|
|
This chapter explains the function and syntax of the transparent bridging commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Cisco IOS Bridging and IBM Networking Command Reference, Volume 1, Release 12.1.
Syntax Description
access-list-number Integer from 1100 to 1199 that you assign to identify one or more permit/deny conditions as an extended access list. Note that a list number in the range 1100 to 1199 distinguishes an extended access list from other access lists. permit Allows a connection when a packet matches an access condition. The Cisco IOS software stops checking the extended access list after a match occurs. All conditions must be met to make a match. deny Disallows a connection when a packet matches an access condition. The software stops checking the extended access list after a match occurs. All conditions must be met to make a match. source Media Access Control (MAC) Ethernet address in the form xxxx.xxxx.xxxx. source-mask Mask of MAC Ethernet source address bits to be ignored. The software uses the source and source-mask arguments to match the source address of a packet. destination MAC Ethernet value used for matching the destination address of a packet. destination-mask Mask of MAC Ethernet destination address bits to be ignored. The software uses the destination and destination mask arguments to match the destination address of a packet. offset Range of values that must be satisfied in the access list. Specified in decimal or in hexadecimal format in the form 0xnn. The offset is the number of bytes from the destination address field; it is not an offset from the start of the packet. The number of bytes you need to offset from the destination address varies depending on the media encapsulation type you are using. size Range of values that must be satisfied in the access list. Must be an integer 1 to 4. operator Compares arbitrary bytes within the packet. Can be one of the following keywords: lt---less than gt---greater than eq---equal neq---not equal and---bitwise and xor---bitwise exclusive or nop---address match only operand Compares arbitrary bytes within the packet. The value to be compared to or masked against.
Syntax Description
access-list-number Integer from 700 to 799 that you select for the list. permit Permits the frame. deny Denies the frame. address mask 48-bit MAC addresses written in dotted triplet form. The ones bits in the mask argument are the bits to be ignored in address.
To build type-code access lists, use the access-list global configuration command. Use the no form of this command to remove a single access list entry.
access-list access-list-number {permit | deny} type-code wild-mask
Syntax Description
access-list-number User-selectable number between 200 and 299 that identifies the list. permit Permits the frame. deny Denies the frame. type-code 16-bit hexadecimal number written with a leading "0x"; for example, 0x6000. You can specify either an Ethernet type code for Ethernet-encapsulated packets, or a DSAP/SSAP pair for 802.3 or 802.5-encapsulated packets. wild-mask 16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument that should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be at least 0x0101. This is because these two bits are used for purposes other than identifying the SAP codes.)
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command.
Syntax Description
bridge-group Bridge group number. It must be the same number specified in the bridge protocol command. mac-address 48-bit dotted-triplet hardware address such as that displayed by the EXEC show arp command, for example, 0800.cb00.45e9. It is either a station address, the broadcast address, or a multicast destination address. forward Frame sent from or destined to the specified address is forwarded as appropriate. discard Frame sent from or destined to the specified address is discarded without further processing. interface (Optional) Interface specification, such as Ethernet 0. It is added after the forward or discard keyword to indicate the interface on which that address can be reached.
To enable transparent bridging or source route translational bridging or IP ARPs between canonical and non-canonical media types, use the bridge bitswap-layer3-addresses global configuration command. Use the no form of this command to revert to the default setting.
bridge bridge-group bitswap-layer3-addresses
Syntax Description
bridge-group Bridge-group number.
To enable the bridging of a specified protocol in a specified bridge group, use the bridge bridge global configuration command. Use the no form of this command to disable the bridging of a specified protocol in a specified bridge group.
bridge bridge-group bridge protocol
Syntax Description
bridge-group Bridge-group number. It must be the same number specified in the bridge protocol command. protocol Any of the supported routing protocols. The default is to bridge all of these protocols.
To configure the interval during which transmission is suspended in a circuit group after circuit group changes take place, use the bridge circuit-group pause global configuration command.
bridge bridge-group circuit-group circuit-group pause milliseconds
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command. circuit-group Number of the circuit group to which the interface belongs. milliseconds Forward delay interval. It must be a value in the range 0 to 10000 ms.
