SYSTEM ADMINISTRATOR GUIDE     7/1543-CRA 119 1170/1-V1 Uen A    

Configuring Bridging

© Copyright Ericsson AB 2009. All rights reserved.

Disclaimer

No part of this document may be reproduced in any form without the written permission of the copyright owner. The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge is a registered trademark of Telefonaktiebolaget L M Ericsson.
NetOp  is a trademark of Telefonaktiebolaget L M Ericsson.

Contents

1Overview
1.1Typical Bridge Scenarios
1.2BVI Port Scenarios
1.3Rate Limiting Using a Bridge Profile
1.4BPDU Filtering
1.5BPDU Queuing
1.6Troubleshooting Problems in a Bridging Domain

2

Configuration and Operations Tasks
2.1Configuration Guidelines
2.2Bridging Step-by-Step Configuration Procedures
2.3Validating IP Host Connectivity
2.4Bridge Operations

3

Configuration Examples
3.1Two Named Bridges: Example
3.2Bridged Interface: Example
3.3Bridge Profile: Example
3.4Spanning Tree Profile: Example
3.5Bridged Trunk Circuits: Example
3.6Bridged Tributary Circuits: Example
3.7Bridged Subscriber Profile and Subscriber Record: Example
3.8Filtered Ethernet Bridge Circuits: Example
3.9Bridged Virtual Interface Port: Example
3.10Validate IP Host Connectivity: Example


1   Overview

This document describes how to configure the following bridging functions: MAC moves loop detection, Rapid Spanning Tree Protocol (RSTP), bridged interfaces, bridged Ethernet ports, bridged 802.1Q PVCs, bridged ATM PVCs, bridged link groups, bridge subscriber circuits, and bridge virtual interface (BVI) ports.

Configuration tasks and commands for Virtual Private LAN Services (VPLS) bridging are described in the Configuring VPLS document.

The bridging feature in the SmartEdge router implements transparent, self-learning bridges as described in IEEE 802.1D. Bridging features specific to the SmartEdge router include:

1.1   Typical Bridge Scenarios

Figure 1 shows some of the hardware connections that support transparent bridging between the access network connected to ATM and 802.1Q PVCs to ISPs connected to Ethernet ports in a mixed environment on an SmartEdge router. For some of the commands used to implement this configuration, see Configuration Examples.

Figure 1   Bridging in a Mixed Environment

Figure 2 shows some of the logical connections between subscribersthe access network and ISPs through the SmartEdge router for the configuration shown in Figure 1.

Figure 2   Bridged Subscribers to ISP Connections

1.2   BVI Port Scenarios

BVI ports are created by inserting an IP interface with a virtual MAC into a bridge group to allow any bridging traffic sent to the BVI port to be routed and any IP traffic sent to the BVI port to be bridged. In typical BVI port implementations, a virtual IP interface is assigned to each bridge group that is used to route packets between the bridged and routed networks. This section explains how BVI ports can be used to support different types of networks. For example, you can configure BVI ports to terminate multiple types of Layer 2 circuits into a single bridge group, remove Ethernet switches to media gateways in a mobile-packet-based network, and eliminate physical loopback cables.

1.2.1   BVI Port: Basic Example

Figure 3 shows a BVI port connected to a standard Layer 2 bridging domain, called a bridge group in the operating system. In this case, a need exists to terminate multiple types of Layer 2 circuits into a single bridge group so that local or nonroutable traffic is bridged among the bridged interfaces in the same bridge group, while traffic sent to the BVI port is routed.

Figure 3   BVI Port Wireline Configuration

To illustrate how BVI ports can bridge local or nonroutable packets and forward the rest of the packets as Layer 3 traffic, Figure 4 diagrams a simplified version of the network configuration traffic illustrated in Figure 3.

Figure 4   BVI Port Basic Configuration

The simplified BVI port configuration in Figure 4 shows the three layers of headers that are present when traffic goes through the links from PC 1 to PC 2:

  1. When traffic goes to the bridge group links, Layer 2 headers are added by the sender.
  2. The Layer 2 headers are stripped at the router.
  3. The router is configured for bridging IP traffic, which allows the MAC header to be forwarded. If the MAC address of the packet does not match the BVI port MAC, then the traffic is bridged; and if the MAC address of the packet matches the BVI port MAC, then the traffic is routed.
  4. New Layer 2 headers are added after traffic exits the router at the next link. Link groups can be attached to different VLANs that have the same Layer 2 header because the traffic is forwarded by the IP destination field (not the Layer 2 header).

1.2.2   BVI Port: Media Gateway Connection Example

BVI ports can be used to bridge traffic to a Layer 2 network and route traffic into an IP/MPLS network, as shown in Figure 5. This eliminates the need for an Ethernet switch to the gateway.

Figure 5   BVI Port Wireless Configuration

For example, the network configuration in Figure 5 can be created using BVI ports instead of the configuration shown in Figure 6. For a sample configuration that shows a configuration before BVI port capability and after the BVI ports are configured, plus the commands used to implement the BVI port configurations, see the following sections.

1.2.2.1   Pre-BVI Port Capability Sample

Figure 6 displays a sample media gateway connection configuration with high availability using the operating system on systems “SE800-1” and “SE800-2” before BVI port capability:

Figure 6   Sample Pre-BVI Port Capability Media Gateway Connection Configuration

The dotted lines to the media gateway in Figure 6 are the backup paths for each type of traffic (signal and payload) going through the gateway interface cards (MM1-20-2, MM2-20-2, MM1-19-2, MM2-19-2). The signal traffic supported is signal protocol over IP network applications that use Stream Control Transmission Protocol (SCTP). The payload traffic supported is Voice over IP (VoIP) network applications that use User Datagram Protocol (UDP).

The lines from SE800-1 Ge-1/1 to SE800-2 Ge-1/1, SE800-1 Ge-2/1 to SE800-2 Ge-2/1, and SE800-1 Ge-3/1 to SE800-2 Ge-3/1 are trunk links for VPLS over MPLS. These links allow L2 traffic and L3 traffic running between SE800-1 and SE800-2.

Notice the loopback cables on SE800-1 from Ge-3/4 to Ge-3/5 and from Ge-3/2 to Ge-3/3, and on SE800-2 from Ge-3/4 to Ge-3/5 and from Ge-3/2 to Ge-3/3 in the pre-BVI capability configuration shown in Figure 6. The physical loops are required in the pre-BVI port capability media connection configuration.

1.2.2.2   Post-BVI Port Capability Sample

Figure 7 displays a sample media gateway connection post-BVI port capability, followed by the commands used to configure the BVI ports, and how to complete the SE800-1 and SE800-2 configurations:

Figure 7   Sample Post-BVI Port Capability Media Gateway Connection Configuration

Notice that the loopback cables on SE800-1 from Ge-3/4 to Ge-3/5 and from Ge-3/2 to Ge-3/3, and on SE800-2 from Ge-3/4 to Ge-3/5 and from Ge-3/2 to Ge-3/3 in the pre-BVI capability configuration shown in Figure 6 are no longer needed in the BVI port configuration in Figure 7.

The BVI port configuration in Figure 7 also eliminates the need for the Ethernet switches to the media gateway in Figure 6. Instead, if the traffic destination is the VMAC of the BVI, then the traffic is routed; and if the traffic destination is not the VMAC of the BVI, then the traffic is bridged as usual on a standard bridge group.

The lines from SE800-1 Ge-1/1 to SE800-2 Ge-1/1, SE800-1 Ge-2/1 to SE800-2 Ge-2/1, and SE800-1 Ge-3/1 to SE800-2 Ge-3/1 that are the trunk links for VPLS over MPLS in Figure 6 are replaced with links for the Layer 2 Link Aggregation Group (L2 LAG) to allow L2 traffic and L3 traffic running between SE800-1 and SE800-2 in Figure 7.

The BVI ports support local or nonroutable Link Layer 2 (signal and payload) traffic that is bridged to the bridged interfaces in the same bridge group, while routable Network Layer 3 (signal and payload) traffic is routed to other routed interfaces. The SE800-1 system has three BVI ports, one for the signal tunnel VLAN associated with vid1001 and two for the payload tunnel VLANs, the active VLAN associated with vid1000 and the standby VLAN associated with vid1005. The SE800-2 system also has three BVI ports: one for the signal tunnel VLAN with vid1006 and two for the payload tunnel VLANs, the active VLAN associated with vid1005 and the standby VLAN associated with vid1000.

