Solved: Configure two routers in bridge mode

net buzz · ‎03-11-2009

Hi, i need to configure two Cisco routers in bridge mode as they interconnect two LANs that are in the same subnet. The two routers are connected by a fiber optic link. Can you please indicate me how to set the routers in bridge mode.

Giuseppe Larosa · ‎03-11-2009

Hello Alvin,

if the routers are ISR routers 2811 or above you could think to use L2tpv3

However, if the link is direct and you don't need to use it as a L3 routed link you can also bridge

int fas0/0

no ip address

bridge-group 1

desc internal lan

int fas0/1

desc link to fiber

no ip address

bridge-group 1

bridge-group1 protocol ieee

brdige-group1 route ip

int bvi1

desc l3 interface of the bridge group

ip address x.x.x.1 255.255.255.0

no shut

you need to do the same on the second router

int fas0/0

no ip address

bridge-group 1

desc internal lan

int fas0/1

desc link to fiber

no ip address

bridge-group 1

bridge-group1 protocol ieee

brdige-group1 route ip

int bvi1

desc l3 interface of the bridge group

ip address x.x.x.2 255.255.255.0

no shut

just the ip address associated to the BVI1 of R2 needs to be different

if R1 reach all other networks via R2

R1 needs a default route

ip route 0.0.0.0 0.0.0.0 x.x.x.2 10

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎03-11-2009

Hello Alvin,

if the routers are ISR routers 2811 or above you could think to use L2tpv3

However, if the link is direct and you don't need to use it as a L3 routed link you can also bridge

int fas0/0

no ip address

bridge-group 1

desc internal lan

int fas0/1

desc link to fiber

no ip address

bridge-group 1

bridge-group1 protocol ieee

brdige-group1 route ip

int bvi1

desc l3 interface of the bridge group

ip address x.x.x.1 255.255.255.0

no shut

you need to do the same on the second router

int fas0/0

no ip address

bridge-group 1

desc internal lan

int fas0/1

desc link to fiber

no ip address

bridge-group 1

bridge-group1 protocol ieee

brdige-group1 route ip

int bvi1

desc l3 interface of the bridge group

ip address x.x.x.2 255.255.255.0

no shut

just the ip address associated to the BVI1 of R2 needs to be different

if R1 reach all other networks via R2

R1 needs a default route

ip route 0.0.0.0 0.0.0.0 x.x.x.2 10

Hope to help

Giuseppe

net buzz · ‎03-23-2009

Dear Giuseppe,

I have configured the routers and the bridge mode configuration is working fine. I can ping both routers.

But there is a problem occurring.

When I connect the second router (Router B)to its LAN, there is no more connection. I cannot reach it anymore. There seems to be a STP loop.

Find below the configuration of both routers:

RouterA#

bridge irb

!

interface GigabitEthernet0/0

description 'Connection To LAN'

no ip address

duplex auto

speed auto

bridge-group 1

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface GigabitEthernet0/1/0

description 'Fiber Optics Link'

no ip address

negotiation auto

bridge-group 1

!

interface BRI0/2/0

no ip address

encapsulation hdlc

shutdown

!

interface BVI1

ip address 172.18.12.12 255.255.252.0

arp timeout 300

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

Router A#sh spanning-tree summary

Root bridge for: Bridge group 1.

PortFast BPDU Guard is disabled

UplinkFast is disabled

BackboneFast is disabled

Name Blocking Listening Learning Forwarding STP Active

-------------------- -------- --------- -------- ---------- ----------

Bridge group 1 0 0 0 2 2

-------------------- -------- --------- -------- ---------- ----------

1 Bridge Group 0 0 0 2 2

RouterB#

bridge irb

!

interface GigabitEthernet0/0

description 'Connection To LAN'

no ip address

duplex auto

speed auto

bridge-group 1

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface GigabitEthernet0/1/0

description 'Fiber Optics Connection'

no ip address

negotiation auto

bridge-group 1

!

interface BRI0/2/0

no ip address

encapsulation hdlc

shutdown

!

interface BVI1

ip address 172.18.14.2 255.255.252.0

arp timeout 300

!

no ip forward-protocol nd

!

ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

Router B#sh spanning-tree summary

Root bridge for: Bridge group 1.

PortFast BPDU Guard is disabled

UplinkFast is disabled

BackboneFast is disabled

Name Blocking Listening Learning Forwarding STP Active

-------------------- -------- --------- -------- ---------- ----------

Bridge group 1 0 0 0 2 2

-------------------- -------- --------- -------- ---------- ----------

1 Bridge Group 0 0 0 2 2

Thanks for your help.

