Bridge-Group blocking traffic to LAN.

Discussion in 'Cisco' started by JF Mezei, Jul 24, 2009.

  1. JF Mezei

    JF Mezei Guest

    I had gotten this to work at one point by blindly trying stuff, but we
    havd a power and I lost those settings and I am at a loss to get it
    working again.

    In short:

    Cisco 871W

    If my VLAN 10 interface has the "bridge-group" commands in it,
    ethernet/IP traffic does not flow to/from my lan on a switch. If I
    remove the "bridge-group" then traffic flows fine.

    relevant bits:


    bridge irb
    bridge 10 protocol ieee
    bridge 10 route ip
    !
    interface BVI 10
    no ip address
    no shutdown
    !
    interface FastEthernet0
    description Trunk to Switch 1
    spanning-tree portfast
    switchport mode trunk
    switchport trunk encapsulation dot1q
    carrier-delay 10
    !
    !
    interface Vlan10
    description Intranet
    ip address 10.0.0.2 255.255.0.0
    ip nat inside
    ip virtual-reassembly
    bridge-group 10
    bridge-group 10 spanning-disabled


    Without the bridge-group stuff, I can actually get the "router" portion
    to the ADSL cloud to work. But with the "bridge-group" (which is needed
    for the wireless interfaces) nothing works. And since the link to my
    dhcp server on the LAN doesn't work, the wireless stuff won't work
    either since it can't get DHCP responses.

    I tried to set the fa0 interface to a switchport access vlan 10, but
    that didn't make a difference. (it won't let me do "bridge-group" on the
    ast ethernet interface).


    QUESTION: is the bridge-group solely within the router or does it "leak"
    into trunk lines to other switches ? My 2924 switch doesn't know about
    bridge-groups.



    If I want my router to have an IP address of 10.0.0.2 accessible by
    hosts in VLAN10, is the setting of the IP in the VLAN10 interface the
    correct way to do it ? Or shoudl it be in the BVI interface ?
     
    JF Mezei, Jul 24, 2009
    #1
    1. Advertising

  2. JF Mezei

    bod43 Guest

    On 24 July, 18:08, JF Mezei <> wrote:
    > I had gotten this to work at one point by blindly trying stuff, but we
    > havd a power and I lost those settings and I am at a loss to get it
    > working again.
    >
    > In short:
    >
    > Cisco 871W
    >
    > If my VLAN 10 interface has the "bridge-group" commands in it,
    > ethernet/IP traffic does not flow to/from my lan on a switch. If I
    > remove the "bridge-group" then traffic flows fine.
    >
    > relevant bits:
    >
    > bridge irb
    > bridge 10 protocol ieee
    > bridge 10 route ip
    > !
    > interface BVI 10
    > no ip address
    > no shutdown
    > !
    > interface FastEthernet0
    >  description Trunk to Switch 1
    >  spanning-tree portfast
    >  switchport mode trunk
    >  switchport trunk encapsulation dot1q
    >  carrier-delay 10
    > !
    > !
    > interface Vlan10
    >  description Intranet
    >  ip address 10.0.0.2 255.255.0.0
    >  ip nat inside
    >  ip virtual-reassembly
    >  bridge-group 10
    >  bridge-group 10 spanning-disabled
    >
    > Without the bridge-group stuff, I can actually get the "router" portion
    > to the ADSL cloud to work. But with the "bridge-group" (which is needed
    > for the wireless interfaces) nothing works. And since the link to my
    > dhcp server on the LAN doesn't work, the wireless stuff won't work
    > either since it can't get DHCP responses.
    >
    > I tried to set the fa0 interface to a switchport access vlan 10, but
    > that didn't make a difference. (it won't let me do "bridge-group" on the
    > ast ethernet interface).
    >
    > QUESTION: is the bridge-group solely within the router or does it "leak"
    > into trunk lines to other switches ? My 2924 switch doesn't know about
    > bridge-groups.
    >
    > If I want my router to have an IP address of 10.0.0.2 accessible by
    > hosts in VLAN10, is the setting of the IP in the VLAN10 interface the
    > correct way to do it ? Or shoudl it be in the BVI interface ?