The following example shows how to implement the BVI port configuration in Figure 7 for SE800-1:

[local]Redback(config)#context xyz_Media

[local]Redback(config-ctx)#bridge bridge-vlan1000
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1000 routed and bridged traffic

[local]Redback(config-ctx)#bridge bridge-vlan1005
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1005 routed and bridged traffic

[local]Redback(config-ctx)#interface vlan1000
[local]Redback(config-if)#ip address 10.2.12.2/28

[local]Redback(config-ctx)#interface bridge-vlan1000 bridge
[local]Redback(config-if)#bridge name bridge-vlan1000

[local]Redback(config-ctx)#interface vlan1005
[local]Redback(config-if)#ip address 10.2.12.130/28

[local]Redback(config-ctx)#interface bridge-vlan1005 bridge
[local]Redback(config-if)#bridge name bridge-vlan1005

[local]Redback(config)#port bvi vlan1000-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface vlan1000 xyz_Media
[local]Redback(config-port)#bridge name bridge-vlan1000 xyz_Media

[local]Redback(config)#port bvi vlan1005-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface vlan1005 xyz_Media
[local]Redback(config-port)#bridge name bridge-vlan1005 xyz_Media


[local]Redback(config)#context xyz_SG

[local]Redback(config-ctx)#bridge bridge-vlan1001
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1001 routed and bridged traffic

[local]Redback(config-ctx)#bridge bridge-vlan1006
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1006 routed and bridged traffic

[local]Redback(config-ctx)#interface vlan1001
[local]Redback(config-if)#ip address 10.1.12.1/28

[local]Redback(config-ctx)#interface bridge-vlan1001 bridge
[local]Redback(config-if)#bridge name bridge-vlan1001

[local]Redback(config-ctx)#interface bridge-vlan1006 bridge
[local]Redback(config-if)#bridge name bridge-vlan1006

[local]Redback(config)#port bvi vlan1001-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface vlan1001 xyz_SG
[local]Redback(config-port)#bridge name bridge-vlan1001 xyz_SG


[local]Redback(config)#port eth 1/2
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1000
[local]Redback(config-port)#bind interface bridge-vlan1000 xyz_Media
[local]Redback(config-port)#dot1q pvc 1001
[local]Redback(config-port)#bind interface bridge-vlan1001 xyz_SG

[local]Redback(config)#port eth 1/3
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1005
[local]Redback(config-port)#bind interface bridge-vlan1005 xyz_Media
[local]Redback(config-port)#dot1q pvc 1006
[local]Redback(config-port)#bind interface bridge-vlan1006 xyz_SG

[local]Redback(config)#port eth 1/4
[local]Redback(config-port)#bind interface bridge-vlan1000 xyz_Media

[local]Redback(config)#port eth 1/5
[local]Redback(config-port)#bind interface bridge-vlan1005 xyz_Media

[local]Redback(config)#port eth 1/6
[local]Redback(config-port)#bind interface bridge-vlan1000 xyz_Media

[local]Redback(config)#port eth 1/7
[local]Redback(config-port)#bind interface bridge-vlan1005 xyz_Media

The following example shows how to display the configuration for SE800-1 with the BVI ports configured in Figure 7

[local]Redback #show configuration
Building configuration...
!
!
!
service multiple-contexts
!
!
!
! Bridge global configuration
bridge profile bridge-trunk
trunk
!
!
context local
! 
no ip domain-lookup
!
!
interface mgmt
ip address 192.100.200.1/30
!
!
administrator ericsson encrypted 1 $1$........$pkQOTEaa71lkHs4fdhZxyz
privilege start 15
!
service telnet 
!
!
context xyz_Media   // Context for L2_Media_Gateway (voice payload)
! 
no ip domain-lookup
!
interface loop loopback
ip address 10.2.12.126/32
!
interface to-AR1_Nb     // To AR1 (PE)
ip address 20.4.100.250/30
!
interface to-CE2_Nb     // to CE2 for L3 LAG
ip address 10.2.12.245/30
!
interface vlan1000     // VRRP group for Vlan 1000
ip address 10.2.12.2/28
vrrp 1 backup
virtual-address 10.2.12.1
advertise-interval millisecond 100
priority 100
preempt hold-time 120
!
interface vlan1005     // VRRP group for Vlan 1005
ip address 10.2.12.130/28
vrrp 2 backup
virtual-address 10.2.12.129
advertise-interval millisecond 100
priority 90
preempt hold-time 120
!
interface bridge-vlan1000 bridge     // Bridge port for Vlan 1000
bridge name bridge-vlan1000
!
interface bridge-vlan1005 bridge     // Bridge port for Vlan 1005
bridge name bridge-vlan1005
no logging console
!
router ospf 1     // OSPF between CEs and AR1
fast-convergence
router-id 10.2.12.126
graceful-restart
area 0.0.0.0
interface vlan1000    // VRRP vlan1000 interface advertised in ospf
cost 10
passive
interface vlan1005    // VRRP vlan1005 interface advertised in ospf
cost 10
passive
interface loop
interface to-CE2_Nb     // L3 LAG interface to CE2
network-type point-to-point
cost 10
interface to-AR1_Nb     // interface to AR1
network-type point-to-point
hello-interval 1
cost 10
authentication md5 CE-AR
redistribute static route-map CE1-to-AR1_Nb 
!
ip prefix-list CE1-to-AR1_Nb
seq 10 permit 10.2.12.0/24 eq 24
!
route-map CE1-to-AR1_Nb permit 10
match ip address prefix-list CE1-to-AR1_Nb
!
key-chain CE-AR key-id 1
key-string encrypted C709B0E91B95E71666C3186385AF3XYZ
!
ip route 10.2.12.0/24 null0
service telnet  !
bridge bridge-vlan1000
bridge bridge-vlan1005
!
!
!
context xyz_SG         // Context for Signal
! 
no ip domain-lookup
!
interface loop loopback
ip address 10.1.12.126/32
!
interface to-AR1_SG     // Connection to AR1 (PE)
ip address 20.4.100.254/30
!
interface to-CE2_SG     // to CE2 for L3 LAG 
ip address 10.1.12.245/30
!
interface vlan1001     // Default Gateway for Vlan 1001
ip address 10.1.12.1/28
!
interface bridge-vlan1001 bridge     // Bridge port for vlan 1001
bridge name bridge-vlan1001
!
interface bridge-vlan1006 bridge     // Bridge port for vlan 1006
bridge name bridge-vlan1006
no logging console
!
router ospf 1     // OSPF between CEs and AR1
fast-convergence
router-id 10.1.12.126
graceful-restart
area 0.0.0.0
interface loop
interface vlan1001				// vlan1001 interface advertised in ospf
cost 10
passive
interface to-CE2_SG     // L3 LAG interface to CE2
network-type point-to-point
cost 10
interface to-AR1_SG     // interface to AR1
network-type point-to-point
hello-interval 1
cost 10
authentication md5 CE-AR
redistribute static route-map CE1-to-AR1_SG 
!
ip prefix-list CE1-to-AR1_SG
seq 10 permit 10.1.12.0/25 eq 25
!
route-map CE1-to-AR1_SG permit 10
match ip address prefix-list CE1-to-AR1_SG
!
ip route 10.1.12.0/25 null0
service telnet 
!
bridge bridge-vlan1001
bridge bridge-vlan1006
!
!
!
! ** End Context **
logging tdm console
logging active
logging standby 
!
!
link-group CE1-CE2 dot1q     // L2 & L3 LAG between CEs
dot1q pvc 10     // L3 interface for signal
bind interface to-CE2_Nb xyz_Media
!
dot1q pvc 20     // L3 interface for payload 
bind interface to-CE2_SG xyz_SG
!
dot1q pvc 1000     // L2 interface for payload 
bind interface bridge-vlan1000 xyz_Media
!
dot1q pvc 1005     // L2 interface for payload 
bind interface bridge-vlan1005 xyz_Media
!
dot1q pvc 1001     // L2 interface for signal 
bind interface bridge-vlan1001 xyz_SG
!
dot1q pvc 1006     // L2 interface for signal 
bind interface bridge-vlan1006 xyz_SG
!
!
card ge-10-port 1
!
port ethernet 1/1    // LAG to CE2
no shutdown
encapsulation dot1q
bridge profile bridge-trunk
link-group CE1-CE2
!
port ethernet 1/2    // To L2_Media_Gateway
no shutdown
encapsulation dot1q
dot1q pvc 1000 
bind interface bridge-vlan1000 xyz_Media
dot1q pvc 1001 
bind interface bridge-vlan1001 xyz_SG
!
port ethernet 1/3     // To L2_Media_Gateway 
no shutdown
encapsulation dot1q
dot1q pvc 1005 
bind interface bridge-vlan1005 xyz_Media
dot1q pvc 1006 
bind interface bridge-vlan1006 xyz_SG
!
port ethernet 1/4     // To L2_Media_Gateway 
no shutdown
bind interface bridge-vlan1000 xyz_Media
!
port ethernet 1/5     // To L2_Media_Gateway 
no shutdown
bind interface bridge-vlan1005 xyz_Media
!
port ethernet 1/6
description Not connect L2_Media_Gateway - 20080422
no shutdown
bind interface bridge-vlan1000 xyz_Media
!
port ethernet 1/7
description Not connect L2_Media_Gateway - 20080422
no shutdown
bind interface bridge-vlan1005 xyz_Media
!
card ge-10-port 2
!
port ethernet 2/1     // LAG to CE2
no shutdown
encapsulation dot1q
bridge profile bridge-trunk
link-group CE1-CE2
!
card ge-10-port 3
!
port ethernet 3/1     // LAG to CE2
no shutdown
encapsulation dot1q
bridge profile bridge-trunk
link-group CE1-CE2
!
port ethernet 3/2
no shutdown
!
port ethernet 3/3
no shutdown
!
port ethernet 3/4
no shutdown
!
port ethernet 3/5
no shutdown
!
port ethernet 3/10      // To AR1 with signal
no auto-negotiate
link-dampening up 65535 down 0
no shutdown
bind interface to-AR1_SG xyz_SG
!
!
port ethernet 7/1
! XCRP management ports on slot 7 and 8 are configured through 7/1
no shutdown
bind interface mgmt local
!
card oc48-1-port 9
!
port pos 9/1     // To AR1 with payload

