Re: Fallback Bridging
From: Narbik Kocharians (narbikk@gmail.com)
Date: Sat Feb 28 2009 - 00:22:00 ARST
Mahmoud,
If you like i can slap couple of 3550s and few routers so you can test the
entire lab. Would you want that?
I normally do not offer that, but hey...... if my racks are not being used i
do not mind to offer it for free for an hour or so, if it helps.
On Fri, Feb 27, 2009 at 3:13 PM, mahmoud genidy
<ccie.mahmoud@gmail.com>wrote:
>
> Thanks Narbik for this test scenario. I labed it and I got partial success.
> I have only 3560s. So I used the IPX addressing.
>
> - I was able to ping the IPX addresses normally between the two VLANs
>
> - I tried to disable the Auto learning of MAC addresses (no bridge 1
> acquire) But again it is not working. I still can ping between IPX
addresses
> and I can see the Dynamic MAC addresses learned and in FORWARD state.
>
> - Discarding specific MAC as well didn't work. I tried to discard specif
> MAC (bridge 1 address 0000.1111.1111 discard) and of course I kept dynamic
> learning enabled. I still can see the MAC address in FOWARD state in the
> bridge table.
>
> It may be a bug in my Catalyst IOS [Version 12.2(25)SEE4, RELEASE SOFTWARE
> (fc1)]. Because the configuration and the concept is straighforward. :(
>
> Thansk,
> M Genidy
>
>
> On Sat, Feb 28, 2009 at 2:54 AM, Narbik Kocharians
<narbikk@gmail.com>wrote:
>
>> *Try this lab and see if it helps.*
>> **
>> *Use the following topology:*
>>
>>
>>
>> The F0/0 interface of BB2 is connected to SW1 which is a 3560 and F0/1
>> interface of this switch is connected to SW3 which is a 3550. This port
>> should be in VLAN 20.
>>
>>
>>
>> The F0/0 interface of BB3 is connected to SW1 which is a 3560 and F0/1
>> interface of this switch is connected to SW3 which is a 3550. This port
>> should be in VLAN 30.
>>
>>
>>
>> *Layer 3 addressing:*
>>
>> *BB2�s FastEthernet (which one? To be determined by you, read on you will
>> see):*
>>
>> *IPX net address: ABCD, IPv6 address = 23::2 /64, Mac-address =
>> 0000.2222.2222*
>>
>> * *
>>
>> *BB3�s FastEthernet (which one? To be determined by you, read on you will
>> see):*
>>
>> *IPX net address: ABCD, IPv6 address = 23::3 /64, Mac-address =
>> 0000.3333.3333*
>>
>> * *
>>
>> *You see by assigning the addressing to F0/0, you will be dealing with
>> 3560 switch and by assigning the addressing to F0/1, you will be dealing
>> with 3550 switch so you need to determine that based on the task. *
>>
>> * *
>>
>> *Task 1*
>>
>>
>>
>> Configure the appropriate switch such that routers BB2 and BB3 can forward
>> NON-IP traffic between VLAN 20 and 30; Fallback Bridging should be
>> configured to accomplish this task. If this task is configured properly,
you
>> should be able to use �Ping� to test this configuration using IPv6 or IPX
>> addressing identified in the IP addressing chart.
