cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
952
Views
15
Helpful
10
Replies

IRB

Antonio_1_2
Level 1
Level 1

Hello,

Is it possible to handle more VLANs with IRB. Because as I have seen BVI interface doesn't support subinterfaces, and VLAN tagging. I would like to have on fast ethernet 3 VLAN-s and ip address coresponding to those VLANa. Is it possible with IRB?

Thanks in advance

1 Accepted Solution

Accepted Solutions

antonio

If I understand correctly what you need I would think that the solution would be to create 3 bridge groups and 3 BVI interfaces. Bridge-group 1 and interface BVI 1 for VLAN 1, Bridge-group 4 and interface BVI 4 for VLAN 4, and bridge-group 10 and interface BVI 10 for VLAN 10 (adjust for whatever your VLAN numbers are).

HTH

Rick

HTH

Rick

View solution in original post

10 Replies 10

glen.grant
VIP Alumni
VIP Alumni

Do you need to bridge is the question. If not all you need to do is put the subinterfaces on the fastethernet interface and put the addresses on the subinterface and this will allow you to trunk down to switches with the appropriate trunking statements on the subinterfaces . . A little more info on what you are trying to do would help us help you .

Yes I need bridging, because I need to connect router with two interfaces for redundancy, and spanning tree will keep one of interfaces in blocking state. Problem is that I have 3 VLANs.

antonio

If I understand correctly what you need I would think that the solution would be to create 3 bridge groups and 3 BVI interfaces. Bridge-group 1 and interface BVI 1 for VLAN 1, Bridge-group 4 and interface BVI 4 for VLAN 4, and bridge-group 10 and interface BVI 10 for VLAN 10 (adjust for whatever your VLAN numbers are).

HTH

Rick

HTH

Rick

Thank you very much. I think that would be the solution.

Rick just a question for my knowledge , would he need multiple BVI's or just one BVI and put the same bridge group on all interfaces ?

Glen

If he defines a single BVI and a single bridge group and assigns the same bridge group on all interfaces then he bridges all the VLANs together and he really has a single VLAN and not 3 VLANs. A VLAN is a broadcast domain. When you bridge different interfaces together you are putting them into the same broadcast domain. If he wants to maintain 3 VLANs then he neds 3 BVIs.

HTH

Rick

HTH

Rick

Guess i am a little confused as to what he wants, if he wants additional vlans why doesn't he just use additional subinterfaces on the fast ether . Bridging is normally used for unroutable protocols like LAT so he would not reallly have 1 vlan , he would still 3 vlans but with one bridge group for unroutable protocols with its own spanning tree .

Glen

I agree that there may be some confusion about what he is trying to do and it may be that my understanding is flawed. I believe that the key is in one of the follow up messages in which he says that he needs to bridge because he wants two interfaces on the router to be active in the same subnet (same VLAN) to provide redundancy. To get two interfaces in the same subnet/VLAN he needs to bridge and to bridge the interfaces and to route IP he needs IRB with BVI. And if he has 3 VLANs and wants to keep the 3 VLANs separate then he needs 3 BVIs (and 3 bridge groups).

HTH

Rick

HTH

Rick

I know this thread is pretty old, but are you saying to assign 3 different bridge-groups under the 2 interfaces he wants to use for redundancy? I am a bit new to BVI - so meaning each BVI you just assign an IP in the subnet for the particular VLAN you want to bridge correct?

Hi, sorry to revive this old thread, but i have few questions about IRB:

Fom the cisco document, Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature :

 

When in figure 3, we apply Bridging IP feature(transparent bridging?):

"Eventhough the PCs are now in the same subnet this design results in two physially separate VLANs that may or may not have the same VLAN number."

 

And in figure 4, with IRB IP:

"The VLAN now spans the router, and the VLAN header is maintained as the frame transits the router."

 

I have tested a lots of combinations, and i see no difference in regular bridging and IRB bridging, in terms of VLAN headers as they past the router (ofc. main difference is that with IRB one can bridge AND route protocol at the same time..but as for bridging, they both do the same).

I have uploaded a picture with examples 

bridgeQ.PNG

==

Examples 1 and 2 are regular bridging, where PCs are in same vlan (2) and in different vlan (2 and 3)

Examples 3 and 4 are IRB bridge.

PCs are in the same subnet.

PCleft pings PCright, and red triangles are packets tagged with vlan2 or vlan3 tag.

===

Can you please clarify me following:

 

note1: Looks like even with iRB bridging, PCa and PCb can still be in the different VLAN. (ex.4)

Question1: how can i be sure that "IRB maintains the VLAN header", or simply replace VLAN tag2 coming on left interface of router, with VLAN tag2 exiting right interface of router (in the example 3).

note2: We can see from ex.4, IRB doesnt maintain the VLAN header, but the router apply tag 3 on f0/1.3 subinterface.

 

Quote from the document:

"On a single physical interface, the IRB can be created with two VLAN sub-interfaces (802.1Q tagging); one VLAN sub-interface has an IP address that is used for routing, and the other VLAN sub-interface bridges between the sub-interface used for routing and the other physical interface on the router."

Isn't more precise to say: "..and the other VLAN sub-interface is bridged with other physical interface".

What i configured is in example in second uploaded picture.

Is it the right configuration, related to that quote?Is that what the quote is saying ?

bridq2.JPG

 

Quote from some older Cisco document:

To route a received VLAN packet the Cisco IOS software VLAN switching code first extracts the VLAN
ID from the packet header (this is a 10-bit field in the case of ISL and a 4-byte entity known as the
security association identifier in the case of IEEE 802.10), then demultiplexes the VLAN ID value into
a subinterface of the receiving port. If the VLAN color does not resolve to a subinterface, the Cisco IOS
software can transparently bridge the foreign packet natively (without modifying the VLAN header) on
the condition that the Cisco IOS software is configured to bridge on the subinterface itself. For VLAN
packets that bear an ID corresponding to a configured subinterface, received packets are then classified
by protocol type before running the appropriate protocol specific fast switching engine. 

 

Question2: how can i configure router to test this statement ? (p.s. it says about ISL protocol, but i guess the same can be applied for 802.1q standard). I have tried to achieve this in my first picture,example4, by enabling f0/0.4 subinterface on router (instead of f0/0.2), but when the packet from left pc (tagged with vlan tag 2) comes at router, it doesnt pass the router (arp request for 1.1.1.3, tagged with vlan 2, doesnt pass the router). So, what am i missing ?

 

Thank you

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco