Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Transparent bridging between Cisco and linux

I have an application running on a linux machine which needs users to be connected directly to the network where the application's interface is located. Unfortunately I have remote users willing to use this application. I do not know much about how this application works but it does not allows users to be routed. It does not even works if the user is nat-ed onto an IP on the same network. The only sollution for me is transparent bridging over the Internet. Another problem is, that multiple sites have to be connected to this server.

I am thinking about to create l2tp tunnels between the cisco routers and the linux server but I do not know how.

Can anybody help me?


Hall of Fame Super Gold

Re: Transparent bridging between Cisco and linux


Please try to find out more about the application. Usually the reason apps "requires directly connected clients", it because it is based on UDP broadcast. Thing that can be do without a problem over GRE tunnels (broadcast forwarding via helper-address). You can also have multiple GRE tunnels or multipoin tunnels, even in meshed fashion, and IOS would guaranteed the broadcasts are never replicated because it ca use a special version fo spannign tree protocl to do this!

You would have no NAT in this case and the applications would work.


Re: Transparent bridging between Cisco and linux

That's some bad application...

I'm thinking about bridging tunnel interfaces or using NAT.

Can it be natted? Does it use IP at all?

Hall of Fame Super Gold

Re: Transparent bridging between Cisco and linux

There are no bad applications, only networks unable to cope with them.

You can try enabling bridge on the gre tunell, but is not officially supported.

In all honesty, you best choice is to find a way to make it work over separate subnets. Thing that is possible, believe me.

Community Member

Re: Transparent bridging between Cisco and linux

Hello All!

Thank you for the help! Unfortunately the application was not developped by us and it was intended to work only on a bridged not routed environment. The other problem is that we do not have time to rewrite it (usuall project management: no need to ask the IT about the impact of a change :-) ). The application is quite complicated (even has it's own DHCP server etc.). Unfortunately I have to live with that and I have to try to configure our infrastructure accordingly. The GRE tunnel is a good idea, I thought about it as well. Unfortunately Linux does not allow the GRE tunnel interface to be in a bridge group. Presently we are testing a workaround (we put a Cisco router in front of the server to terminate the GRE tunnels so I can put them into a bridge group and we put one port connected to the server to the same group). I will have the test results tomorrow.

The helper-address is also a very good idea. I was focusing to create a bridged environment but it might be that routing broadcast traffic to the correct place will solve the problem. I will also test it tomorrow.

Thank you very much again!

Community Member

Re: Transparent bridging between Cisco and linux

Hi GombasPeter,

I have exactly the same requirement for which I have been discussing in last 3 to 4 days on this forum. Kindly inform if your test succeeds or you get any other solution.

Here is the hyper link of my discussion.



Community Member

Re: Transparent bridging between Cisco and linux

Hello All,

Bridgin over GRE works. Both ends of the GRE tunnel is terminated on a Cisco router, IRB is configured, tunnel interface and the corresponding ethernet port is set to the same bridge-group. I receive IP from the linux server without any problem and the application works as well. Next step will be to try to get rid of the built in DHCP server and use the router as DHCP server (I don't know if I can do that in a bridged environment. Maybe I can use the BVI interface for that)

On Monday I will try the routed solution with ip helper-address and ip forward-protocol command.

CreatePlease to create content