CCIE Candidate

Bridging is an obscure topic in CCIE R&S study.
It can be divided in three types

1) IRB (Integrated Routing and Bridging)
2) CRB (Concurrent Routing and Bridging
3) Fall back bridging

IRB is discussed in Lab 3 of internetworkExpert labs.

Basically IRB and CRB are generally used on routers to bridging different VLAN domains. If IRB is used, we can route IP over these bridged interfaces. The topic that is least discussed is Fall Back Bridging that we configure on switches. It is basically for non-IP traffic, and thats why chances of it appearing on the LAB are slim.

I’ll be demonstrating how fall-back bridging works using this example. SW1 has VLAN 11 and VLAN 22 defined and R1 and R2 are in VLAN 11 and 22 respectively. R3 and R4 are connected to switch ports Fa0/3 and fa0/4.

 

 

 

SW1 has VLAN 11 and VLAN 22 defined and R1 and R2 are in vlan 11 and 22 respectively.
R3 and R4 are connected to switch ports Fa0/3 and fa0/4 and VLANS are not defined.
For simplicity the mac-address are as follows.
R1 F0/0 = 0000.0000.001
R2 F0/0 = 0000.0000.002
R3 F0/0 = 0000.0000.003
R4 F0/0 = 0000.0000.004

Our goal here is to make all four router bridge the non-ip traffic between them where as R1 and R2 are in VLAN 11 and 12 respectively and R3 and R4 are not in any vlan.

The configuration of switchports connecting to R1 and R2 are as follows
!
interface FastEthernet0/1
description To R1 F0/0
switchport access vlan 11
!
interface FastEthernet0/2
description To R2 F0/0
switchport access vlan 22

To enable bridging on the physical port first we have to issue no-switchport command on physical interface.
Interface fa0/3 and fa0/4 here.
Here is the configuration of these ports.

!
interface FastEthernet0/3
description To R3 F0/0
no switchport
no ip address
!
interface FastEthernet0/4
no switchport
no ip address
end

Now we configure our fall back bridging.
For R1 and R2 the bridging will be configured under SVIs and for R3 and R4 under physical interface

SW1(config)#bridge 1 protocol vlan-bridge
SW1(config)#int vlan 11
SW1(config-if)#bridge-group 1
SW1(config-if)#int vlan 22
SW1(config-if)#bridge-group 1
SW1(config-if)#int fa0/3
SW1(config-if)#bridge-group 1
SW1(config-if)#int fa0/4
SW1(config-if)#bridge-group 1

And we are done with simple fall back bridging.
For verification, we will simulate an IPX network.

SW1#sh bridge group
Bridge Group 1 is running the VLAN Bridge compatible Spanning Tree protocol
Port 25 (FastEthernet0/3) of bridge group 1 is forwarding
Port 26 (FastEthernet0/4) of bridge group 1 is forwarding
Port 22 (Vlan11) of bridge group 1 is forwarding
Port 23 (Vlan22) of bridge group 1 is forwarding

On R1:
R1(config)#ipx routing
R1(config)#int Fa0/0
R1(config-if)#ipx net
R1(config-if)#ipx netwo
R1(config-if)#ipx network ABC
R1(config-if)#ipx encapsulation sap
R1(config-if)#do sh ipx int f0/0
FastEthernet0/0 is up, line protocol is up
IPX address is ABC.0000.0000.0001, SAP

Similarly on R2, R3 and R4
Our IPX address are as follows
R1: ABC.0000.0000.0001
R2: ABC.0000.0000.0002
R3: ABC.0000.0000.0003
R4: ABC.0000.0000.0004

We will ping from R1 to all other routers and also monitor the bridge group table.

R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0002
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0002, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/66/192 ms
R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0003
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0003, timeout is 2 seconds:
!!!!!
R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0004
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0004, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/48/72 ms
Finally the bridging table on switch

Address Action Interface Age RX count TX count
0000.0000.0001 forward Vlan11 0 20 15
0000.0000.0002 forward Vlan22 0 10 5
0000.0000.0003 forward FastEthernet0/3 0 6 5
0000.0000.0004 forward FastEthernet0/4 0 5 4
Now we’ll play with some features.

SW1#sh bridge
Total of 300 station blocks, 296 free
Codes: P - permanent, S - self

Bridge Group 1:

 

By default the mac-address are learned dynamically.
We can discard a mac-address, and force a router out of bridge group.
Lets discard R4’s mac address.

This will be done with the following command

SW1(config)#bridge 1 address 0000.0000.0004 discard
SW1#sh bridge
Total of 300 station blocks, 296 free
Codes: P - permanent, S - self

Bridge Group 1:
Address Action Interface Age RX count TX count
0000.0000.0001 forward Vlan11 2 20 15
0000.0000.0002 forward Vlan22 3 10 5
0000.0000.0003 forward FastEthernet0/3 3 6 5
0000.0000.0004 discard - P 5 4
Now R1 should not be able to communicate with R4 but still be communicating with R2 and R3.
Lets test this.

 

R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0004
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0004, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0003
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0003, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/58/168 ms
All right!
Now we can also change the behavior of dynamic learning by using “no bridge 1 acquire” command.
In that case, we have to manually add the mac-address we want to communicate with.
Lets do this and we’ll not manually add R2ś mac-address.

 

Weĺl see that R1 can ping R1 and R3 and R4 but not R2.

SW1(config)#no bridge 1 address 0000.0000.0004 discard
SW1(config)#no bridge 1 acquire
SW1(config)#do clear arp
SW1(config)#do sh bridge
Total of 300 station blocks, 300 free
Codes: P - permanent, S - self

All right all addresses have gone now.

Now we add

SW1(config)#bridge 1 address 0000.0000.0001 forward vlan 11
SW1(config)#bridge 1 address 0000.0000.0003 forward fastEthernet
SW1(config)#bridge 1 address 0000.0000.0004 forward

We can specify interface if we want, to avoid unnecessary broadcast. But this is not essential for communication.
Let’s see the bridge table now.

SW1#sh bridge
Total of 300 station blocks, 296 free
Codes: P - permanent, S - self
Bridge Group 1:
Address Action Interface Age RX count TX count
0000.0000.0001 forward Vlan11 P 0 0
0000.0000.0002 discard Vlan22 0 0 0
0000.0000.0003 forward FastEthernet1/3 P 0 0
0000.0000.0004 forward - P 0 0

As you can see that R2 mac address is being discarded.
As after no bridge 1 acquire, we need to manually add the mac-adresses.
Now we ping from R1 to R2 and R3 and R4.

R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0002
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0002, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R1#ping
Protocol [ip]: ipx
Target IPX address: ABC.0000.0000.0003
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to ABC.0000.0000.0003, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/29/36 ms

Side Options:

Like spanning-tree we can modify forward time, hello time, and priority (for selecting root) by following commands

bridge 1 forward-time
bridge 1 hello-time
bridge 1 priority

Also under the interface we can modify cost and priority to choose the path to root-bridge

SW1(config-if)#bridge-group 1 priority
SW1(config-if)#bridge-group 1 path-cost

Also aging time in bridge group table can be modified using
SW1(config)#bridge 1 aging-time ?
<10-1000000> Seconds

That’s pretty much it for fall back bridging.
For IRB (Integrated Routing and Bridging) and CRB (Concurrent Routing and Bridging) IE LAB 3 has a good write-up, which should be enough for understanding

 

�

---