cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2560
Views
17
Helpful
11
Replies

Why is BVI needed with 871W wireless VLANS?

bflseanny
Level 1
Level 1

I have had the hardest time wrapping my head around the purpose of using BVIs.

When configuring a 871W with muliple SSIDs and multiple VLANS, config guides instruct that the wireless LAN must be "bridged" to the wired LAN using a BVI.

Why?

If I have multiple dot11radio subinterfaces asigned to their respective VLANS, shouldn't the router already know how to switch traffic between, say, wirless VLAN 20 and wired VLAN 20?

Wait, I might be answering my own question in my head...Is the BVI necessary for routing between the VLANs? Since the 871W uses a Layer 2 switch on the LAN side, unless I connect a physical cable from a trunked LAN port to the WAN interface on the 871W (in a router-on-a-stick setup), no routing between the VLANs can take place, right?

So, the BVI is set up to creat a "virtual link" to the WAN port as if the layer 2 switch were connected to a routable port on a router. Am I close on this?

1 Accepted Solution

Accepted Solutions

Hello,

Lucien is absolutely correct. Think of this: the AP, or better said, its radio interface represents one particular network interface in your router. Wired Ethernet ports are another interfaces that are physically distinct, independent and not directly interconnected in any way with each other or with the radio interface. It is simply a bunch of interfaces, each one isolated at the beginning from each other. With a separate and independent radio interface on one side and an Ethernet port on other side, you need something to bridge them to make them appear together as a single continuous LAN. That functionality is provided by the BVI virtual interface which is a software interface and provides the bridging in software. That is why you need the BVI to interconnect the wired and wireless part of your LAN, whether you use VLANs or not (they are just a way of virtualizing a single interface into several subinterfaces). Without a BVI, the wireless part of your LAN would be workable (the wireless clients could communicate with each other) but it would be separated from the wired LAN.

Best regards,

Peter

View solution in original post

11 Replies 11

Lucien Avramov
Level 10
Level 10

That is the way the 871w is designed.

The newest 880s, have a controller build in, but the 871w doesnt. Hence you need to bridge the AP built in to the router and that is via a BVI interface.

the BVI creates a bridge between your wireless LAN and another VLAN you want to use. It interconnects them on the same VLAN.

It's not even a L3 - routing issue, it's L2.

Peter Paluch
Cisco Employee
Cisco Employee

Hello,

The use of BVI interfaces can be explained as an architectural choice but it also deserves a brief overview of what the bridging really was about.

Bridges were originally devices that did not only interconnect multiple network segments but were also capable of converting between individual frame formats. Such bridges were called translational bridges, for example, between Ethernet and Token Ring. These devices could indeed make a literal bridge between dissimilar interfaces according to its configuration.

This is also similar to what is done when bridging VLAN and WLAN. The BVI interface allows you to bridge any interfaces you wish - any WLAN and any Ethernet interface you'd like, so you are given an important degree of flexibility. The WLAN and VLAN use dissimilar formats so the ability to do translation of different frame formats is very useful here. Also, with integrated bridging and routing (IRB), the BVI interface represents an interface which can be assigned an IP address and that can serve as the default gateway for stations in this bridged V/WLAN.

I am not sure if this all is understandable enough - if not, please ask further.

Best regards,

Peter

I can understand your explanation of "translational bridges". I'm still a little foggy on why a BVI is necessary for allowing communication between the WLAN devices and the LAN devices.

It would seem that on a device like the 871W, there would be an internal interface connecting the wireless radio to the ethernet switch...as if they were two separate devices and not integrated.

I'll try to do some more reading on the subject.

So historically, the wireless part that was integrated on the routers was just a wireless bridge. The wireless bridge is a layer 2 device that has dot11radio interfaces.

As it's a wireless bridge, you need to use a BVI to interconnect it to a router : the 871.

The newer 880 routers have a new architecture, copied from the WLC / LWAPP architecture, where you actually dont have anymore the need to bridge, it's integrated.

Hope this clears it out.

Hello Lucien,

You are right about the WLC/LWAPP architecture but I believe we should not talk about it here in this thread. It is a substantially different concept than the traditional bridging and introducing it here might suggest that it is a different way of doing the BVI bridging while in reality, the LWAPP architecture is a tunnelling technique with centralized processing of the tunnelled wireless frames. I am not even sure if it is possible to bridge a selected WLAN on a WLC with a selected VLAN on a physical port. I have always seen the WLANs being only routed on the WLC but never bridged with actual physical ports or VLANs. This is not to say that it is not possible, only just that I am not aware that is is possible.

Best regards,

Peter

Well, on the previous post a question was why we must use BVI. I mentioned the newer architecture, as it's a new implementation on the next generation of 871 : the 880 that are NOT using BVI anymore but a better concept involving LWAPP.

We both explained why BVI is used. The bottom line is that was a natural implementation, if you know from where airespace comes. The previous APs were just bridges and hence that is why this architecture was used.

Sean,

Note that even for different router platforms, the same IOS codebase is used, so often, the configuration principles from larger routers are also used on the low-end products where they might seem largely oversized.

Regarding the BVI usage: imagine having a slightly larger router, say, 1841 that has two built-in FastEthernet interfaces. Now imagine that I wanted to bridge the WLAN 10 with Fa0/0.10 but for some reason, I needed to bridge the WLAN 20 with Fa0/1.20. Now, I need some mechanism to define which wireless and wired VLAN should be bridged together. And it could get even more complicated if I had even more interfaces.

The BVI gives me just the level of flexibility I need here. It allows me to freely choose which interfaces are to be bridged. I am not familiar with the 871W - if it has just a single LAN port (or a single LAN switch) then using the BVI might seem as an unnecessary level of indirection. But note that on larger routers, the needs of bridging different WLANs with different VLANs on different interfaces absolutely requires using the BVI interface, otherwise you would lack a mechanism of creating bridged associations between arbitrary WLANs and VLANs on arbitrary physical ports.

Best regards,

Peter

Let me see if I can ask a better question so that I might get this concept clear in my head. Your answer have been great so far, but I just need to visualize this thing.

Let's start here: If I have a wireless router like the 871W, and I am not using multiple VLANs, do I need a BVI in order for wireless clients to have Internet access out through the WAN interface of the router and to communicate with the wired clients?

Yes, you will still need one bvi in order to assign the bridge AP to a vlan.

Without a BVI your clients will not be able to get an IP address from example as there will be no vlan layer nor anything higher such as an ip address.

Wired+Wireless can share the same network (or vlan). OR they can be on a different one, depending how you want it to be.

In any case, you need a BVI for the wireless to work.

Hello,

Lucien is absolutely correct. Think of this: the AP, or better said, its radio interface represents one particular network interface in your router. Wired Ethernet ports are another interfaces that are physically distinct, independent and not directly interconnected in any way with each other or with the radio interface. It is simply a bunch of interfaces, each one isolated at the beginning from each other. With a separate and independent radio interface on one side and an Ethernet port on other side, you need something to bridge them to make them appear together as a single continuous LAN. That functionality is provided by the BVI virtual interface which is a software interface and provides the bridging in software. That is why you need the BVI to interconnect the wired and wireless part of your LAN, whether you use VLANs or not (they are just a way of virtualizing a single interface into several subinterfaces). Without a BVI, the wireless part of your LAN would be workable (the wireless clients could communicate with each other) but it would be separated from the wired LAN.

Best regards,

Peter

Ah!!!

That was just the explanation I needed. Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: