.104, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
>
>    So far I can't figure out why the GSR cannot seem to directly
> communicate with the 6500 but can route packets to it just fine.. it's a
> mystery.. any clues?
>
> Peter Kranz
> Founder/CEO - Unwired Ltd
> www.UnwiredLtd.com
> Desk: 510-868-1614 x100
> Mobile: 510-207-0000
> pkranz at unwiredltd.com
>
> -----Original Message-----
> From: lee.e.rian at census.gov [mailto:lee.e.rian at census.gov]
> Sent: Wednesday, February 07, 2007 12:17 PM
> To: Peter Kranz
> Subject: Re: [c-nsp] transparent bridging, correct approach?
>
> Wouldn't something along these lines work on the cisco 6500 side?
>
> int g1/1
>  switchport
>  switchport mode trunk
>  switchport trunk encapsulation dot1q
>  switchport trunk allowed vlan 12,116
>
> int g4/2
>  switchport
>  switchport mode access
>  switchport access vlan 116
>
> int vlan 12
>   ip address x.y.x
>
> So vlan 116 traffic is bridged between ports g1/1 and g4/2  and vlan 12
> traffic is routed wherever.
>
> I don't think subinterfaces work on regular line card ports - you have to
> create an 802.1q trunk on the port and then vlan interfaces to route the
> traffic for the vlans on the trunk.
>
> Regards,
> Lee
>
> cisco-nsp-bounces at puck.nether.net wrote on 02/07/2007 02:54:52 PM:
>
> > It's a Cisco 6500 on one side, and a Extreme BD 6808 on the other
adding
> the
> > 802.1q tags..
> >
> > Peter Kranz
> > Founder/CEO - Unwired Ltd
> > www.UnwiredLtd.com
> > Desk: 510-868-1614 x100
> > Mobile: 510-207-0000
> > pkranz at unwiredltd.com
> >
> > -----Original Message-----
> > From: Neal R [mailto:neal at lists.rauhauser.net]
> > Sent: Wednesday, February 07, 2007 11:54 AM
> > To: Peter Kranz
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] transparent bridging, correct approach?
> >
> >
> >
> >    It would help to know what equipment is involved. Looks like 7500 or
> > 7600 maybe? L2TP is one method to solve this problem ...
> >
> > Peter Kranz wrote:
> > > In this situation, I have a single fiber from a remote location
> carrying 2
> > > VLAN's with 802.1q tags added on the remote side, one is desired to
be
> a
> > > layer 2 bridge for customer traffic (VLAN 116) and the other is for
> routed
> > > traffic (BGP session, etc with the remove data center) (VLAN 12)..
> > >
> > > I envisioned doing the layer 2 bridging part with the 'bridge-group'
> > command
> > > on the sub interface for the customer, but am getting the following
> errors
> > > in the logs when traffic shows up:
> > >
> > > Feb  7 11:33:37: %TBRIDGE-4-INVALIDMEDIA: RFC826_ARP received on
> > > GigabitEthernet1/1.116 - invalid media for transparent bridging
> > > Feb  7 11:33:42: %TBRIDGE-4-INVALIDMEDIA: RFC826_ARP received on
> > > GigabitEthernet1/1.116 - invalid media for transparent bridging
> > > Feb  7 11:33:47: %TBRIDGE-4-INVALIDMEDIA: DODIP received on
> > > GigabitEthernet1/1.116 - invalid media for transparent bridging
> > > Feb  7 11:33:52: %TBRIDGE-4-INVALIDMEDIA: DODIP received on
> > > GigabitEthernet1/1.116 - invalid media for transparent bridging
> > >
> > > The simplified config looks like this:
> > >
> > > !
> > > interface GigabitEthernet1/1
> > >  no ip address
> > > !
> > > interface GigabitEthernet1/1.12
> > >  description VLAN12 Routed traffic
> > >  encapsulation dot1Q 12
> > >  ip address x.y.z
> > >  no ip redirects
> > >  no ip proxy-arp
> > >  no cdp enable
> > > !
> > > interface GigabitEthernet1/1.116
> > >  description VLAN100 Layer 2 Bridge
> > >  encapsulation dot1Q 116
> > >  bridge-group 100
> > >  bridge-group 100 spanning-disabled
> > > !
> > > interface GigabitEthernet4/2
> > >  description Switched traffic destination
> > >  no ip address
> > >  bridge-group 100
> > >  bridge-group 100 spanning-disabled
> > > !
> > >
> > > Looking for advise on the 'right' way to do this..
> > >
> > > Peter Kranz
> > > Founder/CEO - Unwired Ltd
> > > www.UnwiredLtd.com
> > > Desk: 510-868-1614 x100
> > > Mobile: 510-207-0000
> > > pkranz at unwiredltd.com
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list