Re: Fallback Bridging

From: Narbik Kocharians (narbikk@gmail.com)
Date: Fri Feb 27 2009 - 13:54:26 ARST

• Next message: nhatphuc: "Re: Rotary Command"
• Previous message: Hobbs: "Re: VTP Issue"
• Maybe in reply to: Raghav Bhargava: "Fallback Bridging"
• Next in thread: mahmoud genidy: "Re: Fallback Bridging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

*Try this lab and see if it helps.*
**
*Use the following topology:*

The F0/0 interface of BB2 is connected to SW1 which is a 3560 and F0/1
interface of this switch is connected to SW3 which is a 3550. This port
should be in VLAN 20.

The F0/0 interface of BB3 is connected to SW1 which is a 3560 and F0/1
interface of this switch is connected to SW3 which is a 3550. This port
should be in VLAN 30.

*Layer 3 addressing:*

*BB2s FastEthernet (which one? To be determined by you, read on you will
see):*

*IPX net address: ABCD, IPv6 address = 23::2 /64, Mac-address =
0000.2222.2222*

* *

*BB3s FastEthernet (which one? To be determined by you, read on you will
see):*

*IPX net address: ABCD, IPv6 address = 23::3 /64, Mac-address =
0000.3333.3333*

* *

*You see by assigning the addressing to F0/0, you will be dealing with 3560
switch and by assigning the addressing to F0/1, you will be dealing with
3550 switch so you need to determine that based on the task. *

* *

*Task 1*

Configure the appropriate switch such that routers BB2 and BB3 can forward
NON-IP traffic between VLAN 20 and 30; Fallback Bridging should be
configured to accomplish this task. If this task is configured properly, you
should be able to use Ping to test this configuration using IPv6 or IPX
addressing identified in the IP addressing chart.

* *

*Note since the task specifies that the test should be conducted using IPv6
and IPX, 3550 switches will be the only choice. Since these switches do NOT
have inherent support for IPv6, these switches looked at IPv6 traffic as
NON-IP, just like IPX.*

* *

*To configure Fallback Bridging:*

* *

*On SW3*

* *

*The following command assigns a bridge group number (In this case number 1)
and it also specifies the VLAN bridge spanning-tree protocol to run in this
bridge group. *

SW3(config)#*bridge 1 protocol vlan-bridge*

*The following configuration assigns the bridge group that was created with
the Bridge 1 protocol vlan-bridge global configuration command to
interface VLAN 20 and 30.*

SW3(config)#int vlan 20

SW3(config-if)#*bridge-group 1*

SW3(config-if)#int vlan 30

SW3(config-if)#*bridge-group 1*

*To verify the configuration*

* *

*On SW3*

* *

*If the output of your Show bridge command does NOT reveal the MAC address
of BB2 and BB3, you should generate some traffic (For example: Pinging BB3
from BB2 using the IPv6 or IPX) so the bridge will see the MAC addresses.*

*SW3#Show bridge*

Br Group Mac Address State Type Ports

-------- ----------------- ------- ------
------

     1 0000.2222.2222 *Forward DYNAMIC * Vl20 Fa0/12

     1 0000.3333.3333 *Forward DYNAMIC* Vl30 Fa0/13

*To test the configuration:*

* *

*On BB2*

*BB2#Ping 23::3*

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:

*!!!!!*

*Success rate is 100 percent (5/5),* round-trip min/avg/max = 0/0/4 ms

*BB2#Ping IPX ABCD.0000.3333.3333*

Type escape sequence to abort.

Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
seconds:

*!!!!!*

*Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/2/4 ms

*Note IPv6 and IPX pings worked.*

* *

* *

*Task 2*

* *

Configure the switch such that ONLY static entries are bridged, if this
switch is configured properly, the switch should NOT bridge dynamically
learnt Mac addresses.

