Solved: Re: Bridging through a tunnel interface possible?

oj88 · ‎07-05-2006

I have a client that wants to bridge a single VLAN to another site, among other things. Basically, I can do that if I put bridge-group on the necessary interfaces. But in reality, it's not that simple. Between their sites, they have 4 x E1's for redundancy spanned across two routers per site, and I don't want to use a single E1 for the sole purpose of the bridged VLAN. Besides, if that E1 goes down, the bridge will go down with it.

My initial idea was to create a tunnel and bridge the VLAN through that tunnel. The tunnel is great as it is not bound to any of the E1's and it should still work even if up to three of the E1's become unavailable. My problem is, there's no bridge-group command under interface tunnel.

Any wise man here can figure out an alternative for the above scenario?

Richard Burts · ‎07-06-2006

I assume that when you talk about tunnel that we are talking about GRE tunnel (obviously would be a different situation if it were some other type of tunnel - like IPSec tunnel).

I believe the answer to this is that bridging over GRE tunnel is not officially supported. I believe that I have gotten it to work - in a lab situation. You might be able to get the tunnel to carry the bridged traffic, but if there were ever a problem and you asked Cisco for help with it they would not be able to do anything since it is a non-supported environment.

Why does this client want to bridge the VLAN over two sites that are remote? Perhaps if we knew more about the environment and the requirements we might find some alternative.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎07-06-2006

I assume that when you talk about tunnel that we are talking about GRE tunnel (obviously would be a different situation if it were some other type of tunnel - like IPSec tunnel).

I believe the answer to this is that bridging over GRE tunnel is not officially supported. I believe that I have gotten it to work - in a lab situation. You might be able to get the tunnel to carry the bridged traffic, but if there were ever a problem and you asked Cisco for help with it they would not be able to do anything since it is a non-supported environment.

Why does this client want to bridge the VLAN over two sites that are remote? Perhaps if we knew more about the environment and the requirements we might find some alternative.

HTH

Rick

HTH

Rick

oj88 · ‎07-06-2006

Thanks for the reply.

Of course, I would prefer everything on Layer-3. But according to them, they still have legacy applications that needs to be in the same broadcast domain.The bridging will definitely be just a temporary patch until they upgrade their software.

Anyway, if I use tunnel mode gre, would that allow me to put in the bridge-group command?

Thanks

[EDIT]

Ok, tried it out and the router accepted the bridge-group command. It did show the following disclaimer:

% This command is an unreleased and unsupported feature

Anyway, I'll do some more tests tomorrow.

Thanks again!

Richard Burts · ‎07-06-2006

As you probably found out the online help does not consider the bridge-group command to be valid on a tunnel interface. And if you enter the command you get the error message about unreleased and unsupported. My memory is that when I tested it I got bridged traffic to go through the tunnel. But as I said I would be very hesitant to do this in a production environment. If you go forward with this I would suggest that you warn the client of the risks and the lack of support if something does not work as expected.

HTH

Rick

HTH

Rick