To use just the source MAC address for selecting the output interface, use the bridge circuit-group source-based global configuration command. Use the no form of this command to remove the interface from the bridge group.
bridge bridge-group circuit-group circuit-group source-based
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command. circuit-group Number of the circuit group to which the interface belongs.
To enable constrained multicast flooding (CMF) for all configured bridge groups, use the bridge cmf global configuration command. Use the no form of this command to disable constrained multicast flooding.
bridge cmfSyntax Description
This command has no arguments or keywords.
To enable the Cisco IOS software to both route and bridge a given protocol on separate interfaces within a single router, use the bridge crb global configuration command. Use the no form of this command to disable the feature.
bridge crbSyntax Description
This command has no arguments or keywords.
Syntax Description
bridge-group Bridge group number specified in the bridge protocol ieee command. The dec keyword is not valid for this command. domain-number Domain ID number you choose. The default domain number is zero; this is the domain number required when communicating to IEEE bridges that do not support this domain extension.
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command. seconds Forward delay interval. It must be a value in the range 10 to 200 seconds. The default is 30 seconds.
To assign each network interface to a bridge group, use the bridge-group interface configuration command. Use the no form of this command to remove the interface from the bridge group.
bridge-group bridge-group
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
To set the length of time that a dynamic entry can remain in the bridge table from the time the entry was created or last updated, use the bridge-group aging-time global configuration command. Use the no form of this command to return to the default aging-time interval.
bridge-group bridge-group aging-time seconds
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. seconds Aging time, in the range 0 to 1000000 seconds. The default is 300 seconds.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
To assign each network interface to a bridge group, use the bridge-group circuit-group interface configuration command. Use the no form of this command to remove the interface from the bridge group.
bridge-group bridge-group circuit-group circuit-group
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. circuit-group Circuit group number. The range is 1 to 9.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned with the access-list command. It must be in the range 700 to 799.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. group-list
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. group-list
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned using the standard access-list command. Specify a zero (0) to disable the application of the access list on the interface.
To filter Ethernet- and SNAP-encapsulated packets on input, use the bridge-group input-type-list interface configuration command. Use the no form of this command to disable this capability.
bridge-group bridge-group input-type-list access-list-number
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group.
To reduce the amount of bandwidth that LAT traffic consumes on the serial interface by specifying a LAT-specific form of compression, use the bridge-group lat-compression interface configuration command. Use the no form of this command to disable LAT compression on the bridge group.
bridge-group bridge-group lat-compression
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned with the standard access-list command.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. group-list List of LAT groups. Single numbers and ranges are permitted.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. group-list LAT service advertisements.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group.
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Extended access list number you assigned using the extended access-list command. Specify a zero (0) to disable the application of the access list on the interface.
To filter Ethernet- and SNAP-encapsulated packets on output, use the bridge-group output-type-list interface configuration command. Use the no form of this command to disable this capability.
bridge-group bridge-group output-type-list access-list-number
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. access-list-number Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. This access list is applied just before sending out a frame to an interface.
To set a different path cost, use the bridge-group path-cost interface configuration command. Use the no form of this command to choose the default path cost for the interface.
bridge-group bridge-group path-cost cost
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. cost Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies regardless of whether the IEEE or Digital Spanning-Tree Protocol has been specified.
To set an interface priority, use the bridge-group priority interface configuration command. The interface priority is used to select the designated port for this bridge-group on the connected media. One designated port on each media is needed to compute the spanning tree.
bridge-group bridge-group priority number
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. number Priority number ranging from 0 to 255 (Digital), or 0 to 64000 (IEEE).
To disable the spanning tree on a given interface, use the bridge-group spanning-disabled interface configuration command.
bridge-group bridge-group spanning-disabled
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range of 1 to 63.