>>
>>
>>
>> * *
>>
>> *Note since the task specifies that the test should be conducted using
>> IPv6 and IPX, 3550 switches will be the only choice. Since these switches
do
>> NOT have inherent support for IPv6, these switches looked at IPv6 traffic
as
>> NON-IP, just like IPX.*
>>
>> * *
>>
>> *To configure Fallback Bridging:*
>>
>> * *
>>
>> *On SW3*
>>
>> * *
>>
>> *The following command assigns a bridge group number (In this case number
>> 1) and it also specifies the VLAN bridge spanning-tree protocol to run in
>> this bridge group. *
>>
>>
>>
>> SW3(config)#*bridge 1 protocol vlan-bridge*
>>
>>
>>
>> *The following configuration assigns the bridge group that was created
>> with the �Bridge 1 protocol vlan-bridge� global configuration command to
>> interface VLAN 20 and 30.*
>>
>>
>>
>> SW3(config)#int vlan 20
>>
>> SW3(config-if)#*bridge-group 1*
>>
>>
>>
>> SW3(config-if)#int vlan 30
>>
>> SW3(config-if)#*bridge-group 1*
>>
>>
>>
>> *To verify the configuration*
>>
>> * *
>>
>> *On SW3*
>>
>> * *
>>
>> *If the output of your �Show bridge� command does NOT reveal the MAC
>> address of BB2 and BB3, you should generate some traffic (For example:
>> Pinging BB3 from BB2 using the IPv6 or IPX) so the bridge will see the MAC
>> addresses.*
>>
>>
>>
>> *SW3#Show bridge*
>>
>>
>>
>> Br Group Mac Address State Type Ports
>>
>> -------- ----------------- ------- ------
>> ------
>>
>> 1 0000.2222.2222 *Forward DYNAMIC * Vl20 Fa0/12
>>
>> 1 0000.3333.3333 *Forward DYNAMIC* Vl30 Fa0/13
>>
>>
>>
>> *To test the configuration:*
>>
>> * *
>>
>> *On BB2*
>>
>>
>>
>> *BB2#Ping 23::3*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:
>>
>> *!!!!!*
>>
>> *Success rate is 100 percent (5/5),* round-trip min/avg/max = 0/0/4 ms
>>
>>
>>
>> *BB2#Ping IPX ABCD.0000.3333.3333*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
>> seconds:
>>
>> *!!!!!*
>>
>> *Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/2/4 ms
>>
>>
>>
>> *Note IPv6 and IPX pings worked.*
>>
>> * *
>>
>> * *
>>
>> *Task 2*
>>
>> * *
>>
>> Configure the switch such that ONLY static entries are bridged, if this
>> switch is configured properly, the switch should NOT bridge dynamically
>> learnt Mac addresses.
>>
>>
>>
>>
>>
>> *On SW3*
>>
>>
>>
>> *In the previous task, the switch (SW3) learned the MAC addresses
>> dynamically, and it bridged the traffic between the VLANs. The following
>> command prevents the switch to forward frames to stations that it has
>> learned dynamically. *
>>
>>
>>
>> SW3(config)#*no bridge 1 acquire*
>>
>>
>>
>> * *
>>
>> *To verify the configuration:*
>>
>> * *
>>
>> *Note the output of the following �Show� command reveals that the
>> dynamically learned MAC addresses are discarded:*
>>
>> * *
>>
>> *On SW3*
>>
>>
>>
>> *SW3#Show bridge*
>>
>>
>>
>> Br Group Mac Address State Type Ports
>>
>> -------- ----------------- ------- ------
>> ------
>>
>> 1 0000.2222.2222 *discard DYNAMIC * Vl20 Fa0/12
>>
>> 1 0000.3333.3333 *discard DYNAMIC* Vl30 Fa0/13
>>
>>
>>
>> *To test the configuration:*
>>
>> * *
>>
>> *On BB2*
>>
>>
>>
>> *BB2#Ping IPX ABCD.0000.3333.3333*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
>> seconds:
>>
>> *.....*
>>
>> *Success rate is 0 percent (0/5)*
>>
>>
>>
>> *BB2#Ping 23::3 *
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:
>>
>> *.....*
>>
>> *Success rate is 0 percent (0/5)*
>>
>>
>>
>> *To complete the configuration:*
>>
>> * *
>>
>> *The following two commands add the MAC addresses of BB2 and BB3
>> statically, therefore, since the traffic from dynamically learned MAC
>> addresses are discarded, the traffic with statically configured MAC
>> addresses will be forwarded.*
>>
>> * *
>>
>> *On SW3*
>>
>>
>>
>> SW3(config)#*Bridge 1 address 0000.2222.2222 forward*
>>
>> SW3(config)#*Bridge 1 address 0000.3333.3333 forward*
>>
>>
>>
>> *To verify the configuration:*
>>
>> * *
>>
>> *On BB2*
>>
>>
>>
>> *SW3#Show bridge*
>>
>>
>>
>> Br Group Mac Address State Type Ports
>>
>> -------- ----------------- ------- ------
>> ------
>>
>> 1 0000.2222.2222 *Forward Static * -
>>
>> 1 0000.3333.3333 *Forward Static* -
>>
>> * *
>>
>> *To test the configuration:*
>>
>> * *
>>
>> *BB2#Ping 23::3*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:
>>
>> *!!!!!*
>>
>> *Success rate is 100 percent (5/5),* round-trip min/avg/max = 0/1/4 ms
>>
>>
>>
>> *BB2#Ping IPX ABCD.0000.3333.3333*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
>> seconds:
>>
>> *!!!!!*
>>
>> *Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/2/4 ms
>>
>>
>>
>>
>>
>> *Task 3*
>>
>> * *
>>
>> Configure the appropriate switch such that routers BB2 and BB3 can forward
>> NON-IP traffic between VLAN 20 and 30; you should configure Fallback
>> Bridging to accomplish this task. If this task is configured properly, you
>> should be able to use �Ping� to test this configuration using IPX
addressing
>> identified in the addressing chart. *IPv6 addressing should NOT work*when
conducting tests using the Ping command.
