-
Bridging and IBM Networking Command Reference
-
About The Cisco IOS Software Documentation
-
Transparent Bridging Commands
-
Source-Route Bridging Commands
-
Remote Source-Route Bridging Commands
-
DLSw+ Configuration Commands
-
STUN and BSTUN Commands
-
LLC2 and SDLC Commands
-
IBM Network Media Translation Commands
-
DSPU and SNA Service Point Support Commands
-
SNA Frame Relay Access Support Commands
-
APPN Configuration Commands
-
NCIA Server Configuration Commands
-
IBM Channel Attach Commands
-
Ethernet Type Codes
-
Table Of Contents
bridge circuit-group source-based
bridge-group input-address-list
bridge-group input-lat-service-deny
bridge-group input-lat-service-permit
bridge-group input-pattern-list
bridge-group output-address-list
bridge-group output-lat-service-deny
bridge-group output-lat-service-permit
bridge-group output-pattern-list
bridge-group spanning-disabled
frame-relay map bridge broadcast
Transparent Bridging Commands
Use the commands in this chapter to configure and monitor transparent bridging networks. For transparent bridging configuration information and examples, refer to the "Configuring Transparent Bridging" chapter in the Bridging and IBM Networking Configuration Guide.
access-list (extended)
Use the access-list global configuration command to provide extended access lists that allow more detailed access lists. These lists allow you to specify both source and destination addresses and arbitrary bytes in the packet.
access-list access-list-number {permit | deny} source source-mask destination
destination-mask offset size operator operandSyntax Description
Default
No extended access lists are established.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
After an access list is initially created, any subsequent additions (possibly entered from the terminal) are placed at the end of the list. In other words, you cannot selectively add or remove access list command lines from a specific access list.
An extended access list should not be used on FDDI interfaces that provide transit bridging.
Note
Due to their complexity, extended access lists should only be used by those who are very familiar with the Cisco IOS software. For example, to use extended access lists, it is important to understand how different encapsulations on different media would generally require different offset values to access particular fields.
Caution.
Examples
The following example permits packets from MAC addresses 000c.1bxx.xxxx to any MAC address if the packet contains a value less than 0x55AA in the 2 bytes that begin 0x1e bytes into the packet:
interface ethernet 0 bridge-group 3 output-pattern 1102 access-list 1102 permit 000c.1b00.0000 0000.00ff.ffff 0000.0000.0000 ffff.ffff.ffff 0x1e 2 lt 0x55aaThe following example permits an NOP operation:
interface ethernet 0 bridge-group 3 output-pattern 1102 access-list 1101 permit 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000 ffff.ffff.ffffRelated Commands
access-list (standard)
access-list (type-code)
bridge-group output-pattern-listaccess-list (standard)
Use the access-list global configuration command to establish MAC address access lists. Use the no form of this command to remove a single access-list entry.
access-list access-list-number {permit | deny} address mask
no access-list access-list-numberSyntax Description
Default
No MAC address access lists are established.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Usage Guidelines
Configuring bridging access lists of type 700 may cause a momentary interruption of traffic flow.
Example
The following example assumes that you want to disallow the bridging of Ethernet packets of all Sun workstations on Ethernet interface 1. Software assumes that all such hosts have Ethernet addresses with the vendor code 0800.2000.0000. The first line of the access list denies access to all Sun workstations, while the second line permits everything else. You then assign the access list to the input side of Ethernet interface 1.
access-list 700 deny 0800.2000.0000 0000.00FF.FFFFaccess-list 700 permit 0000.0000.0000 FFFF.FFFF.FFFFinterface ethernet 1bridge-group 1 input-address-list 700Related Commands
access-list (extended)
access-list (type-code)access-list (type-code)
Use the access-list global configuration command to build type-code access lists. Use the no form of this command to remove a single access list entry.
access-list access-list-number {permit | deny} type-code wild-mask
no access-list access-list-numberSyntax Description
Default
No type-code access lists are built.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Type-code access lists can have an impact on system performance; therefore, keep the lists as short as possible and use wildcard bit masks whenever possible.
Access lists are evaluated according to the following algorithm:
•
•
If the length/type field is greater than 1500, the packet is treated as an LSAP packet unless the DSAP and SSAP fields are AAAA. If the latter is true, the packet is treated using type-code filtering.