To enable Cisco's silicon switching engine (SSE) switching function, use the bridge-group sse interface configuration command. Use the no form of this command to disable SSE switching.
bridge-group bridge-group sse
Syntax Description
bridge-group Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
To specify that an interface is at the upstream point of traffic flow, use the bridge-group subscriber-trunk interface configuration command. Use the no form of this command to remove the specification and reset the interface to a non-trunking port.
bridge-group bridge-group subscriber-trunk
Syntax Description
bridge-group Bridge group number, in the range from 1 to 256, specified in the bridge protocol command.
To specify the interval between hello bridge protocol data units (BPDUs), use the bridge hello-time global configuration command. Use the no form of this command to return the default interval.
bridge bridge-group hello-time seconds
Syntax Description
bridge-group Bridge group number. It must be the same number specified in the seconds Interval between 1 and 10 seconds.
bridge protocol command.
To enable the Cisco IOS software to route a given protocol between routed interfaces and bridge groups or to route a given protocol between bridge groups, use the bridge irb global configuration command. Use the no form of this command to disable the feature.
bridge irbSyntax Description
This command has no arguments or keywords.
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command.
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command. seconds Interval the bridge will wait to hear BPDUs from the root bridge. It must be a value in the range 10 to 200 seconds.
To configure bridging support to allow the forwarding, but not the learning, of frames received with multicast source addresses, use the bridge multicast-source global configuration command. Use the no form of this command to disable this function on the bridge.
bridge bridge-group multicast-source
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command.
To configure the priority of an individual bridge, or the likelihood that it will be selected as the root bridge, use the bridge priority global configuration command.
bridge bridge-group priority number
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command. number The lower the number, the more likely the bridge will be chosen as root. When the IEEE Spanning-Tree Protocol is enabled, number ranges from 0 to 65535 (default is 32768). When the Digital Spanning-Tree Protocol is enabled, number ranges from 0 to 255 (default is 128).
To define the type of Spanning-Tree Protocol, use the bridge protocol global configuration command. Use the no form of this command with the appropriate keywords and arguments to delete the bridge group.
bridge bridge-group protocol {ieee | dec | vlan-bridge}
Syntax Description
bridge-group Number in the range 1 to 63 that you choose to refer to a particular set of bridged interfaces. Frames are bridged only among interfaces in the same group. You will use the group number you assign in subsequent bridge configuration commands. ieee dec vlan-bridge The VLAN-Bridge Spanning-Tree Protocol.
To enable the routing of a specified protocol in a specified bridge group, use the bridge route global configuration command. Use the no form of this command to disable the routing of a specified protocol in a specified bridge group.
bridge bridge-group route protocol
Syntax Description
bridge-group Bridge-group number. It must be the same number specified in the bridge protocol command. protocol One of the following protocols: apollo, appletalk, clns, decnet, ip, ipx, vines, xns.
To bind a bridge group with a subscriber policy, use the bridge subscriber-policy global configuration command. Use the no form of this command to disable the subscriber bridge group feature.
bridge bridge-group subscriber-policy policy
Syntax Description
bridge-group Bridge group number, in the range of 1 to 256, specified in the bridge protocol command. policy Subscriber policy number in the range of 1 to 100.
To remove any learned entries from the forwarding database and to clear the transmit and receive counts for any statically or system configured entries, use the clear bridge privileged EXEC command.
clear bridge bridge-group
Syntax Description
bridge-group Bridge group number specified in the bridge protocol command.
To clear transparent bridging multicast state information, use the clear bridge multicast EXEC command.
clear bridge [bridge-group] multicast [router-ports | groups | counts] [group-address] [interface-unit] [counts]
Syntax Description
bridge-group (Optional) Bridge group number specified in the bridge protocol command. router-ports (Optional) Clear multicast router ports. groups (Optional) Clear multicast groups. counts (Optional) Clear RX and TX counts. group-address (Optional) Multicast IP address associated with a specific multicast group. interface-unit (Optional) Specific interface, such as Ethernet 0.
To remove virtual LAN statistics from any statically or system configured entries, use the clear vlan statistics privileged EXEC command.
clear vlan statisticsSyntax Description
This command has no arguments or keywords.