framing sdh
alarm-report-only ais-p rdi-p
no shutdown
encapsulation ppp
bind interface to-AR1_Nb xyz_Media
!
! BVI PORT global configuration
!
port bvi vlan1000-bvi     // BVI port for vlan 1000
no shutdown
bind interface vlan1000 xyz_Media
bridge name  bridge-vlan1000 xyz_Media
!
port bvi vlan1005-bvi     // BVI port for vlan 1005
no shutdown
bind interface vlan1005 xyz_Media
bridge name  bridge-vlan1005 xyz_Media
!
port bvi vlan1001-bvi     // BVI port for vlan 1001
no shutdown
bind interface vlan1001 xyz_SG
bridge name  bridge-vlan1001 xyz_SG
!
!
system hostname CQBB-PS-SX-CE01-SE800
no timeout session idle
!
no service console-break
!
service crash-dump-dram
!
no service auto-system-recovery
!
end
[local]Redback

The following example shows how to implement the BVI port configuration in Figure 7 for SE800-2:

[local]Redback(config)#context xyz_Media

[local]Redback(config-ctx)#bridge bridge-vlan1000
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1000 routed and bridged traffic

[local]Redback(config-ctx)#bridge bridge-vlan1005
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1005 routed and bridged traffic

[local]Redback(config-ctx)#interface vlan1000
[local]Redback(config-if)#ip address 10.2.12.3/28

[local]Redback(config-ctx)#interface bridge-vlan1000 bridge
[local]Redback(config-if)#bridge name bridge-vlan1000

[local]Redback(config-ctx)#interface vlan1005
[local]Redback(config-if)#ip address 10.2.12.131/28

[local]Redback(config-ctx)#interface bridge-vlan1005 bridge
[local]Redback(config-if)#bridge name bridge-vlan1005

[local]Redback(config)#port bvi vlan1000-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface vlan1000 xyz_Media
[local]Redback(config-port)#bridge name bridge-vlan1000 xyz_Media

[local]Redback(config)#port bvi vlan1005-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface vlan1005 xyz_Media
[local]Redback(config-port)#bridge name bridge-vlan1005 xyz_Media


[local]Redback(config)#context xyz_SG

[local]Redback(config-ctx)#bridge bridge-vlan1001
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1001 routed and bridged traffic

[local]Redback(config-ctx)#bridge bridge-vlan1006
[local]Redback(config-bridge)#description Bridge for BVI to support 
vlan1006 routed and bridged traffic

[local]Redback(config-ctx)#interface vlan1006
[local]Redback(config-if)#ip address 10.1.12.129/28

[local]Redback(config-ctx)#interface bridge-vlan1001 bridge
[local]Redback(config-if)#bridge name bridge-vlan1001

[local]Redback(config-ctx)#interface bridge-vlan1006 bridge
[local]Redback(config-if)#bridge name bridge-vlan1006

[local]Redback(config)#port bvi vlan1006-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface vlan1006 xyz_SG
[local]Redback(config-port)#bridge name bridge-vlan1006 xyz_SG


[local]Redback(config)#port eth 1/2
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1000
[local]Redback(config-port)#bind interface bridge-vlan1000 xyz_Media
[local]Redback(config-port)#dot1q pvc 1001
[local]Redback(config-port)#bind interface bridge-vlan1001 xyz_SG

[local]Redback(config)#port eth 1/3
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1005
[local]Redback(config-port)#bind interface bridge-vlan1005 xyz_Media
[local]Redback(config-port)#dot1q pvc 1006
[local]Redback(config-port)#bind interface bridge-vlan1006 xyz_SG

[local]Redback(config)#port eth 1/4
[local]Redback(config-port)#bind interface bridge-vlan1000 xyz_Media

[local]Redback(config)#port eth 1/5
[local]Redback(config-port)#bind interface bridge-vlan1005 xyz_Media

[local]Redback(config)#port eth 1/6
[local]Redback(config-port)#bind interface bridge-vlan1000 xyz_Media

[local]Redback(config)#port eth 1/7
[local]Redback(config-port)#bind interface bridge-vlan1005 xyz_Media

The following example shows how to display the configuration for SE800-2 with the BVI ports configured in Figure 7

[local]Redback #show configuration

Building configuration...
!
!
!
service multiple-contexts
!
! 
!
! Bridge global configuration
bridge profile bridge-trunk
trunk
!
!
!
!
context local
! 
no ip domain-lookup
!
!
interface mgmt
ip address 192.100.200.1/30
!
!
administrator ericsson encrypted 1 $1$........$pkQOTEaa71lkHs4fdhZxyz
privilege start 15
!
service telnet

!
!
context xyz_Media
! 
no ip domain-lookup
!
interface loop loopback
ip address 10.2.12.127/32
!
interface to-AR2_Nb
ip address 20.4.101.250/30
!
interface to-CE1_Nb
ip address 10.2.12.246/30
!
interface vlan1000
ip address 10.2.12.3/28
vrrp 1 backup
virtual-address 10.2.12.1
advertise-interval millisecond 100
priority 90
preempt hold-time 120
!
interface vlan1005
ip address 10.2.12.131/28
vrrp 2 backup
virtual-address 10.2.12.129
advertise-interval millisecond 100
priority 100
preempt hold-time 120
!
interface bridge-vlan1000 bridge
bridge name bridge-vlan1000
!
interface bridge-vlan1005 bridge
bridge name bridge-vlan1005
no logging console
!
router ospf 1
fast-convergence
router-id 10.2.12.127
area 0.0.0.0
interface vlan1000
cost 10
passive
interface vlan1005
cost 10
passive
interface loop
interface to-CE1_Nb
network-type point-to-point
cost 10
interface to-AR2_Nb
network-type point-to-point
hello-interval 1
router-dead-interval 4
cost 10
authentication md5 CE-AR
redistribute static metric-type 1 route-map CE2-to-AR2_Nb 
!
ip prefix-list CE2-to-AR2_Nb
seq 10 permit 10.2.12.0/24 eq 24
!
route-map CE2-to-AR2_Nb permit 10
match ip address prefix-list CE2-to-AR2_Nb
!
key-chain CE-AR key-id 1
key-string encrypted C709B0E91B95E71666C3186385AF3XYZ
!
ip route 10.2.12.0/24 null0
service telnet 
!
bridge bridge-vlan1000
bridge bridge-vlan1005
!
!
!
context xyz_SG
! 
no ip domain-lookup
!
interface loop loopback
ip address 10.1.12.127/32
!
interface to-AR2_SG
ip address 20.4.101.254/30
!
interface to-CE1_SG
ip address 10.1.12.246/30
!
interface vlan1006
ip address 10.1.12.129/28
!
interface bridge-vlan1001 bridge
bridge name bridge-vlan1001
!
interface bridge-vlan1006 bridge
bridge name bridge-vlan1006
no logging console
!
router ospf 1
fast-convergence
router-id 10.1.12.127
graceful-restart
area 0.0.0.0
interface loop
interface vlan1006
cost 10
passive
interface to-CE1_SG
network-type point-to-point
cost 10
interface to-AR2_SG
network-type point-to-point
hello-interval 1
router-dead-interval 4
cost 10
authentication md5 CE-AR
redistribute static metric-type 1 route-map CE2-to-AR2_SG 
!
ip prefix-list CE2-to-AR2_SG
seq 10 permit 10.1.12.128/25 eq 25
!
route-map CE2-to-AR2_SG permit 10
match ip address prefix-list CE2-to-AR2_SG
!
key-chain CE-AR key-id 1
key-string encrypted C709B0E91B95E71666C3186385AF3XYZ
!
ip route 10.1.12.128/25 null0
service telnet 
!
bridge bridge-vlan1001
bridge bridge-vlan1006
!
!
!
! ** End Context **
logging tdm console
logging active
logging standby short
!
!
link-group CE1-CE2 dot1q
dot1q pvc 10
bind interface to-CE1_Nb xyz_Media
!
dot1q pvc 20
bind interface to-CE1_SG xyz_SG
!
dot1q pvc 1000
bind interface bridge-vlan1000 xyz_Media
!
dot1q pvc 1005
bind interface bridge-vlan1005 xyz_Media
!
dot1q pvc 1001
bind interface bridge-vlan1001 xyz_SG
!
dot1q pvc 1006
bind interface bridge-vlan1006 xyz_SG
!
!
card ge-10-port 1
!
port ethernet 1/1
description to-CE1-ge1/1
no shutdown
encapsulation dot1q
bridge profile bridge-trunk
link-group CE1-CE2
!
port ethernet 1/2
description to-GM101-MM1-19-2
no shutdown
encapsulation dot1q
dot1q pvc 1000 
bind interface bridge-vlan1000 xyz_Media
dot1q pvc 1001 
bind interface bridge-vlan1001 xyz_SG
!
port ethernet 1/3
description to-GM101-MM1-20-1
no shutdown
encapsulation dot1q
dot1q pvc 1005 
bind interface bridge-vlan1005 xyz_Media
dot1q pvc 1006 
bind interface bridge-vlan1006 xyz_SG
!
port ethernet 1/4
description to-GM101-MM2-19-2
no shutdown
bind interface bridge-vlan1000 xyz_Media
!
port ethernet 1/5
description to-GM101-MM2-20-1
no shutdown
bind interface bridge-vlan1005 xyz_Media
!
port ethernet 1/6
description Not connect L2_Media_Gateway - 20080422
no shutdown
bind interface bridge-vlan1000 xyz_Media
!
port ethernet 1/7
description Not connect L2_Media_Gateway - 20080422
no shutdown
bind interface bridge-vlan1005 xyz_Media
!
card ge-10-port 2
!
port ethernet 2/1
description to-CE1-ge2/1
no shutdown
encapsulation dot1q
bridge profile bridge-trunk
link-group CE1-CE2
!
card ge-10-port 3
!
port ethernet 3/1
description to-CE1-ge3/1
no shutdown
encapsulation dot1q
bridge profile bridge-trunk
link-group CE1-CE2
!
port ethernet 3/2
description to-port 3/3
no shutdown
!
port ethernet 3/3
description to-port 3/2
no shutdown
!
port ethernet 3/4
description to-port 3/5
no shutdown
!
port ethernet 3/5
description to-port 3/4
no shutdown
!
port ethernet 3/10
description to-AR2_SG
no auto-negotiate
link-dampening up 65535 down 0
no shutdown
bind interface to-AR2_SG xyz_SG
!
!
port ethernet 7/1
! XCRP management ports on slot 7 and 8 are configured through 7/1
no shutdown
bind interface mgmt local
!
card oc48-1-port 9
!
port pos 9/1
description to-AR2_Nb
link-dampening up 65535 down 0
framing sdh
alarm-report-only ais-p rdi-p
no shutdown
encapsulation ppp
bind interface to-AR2_Nb xyz_Media
!
! BVI PORT global configuration
!
port bvi vlan1000-bvi
no shutdown
bind interface vlan1000 xyz_Media
bridge name  bridge-vlan1000 xyz_Media
!
port bvi vlan1005-bvi
no shutdown
bind interface vlan1005 xyz_Media
bridge name  bridge-vlan1005 xyz_Media
!
port bvi vlan1006-bvi
no shutdown
bind interface vlan1006 
bridge name  bridge-vlan1006 xyz_SG
!
!
system hostname CQBB-PS-SX-CE02-SE800
no timeout session idle
!
no service console-break
!
service crash-dump-dram
!
no service auto-system-recovery
!
end
[local]Redback #

1.3   Rate Limiting Using a Bridge Profile

By default, all inbound bridge traffic is limited by the rate and burst size imposed by the configuration of the port or circuit to which you assign the bridge profile. However, you can apply rate limiting for certain classes of traffic on the bridge, using the bridge profile:

For each traffic class, you can specify a maximum rate and burst size. The system accepts packets of a bridge traffic class that conform to that traffic class rate and burst size without further action; it drops packets that do not conform. See Figure 8.

Figure 8   Bridge Profile Rate Limiting

Note:  
If a quality of service (QoS) policy (or policies) is attached to the port or circuit to which the bridge profile is assigned, and that QoS policy includes rate limiting, that QoS rate limiting is applied to the traffic on the port or circuit after the broadcast, multicast, or unknown frame rate limiting. Packets dropped by the broadcast, multicast, or unknown frame rate limiting are not applied against the QoS rate limiting policy.

1.4   BPDU Filtering

The SmartEdge router can filter bridge protocol data units (BPDUs) on Ethernet ports, 802.1Q PVCs, and 802.1Q PVCs in 802.1Q tunnels.

BPDUs can be filtered in either of the following ways:

You can apply BPDU filtering to the following:

The following restrictions apply:

1.5   BPDU Queuing

The SmartEdge router can now map incoming BPDUs on Ethernet ports, 802.1Q PVCs, and 802.1Q PVCs within 802.1Q tunnels to internal prioritized queues. This mapping takes precedence over other circuit marking.

This feature applies to both IEEE BPDUs and Cisco proprietary Per VLAN Spanning Tree Plus (PVST+) BPDUs.

You can apply BPDU queuing to the following:

The following restrictions apply:

This bpdu priority command sets the priority of the incoming Spanning Tree BPDUs. The queuing of incoming packets is determined by their assigned priority. The range of values for the priority argument is 0 to 7, where 0 is the highest priority and 7 is the lowest priority.

1.6   Troubleshooting Problems in a Bridging Domain

To troubleshoot problems in a bridging domain, the operating system supports the ping cpe and ping arp commands, which allow you to perform the following tasks:

Use the ping cpe command to resolve the MAC address, detect duplicate IP addresses in the system, and test the data path by sending Internet Control Message Protocol (ICMP) echo requests to the customer premises equipment (CPE). After you initiate the ping cpe command from your provider edge (PE) router, the following operations occur:

  1. An Address Resolution Protocol (ARP) request is broadcast in the Layer 2 (L2) bridging domain.
  2. The CPE sends an ARP response back to the PE. The ARP response contains the MAC address of the CPE. The PE uses the CPE MAC address in the ARP response to generate an ICMP echo request message that is sent to the CPE.

    If multiple hosts reply to the ARP request, the ping is aborted, indicating that duplicate IP addresses exist in the system.

  3. An ICMP echo reply message is processed by the PE and the round-trip time (RTT) is logged.
Note:  
The ping cpe command does not detect duplicate MAC addresses. To detect duplicate MAC addresses, use the feature described in IEEE P802.1ag, Connectivity Fault Management (CFM).

The ping arp command can also be used to resolve the MAC address and to detect duplicate IP addresses in the system. However, the ping arp command does not send ICMP echo requests to the CPE.

Note:  
We recommend using the ping arp and ping cpe commands in a pure L2 network in which the CPE is an L3 device. If the L3 device acts as an ARP proxy for a host that is not directly connected to the SmartEdge router, the ping still works but is routed over the customer network and the bridging domain.

To discover and troubleshoot the location of an IP host, you must first determine the PE that is connected to the CPE to which the IP host is connected. Use the ping mpls mac-address command to display information about the ACs on the remote PE that is connected to the CPE. Include the trace keyword in the ping mpls mac-address command to display information about the path that connects the CPE to the PE in the command output. Before executing the ping mpls mac-address command, use the ping arp command to ensure that the MAC address of the CPE has been learned by the bridge.

Note:  
The ping mpls mac-address command operates over PWs only. If the IP host is attached to the CPE through other devices, further tracing is not possible.

Consider the following restrictions before using the ping cpe or ping arp command to troubleshoot problems in a bridging domain:

2   Configuration and Operations Tasks

This section describes how to configure bridging and perform operation tasks on bridges.

2.1   Configuration Guidelines

The following guidelines apply when configuring bridging:

2.2   Bridging Step-by-Step Configuration Procedures

To configure bridging, perform the tasks described in the following sections:

2.2.1   Create a Named Bridge

To enable bridging in a context, create a named bridge by performing the tasks described in Table 1. More than one bridge can be created in any context.

Also see Two Named Bridges: Example and Configure a Bridged Interface.

Table 1    Configure a Bridge
 

Task

Root Command

Notes

1.

Create a bridge and access bridge configuration mode.

bridge

Enter this command in context configuration mode.

2.

Specify bridge attributes:

 
 

Specify the aging time for inactive learned MAC addresses, after which they are dropped.

aging-time

 

Set an alias for the bridge MAC address

bridge-mac-address

 

Specify the type of bridge.

bridge-only

This is the only option for this release and is the default.

Associate a description with the bridge.

description (bridge)

 

Enable or disable the learning of MAC addresses.

learning

The default value is learning.

Enable detection of bridging loops based on counting MAC moves within the bridge.

loop-detection

See Configure Mac Moves Loop Detection Attributes in a Bridge.

Specify one or more MAC addresses for which packets are dropped.

mac-entry

Enter this command for each MAC address that is not allowed on this bridge.

Configure the VPLS bridging attributes.

vpls

See Configuring VPLS for information on this command.

Enable RSTP for the bridge.

spanning-tree (bridge)

See Configure the Rapid Spanning Tree Protocol Attributes in a Bridge.

2.2.2   Configure Mac Moves Loop Detection Attributes in a Bridge

Table 2 shows how to configure a bridge for the detection and prevention of bridging loops using the MAC moves method.

Bridging loops are broken in the MAC moves method by determining the MAC moves and the rates at which they are occurring. If the rate exceeds a configured threshold, a circuit in the bridge is blocked to break the loop. The following types of ports and circuits can be configured for loop detection using this method:

MAC moves loop detection is not supported on link access groups or cross-connected circuits.

Table 2    Configure MAC Moves Loop Detection
 

Task

Root Command

Notes

1.

Enable detection of bridging loops based on counting MAC moves within the bridge. Also enable configuration of the loop-detection attributes.

loop-detection

bridge configuration mode. This step is part of the overall configuration of a bridge.

2.

Specify the following loop-detection attributes:

 
 

Configure the amount of time over which MAC moves frequency is averaged.

interval

loop-detection mode

Set the initial time a circuit remains blocked after a bridging loop is detected.

block-time

loop-detection mode

Set the threshold above which a bridging loop is declared.

move-frequency

loop-detection mode

3.

Enable the configuration of the MAC moves loop-detection circuits priority.

loop-detection

bridge profile configuration mode. This step is part of the overall configuration of a bridge profile.

4.

Set the priority of loop-prevention blocking on the assigned circuits.

priority (loop-detection)

loop-detection profile mode

2.2.3   Configure the Rapid Spanning Tree Protocol Attributes in a Bridge

Table 3 shows how to configure a bridge for the Rapid Spanning Tree Protocol. Enter all commands in the spanning-tree configuration mode, unless otherwise noted:

Table 3    Configure RSTP Attributes
 

Task

Root Command

Notes

1.

Access spanning-tree configuration mode for the current bridge in the current context.

spanning-tree (bridge)

Enter this command in bridge configuration mode. RSTP is not supported over ATM.

2.

Specify RSTP attributes:

 
 

Set the maximum allowed average rate and burst rate of received bridge protocol data units (BPDUs).

bpdu rate-limit

 

Set forward delay time.

forward-delay

 

Set group MAC address (destination address field in BPDUs).

group-mac-address

The source address is the MAC address of the SmartEdge router controller card.

Set the interval between sending BPDUs (Spanning Tree Protocol Hellos).

hello-interval (spanning-tree)

 

Set the maximum age of received BPDUs.

max-age

 

Set the bridge priority.

priority (spanning-tree)

 

3.

Controls the Spanning Tree Protocol process on the bridge.

no shutdown (Spanning Tree)

The default state is no shutdown.

4.

Set transmit hold count.

transmit-hold count

 

2.2.4   Configure a Bridged Interface

To enable bridging on an interface, perform the tasks described in Table 4. See Bridged Interface: Example for additional information.

Table 4    Configure a Bridged Interface
 

Task

Root Command

Notes

1.

Create a bridged interface and access the interface configuration mode.

interface

Enter this command in context configuration mode. Specify the bridge keyword.

For more information about this command and other interface attributes, see Configuring Contexts and Interfaces.

2.

Associate it with a bridge.

bridge

 

2.2.5   Configure a Bridge Profile

Table 5 describes how to create a bridge profile. Bridge profiles are assigned to ports and circuits that are bound to bridged interfaces (see tables). Bridge profiles are also assigned to subscribers that are associated with bridges (see table).

Enter all commands in Table 5 in bridge profile configuration mode, unless otherwise noted.

Table 5    Configure a Bridge Profile
 

Task

Root Command

Notes

1.

Create a named or default bridge profile and access bridge profile configuration mode.

bridge profile

Enter this command in global configuration mode.

2.

Specify bridge profile attributes (step 3 through step 13).

Unless otherwise specified enter these commands in bridge profile configuration mode.

   

3.

Sets the priority of the incoming BPDUs on the port or circuit to which you assign this bridge profile.

bpdu priority

 

4.

Specify the filtering of received BPDUs on the port or circuit to which you assign this bridge profile.

bpdu

The bpdu command options follow:

  • bpdu deny — Drop all received BPDUs, and pass all other received traffic.

  • no bpdu deny — Pass all received BPDUs.

  • bpdu allow-only — Pass all received BPDUs and drop all other received traffic.

  • no bpdu allow-only — Pass all non-BPDU received traffic.

5.

Create a filter that drops incoming packets when their source MAC address matches any entry in the MAC list. This command also enters the mac-list configuration mode in which MAC addresses in this list are specified.

mac-list

Enter this command in global configuration mode.

6.

Include the MAC-list filter criteria in the current bridge profile.

drop source

The MAC-list is used as a filter that causes incoming packets with source MAC addresses matching the list to be dropped.

7.

Specify the type of bridged circuit.

trunk

The default type is tributary.

8.

Specify whether MAC addresses are restricted for the port, circuit, or VPLS pseudowire circuit to which you assign this bridge profile.

restricted

The default value is unrestricted.

9.

Specify the maximum number of dynamic MAC addresses for the port, circuit, or VPLS pseudowire circuit to which you assign this bridge profile.

mac-limit

The default value is unlimited if the circuit type is trunk; the default value is 4 if the circuit type is tributary.

10.

Set the rate and burst tolerance for broadcast traffic on any port, circuit, or VPLS pseudowire circuit to which you assign this bridge profile.

broadcast rate-limit

 

11.

Set the rate and burst tolerance for multicast traffic on any port, circuit, or VPLS pseudowire circuit to which you assign this bridge profile.

multicast rate-limit

 

12.

Set the rate and burst tolerance for traffic to unknown destinations on any port, circuit, or VPLS pseudowire circuit to which you assign this bridge profile.

unknown-dest rate-limit

 

13.

Enable the configuration of the MAC moves loop-detection circuits priority.

loop-detection

bridge profile configuration mode. This step is part of the overall configuration of a bridge profile.

Set the priority of loop-prevention blocking on the assigned circuits.

priority (loop-detection)

loop-detection profile mode

Note:  
For more information about pseudowire circuits, see Configuring VPLS.

2.2.6   Configure a Spanning Tree Profile

Table 6 describes how to create a spanning-tree profile. Spanning-tree profiles are assigned to ports and circuits that are bound to bridged interfaces (see tables).

Enter all commands in Table 6 in spanning-tree profile configuration mode, unless otherwise noted.

Table 6    Configure RSTP Profile
 

Task

Root Command

Notes

1.

Create a spanning-tree profile and enter the spanning-tree profile configuration mode.

spanning-tree profile

Enter this command in the global configuration mode.

2.

Specify spanning-tree profile attributes:

 
 

Set the Rapid Spanning Tree Protocol (RSTP) cost of the assigned port.

cost (spanning-tree)

Also called the Spanning Tree Protocol “port cost.”

3.

Set the associated port as a Rapid Spanning Tree Protocol (RSTP) edge port.

edge-port

 

4.

Enable sending Bridge Protocol Data Units (BPDUs) to the group MAC address.

l2protocol-tunnel

If Layer 2 Protocol tunnel is enabled, the SmartEdge router can send BPDUs directly to external customer edge (equipment) and allow the SmartEdge router to participate in the customer’s spanning-tree domain.

5.

Treat the associated port as always connected to a point-to-point link.

p2p-port

 

6.

Set the spanning-tree priority of the assigned port.

port-priority

 

2.2.7   Configure a Bridged Ethernet Port

To configure a bridged Ethernet port, perform the tasks described in Table 7.

Table 7    Configure a Bridged Ethernet Port
 

Task

Root Command

Notes

1.

Select the Ethernet port and enter port configuration mode.

port ethernet

Enter this command in global configuration mode.

2.

Assign a bridge profile.

bridge profile

The default bridge profile is assigned automatically if you do not enter this command.

3.

Specify bridge attributes for the port:

 
 

Specify the MTU.

mtu

All ports bound to the same bridged interface must have the same MTU.

Specify the static MAC addresses.

bridge mac-entry

Enter this command for the MAC address of each station known to be on this port. The bridge dynamically learns the addresses of other stations as they connect to the port.

4.

Bind the port to an existing bridged interface in an existing context.

bind interface

 

5.

Assign a spanning-tree profile.

spanning-tree profile

See Table 6.


 Caution! 
Risk of data loss. Inbound packets can be dropped without warning if the maximum transmission unit (MTU) of the port with the outbound circuit is not as large as the MTU of the port with the inbound circuit. To reduce the risk, always configure every port with circuits bound to a bridged interface with the same MTU value.
Note:  
Configuration commands for other port attributes are not included in Table 7. For information about configuring Ethernet ports, see Configuring ATM, Ethernet, and POS Ports.

2.2.8   Configure a Bridged 802.1Q PVC

To configure a bridged 802.1Q PVC, perform the tasks described in Table 8.

Table 8    Configure a Bridged 802.1Q PVC
 

Task

Root Command

Notes

1.

Select the Ethernet port and access port configuration mode.

port ethernet

Enter this command in global configuration mode.

2.

Specify 802.1Q encapsulation for the Ethernet port.

encapsulation

 

3.

Specify the MTU.

mtu

All circuits bound to the same bridged interface must have the same MTU configured for their parent ports.

4.

Create an 802.1Q PVC and access dot1q PVC configuration mode.

dot1q pvc

Enter this command in port configuration mode.

5.

Propagate Ethernet 802.1p user priority bits to IP Differentiated Services Code Point (DSCP) bits.

propagate qos from ethernet

Enter these commands in dot1q profile configuration mode. For more information, see Configuring Circuits for QoS.

6.

Propagate IP Differentiated Services Code Point (DSCP) bits to Ethernet 802.1p user priority bits.

propagate qos to ethernet

 

7.

Assign a bridge profile.

bridge profile

Enter this command in dot1q PCV configuration mode.

8.

Specify the static MAC addresses.

bridge mac-entry

Enter this command for the MAC address of each station known to be on this PVC. The bridge dynamically learns the addresses of other stations as they connect to the PVC.

9.

Bind the circuit to an existing bridged interface with one of the following tasks:

 
 

Create a static binding to an interface.

bind interface

Enter this command in dot1q PCV configuration mode.

Create a static binding through a subscriber record to an interface.

bind subscriber

Enter this command in dot1q PCV configuration mode.

10.

Assign a spanning-tree profile.

spanning-tree profile

See Table 6.


 Caution! 
Risk of data loss. Inbound packets can be dropped without warning if the maximum transmission unit (MTU) of the port with the outbound circuit is not as large as the MTU of the port with the inbound circuit. To reduce the risk, always configure every port with circuits bound to a bridged interface with the same MTU value.
Note:  
Configuration commands for other 802.1Q circuit attributes are not included in Table 8. For information about configuring 802.1Q PVCs, see Configuring Circuits.

2.2.9   Configure a Bridged ATM PVC

To configure a bridged ATM PVC, perform the tasks described in Table 9.

Table 9    Configure a Bridged ATM PVC
 

Task

Root Command

Notes

1.

Select the ATM port and access ATM OC or ATM DS-3 configuration mode.

port atm

Enter this command in global configuration mode.

2.

Specify the MTU.

mtu

All circuits bound to the same bridged interface must have the same MTU configured for their parent ports.

3.

Create the ATM PVC and access ATM PVC configuration mode.

atm pvc

Specify the bridge1483 keyword for the encapsulation.

4.

Assign a bridge profile.

bridge profile

 

5.

Specify the static MAC addresses.

bridge mac-entry

Enter this command for the MAC address of each station known to be on this PVC. The bridge dynamically learns the addresses of other stations as they connect to the PVC.

6.

Bind the ATM PVC to an existing bridged interface with one of the following tasks:

 
 

Create a static binding to an existing bridged interface.

bind interface

 

Create a static binding through a subscriber record to an existing bridged interface.

bind subscriber

 

 Caution! 
Risk of data loss. Inbound packets can be dropped without warning if the maximum transmission unit (MTU) of the port with the outbound circuit is not as large as the MTU of the port with the inbound circuit. To reduce the risk, always configure every port with circuits bound to a bridged interface with the same MTU value.
Note:  
Configuration commands for other ATM PVC attributes are not included in Table 9. For information about configuring ATM PVCs, see Configuring Circuits.

2.2.10   Configure a Bridged Link Group

You can create 802.1Q, Ethernet, or access link groups that aggregate bridge interfaces. Although the configuration of these three link groups differ, they all share the tasks described in Table 10 relevant to bridge interfaces.

Table 10    Configure a Bridged Link Group
 

Task

Root Command

Notes

1.

Select the link group and enter link group configuration mode.

link-group

Enter this command in global configuration mode.

2.

Assign a bridge profile.

bridge profile

The default bridge profile is assigned automatically if you do not enter this command.

3.

Specify the MTU.

mtu

All ports bound to the same bridge interface must have the same MTU.

4.

Specify the static MAC addresses.

bridge mac-entry

Enter this command for the MAC address of each station known to be on this link group. The bridge dynamically learns the addresses of other stations as they connect to the link group.

5.

Bind the link group to an existing bridged interface in an existing context.

bind interface

 

6.

Assign a spanning-tree profile.

spanning-tree profile

See Table 6.

The following sections in Configuring Link Aggregation describe the full configuration of Ethernet, 802.1Q, and access link groups:


 Caution! 
Risk of data loss. Inbound packets can be dropped without warning if the maximum transmission unit (MTU) of the port with the outbound circuit is not as large as the MTU of the port with the inbound circuit. To reduce the risk, always configure every port with circuits bound to a bridged interface with the same MTU value.
Note:  
Configuration commands for other port attributes are not included in Table 7. For information about configuring Ethernet ports, see Configuring ATM, Ethernet, and POS Ports.

2.2.11   Configure a Bridged Subscriber

To configure a subscriber record, named profile, or default profile for bridging, perform the tasks described in Table 11. Also see Bridged Subscriber Profile and Subscriber Record: Example.

Table 11    Configure a Bridged Subscriber
 

Task

Root Command

Notes

1.

Create the subscriber record, named profile, or default profile and access subscriber configuration mode.

subscriber

Enter this command in context configuration mode. For more information about this command, see Configuring Subscribers.

2.

Assign a bridge profile to be used by the circuit on which the subscriber session occurs.

bridge profile

 

3.

Associate it with an existing bridge.

bridge

 
Note:  
Configuration commands for other subscriber attributes are not included in Table 11. For information about configuring subscribers, see Configuring Subscribers.

2.2.12   Configure a Bridged Virtual Interface Port

To configure a bridged virtual interface port, perform the tasks described in Table 12 and see Bridged Virtual Interface Port: Example. The configured BVI port supports routing on Network Layer 3 and bridging on Link Layer 2 at the same time using one instead of two ports.

Table 12    Configure a Bridged Virtual Interface Port
 

Task

Root Command

Notes

1.

Create the BVI port.

port bvi

Enter this command in port configuration mode.

2.

Control the BVI port.

no shutdown

For more information about this command, see the Command List.

3.

Bind it to an existing interface with an existing BVI context.

bind interface

For more information about this command, see the Command List.

4.

Associate it to an existing bridge group that is configured without VPLS bridging attributes.

bridgename

 
Note:  
Configuration commands for other attributes are not included in Table 12. For information about binding, see Configuring Bindings.

2.3   Validating IP Host Connectivity

To discover and troubleshoot the IP address of a CPE, detect duplicate IP addresses, and send ICMP echo requests to the CPE, perform the tasks described in Table 13.

Table 13    Validating IP Host Connectivity

Task

Root Command

Notes

Ping a particular CPE to resolve the MAC address, detect duplicate IP addresses in the system, and test the data path by sending ICMP echo requests to the CPE.

ping cpe [number-of-pings] dest-ip-address source-ip-address bridge bridge-name[context context_name] [options]

Include the optional number-of-pings argument to specify the number of pings to transmit. The default number of pings transmitted is 5.

Replace the dest-ip-address argument with the IP address of the CPE you want to ping.

Replace the source-ip-address argument with an unused IP address from the same subnet as the destination IP address.

Replace the bridge-name argument with the name of the bridge that you want to ping.

Include the optional context context_name construct in the ping cpe command if you want to ping a bridge that exists in a different context.

Include any of the optional constructs, keywords, and arguments to configure various ping options as desired.

If the ping is successful, various statistics and configuration information are displayed for the specified CPE.

To validate that ARP is operational and resolve the MAC address of an IP host on a CPE, perform the tasks described in Table 14.

Table 14    Resolving the MAC Address of an IP Host on a CPE

Task

Root Command

Notes

Ping a particular CPE over a bridge by initiating an ARP request from the PE to all access circuits (ACs) and PWs that are configured on the bridge.

ping arp dest-ip-address bridge bridge-name [context context_name] source-ip-address [options]

Use the ping arp command to resolve the MAC address and to detect duplicate IP addresses in the system.

Replace the dest-ip-address argument with the IP address of the CPE you want to ping.

Replace the source-ip-address argument with an unused IP address from the same subnet as the destination IP address.

Replace the bridge-name argument with the name of the bridge that you want to ping.

Include the optional context context_name construct in the ping cpe command if you want to ping a bridge that exists in a different context.

Include any of the optional constructs, keywords, and arguments to configure various ping options as desired.

If the ping is successful, various statistics and configuration information about all access circuits (ACs) and PWs that are configured between the source PE and the destination CPE are displayed.

2.4   Bridge Operations

To monitor and administer bridges, perform the tasks listed in Table 15. Enter the clear commands in exec mode; enter the show commands in any mode.

Table 15    Bridge Operations

Task

Root Command

Unblock all circuits blocked by MAC moves loop detection and clear all MAC moves loop-detection counters.

clear bridge loop-detection

Clear the bridge table for a specified bridge.

clear bridge table

Disable MAC moves loop detection on the specified circuit.

clear circuit loop-detection

Enable the generation of debug messages for bridge-related events and entities.

ip arp

Clear the spanning-tree counters for the bridge instance.

clear spanning-tree

Clear the spanning-tree counters for the specified circuits on the bridge.

clear spanning-tree circuit

Display bridge profile circuit assignments.

show bridge associations

Display bridge binding information.

show bridge bindings

Display information for configured bridges.

show bridge info

Display the MAC moves loop-detection status of the specified bridge.

show bridge loop-detection

Display information for configured bridge profiles.

show bridge profile

Display statistics for one or more bridges.

show bridge statistics

Display the bridge forwarding table for one or more bridges.

show bridge table

Display the bridge forwarding table for one or more bridges that know the specified MAC address.

show bridge table mac-entry

Display the bridge forwarding table for one or more bridges with the specified circuit type.

show bridge table type

Display the loop-detection priority of the specified circuit and its current state.

show circuit loop-detection

Display spanning-tree information for the bridge instance.

show spanning-tree

Display spanning-tree information for specific circuits on the bridge.

show spanning-tree circuit

3   Configuration Examples

The examples in this section provide partial command samples to illustrate the configuration of ATM and Ethernet tributary and trunk circuits for ISP1 in Figure 1 and Figure 2; only the commands specifically needed for bridging are included.

3.1   Two Named Bridges: Example

The following example shows how to create a context and two bridges with default attributes, except for those configured. The second bridge, isp3, is enabled for the Rapid Spanning Tree Protocol:

[local]Redback(config)#context bridge
[local]Redback(config-ctx)#bridge isp1
[local]Redback(config-bridge)#description Bridge for all traffic to ISP1
[local]Redback(config-bridge)#aging-time 18000

[local]Redback(config-ctx)#bridge isp3
[local]Redback(config-bridge)#description Bridge for all traffic to ISP3
[local]Redback(config-bridge)#aging-time 18000
[local]Redback(config-bridge)#spanning-tree
[local]Redback(config-bridge-stp)#priority 8192

3.2   Bridged Interface: Example

The following example shows how to create a bridged interface for each ISP and associates it with the bridge for that ISP:

[local]Redback(config)#context bridge
[local]Redback(config-ctx)#interface if-isp1 bridge
[local]Redback(config-if)#bridge name isp1
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface if-isp3 bridge
[local]Redback(config-if)#bridge name isp3

3.3   Bridge Profile: Example

The following example shows how to create a bridge profile for a restricted trunk (network-facing) circuit:

[local]Redback(config)#bridge profile prof-isp-trunk
[local]Redback(config-bridge-profile)#mac-limit 10
[local]Redback(config-bridge-profile)#restricted
[local]Redback(config-bridge-profile)#trunk

The following example shows how to create a bridge profile for an unrestricted tributary (access-facing) circuit:

[local]Redback(config)#bridge profile prof-sub-isp-trib
[local]Redback(config-bridge-profile)#mac-limit 10
[local]Redback(config-bridge-profile)#no trunk

3.4   Spanning Tree Profile: Example

The following example illustrates how the spanning-tree profile command creates the womp spanning-tree profile and sets its cost to 5000. In the second part of the example, an Ethernet port is assigned the womp spanning-tree profile and, therefore, the spanning-tree cost of bridging to the port is set at 5000:

[local]Redback(config)#spanning-tree profile womp
[local]Redback(config-stp-prof)#cost 5000
[local]Redback(config-stp-prof)#exit
[local]Redback(config)#port ethernet 1/1
[local]Redback(config-port)#spanning-tree profile womp

In the following example, the spanning-tree profile womp is assigned to a single 802.1Q permanent virtual circuit (PVC):

[local]Redback(config)#port ethernet 5/1
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 100
[local]Redback(config-dot1q-pvc)#spanning-tree profile womp

3.5   Bridged Trunk Circuits: Example

The following example shows how to select a Gigabit Ethernet port and configure it as a trunk circuit to ISP1:

[local]Redback(config)#port ethernet 5/1

[local]Redback(config-port)#bridge profile prof-isp-trunk
[local]Redback(config-port)#spanning-tree profile womp
[local]Redback(config-port)#mtu 1500
[local]Redback(config-port)#bridge mac-entry 00:d0:ba:04:d8:05
[local]Redback(config-port)#bridge mac-entry 00:0a:0a:04:d8:06
[local]Redback(config-port)#bind interface if-isp1

The following example shows how to select a Gigabit Ethernet port and configure it as a trunk circuit to ISP3:

[local]Redback(config)#port ethernet 5/3
[local]Redback(config-port)#bridge profile prof-isp-trunk
[local]Redback(config-port)#mtu 1500
[local]Redback(config-port)#bridge mac-entry 00:d0:ba:04:d8:07
[local]Redback(config-port)#bridge mac-entry 00:0a:0a:04:d8:08
[local]Redback(config-port)#bind interface if-isp3

3.6   Bridged Tributary Circuits: Example

The following example shows how to select an ATM OC port, configure it with an ATM PVC, and configures the PVC as a tributary circuit for ISP1 subscribers:

[local]Redback(config)#port atm 3/1
[local]Redback(config-port)#mtu 1500
[local]Redback(config-atm-oc)#atm pvc 1 32 profile ubr encapsulation bridge1483
[local]Redback(config-atm-pvc)#bridge profile prof-sub-isp1-trib
[local]Redback(config-atm-pvc)#bridge mac-entry 00:00:00:00:01:33
[local]Redback(config-atm-pvc)#bridge mac-entry 00:0a:0a:04:01:34
[local]Redback(config-atm-pvc)#bind interface if-isp1 

The following example selects an Ethernet port, configures it with an 802.1Q PVC, and configures the PVC as a tributary circuit for IPS3 subscribers:

[local]Redback(config)#port ethernet 2/1
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#mtu 1500
[local]Redback(config-port)#dot1q pvc 100
[local]Redback(config-dot1q-pvc)#bridge profile prof-sub-isp3-trib
[local]Redback(config-dot1q-pvc)#bridge mac-entry 00:00:00:00:01:31
[local]Redback(config-dot1q-pvc)#bridge mac-entry 00:0a:0a:04:01:32
[local]Redback(config-dot1q-pvc)#bind interface if-isp3

3.7   Bridged Subscriber Profile and Subscriber Record: Example

The following example shows how to create a named subscriber profile, isp1, and associate it with a bridge profile, prof-sub-isp1-trib, and a named bridge, isp1:

[local]Redback(config)#context bridge
[local]Redback(config-ctx)#subscriber profile isp1
[local]Redback(config-sub)#bridge profile prof-sub-isp1-trib
[local]Redback(config-sub)#bridge name isp1

The next steps show how to create a subscriber record that has the named subscriber profile, isp1, associated with it:

[local]Redback(config)#context bridge
[local]Redback(config-ctx)#subscriber name 9991112222
[local]Redback(config-sub)#profile isp1

3.8   Filtered Ethernet Bridge Circuits: Example

In the following example, two bridges are configured. One bridge, named untag-bridge, passes BPDU frames that are given the highest priority. In the second bridge, named tagged-bridge, the BPDU frames are dropped. The bridges segregate the BPDU traffic from the data traffic coming from the vpls-context context to which both bridges are bound:

[local]Redback(config)#context vpls-context
[local]Redback(config-ctx)#bridge profile untag
[local]Redback(config-ctx)#bpdu allow-only
[local]Redback(config-ctx)#bpdu priority 0
!
[local]Redback(config-ctx)#bridge profile tagged
[local]Redback(config-ctx)#bpdu deny
!
[local]Redback(config-ctx)#bridge untag-bridge
[local]Redback(config-ctx)#interface untag-int bridge
[local]Redback(config-if)#bridge untag-bridge
!
[local]Redback(config-ctx)#bridge tagged-bridge
[local]Redback(config-ctx)#interface tagged-int bridge
[local]Redback(config-if)#bridge tagged-bridge
!
[local]Redback(config-ctx)#port ethernet 4/1
[local]Redback(config-port)#bridge profile untag
[local]Redback(config-port)#bind interface untag-int vpls-context
!
[local]Redback(config-ctx)#port ethernet 4/2
[local]Redback(config-port)#bridge profile tagged
[local]Redback(config-port)#bind interface tagged-int vpls-context 

3.9   Bridged Virtual Interface Port: Example

This section includes examples that show how to create a simple bridged virtual interface port by using Ethernet interfaces and a bridged interface port by using a bridge over a noneconomical access type link group.

The following example shows how to create a bridged virtual interface port, create a bridge group, create a bridge interface in a context, create an IP interface in the same or a different context, create a BVI port that is associated with the bridge group and the IP interface, and associate the bridge interface with two Ethernet ports.

  1. Create a bridge group named bvi-bridge in a context named bvi-context.
  2. Create a bridge interface named br1 in a context named bvi-context.
  3. Create an IP interface named i1 in the same context.
  4. Create a BVI port named port-bvi that is associated with the bridge group named bvi-bridge and the IP interface named i1.
  5. Associate the bridge interface named br1 with two Ethernet ports (eth 2/2 and eth 2/1).

The following commands illustrate this example:

[local]Redback(config)#context bvi-context

[local]Redback(config-ctx)#bridge bvi-bridge
[local]Redback(config-bridge)#description Bridge for BVI to support
 routed and bridged traffic

[local]Redback(config-ctx)#interface i1
[local]Redback(config-if)#ip address 192.168.110.1 255.255.255.0

[local]Redback(config-ctx)#interface br1 bridge
[local]Redback(config-if)#bridge name bvi-bridge

[local]Redback(config)#port bvi port-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface i1 bvi-context
[local]Redback(config-port)#bridge name bvi-bridge bvi-context

[local]Redback(config)#port eth 1/1
[local]Redback(config-port)#bind interface br1 bvi-context

[local]Redback(config)#port eth 2/1
[local]Redback(config-port)#bind interface br1 bvi-context

The following example shows how to create a bridged interface port by using a bridge over a noneconomical access link group, create a bridge group, create a bridge interface in a context, create an IP interface in the same or a different context, create a noneconomical access type link group, associate the bridge interface with the link group, create a BVI port that is associated with the bridge group and the IP interface, and create an Ethernet port and add it into the link group (the slot mask of the circuits in this link group contain all the slots participating in the link group):

  1. Create a bridge group named bvi-bridge2 in a context named bvi-context.
  2. Create a bridge interface named br2 in a context named bvi-context.
  3. Create an IP interface named ip in the same context.
  4. Create a noneconomical access link group named bvi-nealg. Note that the access economical link group type is needed to configure economical access link groups, see Configuring Link Aggregation for more information.
  5. Associate the bridge interface named br2 with the bvi-nealg noneconomical access link group.
  6. Create a BVI port named port-bvi that is associated with the bridge group named bvi-bridge2 and the IP interface named ip.
  7. Create an 1/1 Ethernet port and add it into the link group named bvi-nealg.

The following commands illustrate this example:

[local]Redback(config)#context bvi-context

[local]Redback(config-ctx)#bridge bvi-bridge2
[local]Redback(config-bridge)#description Bridge over noneconomical 
access link groups for BVI to support routed and bridged traffic

[local]Redback(config-ctx)#interface br2 bridge
[local]Redback(config-if)#bridge name bvi-bridge2

[local]Redback(config-ctx)#interface ip
[local]Redback(config-if)#ip address 10.1.1/24

[local]Redback(config)#link-group bvi-nealg access
[local]Redback(config)#qos hierarchical mode strict
[local]Redback(config)#encapsulation dot1q
[local]Redback(config)#dot1q pvc 1
[local]Redback(config)#bind interface br2 bvi-context

[local]Redback(config)#port bvi port-bvi
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface ip bvi-context
[local]Redback(config-port)#bridge name bvi-bridge2 bvi-context

[local]Redback(config)#port eth 1/1
[local]Redback(config-port)#no shut
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#link-group bvi-nealg

3.10   Validate IP Host Connectivity: Example

The following example shows how to initiate a CPE ping to discover an IP host address and troubleshoot the data path to the host. In this example, the CPE ping is successful, and no duplicate IP addresses are configured in the system:

[local]Redback# ping cpe 10.1.1.1 10.1.1.2 bridge br2 context local
PING 10.1.1.1 (10.1.1.1): source 10.1.1.2, 36 data bytes, timeout is 1
second !!!!!
----10.1.1.1 PING Statistics----
5 packets transmitted, 5 packets received, 0.0% packet loss round-trip
min/avg/max/stddev = 0.870/1.569/2.237/0.636 ms

The following example shows what happens when a CPE ping is terminated because duplicate IP addresses are detected:

[local]Redback#ping cpe 1.0.0.10 1.0.0.8 bridge br1
PING 1.0.0.10 (1.0.0.10): source 1.0.0.8 
Duplicate IP Detected.

The following example shows what happens when an ARP ping is terminated because the PE does not receive an ARP response from the CPE:

[local]Redback#ping arp 10.1.1.3 bridge br2 source 10.1.1.2
source 10.1.1.2 5 Arp Request(s) sent to destination ip 10.1.1.3  with
source ip 10.1.1.2 but no reply