*On SW3*

*In the previous task, the switch (SW3) learned the MAC addresses
dynamically, and it bridged the traffic between the VLANs. The following
command prevents the switch to forward frames to stations that it has
learned dynamically. *

SW3(config)#*no bridge 1 acquire*

* *

*To verify the configuration:*

* *

*Note the output of the following Show command reveals that the
dynamically learned MAC addresses are discarded:*

* *

*On SW3*

*SW3#Show bridge*

Br Group Mac Address State Type Ports

-------- ----------------- ------- ------
------

     1 0000.2222.2222 *discard DYNAMIC * Vl20 Fa0/12

     1 0000.3333.3333 *discard DYNAMIC* Vl30 Fa0/13

*To test the configuration:*

* *

*On BB2*

*BB2#Ping IPX ABCD.0000.3333.3333*

Type escape sequence to abort.

Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
seconds:

*.....*

*Success rate is 0 percent (0/5)*

*BB2#Ping 23::3 *

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:

*.....*

*Success rate is 0 percent (0/5)*

*To complete the configuration:*

* *

*The following two commands add the MAC addresses of BB2 and BB3 statically,
therefore, since the traffic from dynamically learned MAC addresses are
discarded, the traffic with statically configured MAC addresses will be
forwarded.*

* *

*On SW3*

SW3(config)#*Bridge 1 address 0000.2222.2222 forward*

SW3(config)#*Bridge 1 address 0000.3333.3333 forward*

*To verify the configuration:*

* *

*On BB2*

*SW3#Show bridge*

Br Group Mac Address State Type Ports

-------- ----------------- ------- ------ ------

     1 0000.2222.2222 *Forward Static * -

     1 0000.3333.3333 *Forward Static* -

* *

*To test the configuration:*

* *

*BB2#Ping 23::3*

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:

*!!!!!*

*Success rate is 100 percent (5/5),* round-trip min/avg/max = 0/1/4 ms

*BB2#Ping IPX ABCD.0000.3333.3333*

Type escape sequence to abort.

Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
seconds:

*!!!!!*

*Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/2/4 ms

*Task 3*

* *

Configure the appropriate switch such that routers BB2 and BB3 can forward
NON-IP traffic between VLAN 20 and 30; you should configure Fallback
Bridging to accomplish this task. If this task is configured properly, you
should be able to use Ping to test this configuration using IPX addressing
identified in the addressing chart. *IPv6 addressing should NOT work* when
conducting tests using the Ping command.

*Note because 3560 switches support IPv6, they do not consider IPv6 as
NON-IP traffic; therefore, they do not bridge IPv6 traffic.*

*On BB2*

BB2(config)#default interface f0/1

BB2(config)#int f0/0

BB2(config-if)#mac-address 000.2222.2222

BB2(config-if)#ipx Network ABCD

BB2(config-if)#ipv6 address 23::2/64

BB2(config-if)#no shut

*On BB3*

BB3(config)#default interface f0/1

BB3(config)#int f0/0

BB3(config-if)#mac-address 0000.3333.3333

BB3(config-if)#ipx Network ABCD

BB3(config-if)#ipv6 address 23::3/64

BB3(config-if)#no shut

*On SW1*

SW1(config)#int f0/10

SW1(config-if)#swi mode acc

SW1(config-if)#swi acc v 20

SW1(config-if)#int f0/11

SW1(config-if)#swi mode acc

SW1(config-if)#swi acc v 30

SW1(config)#int vlan 20

SW1(config-if)#bridge-group 1

SW1(config-if)#int vlan 30

SW1(config-if)#bridge-group 1

SW1(config)#Bridge 1 protocol vlan-bridge

*To verify the configuration:*

* *

*On SW1*

*SW3#Show bridge*

Br Group Mac Address State Type Ports

-------- ----------------- ------- ------
------

     1 0000.2222.2222 *Forward DYNAMIC * Vl20

     1 0000.3333.3333 *Forward DYNAMIC* Vl30

*To test the configuration:*

* *

*On SW1*

*BB2#Ping 23::3*

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:

*.....*

*Success rate is 0 percent (0/5)*

*Note the above Ping failed but the following Ping worked.*

*BB2#Ping ipx ABCD.0000.3333.3333*

Type escape sequence to abort.

Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
seconds:

*!!!!!*

*Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/2/4 ms

* *

*Note IPX pings worked, whereas, IPv6 pings did not work.*

*Task 5*

Configure R1 based on the following; this router should have reachability to
the other two routers

R1, FastEthernet:

IPX Net address = ABCD, IPv6 address = 23::1 /64, VLAN = Default,
MAC-address = 0000.1111.1111

*On R1*

R1(config)#ipx routing

R1(config)#int f0/0

R1(config-if)#mac-address 0000.1111.1111

R1(config-if)#ipx Network ABCD

R1(config-if)#ipv6 address 23::1/64

R1(config-if)#no shut

*On SW1*

* *

SW1(config)#interface f0/0

SW1(config-if)#no Shut

SW1(config)#int vlan 1

SW1(config-if)#bridge-group 1

SW1(config-if)#no shut

* *

*To test the configuration:*

* *

*On R1*

*R1#ping ipx abcd.0000.2222.2222*

Type escape sequence to abort.

Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.2222.2222, timeout is 2
seconds:

*!!!!!*

*Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/1/4 ms

* *

*To verify the configuration:*

* *

*On SW1*

*SW1#Show bridge*

Br Group Mac Address State Type Ports

-------- ----------------- ------- ------
------

     1 0000.1111.1111 *Forward DYNAMIC* Vl1

     1 0000.2222.2222 *Forward DYNAMIC * Vl20

     1 0000.3333.3333 *Forward DYNAMIC* Vl30

* *

On Fri, Feb 27, 2009 at 3:37 AM, mahmoud genidy
<ccie.mahmoud@gmail.com>wrote:

