Fallback Bridging

• February 26, 2010
• CCIE  
• Technology  
• Bridging  
• ipx  
• Vlans  

First off, thanks to the two sites below, i finally learned what this beast was about. Thanks guys!

Human Modem

CCIE Candidate

I got around to play with fallback bridging yesterday. I want to summarize its important points here.

To understand it in the first place, it helps to give some information on why its needed.

In using routed protocols, such as IP, we have the possibility of going across VLAN boundaries by using ip routing between vlan interfaces. Using non-routed protocols such as IPX, Appletalk and other legacy protocols, we dont have this option. Hence, if we want to be able to “speak” across VLAN boundaries, we need fallback bridging.

Now, for the platforms. The 3550 switch regards all non-IPv4 traffic to be a candidate for fallback bridging.

I state it this way, because the 3550 specifically, treats IPv6 traffic as non-IP traffic.

The 3560 switch is clever enough to treat IPv6 (and related traffic, such as NDP) as IP traffic, and therefore not bridge it between VLANs.

Everything regarding fallback bridging is configured using bridge groups. We apply these bridge groups to SVI’s and routed ports. Non-IP Traffic between these VLAN’s and routed ports can then occur.

Configuration wise, its very simple:

Cat-1(config)# bridge 1 protocol vlan-bridge
Cat-1(config)# int vlan 200
Cat-1(config-int)# bridge-group 1
Cat-1(config)# int vlan 300
Cat-1(config-int)# bridge-group 1

Thats all there is to establish the bridge group and apply it to your VLAN’s.

Now after the initial configuration, there are a few things you can do to tweak access to the bridge. By default the switch accepts connections from all mac addresses learned from the two (or more) VLAN’s. You can disable this behavior like this:

Cat-1(config)# no bridge 1 acquire

After this, your bridge wont learn any addresses automatically anymore. You then setup static assignments, on whether you want to forward/deny specific mac entries. This is configured like so:

Cat-1(config)# bridge 1 address 0000.1111.1111 forward

The show command to verify your bridge is:

Cat-1#sh bridge 1
Br Group    Mac Address       State      Type        Ports
--------    -----------       -----      ----        -----
   1        0000.1111.1111    Forward    STATIC      -

As shown, we have verified that we have statically assigned the 0000.1111.1111 mac address to be forwarded through the bridge.

To test out this configuration (without the static, and allowing the bridge to automatically learn the mac addresses), what you can do is set up two different VLAN’s, put a port into each, hook up a router to each one and configure IPX on each router:

R1(config)# ipx routing
R1(config-if)# ipx network AAAA
R1(config-if)# mac-address 0000.1111.1111
R2(config)# ipx routing
R2(config-if)# ipx network AAAA
R2(config-if)# mac-address 0000.2222.2222
R1#ping ipx AAAA.0000.2222.2222
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to AAAA.0000.2222.2222, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/15/24 ms

And this is all successfull even though they are in separate VLAN’s.

I think thats all I have for fallback-bridging for now. Different stuff for me to say the least 🙂