If the LSAP-code filtering is used, all SNAP and Ethernet Type II packets are bridged without obstruction. If type-code filtering is used, all LSAP packets are bridged without obstruction.
If you have both Ethernet Type II and LSAP packets on your network, you should set up access lists for both.
Examples
The following example permits only LAT frames (type 0x6004) and filters out all other frame types:
access-list 201 permit 0x6004 0x0000The following example filters out only type codes assigned to Digital (0x6000 to 0x600F) and lets all other types pass:
access-list 202 deny 0x6000 0x600Faccess-list 202 permit 0x0000 0xFFFFUse the last item of an access list to specify a default action; for example, permit everything else or deny everything else. If nothing else in the access list matches, the default action is normally to deny access; that is, filter out all other type codes.
Related Commands
access-list (extended)
access-list (standard)bridge acquire
Use the bridge acquire global configuration command to forward any frames for stations that the system has learned about dynamically. Use the no form of this command to disable the behavior.
bridge bridge-group acquire
no bridge bridge-group acquireSyntax Description
Default
Enabled
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
When using the command default, the Cisco IOS software forwards any frames from stations that it has learned about dynamically. If you use the no form of this command, the bridge stops forwarding frames to stations it has dynamically learned about through the discovery process and limits frame forwarding to statically configured stations. That is, the bridge filters out all frames except those whose sourced-by or destined-to addresses have been statically configured into the forwarding cache. The no form of this command prevents the forwarding of a dynamically learned address.
Example
The following example prevents the forwarding of dynamically determined source and destination addresses:
no bridge 1 acquireRelated Commands
bridge address
Use the bridge address global configuration command to filter frames with a particular MAC-layer station source or destination address. Use the no form of this command to disable the forwarding ability.
bridge bridge-group address mac-address {forward | discard} [interface]
no bridge bridge-group address mac-addressSyntax Description
Default
Disabled
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Any number of addresses can be configured into the system without a performance penalty.
Note
Examples
The following example enables frame filtering with MAC address 0800.cb00.45e9. The frame is forwarded through Ethernet interface 1:
bridge 1 address 0800.cb00.45e9 forward ethernet 1The following example disables the ability to forward frames with MAC address 0800.cb00.45e9:
no bridge 1 address 0800.cb00.45e9Related Commands
bridge acquire
bridge-group input-address-list
bridge-group output-address-list
bridge protocolbridge bridge
Use the bridge bridge global configuration command to enable the bridging of a specified protocol in a specified bridge group. Use the no form of this command to disable the bridging of a specified protocol in a specified bridge group.
bridge bridge-group bridge protocol
no bridge bridge-group bridge protocolSyntax Description
Default
Bridge every protocol.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 11.2.
When IRB is enabled, the default route/bridge behavior in a bridge group is to bridge all protocols. You do not have to use the bridge bridge command to enable bridging.
You can use the no bridge bridge command to disable bridging in a bridge group so that it does not bridge a particular protocol. When you disable bridging for a protocol in a bridge group, routable packets of this protocol are routed when the bridge is explicitly configured to route this protocol, and nonroutable packets are dropped because bridging is disabled for this protocol.
Note
Example
The following example disables bridging of IP in bridge group 1:
no bridge 1 bridge ipRelated Commands
bridge irb
bridge protocol
bridge routebridge circuit-group pause
Use the bridge circuit-group pause global configuration command to configure the interval during which transmission is suspended in a circuit group after circuit group changes take place.
bridge bridge-group circuit-group circuit-group pause milliseconds
Syntax Description
Default
0 ms pause
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.3.
Circuit-group changes include the addition or deletion of an interface and interface state changes.
Example
The following example sets the circuit group pause to 5000 ms:
bridge 1 circuit-group 1 pause 5000Related Commands
bridge circuit-group source-based
bridge-group circuit-group
bridge protocol
show bridge circuit-groupbridge circuit-group source-based
Use the bridge circuit-group source-based global configuration command to use just the source MAC address for selecting the output interface. Use the no form of this command to remove the interface from the bridge group.
bridge bridge-group circuit-group circuit-group source-based
no bridge bridge-group circuit-group circuit-group source-basedSyntax Description
bridge-group
Bridge group number specified in the bridge protocol command.
circuit-group
Number of the circuit group to which the interface belongs.
Default
No bridge-group interface is assigned.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.3.
