DSLW and bridge-group on a subinterface

For some reason when ever I create subinterfaces and place the bridge-group I can no longer see my dlsw circuit establish. without subinterface and encapsulation 802.1q it works fine.
source-bridge ring-group 100
dlsw local-peer peer-id 10.23.9.1 group 1 cost 1
dlsw remote-peer 0 tcp 10.207.9.1
dlsw bridge-group 1
int fa0/1.1
encapsulation dot1q
ip address 10.23.7.1 255.255.255.0
bridge-group 1
bridge protocol 1 ieee

Danny
If I am understanding correctly you are saying that if you configure the IP address and the bridge group on the physical interface that DLSW works correctly. Is this correct? This implies that the router was connected to a switch on an access port and in the VLAN of the device that is generating the traffic that uses DLSw. Is that correct?
When you configure the subinterface it implies that the router is now connected to a switch on a trunk port. Is that correct? Are you sure that the device generating the traffic is in the same VLAN as the router subinterface?
HTH
Rick

Similar Messages

Can anyone explain how this works (vlans and bridge groups)

Can someone please explain how this works...I have started to have problems but nothing changed. My problems are vlan1 and 1000 getting blocked on the switchport where the root bridge is attached.
ROOT BRIDGE:
ssid state
station-role root bridge
rts threshold 4000
concatenation
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no snmp trap link-status
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.911
encapsulation dot1Q 911
no ip route-cache
no snmp trap link-status
bridge-group 5
interface Dot11Radio0.1000
encapsulation dot1Q 1000
no ip route-cache
no snmp trap link-status
bridge-group 2
bridge-group 2 spanning-disabled
interface Dot11Radio0.2001
encapsulation dot1Q 2001
no ip route-cache
no snmp trap link-status
bridge-group 253
bridge-group 253 spanning-disabled
interface Dot11Radio0.2120
encapsulation dot1Q 2120
no ip route-cache
no snmp trap link-status
bridge-group 7
interface Dot11Radio0.2330
encapsulation dot1Q 2330
no ip route-cache
no snmp trap link-status
bridge-group 3
bridge-group 3 spanning-disabled
interface Dot11Radio0.2336
encapsulation dot1Q 2336
no ip route-cache
no snmp trap link-status
bridge-group 4
interface Dot11Radio0.2350
encapsulation dot1Q 2350
no ip route-cache
no snmp trap link-status
bridge-group 6
interface Dot11Radio0.2901
encapsulation dot1Q 2901
no ip route-cache
no snmp trap link-status
bridge-group 255
bridge-group 255 spanning-disabled
interface Dot11Radio0.2902
encapsulation dot1Q 2902
no ip route-cache
no snmp trap link-status
bridge-group 254
bridge-group 254 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
no snmp trap link-status
interface FastEthernet0.911
encapsulation dot1Q 911
no ip route-cache
no snmp trap link-status
bridge-group 5
interface FastEthernet0.1000
encapsulation dot1Q 1000 native
ip address 10.0.32.10 255.255.255.0
no ip route-cache
no snmp trap link-status
bridge-group 1
interface FastEthernet0.2001
encapsulation dot1Q 2001
no ip route-cache
no snmp trap link-status
bridge-group 253
bridge-group 253 spanning-disabled
interface FastEthernet0.2120
encapsulation dot1Q 2120
no ip route-cache
no snmp trap link-status
bridge-group 7
interface FastEthernet0.2330
encapsulation dot1Q 2330
no ip route-cache
no snmp trap link-status
bridge-group 3
interface FastEthernet0.2336
encapsulation dot1Q 2336
no ip route-cache
no snmp trap link-status
bridge-group 4
interface FastEthernet0.2350
description 81 River Rd - Labor
encapsulation dot1Q 2350
no ip route-cache
no snmp trap link-status
bridge-group 6
interface FastEthernet0.2901
encapsulation dot1Q 2901
no ip route-cache
no snmp trap link-status
bridge-group 255
bridge-group 255 spanning-disabled
interface FastEthernet0.2902
encapsulation dot1Q 2902
no ip route-cache
no snmp trap link-status
bridge-group 254
bridge-group 254 spanning-disabled
interface BVI1
ip address 10.0.32.10 255.255.255.0
no ip route-cache
ip default-gateway 10.0.32.1