Best regards,

Alvin

Giuseppe Larosa · ‎03-23-2009

Hello Alvin,

a loop cannot occur unless you close the two lan interfaces together but STP should take care of this

if you use a fiber connection you may need a media-type command.

do

sh int gi0/1/0

media-type ?

and see the options

check the status of the fiber based links with

sh int gi0/1/0

both devices say they are root bridge for bridge-group 1

Root bridge for: Bridge group 1.

so they are not communicating

Hope to help

Giuseppe

net buzz · ‎03-23-2009

Dear Giuseppe,

Find below the interfaces from both routers:

Router A#sh interfaces

GigabitEthernet0/0 is up, line protocol is up

GigabitEthernet0/1/0 is up, line protocol is up

Hardware is PM-3387, address is 0017.5aa6.d606 (bia 0017.5aa6.d606)

Description: 'Fiber Optics Link'

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, link type is autonegotiation, media type is LX

output flow-control is XON, input flow-control is XON

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:04, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 1 packets/sec

24870 packets input, 2138807 bytes, 0 no buffer

Received 73 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

209475 packets output, 18426653 bytes, 0 underruns

0 output errors, 0 collisions, 4 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

BVI1 is up, line protocol is up

RouterB#sh interfaces

GigabitEthernet0/0 is up, line protocol is up

GigabitEthernet0/1/0 is up, line protocol is up

Hardware is PM-3387, address is 0015.622e.f3b6 (bia 0015.622e.f3b6)

Description: 'Fiber Optics Connection'

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, link type is autonegotiation, media type is LX

output flow-control is XON, input flow-control is XON

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 2000 bits/sec, 4 packets/sec

5 minute output rate 2000 bits/sec, 3 packets/sec

351035 packets input, 29378840 bytes, 0 no buffer

Received 143617 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

35369 packets output, 2863100 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

28 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

BVI1 is up, line protocol is up

I am able to ping any device in the LAN of Router A from Router B.

The opposite is not possible.

Please advise.

Alvin

net buzz · ‎03-11-2009

Thanks Giuseppe,

I will configure the routers and revert back to you.

Thanks for your help.

lamav · ‎03-23-2009

Alvin:

Not to distract you from your work, but I am wondering why you find yourself in a situation where you have 2 ethernet interfaces on your router that are cnnected to the same LAN.

Can you also attach a simple diagram to show whats going on?

Thanks

Victor

net buzz · ‎03-23-2009

Dear Victor,

Please find attached the network topology.

As you will see, both LAN A and B are found in the 172.18.12.0/22 subnet.

So, that is why the routers are configured in Bridge mode.

But I am having problems when connecting the LAN interface of Router B. As soon as I connect it to the switch, I am not able to ping it anymore from router A.

Best regards,

Alvin

lamav · ‎03-23-2009

Alvin:

Thanks.

Have you taken notice of Giuseppe's suggestion? The routers dont seem to be exchanging BPDUs because each is claiming itself as the root bridge.

Victor

Giuseppe Larosa · ‎03-23-2009

Hello Alvin, Victor

collecting facts:

there is a fiber based link working at OSI layer 1 but STP messages are not exchanged.

Alvin:

what type of interface is g0/1/0 is part of some form of etherswitch module ?

in that case the configuration could need to be changed to something like

conf t

vlan 5

name inter-router-vlan

int vlan 5

no ip address

bridge-group 1

int gi0/1/0

switchport

switchport mode access

switchport access vlan 5

if the port is part of an etherswitch the bridge-group command has to be given under the SVI (int vlan 5)

Hope to help

Giuseppe

net buzz · ‎03-23-2009

Dear Guiseppe,

In fact interface g0/1/0 is a Gigabit Ethernet HWIC card (HWIC-1GE-SFP) with a GLC-LH-SM module. For each router it is the same.

Regards,

Alvin

net buzz · ‎03-23-2009

Dear Victor,

So in this typical configuration, should I enable the STP. And which STP should I use?

Which router needs to be the root bridge?

Regards,

Alvin

Giuseppe Larosa · ‎03-24-2009

Hello Alvin,

with your configuration STP is already running in the version IEEE:

the command

bridge 1 protocol ieee

Hope to help

Giuseppe

net buzz · ‎03-24-2009

ok, Guiseppe.

I will continue with the testing.

Regards,

Alvin

net buzz · ‎03-28-2009

Hello Guiseppe,

Hope you are doing fine.

The bridge configuration is working fine but I am encountering another issue that is preventing me from using the routers.

The issue is with Router B's LAN. When I am connecting Router B to the existing switch, I am not able to reach router A and its associated LAN anymore. Timeout occurs when I ping Router A from router B.

When I disconnect Router B from the existing switch, I can then access Router A and its associated LAN.

This seems to be a problem with the existing switch. Can you please explain what can be causing this problem and whether I need to do some modifications in the router configuration.

I did some tests using a standalone switch where I connected Router B and a laptop. Both where accessible from Router A. The problem did not occur.

Regards,

Alvin