    I guess you probably need something like this.


    bridge irb
    bridge 10 protocol ieee
    bridge 10 route ip
    !
    interface BVI 10
    ip address 10.0.0.2 255.255.0.0
    ip nat inside
    ip virtual-reassembly
    no shutdown
    !
    interface FastEthernet0
    description Trunk to Switch 1
    spanning-tree portfast
    switchport mode trunk
    switchport trunk encapsulation dot1q
    carrier-delay 10
    !
    !
    interface Vlan10
    description Intranet
    bridge-group 10
    bridge-group 10 spanning-disabled

    Assumes Vlan 10 is being trunked via Fa0.
     
    bod43, Jul 24, 2009
    #2
    1. Advertising

  3. JF Mezei

    JF Mezei Guest

    bod43 wrote:

    > interface BVI 10
    > ip address 10.0.0.2 255.255.0.0
    > ip nat inside
    > ip virtual-reassembly
    > no shutdown


    Many Thanks. That did the trick.

    Now, with BVI having an IP interface and the VLAN having none, it
    appears to work, (in terms of being able to reach the lan from the
    router and vice versa).

    Would it be correct to state that all packets flow thorugh the BVI and
    it is the BVI that decides whether the packet is to go through a router
    interface or just a switched one ?

    I take it that
    bridge 10 protocol ieee
    bridge 10 route ip
    end up defining the behaviour of the BVI 10 interface ?



    (Now, I have to work on the right incantation and prayers to get the
    wrireless interface to work again :-( :-( ;-( :-(
     
    JF Mezei, Jul 24, 2009
    #3
  4. JF Mezei

    bod43 Guest

    On 24 July, 19:53, JF Mezei <> wrote:
    > bod43 wrote:
    > > interface BVI 10
    > >  ip address 10.0.0.2 255.255.0.0
    > >  ip nat inside
    > >  ip virtual-reassembly
    > >  no shutdown

    >
    > Many Thanks. That did the trick.
    >
    > Now, with BVI having an IP interface and the VLAN having none, it
    > appears to work, (in terms of being able to reach the lan from the
    > router and vice versa).
    >
    > Would it be correct to state that all packets flow thorugh the BVI and
    > it is the BVI that decides whether the packet is to go through a router
    > interface or just a switched one ?
    >
    > I take it that
    >         bridge 10 protocol ieee
    >         bridge 10 route ip
    > end up defining the behaviour of the BVI 10 interface ?
    >
    > (Now, I have to work on the right incantation and prayers to get the
    > wrireless interface to work again :-( :-( ;-( :-(


    You need to put the dot11 int into bridge group 10 too.

    Without the wireless all you would need is

    int vl 10
    ip add....

    no irb
    no bridge 10 protocol ieee
    no bridge 10 route ip

    The wireless seems to add confusion in that
    you need to use the old bridging commands
    to joint the wireless interface to the rest of the
    VLAN.

    What I mean is that on an ethernet interface you
    simply configure
    int fa 30
    sw mode access
    sw access vl 10

    But for some reason on the dot11 int that does
    not seem to work.

    I guess it may be to do with the mixture of
    traditional router and switch that is an 871.

    It gets even more mad when you want more than
    one SSID on the wireless. I simply can't understand
    that config at all even though I have it working. It's
    a miracle I got it going at all.

    Look up integrated routing and bridging (IRB)
    for details of that aspect of it.
     
    bod43, Jul 24, 2009
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris_D
    Replies:
    6
    Views:
    3,036
    Uli Link
    Aug 5, 2005
  2. Arjan
    Replies:
    0
    Views:
    911
    Arjan
    Nov 2, 2005
  3. Matt
    Replies:
    2
    Views:
    956
  4. ruud
    Replies:
    0
    Views:
    1,223
  5. Jan
    Replies:
    1
    Views:
    3,173
    www.BradReese.Com
    Aug 26, 2006
Loading...

Share This Page