For applications that depend on the ordering of mixed unicast and multicast traffic from a given source, load distribution must be based on the source MAC address only. The bridge circuit-group source-based command modifies the load distribution strategy to accommodate such applications.
Example
The following example uses the source MAC address for selecting the output interface to a bridge group:
bridge 1 circuit-group 1 source-basedRelated Commands
bridge circuit-group pause
bridge-group circuit-group
bridge protocol
show bridge circuit-groupbridge cmf
Use the bridge cmf global configuration command to enable constrained multicast flooding (CMF) for all configured bridge groups. Use the no form of this command to disable constrained multicast flooding.
bridge cmf
no bridge cmfSyntax Description
This command has no arguments or keywords.
Default
Constrained multicast flooding is disabled.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 11.2.
Example
The following example enables constrained multicast flooding for all configured bridge groups:
bridge cmfRelated Commands
clear bridge multicast
show bridge multicastbridge crb
Use the bridge crb global configuration command to enable the Cisco IOS software to both route and bridge a given protocol on separate interfaces within a single router. Use the no form of this command to disable the feature.
bridge crb
no bridge crbSyntax Description
This command has no arguments or keywords.
Defaults
Concurrent routing and bridging is disabled.
When concurrent routing and bridging has been enabled, the default behavior is to bridge all protocols that are not explicitly routed in a bridge group.
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 11.0.
When concurrent routing and bridging is first enabled in the presence of existing bridge groups, it generates a bridge route configuration command for any protocol for which any interface in the bridge group is configured for routing. This is a precaution that applies only when concurrent routing and bridging is not already enabled, bridge groups exist, and the bridge crb command is encountered.
Once concurrent routing and bridging has been enabled, you must configure an explicit bridge route command for any protocol that is to be routed on interfaces in a bridge group (in addition to any required protocol-specific interface configuration).
Example
The following command enables concurrent routing and bridging:
bridge crbRelated Command
bridge domain
Use the bridge domain global configuration command to establish a domain by assigning it a decimal value between 1 and 10. Use the no form of this command to return it to a single bridge domain by choosing domain zero (0).
bridge bridge-group domain domain-number
no bridge bridge-group domainSyntax Description
Default
Single bridge domain
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Cisco has implemented a proprietary extension to the IEEE spanning-tree software in order to support multiple spanning-tree domains. You can place any number of routers within the domain. The routers in the domain, and only those routers, will then share spanning-tree information.
Use this feature when multiple routers share the same cable, and you wish to use only certain discrete subsets of these routers to share spanning-tree information with each other. This function is most useful when running other applications, such as IP UDP flooding, that use the IEEE Spanning-Tree Protocol. It can also be used to reduce the number of global reconfigurations in large bridged networks.
CautionUse multiple spanning-tree domains with care. Because bridges in different domains do not share spanning-tree information, bridge loops can be created if the domains are not carefully planned.
Note
Example
The following example places bridge group 1 in bridging domain 3. Only other routers that are in domain 3 will accept spanning-tree information from this router.
bridge 1 domain 3Related Command
bridge forward-time
Use the bridge forward-time global configuration command to specify the forward delay interval for the Cisco IOS software. Use the no form of this command to return the default interval.
bridge bridge-group forward-time seconds
no bridge bridge-group forward-time secondsSyntax Description
bridge-group
Bridge group number specified in the bridge protocol command.
seconds
Forward delay interval. It must be a value in the range 10 to 200 seconds.
Default
30-second delay
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
The forward delay interval is the amount of time the software spends listening for topology change information after an interface has been activated for bridging and before forwarding actually begins.
Each bridge in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge, regardless of what its individual configuration might be.
Example
The following example sets the forward delay interval to 60 seconds:
bridge 1 forward-time 60Related Commands
bridge hello-time
bridge max-age
bridge protocolbridge-group
Use the bridge-group interface configuration command to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.
bridge-group bridge-group
no bridge-group bridge-groupSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
Default
No bridge group interface is assigned.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
You can bridge on any interface, including any serial interface, regardless of encapsulation. Bridging can be configured between interfaces on different cards, although the performance is lower compared with interfaces on the same card. Also note that serial interfaces must be running with HDLC, X.25, or Frame Relay encapsulation.
Note
Example
In the following example, Ethernet interface 0 is assigned to bridge-group 1, and bridging is enabled on this interface:
interface ethernet 0bridge-group 1Related Commands
bridge-group cbus-bridging
bridge-group circuit-group
bridge-group input-pattern-list
bridge-group output-pattern-list
bridge-group spanning-disabledbridge-group aging-time
Use the bridge-group aging-time global configuration command to set the length of time that a dynamic entry can remain in the bridge table from the time the entry was created or last updated. Use the no form of this command to return to the default aging-time interval.
bridge-group bridge-group aging-time seconds
no bridge-group bridge-group aging-timeSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
seconds
Aging time, in the range 0 to 1000000 seconds. The default is 300 seconds.
Default
300 seconds
Command Mode
Global configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.3.
If hosts on a bridged network are likely to move, decrease the aging-time to enable the bridge to adapt quickly to the change. If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time and thus reduce the possibility of flooding when the hosts transmit again.
Example
The following example sets the aging time to 200 seconds:
bridge-group 1 aging-time 200Related Command
bridge-group cbus-bridging
Use the bridge-group cbus-bridging interface configuration command to enable autonomous bridging on a ciscoBus2 controller. Use the no form of this command to disable autonomous bridging.
bridge-group bridge-group cbus-bridging
no bridge-group bridge-group cbus-bridgingSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
Default
Autonomous bridging is disabled.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Normally, bridging takes place on the processor card at interrupt level. When autonomous bridging is enabled, bridging takes place entirely on the ciscoBus2 controller, significantly improving performance.
You can enable autonomous bridging on Ethernet, FDDI (FCIT) and HSSI interfaces that reside on a ciscoBus2 controller. Autonomous bridging is not supported on Token Ring interfaces, regardless of the type of bus in use.
To enable autonomous bridging on an interface, that interface must first be defined as part of a bridge group. When a bridge group includes both autonomously and normally bridged interfaces, packets are autonomously bridged in some cases, but bridged normally in others. For example, when packets are forwarded between two autonomously bridged interfaces, those packets are autonomously bridged. But when packets are forwarded between an autonomously bridged interface and one that is not, the packet must be normally bridged. When a packet is flooded, the packet is autonomously bridged on autonomously bridged interfaces, but must be normally bridged on any others.
Note
Note
Example
In the following example, autonomous bridging is enabled on Ethernet interface 0:
interface ethernet 0bridge-group 1bridge-group 1 cbus-bridgingRelated Command
bridge-group circuit-group
Use the bridge-group circuit-group interface configuration command to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.
bridge-group bridge-group circuit-group circuit-group
no bridge-group bridge-group circuit-group circuit-groupSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
circuit-group
Circuit group number. The range is 1 to 9.
Default
No bridge group interface is assigned.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.3.
Circuit groups are primarily intended for use with HDLC-encapsulated serial interfaces. They are not supported for packet-switched networks such as X.25 or Frame Relay. Circuit groups are best applied to groups of serial lines of equal bandwidth, but can accommodate mixed bandwidths as well.
Note
Example
In the following example, Ethernet interface 0 is assigned to circuit group 1 of bridge group 1:
interface ethernet 0bridge-group 1 circuit-group 1Related Commands
bridge circuit-group pause
bridge circuit-group source-based
show bridge circuit-groupbridge-group input-address-list
Use the bridge-group input-address-list interface configuration command to assign an access list to a particular interface. This access list is used to filter packets received on that interface based on their MAC source addresses. Use the no form of this command to remove an access list from an interface.
bridge-group bridge-group input-address-list access-list-number
no bridge-group bridge-group input-address-list access-list-numberSyntax Description
Default
No access list is assigned.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Example
The following example assumes you want to disallow the bridging of Ethernet packets of all Sun workstations on Ethernet interface 1. Software assumes that all such hosts have Ethernet addresses with the vendor code 0800.2000.0000. The first line of the access list denies access to all Sun workstations, while the second line permits everything else. You then assign the access list to the input side of Ethernet interface 1.
access-list 700 deny 0800.2000.0000 0000.00FF.FFFFaccess-list 700 permit 0000.0000.0000 FFFF.FFFF.FFFFinterface ethernet 1bridge-group 1 input-address-list 700Related Commands
access-list (extended)
access-list (standard)
bridge address
bridge-group output-address-listbridge-group input-lat-service-deny
Use the bridge-group input-lat-service-deny interface configuration command to specify the group codes by which to deny access upon input. Use the no form of this command to remove this access condition.
bridge-group bridge-group input-lat-service-deny group-list
no bridge-group bridge-group input-lat-service-deny group-listSyntax Description
Default
No group codes are specified.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
This command prevents the system from bridging any LAT service advertisement that has any of the specified groups set.
Example
The following example causes any advertisements with groups 6, 8, and 14 through 20 to be dropped:
interface ethernet 0bridge-group 1 input-lat-service-deny 6 8 14-20Related Commands
bridge-group
bridge-group input-lat-service-permit
bridge-group output-lat-service-denybridge-group input-lat-service-permit
Use the bridge-group input-lat-service-permit interface configuration command to specify the group codes by which to permit access upon input. Use the no form of this command to remove this access condition.
bridge-group bridge-group input-lat-service-permit group-list
no bridge-group bridge-group input-lat-service-permit group-listSyntax Description
Default
No group codes are specified.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
This command causes the system to bridge only those service advertisements that match at least one group in the group list specified by the group-list argument.
If a message specifies group codes in both the deny and permit list, the message is not bridged.
Example
The following example bridges any advertisements from groups 1, 5, and 12 through 14:
interface ethernet 1bridge-group 1 input-lat-service-permit 1 5 12-14Related Commands
bridge-group input-lat-service-deny
bridge-group output-lat-service-permitbridge-group input-lsap-list
Use the bridge-group input-lsap-list interface configuration command to filter IEEE 802.2-encapsulated packets on input. Use the no form of this command to disable this capability.
bridge-group bridge-group input-lsap-list access-list-number
no bridge-group bridge-group input-lsap-list access-list-numberSyntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
This access list is applied to all IEEE 802.2 frames received on that interface prior to the bridge-learning process. SNAP frames must also pass any applicable Ethernet type-code access list.
Example
The following example specifies access list 203 on Ethernet interface 1:
interface ethernet 1bridge-group 3 input-lsap-list 203Related Commands
access-list (extended)
access-list (standard)
bridge-group
bridge-group output-lsap-listbridge-group input-pattern-list
Use the bridge-group input-pattern-list interface configuration command to associate an extended access list with a particular interface in a particular bridge group. Use the no form of this command to disable this capability.
bridge-group bridge-group input-pattern-list access-list-number
no bridge-group bridge-group input-pattern-list access-list-numberSyntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
Example
The following command applies access list 1 to bridge group 3 using the filter defined in group 1:
interface ethernet 0bridge-group 3 input-pattern-list 1Related Commands
access-list (extended)
access-list (standard)
bridge-group
bridge-group output-pattern-listbridge-group input-type-list
Use the bridge-group input-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on input. Use the no form of this command to disable this capability.
bridge-group bridge-group input-type-list access-list-number
no bridge-group bridge-group input-type-list access-list-numberSyntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
For SNAP-encapsulated frames, the access list is applied against the 2-byte TYPE field given after the DSAP/SSAP/OUI fields in the frame.
This access list is applied to all Ethernet and SNAP frames received on that interface prior to the bridge learning process. SNAP frames must also pass any applicable IEEE 802 DSAP/SSAP access lists.
Example
The following example shows how to configure a Token Ring interface with an access list that allows only the LAT protocol to be bridged:
interface tokenring 0ip address 131.108.1.1 255.255.255.0bridge-group 1bridge-group 1 input-type-list 201Related Commands
access-list (extended)
access-list (standard)
bridge-group
bridge-group output-type-listbridge-group lat-compression
Use the bridge-group lat-compression interface configuration command to reduce the amount of bandwidth that LAT traffic consumes on the serial interface by specifying a LAT-specific form of compression. Use the no form of this command to disable LAT compression on the bridge group.
bridge-group bridge-group lat-compression
no bridge-group bridge-group lat-compressionSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
Compression is applied to LAT frames being sent out the router through the interface in question.
LAT compression can be specified only for serial interfaces. For the most common LAT operations (user keystrokes and acknowledgment packets), LAT compression reduces LAT's bandwidth requirements by nearly a factor of two.
Example
The following example compresses LAT frames on the bridge assigned to group 1:
bridge-group 1 lat-compressionRelated Command
bridge-group output-address-list
Use the bridge-group output-address-list interface configuration command to assign an access list to a particular interface for filtering the MAC destination addresses of packets that would ordinarily be forwarded out that interface. Use the no form of this command to remove an access list from an interface.
bridge-group bridge-group output-address-list access-list-number
no bridge-group bridge-group output-address-list access-list-numberSyntax Description
Default
No access list is assigned.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Example
The following example assigns access list 703 to Ethernet interface 3:
interface ethernet 3bridge-group 5 output-address-list 703Related Commands
access-list (extended)
access-list (standard)
bridge address
bridge-group
bridge-group input-address-listbridge-group output-lat-service-deny
Use the bridge-group output-lat-service-deny interface configuration command to specify the group codes by which to deny access upon output. Use the no form of this command to cancel the specified group codes.
bridge-group bridge-group output-lat-service-deny group-list
no bridge-group bridge-group output-lat-service-deny group-listSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
group-list
List of LAT groups. Single numbers and ranges are
permitted.
Default
No group codes are assigned.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
This command causes the system to not bridge onto this output interface any service advertisements that contain groups matching any of those in the group list.
Example
The following example prevents bridging of LAT service announcements from groups 12 through 20:
interface ethernet 0bridge-group 1bridge-group 1 output-lat-service-deny 12-20Related Commands
access-list (extended)
access-list (standard)
bridge-group
bridge-group input-lat-service-deny
bridge-group output-lat-service-permitbridge-group output-lat-service-permit
Use the bridge-group output-lat-service-permit interface configuration command to specify the group codes by which to permit access upon output. Use the no form of this command to cancel specified group codes.
bridge-group bridge-group output-lat-service-permit group-list
no bridge-group bridge-group output-lat-service-permit group-listSyntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63.
group-list
LAT service advertisements.
Default
No group codes are specified.
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
This command causes the system to bridge onto this output interface only those service
advertisements that match at least one group in the specified group code list.
Note
Example
The following example allows only LAT service announcements from groups 5, 12, and 20 on this bridge:
interface ethernet 0bridge-group 1 output-lat-service-permit 5 12 20Related Commands
bridge-group input-lat-service-permit
bridge-group output-lat-service-denybridge-group output-lsap-list
Use the bridge-group output-lsap-list interface configuration command to filter IEEE 802-encapsulated packets on output. Use the no form of this command to disable this capability.
bridge-group bridge-group output-lsap-list access-list-number
no bridge-group bridge-group output-lsap-list access-list-numberSyntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
SNAP frames must also pass any applicable Ethernet type-code access list. This access list is applied just before sending out a frame to an interface.
For performance reasons, specify both input and output type code filtering on the same interface.
Access lists for Ethernet- and IEEE 802-encapsulated packets affect only bridging functions. It is not possible to use such access lists to block frames with protocols that are being routed.
Packets bearing an 802.2 LSAP of 0xAAAA qualify for LSAP filtering since they are inherently in 802.3 format. However, because they also carry a Type field, they are matched against any Type filters. Therefore, if you use LSAP filters on an interface that may bear SNAP encapsulated packets you must explicitly permit 0xAAAA.
Example
The following example specifies access list 204 on Ethernet interface 0:
interface ethernet 0bridge-group 4 output-lsap-list 204Related Commands
access-list (extended)
access-list (standard)
bridge-group
bridge-group input-lsap-listbridge-group output-pattern-list
Use the bridge-group output-pattern-list interface configuration command to associate an extended access list with a particular interface. Use the no form of this command to disable this capability.
bridge-group bridge-group output-pattern-list access-list-number
no bridge-group bridge-group output-pattern-list access-list-numberSyntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
Example
The following example filters all packets sent by bridge group 3 using the filter defined in access-list 1102:
interface ethernet 0bridge-group 3 output-pattern-list 1102Related Commands
access-list (extended)
bridge-group
bridge-group input-pattern-listbridge-group output-type-list
Use the bridge-group output-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on output. Use the no form of this command to disable this capability.
bridge-group bridge-group output-type-list access-list-number
no bridge-group bridge-group output-type-list access-list-numberSyntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0.
Autonomous bridging must be disabled to use this command.
Example
The following example specifies access-list 202 on Ethernet interface 0:
interface ethernet 0bridge-group 2 output-type-list 202Related Commands
access-list (extended)
access-list (standard)
bridge-group
bridge-group input-type-listbridge-group path-cost
Use the bridge-group path-cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.
bridge-group bridge-group path-cost cost
no bridge-group bridge-group path-cost costSyntax Description
Defaults
The default path cost is c