NON-ROOT BRIDGE#2:
ssid state
station-role non-root bridge
rts threshold 4000
concatenation
infrastructure-client
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.1000
encapsulation dot1Q 1000
no ip route-cache
bridge-group 254
bridge-group 254 spanning-disabled
interface Dot11Radio0.2001
encapsulation dot1Q 2001
no ip route-cache
bridge-group 252
bridge-group 252 spanning-disabled
interface Dot11Radio0.2336
encapsulation dot1Q 2336
no ip route-cache
bridge-group 251
bridge-group 251 spanning-disabled
interface Dot11Radio0.2901
encapsulation dot1Q 2901
no ip route-cache
bridge-group 253
bridge-group 253 spanning-disabled
interface Dot11Radio0.2902
encapsulation dot1Q 2902
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
interface FastEthernet0.2001
encapsulation dot1Q 2001
no ip route-cache
bridge-group 252
bridge-group 252 spanning-disabled
interface FastEthernet0.2336
encapsulation dot1Q 2336
no ip route-cache
bridge-group 251
bridge-group 251 spanning-disabled
interface FastEthernet0.2901
encapsulation dot1Q 2901
no ip route-cache
bridge-group 253
bridge-group 253 spanning-disabled
interface FastEthernet0.2902
encapsulation dot1Q 2902
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
interface BVI1
ip address 10.0.32.11 255.255.255.0
no ip route-cache
ip default-gateway 10.0.32.1

Cisco 1702i WAP: how to get an interface in a non-native bridge group/ VLAN to be recognized by the internal DHCP server

Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
interface bvi1
ip address 192.168.1.205 255.255.255.0
no ip route-cache
exit
It would be the ..1. subnet.
Since the dhcp pool is set as:
ip dhcp pool GeneralWiFi
network 192.168.1.0 255.255.255.0
lease 1
default-router 192.168.1.1
dns-server 8.8.8.8
exit
There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.

Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
HTH,
Steve

Cisco 877w -Configuration of subinterfaces and main interface within the same bridge group is not permitted

Hi,
I have another problem - after upgrade ios wirelles connection not work.
After reload i have :
Configuration of subinterfaces and main interface
within the same bridge group is not permitted
STP: Unable to get the port parameters.
Please configure the bridge group on this interface first.
Please configure the bridge group on this interface first.
Please configure the bridge group on this interface first.
SETUP: new interface NVI0 placed in "shutdown" state
my old configuration work propertly in the old software, but after update i have notificatio.
Old thread:
https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
my current sh run:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname cisco
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T6.bin
boot-end-marker
logging message-counter syslog
logging buffered 4096 informational
enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s.
aaa new-model
aaa session-id common
dot11 syslog
dot11 ssid ciscowifi
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 050D031D26595D0617
dot11 wpa handshake timeout 500
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.56.1
ip dhcp pool CLIENT
import all
network 192.168.56.0 255.255.255.0
default-router 192.168.56.1
dns-server 8.8.8.8 194.204.159.1 194.204.152.34
lease 0 2
ip cef
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
username marek password 7 00121A0908500A
archive
log config
hidekeys
ip tcp path-mtu-discovery
bridge irb
interface ATM0
description Polaczenie ADSL do ISP$ES_WAN$
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
hold-queue 224 in
interface FastEthernet0
description Edzia
interface FastEthernet1
description dom
interface FastEthernet2
description Dziadek
interface FastEthernet3
interface Dot11Radio0
no ip address
no ip redirects
ip local-proxy-arp
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
encryption vlan 1 mode ciphers tkip
encryption mode ciphers aes-ccm tkip
broadcast-key change 3600
ssid ciscowifi
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country AU indoor
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1
description ciscowifi
encapsulation dot1Q 1 native
no cdp enable
interface Vlan1
no ip address
bridge-group 1
interface Dialer0
description Interfejs dzwoniacy
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx
interface BVI1
description Polaczenie dla sieci LAN
ip address 192.168.56.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80
ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22
logging trap debugging
logging 192.168.56.10
access-list 100 permit ip 192.168.56.0 0.0.0.255 any
access-list 100 deny ip any any
no cdp run
snmp-server community ciskacz RO
snmp-server chassis-id ciskacz
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
transport preferred ssh
transport input ssh
scheduler max-task-time 5000
end
please help - thanks!

