router with 802.1q strange request

Unanswered Question
Mar 20th, 2009


it is a strange request but I have 2 sites with a layer2 link where 802.1q is supported.

For a while, I need to install a router on one side to separate the flow.


1 - vlan 1 must be share by both sites with differents networks and the router must terminate the flow and route the trafic.

2 - Others vlans are no routable but must be pass through the router.

For second request do I need to use bridge mode ?

config are like this


interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 255.255.2550


interface FastEthernet0/0.100

description VLAN

encapsulation dot1Q 100

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address


interface FastEthernet0/0.100

description VLAN

encapsulation dot1Q 100


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sat, 03/21/2009 - 06:43

Hello Eric,

the possibility to bridge over vlan subifs is IOS and platform dependent.

You can verify if you router accepts it.

You need to define a bridge-group for each pair of vlans you want to bridge or it will be a terrible mess.

bridge 1 protocol ieee

int f0/0.100

no ip addr

bridge-group 1

int f0/1.100

no ip addr

bridge-group 1

then bridge-group 2 for another pair of Vlans and so on.

Verify also the max number of bridge-groups you can create they can be less then the number of vlans that need to be bridged.

I would consider if it is a possible solution to bypass the router totally: actually almost all vlans just need to be propagated like in a l2 trunk.

you can remove vlan1 in the list of permitted vlans on both sides and you have a working solution with no bottlenecks.

Locally on each site one device will provide the default gateway for the vlan1.

Only possible problem of a partitioned vlan1 is vtp: if you use vtp you need to deploy it in two vtp domain on the two sides of the link

Hope to help



This Discussion