>>
>>
>>
>>
>>
>>
>> *Note because 3560 switches support IPv6, they do not consider IPv6 as
>> NON-IP traffic; therefore, they do not bridge IPv6 traffic.*
>>
>>
>>
>> *On BB2*
>>
>>
>>
>> BB2(config)#default interface f0/1
>>
>>
>>
>> BB2(config)#int f0/0
>>
>> BB2(config-if)#mac-address 000.2222.2222
>>
>>
>>
>> BB2(config-if)#ipx Network ABCD
>>
>> BB2(config-if)#ipv6 address 23::2/64
>>
>> BB2(config-if)#no shut
>>
>>
>>
>> *On BB3*
>>
>>
>>
>> BB3(config)#default interface f0/1
>>
>>
>>
>> BB3(config)#int f0/0
>>
>> BB3(config-if)#mac-address 0000.3333.3333
>>
>> BB3(config-if)#ipx Network ABCD
>>
>> BB3(config-if)#ipv6 address 23::3/64
>>
>> BB3(config-if)#no shut
>>
>>
>>
>> *On SW1*
>>
>>
>>
>> SW1(config)#int f0/10
>>
>> SW1(config-if)#swi mode acc
>>
>> SW1(config-if)#swi acc v 20
>>
>>
>>
>> SW1(config-if)#int f0/11
>>
>> SW1(config-if)#swi mode acc
>>
>> SW1(config-if)#swi acc v 30
>>
>>
>>
>> SW1(config)#int vlan 20
>>
>> SW1(config-if)#bridge-group 1
>>
>>
>>
>> SW1(config-if)#int vlan 30
>>
>> SW1(config-if)#bridge-group 1
>>
>>
>>
>> SW1(config)#Bridge 1 protocol vlan-bridge
>>
>>
>>
>> *To verify the configuration:*
>>
>> * *
>>
>> *On SW1*
>>
>>
>>
>> *SW3#Show bridge*
>>
>>
>>
>> Br Group Mac Address State Type Ports
>>
>> -------- ----------------- ------- ------
>> ------
>>
>> 1 0000.2222.2222 *Forward DYNAMIC * Vl20
>>
>> 1 0000.3333.3333 *Forward DYNAMIC* Vl30
>>
>>
>>
>> *To test the configuration:*
>>
>> * *
>>
>> *On SW1*
>>
>>
>>
>> *BB2#Ping 23::3*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte ICMP Echos to 23::3, timeout is 2 seconds:
>>
>> *.....*
>>
>> *Success rate is 0 percent (0/5)*
>>
>>
>>
>> *Note the above Ping failed but the following Ping worked.*
>>
>>
>>
>> *BB2#Ping ipx ABCD.0000.3333.3333*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.3333.3333, timeout is 2
>> seconds:
>>
>> *!!!!!*
>>
>> *Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/2/4 ms
>>
>> * *
>>
>> *Note IPX pings worked, whereas, IPv6 pings did not work.*
>>
>>
>>
>>
>>
>> *Task 5*
>>
>>
>>
>> Configure R1 based on the following; this router should have reachability
>> to the other two routers
>>
>> R1, FastEthernet:
>>
>> IPX Net address = ABCD, IPv6 address = 23::1 /64, VLAN = Default,
>> MAC-address = 0000.1111.1111
>>
>>
>>
>>
>>
>> *On R1*
>>
>>
>>
>> R1(config)#ipx routing
>>
>>
>>
>> R1(config)#int f0/0
>>
>> R1(config-if)#mac-address 0000.1111.1111
>>
>> R1(config-if)#ipx Network ABCD
>>
>> R1(config-if)#ipv6 address 23::1/64
>>
>> R1(config-if)#no shut
>>
>>
>>
>> *On SW1*
>>
>> * *
>>
>> SW1(config)#interface f0/0
>>
>> SW1(config-if)#no Shut
>>
>>
>>
>> SW1(config)#int vlan 1
>>
>> SW1(config-if)#bridge-group 1
>>
>> SW1(config-if)#no shut
>>
>> * *
>>
>> *To test the configuration:*
>>
>> * *
>>
>> *On R1*
>>
>>
>>
>> *R1#ping ipx abcd.0000.2222.2222*
>>
>>
>>
>> Type escape sequence to abort.