Hello Marek,
I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
Remove the Dot11Radio0.1 subinterface entirely
In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
In the dot11 ssid ciscowifi section, remove the vlan 1 command
After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
Best regards,
Peter

Difference between bridge-group and VLAN

Hi all,
I don't understand very well the difference between bridge-group and VLAN...
Could someone explain me or give me a site which could help me?
Thx U by advance!

Khay
bridge-group is used on a router to enable bridging on an interface. In terms of functionality a bridge-group is very similar to a VLAN. For example if you create bridge-group 1 and assign it to interfaces FastEthernet 1/0 and 2/0 and you create bridge-group 2 and assign it to interfaces FastEthernt 1/1 and 2/1 it is like creating 2 VLANs. Devices in bridge-group 1 (interfaces 1/0 and 2/0) can communicate with each other but not with devices in bridge-group 2 (intefaces 1/1 and 2/1).
HTH
Rick

ASA5500 Bridge groups

Hi experts!
I have to interconnect 2 DMZs switches to the core switch and an internet access switch with a ASA 5520 in transparent mode. Is it possible to do bridge groups with subinterfaces, using VLANs on ASA5520 in transparent mode?
Thanks
Wesley

The transparent security appliance uses an inside interface and an outside interface only.If your platform includes a dedicated management interface, you can also configure the management interface or subinterface for management traffic only.
If you place the ASA in transparent mode on a trunk link, you will need to configure a security context for each vlan in the trunk.
Try these link:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b68.html
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b7d.html#wp1044006
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b90.html

MPLS and bridging over FR

Has anyone seen this message:
The bridge-group command is unsupported on the interface:Serial2/0:0.24
when the MPLS feature has been enabled on
the main interface or one of its subinterfaces:Serial2/0:0.2
It used to work in 12.2, but after upgrade to 12.3.5b it's not.
I didn't find anything in the documentation about this problem.
Any help is appreciated.

The combination of these two features is unsupported and has caused problems in the past. A check has been implemented by CSCdz75507, which will prevent the configuration of "bridge-group" if MPLS is configured or vice versa.
Hope this helps,

Bridge-group 1 in a WLAN environment

I'm configuring some AP 1130 AG.
For customer requirements I cannot use the VLAN 1 but in particular a VLAN 102 for the management and the VLAN 117 for the WiFi users. At this point I configured the switch port in trunk with the vlan 117 and 102 as native. In the AP I configured a fast ethernet interface0,vlan- id with the vlan-id ugual to the native vlan (102) I wrote also encapsulation dot1q 102 native. As bridge-group I tried to leave the bridge-group 1 but I lost the connection. If I put as bridge-group 102 all is ok. Why? I know that It is not necessary to specify the bridge group to which the FastEthernet interface 0.native_vlan_number belongs. It will be associated by default to the bridge group 1 used for the administration of the access point. I don't understand why? is there a link between bridge group 1 and vlan 1 (that I put down in the switch)?

Thank you very much!
Here a piece of the conf:
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 117 mode ciphers tkip
ssid XYZ
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.102
encapsulation dot1Q 102 native
no ip route-cache
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
bridge-group 102 spanning-disabled
interface Dot11Radio0.117
encapsulation dot1Q 117
no ip route-cache
bridge-group 117
bridge-group 117 subscriber-loop-control
bridge-group 117 block-unknown-source
no bridge-group 117 source-learning
no bridge-group 117 unicast-flooding
bridge-group 117 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 117 mode ciphers tkip
encryption vlan 102 key 1 size 128bit 7 D27D726E54606C44B67B17586243 transmit-key
encryption vlan 102 mode wep mandatory
ssid ITC
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.102
encapsulation dot1Q 102 native
ip address 172.44.12.20 255.255.255.0
no ip route-cache
bridge-group 102
no bridge-group 102 source-learning
bridge-group 102 spanning-disabled
interface FastEthernet0.117
encapsulation dot1Q 117
ip address 172.44.17.20 255.255.255.0
no ip route-cache
bridge-group 117
no bridge-group 117 source-learning
bridge-group 117 spanning-disabled
interface BVI1
no ip address
no ip route-cache
ip default-gateway 172.44.17.1
radius-server host 172.21.3.2 auth-port 1812 acct-port 1813 key 7 adafsgvvf1234r
radius-server host 172.25.3.22 auth-port 1812 acct-port 1813 key 7 144fghnjgrgregh
bridge 1 route ip
Switch port configuration:
interface FastEthernet1/0/21
description To AP1130
switchport trunk encapsulation dot1q
switchport trunk native vlan 102
switchport mode trunk
switchport nonegotiate

Why Bridge group on cisco routers

Can anybody tell me why do we use bridge group on routers. I have read from many different sites, their is no clarity on that.
Can we enable ip routing and access-list if we implement bridge group

If you have protocols that cannot be routed you can use a bridge group.
If you want to extend a LAN over a point-to-point WAN link (without routing, which requires different IP Subnet) you can use a bridge group to "bridge" the traffic over the link to the remote location.
IP access-lists do not have effect on bridged traffic. In that case you need to use mac access-lists to prevent traffic from being forwarded. It is possible to both bridge and route traffic, to do this I recommend you to read the documention on transparent bridging, Integrated Routing and Bridging (IRB) and Concurrent Routing and Briding (CRB).
HTH
--Leon

Multiple VLANSs with 1 bridge group for DLSw+

I am working on a network with a DLSw+ on a 6500 MSFC with multiple VLANs. There is one bridge group and it is mapped to DLSw + and to each VLAN. It is working, but I want to know if there is an and advantage placing each VLAN in it's own bridge group and mapping each bridge group to DLSw+.
I have an example of the config I am referring to below: I would appreciate any feedback or comments on this.
bridge 1 protocol ieee
dlsw local-peer peer-id 10.88.1.2 group 1 border promiscuous
dlsw bridge-group 1
dlsw bridge-group 2
dlsw bridge-group 3
dlsw bridge-group 4
dlsw bridge-group 5
dlsw bridge-group 6
dlsw bridge-group 7
dlsw bridge-group 8
int vlan 10
bridge-group 1
int vlan 11
bridge-group 2
int vlan 12
bridge-group 3
int vlan 13
bridge-group 4
int vlan 14
bridge-group 5
int vlan 15
bridge-group 6
int vlan 16
bridge-group 7
int vlan 199
bridge-group 8
Thanks,
Bruce

exactly.
When the router receives bridged packet whose destination MAC address is not on the router's bridge table, the router will flood the packet to all the VLANs if all the VLANs are on the same bridge group. Similary, the router forwards broadcast traffic to all VLANs.
If different VLANs are under different bridge group, the traffic mentioned above is noly forwarded to DLSw.l

Route and bridge one mac address

Hello,
I have a particular problem: on a router with one in and one out interface, i want to route all traffic, but i want to bridge one specific well-known MAC address. I wonder if this is possible. On a cisco router, I can do IRB, but each interface is either routed or bridged, but not mixed.
I am sure it will work if i put a switch before and after the router and connect the router with double interfaces: 2 inbound and 2 outbound. Then route on one pair of interfaces and on the second pair of interfaces, bridge the interfaces with a bridge MAC address filter. However, i wonder if it can be done on less interfaces (2 or 3)....
regards,
Geert

Hello Geert,
Maybe bridging sub-interfaces? Might work, i have not tried myself to be honest and am no expert in bridging with router interfaces. I think config would look something like this...
conf t
bridge irb
interface e0/0.100
encapsulation dot1q 100 native
bridge-group 100
interface e0/1.100
encapsulation dot1q 100 native
bridge-group 100
exit
bridge 100 protocol ieee
bridge 100 bridge ip
bridge 100 route ip
bridge 100 address H.H.H [Where H.H.H is mac address you want to bridge]
hth
Bilal
CCIE #45032

Bridge Groups, are they required?

