Bridging vlans

Unanswered Question
Jan 9th, 2009
User Badges:

I have a situation as follows:


Switch with two vlans:


vlan 1

vlan 2


Using this single switch I need to put a box in between vlan 1 and 2 that acts as a transparent bridge.


Vlan 1 and 2 are the same network. The only reason for the two vlans is because of the equipment I have to "split" the network with.


So the two vlans are bridged together.


Any ideas to make this work better with a single switch? as bridging vlans on the same switch with essentially a patch cable isnt a very good idea.....


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mikegrous Fri, 01/09/2009 - 08:41
User Badges:

I think what you are looking for is vlan bridging.


int vlan 1

bridge-group 1

int vlan 2

bridge-group 1

bridge 1 protocol vlan bridge


Inter-VLAN bridging is the concept of simultaneously bridging multiple VLANs together. Inter-VLAN bridging is occasionally needed in order to bridge non-routable protocols or unsupported routed protocols between multiple VLANs.

Richard Burts Fri, 01/09/2009 - 08:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Daniel


I do not understand why you want to bridge between VLANs. The basic purpose of the VLAN is to control the size of the broadcast domain and to provide some separation between groups of devices. When you bridge VLANs together you merge the broadcast domains and produce a single larger broadcast domain and you remove any separation between groups of devices. So why would you want to bridge the VLANs?


If we understood what you are basically trying to accomplish we might be able to suggest alternatives that could achieve it.


HTH


Rick

Daniel Graham Fri, 01/09/2009 - 08:59
User Badges:

I will do the best I can to explain-


WAN connection comes in via port 1.

WAN connection runs OSPF.

Interface vlan 1 is the "LAN" with IP of 10.0.0.1/24


Local network devices plug into switch ports.


All switch ports except port 1 (wan) are in vlan 1.


A QOS device needs to set in between 10.0.0.1 and the rest of the LAN devices, and is a transparent bridge.


The QOS device cant set on the WAN connection and has to be behind 10.0.0.1


So the only way I know of separating the LAN devices from the LAN gateway of 10.0.0.1 is to create another vlan (VLAN 2) and move the gateway 10.0.0.1 into it (along with a port for QOS device) and plug the other end of the QOS device into vlan 1.


Now the two vlans are bridged, even though they are the same network....



Roberto Salazar Fri, 01/09/2009 - 08:50
User Badges:
  • Gold, 750 points or more

vlan bridging will not work wiht your requirement as you said they are in the same subnet meaning the two svi will have the ip address in the same subnet, the router will not allow this, it will complain. Since the two vlans are in the same subnet, why not put all of them in the same vlan? why two different vlans when they are in the same subnet? same subnet = same broadcast domain = same vlan.


my .02 cents.

Daniel Graham Tue, 02/17/2009 - 13:39
User Badges:

Any Ideas?


When I connect my devices like below the switchport(s) are not forwarding.


CDP of course reports a native vlan mismatch.


Any way to get around Spanning tree issues?

---------------------


I will do the best I can to explain-


WAN connection comes in via port 1.

WAN connection runs OSPF.

Interface vlan 1 is the "LAN" with IP of 10.0.0.1/24


Local network devices plug into switch ports.


All switch ports except port 1 (wan) are in vlan 1.


A QOS device needs to set in between 10.0.0.1 and the rest of the LAN devices, and is a transparent bridge.


The QOS device cant set on the WAN connection and has to be behind 10.0.0.1


So the only way I know of separating the LAN devices from the LAN gateway of 10.0.0.1 is to create another vlan (VLAN 2) and move the gateway 10.0.0.1 into it (along with a port for QOS device) and plug the other end of the QOS device into vlan 1.


Now the two vlans are bridged, even though they are the same network....


Giuseppe Larosa Tue, 02/17/2009 - 14:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Daniel,


>> A QOS device needs to set in between 10.0.0.1 and the rest of the LAN devices, and is a transparent bridge.


has this QoS device (a sort opf shaper/policer I suppose) got two ports ?


connect port 1 to vlan 1 and port 2 to vlan2 with the QoS device acting as transparent bridge and you have your setup: bridging is performed by the external qos box.


>> Now the two vlans are bridged, even though they are the same network


this is for the transparent bridge capabilities of the QoS device you have already done it.


As noted by other posters this is a case where the LAN switch couldn't do all the job by itself but it is possible with an external boxes.

The single broadcast domain allows for ARP activity and the QoS device can do its job of selective Shaping/policing by the fact to be in the middle.


Hope to help

Giuseppe


Daniel Graham Tue, 02/17/2009 - 14:04
User Badges:

The problem I have though is the cisco switch sees a native vlan mismatch and is not forwarding on one of the ports.


I assume this is a spanning tree issue but I havnt had any luck getting around it.

Giuseppe Larosa Tue, 02/17/2009 - 14:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Daniel,

CDP should be the one providing the message about vlan mismatch.


I think the problem is that the QoS device is passing STP BPDUs on the two ports in both directions.


So BDPUs sent out port1 are seen on port2 and this causes that one port goes to STP blocking state.

The ports need to be in access mode


int gx/y

switchport

switch mode access

spanning-tree bpdufilter enable


in this special case you need to make one port silent for the STP protocol so you need to use STP bpdu filter.


by not hearing better bpdus the other port will stay up and all the setup should work.


Hope to help

Giuseppe


Francois Tallet Tue, 02/17/2009 - 14:39
User Badges:
  • Gold, 750 points or more

Yes. And if you are using access ports, you don't even need to filter out BPDUs, because they won't be tagged. So STP in vlan 1 and vlan 2 will talk together, as if they were two different bridges.

Regards,

Francois

Giuseppe Larosa Tue, 02/17/2009 - 15:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Francois,

Daniel's objective is to have both ports in forwarding state with the QoS device in the middle.

if the ports are access ports the IEEE version of BPDU is used and so BPDUs of vlan1 and of vlan2 will be compared.

the comparison will lead to a Designated Port election.

I think the ports have to be made silent.



Hope to help

Giuseppe



Francois Tallet Tue, 02/17/2009 - 15:05
User Badges:
  • Gold, 750 points or more

Hi Giuseppe,

One port will be designated port, and the other will be root port. So no problem. No problem unless there is a back door connection between the vlans, in which case you're happy that you did not filter those BPDUs and that STP can block this connection;-)

Regards,

Francois

Giuseppe Larosa Tue, 02/17/2009 - 23:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Francois,

now I got your point.


I agree is better to avoid to use BPDU filter.


Best Regards

Giuseppe


Mohamed Sobair Tue, 02/17/2009 - 14:24
User Badges:
  • Gold, 750 points or more

Hi,


Merging between 2 vlans on a single switch is impossible, as you have only one Native vlan allowed.


I really dont know why even you want to merge between Vlans even between 2 Switches.



HTH

Mohamed

Daniel Graham Wed, 02/18/2009 - 06:51
User Badges:

I really dont want to, but in this situation I dont have a choice.


I still cant get the two vlans to bridge, when I do a show spanning-tree both ports show as FWD state but nothing will pass.


Actions

This Discussion