Bridging between VLAN interface and port-channel interface

Unanswered Question
May 27th, 2010

Here's the overview:

We have a customer who will be accessing managed services located in our data center.  I have a 1941 router (with a 4-port ESW) at the customer site and a 3750 stack in our data center that has the managed resources attached.  The two are connected via dual wireless bridge links, which on the router are both connected to the physical interfaces.  The ESW card will connect into the customer's LAN.

My goal is simply to extend their LAN into a VLAN on the 3750 stack so we don't have to change all the client devices by being able to leave the server addresses where they are.  I've tried several methods to bridge this end-to-end but haven't been successful.  From what I can tell, the biggest issue is getting bridging established between the VLAN interface and the port-channel interface on the router (which is on the two physical interfaces).  For some reason the bridge group can be applied to both the VLAN and PO interfaces but it just doesn't work.  I can get from the PO back to the 3750 just fine but when I source it from the VLAN interface the bridge just doesn't work.

I've been looking at dot1q tunneling and L2 tunneling but I'm stumped how to make those work with just the two devices.  In other words, how to participate in the tunneled VLAN on the same device terminating the tunnel.  I tried bridging over GRE but again, the bridging issue within the router just seems to be the underlying issue.

If anybody has any suggestions, ideas or just pointers to documentation I would be totally grateful!



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rick Arps Thu, 05/27/2010 - 12:11

You could hook the bridge into a port on the esw module.  This would let you trunk their data vlan over the wireless link, as well as the native vlan, where you could do your routing.

Is there any reason to do a layer 3 link to the site?  It seems like you could just remove the router and put a switch in instead.

Hope this helps


Rik Guyler Thu, 05/27/2010 - 12:38

Well, I don't have a compelling reason to use L3 at this point.  Originally the plan was to use VRF over L3 links for path isolation but the migration path created by changing the server addresses was ugly so I decided to go the L2 way after the router was purchased.  I still prefer the VRF method for security reasons so I'll probably keep the router in there.  I guess I could just run everything into the ESW card and put it all in the same VLAN.  Doesn't get any easier than that. 


This Discussion