Hi All
I'm currently a tad confused about Bridge Groups and ASA/FWSM in transparent more. Are they really required or not?
Here one sample: http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html
It's written:
At least one bridge group is required per context or in single mode.
So that really sounds like yes you need one.
Where as this config sample here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml or many others I found online, never have a bridge group configured.
Could somebody please enlighten me about what is correct?
And does it matter if it's an active/standby configuration?
Thanks a lot
pato

Pato,
It depends. On the newer ASA and FWSM you need the BVI. It is just to configure the management IP. This is required.
The old link (the second one that you listed) has the management IP (not under the int BVI) but on the newer ASA code you can see it is configured under the int BVI as you can see here:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html#wp1382356
-Kureli

ASA 5585-X multiple bridge-groups expected behaviour

Hi all,
suppose a deploy of an asa5585-x in transparent mode made by two bridge-groups (2 interfaces each).
Now suppose that a new traffic flow in direction north-south traverses the bvi1. What's the expected behavior if the traffic going back (south-north) will traverse the bvi2? Will be that traffic correctly recognized as part of the flow previously detected?
Regards.
A.M.

Discovered today that the 'fix' I mention above is more of a workaround, because when I initiated a manual failover for one of the failover groups, the alerts returned. And the failover status was again on Normal (Waiting) for a couple of monitored logical interfaces.
I was able to workaround the problem as described above.

Bridge-Groups FWSM

Hello All,
I have a question about Bridge Groups if someone can help me. So, I have two bridge groups on one FWSM obviously using two different IP Scopes. However I can only have one default route so for instance.
BVI 1 - 192.168.1.4 (outside1)
BVI 2 - 192.168.2.4 (outside2)
ip route outside1 0.0.0.0 0.0.0.0 192.168.1.1
I now obviously cannot put another default route statement in so how does the FWSM route traffic it doesn't know the destination to when the source is from 192.168.2.x. Does it send it out 192.168.1.1? If so does this become a suboptimal routing issue, and is there possibly a better solution than this? Or is thisnormal and everything is ok? Thanks in advance to all who reply!

Hi John,
When the FWSM uses bridge-groups, it is configured in transparent (layer 2) mode. Because of this, the FWSM won't be responsible for routing traffic. It will use a MAC address lookup instead:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/fwmode_f.html#wp1232185
One exception to this is management traffic to/from the FWSM. For this, you'll need to specify separate static routes:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/fwmode_f.html#wp1202704
"The default route for the transparent firewall, which is required to provide a return path for management traffic, is only applied to management traffic from one bridge group network. This is because the default route specifies an interface in the bridge group as well as the router IP address on the bridge group network, and you can only define one default route. If you have management traffic from more than one bridge group network, you need to specify a static route that identifies the network from which you expect management traffic."
-Mike

How to terminate a vlan on ASR 9000 and bridge it to a port on asr 9000

hi guys;
so here is another issue i have.
Scenario:
a switch in the north is trunking a VLAN for a client at our central site. The switch in north site is a 3560 and central site node is ASR 9000.
This vlan is extended along with few others to distribution switch (7609) and from there teh same VLAN is trunked to a 2960 device at the same site as that of ASR. The idea is to carry the vlan from teh reote site to teh ASR at our central site and then bridge it to a seperate port on ASR and hook this port up to our fibre patch panel, hence providing a service to the client connecting to us at our northern site and then getting connected to teh internet service provider via teh patch panel.
Since we can not make a port on ASR an access port, i am not sure how we can do the above mentioned interconnect.
please assisst.
regards

Hello Jalal,
Here the configuration example:
interface GigabitEthernet0/0/0/0.100 l2transport
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/1
l2transport
l2vpn
bridge group cust1
bridge-domain cust1
interface GigabitEthernet0/0/0/0.100
interface GigabitEthernet0/0/0/1
GigabitEthernet0/0/0/1 is the access port (untagged).
interface GigabitEthernet0/0/0/0.100 accepts tagged frames with vlan 100.
L2vpn bridge-domain cust1 connects both interfaces together.
GigabitEthernet0/0/0/0.100 has tag rewrite operation. Removing tag on ingress, so sending untagged to GigabitEthernet0/0/0/1, and pushing tag 100 on egress, so untagged frames from gi0/0/0/1 got tagged.
Regards,
/A

DSLW and bridge-group on a subinterface

Similar Messages

Maybe you are looking for