>>
>> Sending 5, 100-byte IPX Novell Echoes to ABCD.0000.2222.2222, timeout is 2
>> seconds:
>>
>> *!!!!!*
>>
>> *Success rate is 100 percent (5/5),* round-trip min/avg/max = 1/1/4 ms
>>
>> * *
>>
>> *To verify the configuration:*
>>
>> * *
>>
>> *On SW1*
>>
>>
>>
>> *SW1#Show bridge*
>>
>>
>>
>> Br Group Mac Address State Type Ports
>>
>> -------- ----------------- ------- ------
>> ------
>>
>> 1 0000.1111.1111 *Forward DYNAMIC* Vl1
>>
>> 1 0000.2222.2222 *Forward DYNAMIC * Vl20
>>
>> 1 0000.3333.3333 *Forward DYNAMIC* Vl30
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * *
>>
>>
>>
>>
>>
>>
>> On Fri, Feb 27, 2009 at 3:37 AM, mahmoud genidy <ccie.mahmoud@gmail.com
>> > wrote:
>>
>>> Hi GS,
>>>
>>> Any body know how you can statically deny or forward specific MAC
>>> addresses
>>> through a bridge? Also how to disable the dynamic learning of the MAC
>>> addresses on the bridge?
>>>
>>> I used what the DOC CD says and it is not working with me. To disable
>>> dynamic mac learning we have to use NO BRIDGE 1 ACQUIRE command. I used
>>> it
>>> and I still can see the dynamic MAC on the bridge group I have
>>> configured.
>>> Also I used Bridge forward and discard commands but also doesn't work.
>>> Here
>>> is my config:
>>>
>>> {
>>> bridge 1 protocol vlan-bridge
>>> no bridge 1 acquire
>>> bridge 1 address 1234.1234.1234 forward
>>> bridge 1 address 9876.9876.9876 discard
>>>
>>> interface Vlan13
>>> ip address 51.51.10.7 255.255.255.0
>>> bridge-group 1
>>> !
>>> interface FastEthernet0/12
>>> no switchport
>>> no ip address
>>> bridge-group 1
>>> !
>>> }
>>>
>>> Any hidden fact or concept here?
>>>
>>> Thanks
>>> M Genidy
>>>
>>> On Fri, Feb 27, 2009 at 3:50 PM, Nitro Drops <nitrodrops@hotmail.com>
>>> wrote:
>>>
>>> > Hi All,
>>> >
>>> > Like to hijack this thread. Was practising Fallback Bridging yesterday,
>>> > encountered this issue.
>>> >
>>> > IPv4 : R6 G0/1 (106.0.0.6) >> (106.0.0.10) F1/6 SW4 F1/4 (vlan104
>>> > 104.0.0.10)
>>> > >> (104.0.0.4)F0/1 R4
>>> > IPv6 : R6 G0/1 (2001::6/64) >> F1/6 SW4 F1/4 >> (2001::4/64)F0/1 R4
>>> >
>>> > IPv6 is setup to test on the fallback bridging
>>> > After i enabled Fallback Bridging on the 'int vlan104' & 'f0/6' of SW4.
>>> My
>>> > results are as follows
>>> >
>>> >
>>> >
>>> > 1.) R4 F0/1 (ipv6 - 2001::4/64) is able to ping/trace R6 F0/1 (ipv6 -
>>> > 2001::6/64)
>>> > 2.) R4 F0/1 (ipv4 - 106.0.0.6) is NOT able to ping/trace R6 F0/1 (ipv4
>>> -
>>> > 104.0.0.4). if i remove bridging on SW4, R4 F0/1 (ipv4) is ABLE to
>>> > ping/trace
>>> > R6 F0/1 (ipv4)
>>> >
>>> >
>>> >
>>> > I am using Dynamips running - (C3725-ADVENTERPRISEK9-M)
>>> >
>>> > For my troubleshooting, i did
>>> >
>>> > - sh ip routes on R4 and R6, i can see the RIP routes on both routers
>>> >
>>> > - did 'debug ip packet' & 'debug ip routing', when i tried to ping from
>>> R4
>>> > to
>>> > R6, i dont see any packets hitting SW4.
>>> >
>>> > My understanding of Fallback bridging, it bridges non-routed protocol
>>> > between SVIs and L3 routed interfaces. So i assum routed protocol will
>>> > remain as routable?
>>> >
>>> > Any kind advises?
>>> >
>>> >
>>> >
>>> > Cheers
>>> >
>>> > Nit
>>> >
>>> >
>>> >
>>> >
>>> > > Date: Fri, 20 Feb 2009 05:03:01 +0000
>>> > > From: joe_astorino@comcast.net
>>> > > To: joe_astorino@comcast.net
>>> > > CC: ccielab@groupstudy.com; raghavbhargava12@gmail.com
>>> > > Subject: Re: Fallback Bridging
>>> > >
>>> > > Let me rephrase what I said in my most recent post. Suppose ports 1-5
>>> AND
>>> > ports 6-10 are running the SAME non-IP protocol and they want to talk
>>> but
>>> > are
>>> > in different VLANs. The switch can not route between the 2 VLANs if it
>>> is
>>> > not
>>> > IP. Thus, you bridge them. What I said before about appletalk
>>> communicating
>>> > with DECNET I don't think made any sense :)
>>> > >
>>> > > - Joe
>>> > > ----- Original Message -----
>>> > > From: "joe astorino" <joe_astorino@comcast.net>
>>> > > To: "Raghav Bhargava" <raghavbhargava12@gmail.com>
>>> > > Cc: "Cisco certification" <ccielab@groupstudy.com>
>>> > > Sent: Thursday, February 19, 2009 11:44:14 PM GMT -05:00 US/Canada
>>> > Eastern
>>> > > Subject: Re: Fallback Bridging
>>> > >
>>> > > Raghav,
>>> > >
>>> > > The way I understand it is this -- VLANs in general, and thus
>>> inter-vlan
>>> > routing on a switch were designed around the IP protocol. Fallback
>>> bridging
>>> > basically allows you to bridge non-ip protocols between VLANs. Since it
>>> is
>>> > not
>>> > IP it cannot be routed normally like an IP packet between vlans, so it
>>> can
>>> > be
>>> > bridged. I hope that helps
>>> > >
>>> > > - Joe
>>> > > ----- Original Message -----
>>> > > From: "Raghav Bhargava" <raghavbhargava12@gmail.com>
>>> > > To: "Cisco certification" <ccielab@groupstudy.com>
>>> > > Sent: Thursday, February 19, 2009 11:27:03 PM GMT -05:00 US/Canada
>>> > Eastern
>>> > > Subject: Fallback Bridging
>>> > >
>>> > > Hi Experts,
>>> > >
>>> > > I was reading Fallback Bridging but somehow could not understand it.
>>> > > Can someone please explain in simple terms.
>>> > >
>>> > > Appreciate all the help..
>>> > >
>>> > > --
>>> > > Warm Regards
>>> > > Raghav
>>> > >
>>> > >
>>> > > Blogs and organic groups at http://www.ccie.net
>>> > >
>>> > >
>>> _______________________________________________________________________
>>> > > Subscription information may be found at:
>>> > > http://www.groupstudy.com/list/CCIELab.html
>>> > >
>>> > >
>>> > > Blogs and organic groups at http://www.ccie.net
>>> > >
>>> > >
>>> _______________________________________________________________________
>>> > > Subscription information may be found at:
>>> > > http://www.groupstudy.com/list/CCIELab.html
>>> > >
>>> > >
>>> > > Blogs and organic groups at http://www.ccie.net
>>> > >
>>> > >
>>> _______________________________________________________________________
>>> > > Subscription information may be found at:
>>> > > http://www.groupstudy.com/list/CCIELab.html
>>> > >
>>> > >
>>> > >
>>> > >
>>> > >
>>> > >
>>> > >
>>> >
>>> > _________________________________________________________________
>>> > It's simple! Sell your car for just $50
>>> >
>>> >
>>>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2E
>>> >
>>> >
>>>
com%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%
<
>>>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2E
%0Acom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2F
ai%>
>>>
>>> > 5F859641&_t=762955845&_r=tig_OCT07&_m=EXT
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Narbik Kocharians
>> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>> www.MicronicsTraining.com <http://www.micronicstraining.com/>
>> www.Net-Workbooks.com <http://www.net-workbooks.com/>
>> Sr. Technical Instructor
>>
>
>
--
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
www.Net-Workbooks.com
Sr. Technical Instructor
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4
: Sun Mar 01 2009 - 09:44:13 ARST