> Hi GS,
>
> Any body know how you can statically deny or forward specific MAC addresses
> through a bridge? Also how to disable the dynamic learning of the MAC
> addresses on the bridge?
>
> I used what the DOC CD says and it is not working with me. To disable
> dynamic mac learning we have to use NO BRIDGE 1 ACQUIRE command. I used it
> and I still can see the dynamic MAC on the bridge group I have configured.
> Also I used Bridge forward and discard commands but also doesn't work. Here
> is my config:
>
> {
> bridge 1 protocol vlan-bridge
> no bridge 1 acquire
> bridge 1 address 1234.1234.1234 forward
> bridge 1 address 9876.9876.9876 discard
>
> interface Vlan13
> ip address 51.51.10.7 255.255.255.0
> bridge-group 1
> !
> interface FastEthernet0/12
> no switchport
> no ip address
> bridge-group 1
> !
> }
>
> Any hidden fact or concept here?
>
> Thanks
> M Genidy
>
> On Fri, Feb 27, 2009 at 3:50 PM, Nitro Drops <nitrodrops@hotmail.com>
> wrote:
>
> > Hi All,
> >
> > Like to hijack this thread. Was practising Fallback Bridging yesterday,
> > encountered this issue.
> >
> > IPv4 : R6 G0/1 (106.0.0.6) >> (106.0.0.10) F1/6 SW4 F1/4 (vlan104
> > 104.0.0.10)
> > >> (104.0.0.4)F0/1 R4
> > IPv6 : R6 G0/1 (2001::6/64) >> F1/6 SW4 F1/4 >> (2001::4/64)F0/1 R4
> >
> > IPv6 is setup to test on the fallback bridging
> > After i enabled Fallback Bridging on the 'int vlan104' & 'f0/6' of SW4.
> My
> > results are as follows
> >
> >
> >
> > 1.) R4 F0/1 (ipv6 - 2001::4/64) is able to ping/trace R6 F0/1 (ipv6 -
> > 2001::6/64)
> > 2.) R4 F0/1 (ipv4 - 106.0.0.6) is NOT able to ping/trace R6 F0/1 (ipv4 -
> > 104.0.0.4). if i remove bridging on SW4, R4 F0/1 (ipv4) is ABLE to
> > ping/trace
> > R6 F0/1 (ipv4)
> >
> >
> >
> > I am using Dynamips running - (C3725-ADVENTERPRISEK9-M)
> >
> > For my troubleshooting, i did
> >
> > - sh ip routes on R4 and R6, i can see the RIP routes on both routers
> >
> > - did 'debug ip packet' & 'debug ip routing', when i tried to ping from
> R4
> > to
> > R6, i dont see any packets hitting SW4.
> >
> > My understanding of Fallback bridging, it bridges non-routed protocol
> > between SVIs and L3 routed interfaces. So i assum routed protocol will
> > remain as routable?
> >
> > Any kind advises?
> >
> >
> >
> > Cheers
> >
> > Nit
> >
> >
> >
> >
> > > Date: Fri, 20 Feb 2009 05:03:01 +0000
> > > From: joe_astorino@comcast.net
> > > To: joe_astorino@comcast.net
> > > CC: ccielab@groupstudy.com; raghavbhargava12@gmail.com
> > > Subject: Re: Fallback Bridging
> > >
> > > Let me rephrase what I said in my most recent post. Suppose ports 1-5
> AND
> > ports 6-10 are running the SAME non-IP protocol and they want to talk but
> > are
> > in different VLANs. The switch can not route between the 2 VLANs if it is
> > not
> > IP. Thus, you bridge them. What I said before about appletalk
> communicating
> > with DECNET I don't think made any sense :)
> > >
> > > - Joe
> > > ----- Original Message -----
> > > From: "joe astorino" <joe_astorino@comcast.net>
> > > To: "Raghav Bhargava" <raghavbhargava12@gmail.com>
> > > Cc: "Cisco certification" <ccielab@groupstudy.com>
> > > Sent: Thursday, February 19, 2009 11:44:14 PM GMT -05:00 US/Canada
> > Eastern
> > > Subject: Re: Fallback Bridging
> > >
> > > Raghav,
> > >
> > > The way I understand it is this -- VLANs in general, and thus
> inter-vlan
> > routing on a switch were designed around the IP protocol. Fallback
> bridging
> > basically allows you to bridge non-ip protocols between VLANs. Since it
> is
> > not
> > IP it cannot be routed normally like an IP packet between vlans, so it
> can
> > be
> > bridged. I hope that helps
> > >
> > > - Joe
> > > ----- Original Message -----
> > > From: "Raghav Bhargava" <raghavbhargava12@gmail.com>
> > > To: "Cisco certification" <ccielab@groupstudy.com>
> > > Sent: Thursday, February 19, 2009 11:27:03 PM GMT -05:00 US/Canada
> > Eastern
> > > Subject: Fallback Bridging
> > >
> > > Hi Experts,
> > >
> > > I was reading Fallback Bridging but somehow could not understand it.
> > > Can someone please explain in simple terms.
> > >
> > > Appreciate all the help..
> > >
> > > --
> > > Warm Regards
> > > Raghav
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > _________________________________________________________________
> > It's simple! Sell your car for just $50
> >
> >
>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2E
> >
> >
>
com%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%
<
>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2E
%0Acom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2F
ai%
> >
> > 5F859641&_t=762955845&_r=tig_OCT07&_m=EXT
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
www.Net-Workbooks.com
Sr. Technical Instructor
Blogs and organic groups at http://www.ccie.net

• Next message: nhatphuc: "Re: Rotary Command"
• Previous message: Hobbs: "Re: VTP Issue"
• Maybe in reply to: Raghav Bhargava: "Fallback Bridging"
• Next in thread: mahmoud genidy: "Re: Fallback Bridging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:13 ARST