To bridge over a Frame Relay network, use the frame-relay map bridge broadcast interface configuration command. Use the no form of this command to delete the mapping entry.
frame-relay map bridge dlci broadcast
Syntax Description
dlci DLCI number. The valid range is 16 to 1007.
To create the bridge-group virtual interface (BVI) that represents the specified bridge group to the routed world and links the corresponding bridge group to the other routed interfaces, use the interface bvi interface configuration command. Use the no form of this command to delete the BVI.
interface bvi bridge-group
Syntax Description
bridge-group Bridge-group number. It must be the same number specified in the bridge protocol command.
To view classes of entries in the bridge forwarding database, use the show bridge privileged EXEC command.
show bridge [bridge-group] [interface] [address [mask]] [verbose]
Syntax Description
bridge-group (Optional) Number that specifies a particular spanning tree. interface (Optional) Specific interface, such as Ethernet 0. address (Optional) 48-bit canonical (Ethernet ordered) MAC address. This may be entered with an optional mask of bits to be ignored in the address, which is specified with the mask argument. mask (Optional) Bits to be ignored in the address. You must specify the address argument if you want to specify a mask. verbose (Optional) Shows additional detail, including any Frame Relay DLCI associated with a station address.
To display the interfaces configured in each circuit group and show whether they are currently participating in load distribution, use the show bridge circuit-group EXEC command.
show bridge [bridge-group] circuit-group [circuit-group] [src-mac-address] [dst-mac-address]
Syntax Description
bridge-group (Optional) Number that specifies a particular bridge group. circuit-group (Optional) Number that specifies a particular circuit group. src-mac-address (Optional) 48-bit canonical (Ethernet ordered) source MAC address. dst-mac-address (Optional) 48-bit canonical (Ethernet ordered) destination MAC address.
To display the status of each bridge group, use the show bridge group privileged EXEC command.
show bridge group [verbose]
Syntax Description
verbose (Optional) Displays detailed information.
Syntax Description
bridge-group (Optional) Bridge group number specified in the bridge protocol command. router-ports (Optional) Display information for multicast router ports. groups (Optional) Display information for multicast groups. group-address (Optional) Multicast IP address associated with a specific multicast group.
To view virtual LAN subinterfaces, use the show bridge vlan privileged EXEC command.
show bridge vlanSyntax Description
This command has no arguments or keywords.
To display the configuration for each interface that has been configured for routing or bridging, use the show interfaces crb privileged EXEC command.
show interfaces crbSyntax Description
This command has no arguments or keywords.
Syntax Description
ethernet Specify Ethernet interface. fastethernet Specify Fastethernet interface. interface (Optional) Specific interface, such as Ethernet 0 slot/port (Optional) Specific slot/port, such as Fastethernet 3/0.
To display information regarding which spanning-tree protocol is running, use the show spanning-tree configuration command.
show spanning tree bridge-group
Syntax Description
bridge-group Bridge group number, in the range of 1 to 256, specified in the bridge protocol command.
To display the details of a subscriber policy, use the show subscriber-policy EXEC command.
show subscriber-policy range
Syntax Description
range Range of subscriber policy numbers (range 1 to 100).
To define or modify the forward and filter decisions of the subscriber policy, use the subscriber-policy global configuration command. Use the no or default form of this command to restore the default forward and filter values.
subscriber-policy policy [[no | default] packet [permit | deny]]
Syntax Description
policy Subscriber policy number in the range 1 to 100. no (Optional) Turn off the permit for the packet (this is an equivalent of the deny keyword). default (Optional) Deny forwarding of the packet (this is an equivalent of the deny keyword). packet One of the following packets: permit (Optional) Permit forwarding of the packet. deny (Optional) Deny forwarding of the packet.
To view virtual LAN (VLAN) subinterfaces, use the show vlans privileged EXEC command.
show vlansSyntax Description
This command has no arguments or keywords.
Syntax Description
x.121-address The X.121 address. broadcast Required keyword for bridging over X.25. options-keywords (Optional) Additional functionality that can be specified for originated calls.
Posted: Wed Jul 26 11:22:46 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.