Router Bridging Question

Unanswered Question
Jun 6th, 2008
User Badges:

Hi,


I'm configuring the network as seen in the attachment.


I would like to have one rapid spanning tree domain per vlan. But I'm not quite sure if the routers also support rpvst+ or just pvst+. The core is running rpvst+. The routers seem to adapt to the timers from the rpvst+ domain. So thats my first question. Is this going to work?


My second question is how to convert two Layer 3 ports ( G0/0 and G0/1 ) into one Layer 2 port. I tried this by making a bridge group and configure the BVI interface, but I'm not quite sure this is the way to go.


--------- Sample config from one of the routers ----------


bridge irb

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/0.254

encapsulation dot1Q 254

bridge-group 254

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1.254

encapsulation dot1Q 254

bridge-group 254

!

interface BVI254

ip address 10.254.1.251 255.255.255.0


bridge 254 protocol ieee

bridge 254 route ip


----------- END ------------


Is this the right configuration for the situation I would like to use it for?


Third Question: Is it also possible to use some sort of interface tracking between Gi 0/0 and 0/1 which allows subsecond failover instead of using spanningtree?




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Fri, 06/06/2008 - 08:55
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Per your diagram, the best design will be using L3 links between the routers and switches and run OSPF or EIGRP among these links.


Spanning-Tree and Bridging in routers is very cumbersome and something that should be avoided in new designs.


HTH,


__


Edison.

2044418Puts Fri, 06/06/2008 - 09:07
User Badges:

Yes I would also prefer that.


The problem is that there are several VLANS within the spanning tree domain that need to be routed securely with CBAC / reflexive ACL's.


Isn't there a way to use redundant interfaces like ASA 8.0(1)?

Edison Ortiz Fri, 06/06/2008 - 09:33
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You can still implement CBAC and Reflexive ACLs with L3 links between devices. I don't know all the requirements so I can't comment further nor make any other suggestions. However, running L2 to the router is just a bad design all around.


Per your diagram, one port must likely is in blocking mode while the other is in forwarding mode. Per your diagram, I'm not sure what device is the root of the Spanning-Tree for a specific Vlan (most likely one of the routers due to their lower MAC Address). Also, routers do not run PVST, they run CST.


Please post the show spanning-tree output from one of the routers for confirmation.


__


Edison.

2044418Puts Fri, 06/06/2008 - 12:32
User Badges:

The switches are the primary and secondary root. One of the ports on each of the routers is in forwarding state (towards to root), the other ports are in blocking mode. Can't post a config since its weekend.

Actions

This Discussion