Table Of Contents
bridge bitswap-layer3-addresses
bridge circuit-group source-based
bridge-group input-address-list
bridge-group input-lat-service-deny
bridge-group input-lat-service-permit
bridge-group input-pattern-list
bridge-group output-address-list
bridge-group output-lat-service-deny
bridge-group output-lat-service-permit
bridge-group output-pattern-list
bridge-group spanning-disabled
bridge-group subscriber-loop-control
frame-relay map bridge broadcast
Transparent Bridging Commands
Use the commands in this chapter to configure and monitor transparent bridging networks. For transparent bridging configuration information and examples, refer to the "Configuring Transparent Bridging" chapter in the Cisco IOS Bridging and IBM Networking Configuration Guide.
access-list (extended-ibm)
To provide extended access lists that allow more detailed access lists, use the access-list global configuration command. These lists allow you to specify both source and destination addresses and arbitrary bytes in the packet.
access-list access-list-number {permit | deny} source source-mask destination destination-mask offset size operator operand
Syntax Description
Defaults
No extended access lists are established.
Command Modes
Global configuration
Command History
Usage Guidelines
After an access list is initially created, any subsequent additions (possibly entered from the terminal) are placed at the end of the list. In other words, you cannot selectively add or remove access list command lines from a specific access list.
An extended access list should not be used on FDDI interfaces that provide transit bridging.
There is not a no form for this command.
Note
Due to their complexity, extended access lists should only be used by those who are very familiar with the Cisco IOS software. For example, to use extended access lists, it is important to understand how different encapsulations on different media would generally require different offset values to access particular fields.
Caution
Examples
The following example permits packets from MAC addresses 000c.1bxx.xxxx to any MAC address if the packet contains a value less than 0x55AA in the 2 bytes that begin 0x1e bytes into the packet:
interface ethernet 0 bridge-group 3 output-pattern 1102 access-list 1102 permit 000c.1b00.0000 0000.00ff.ffff 0000.0000.0000 ffff.ffff.ffff 0x1e 2 lt 0x55aaThe following example permits an NOP operation:
interface ethernet 0 bridge-group 3 output-pattern 1102 access-list 1101 permit 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000 ffff.ffff.ffffBridged protocols on Ethernet0/3:clns decnet vines apollonovell xnsSoftware MAC address filter on Ethernet0/3Hash Len Address Matches Act Type0x00: 0 ffff.ffff.ffff 0 RCV Physical broadcast0x00: 1 ffff.ffff.ffff 0 RCV Appletalk zone0x2A: 0 0900.2b01.0001 0 RCV DEC spanning tree0x49: 0 0000.0c36.7a45 0 RCV Interface MAC address0xc0: 0 0100.0ccc.cccc 48 RCV CDP0xc2: 0 0180.c200.0000 0 RCV IEEE spanning tree0xF8: 0 0900.07ff.ffff 0 RCV Appletalk broadcastTable 3 describes significant fields shown in the display.
Related Commands
Establishes MAC address access lists.
Builds type-code access lists.
Associates an extended access list with a particular interface.
access-list (standard-ibm)
To establish a MAC address access lists, use the access-list global configuration command. To remove a single access-list entry, use the no form of this command.
access-list access-list-number {permit | deny} address mask
no access-list access-list-number
Syntax Description
Defaults
No MAC address access lists are established.
Command Modes
Global configuration
Command History
Usage Guidelines
Configuring bridging access lists of type 700 may cause a momentary interruption of traffic flow.
Examples
The following example assumes that you want to disallow the bridging of Ethernet packets of all Sun workstations on Ethernet interface 1. Software assumes that all such hosts have Ethernet addresses with the vendor code 0800.2000.0000. The first line of the access list denies access to all Sun workstations, while the second line permits everything else. You then assign the access list to the input side of Ethernet interface 1.
access-list 700 deny 0800.2000.0000 0000.00FF.FFFFaccess-list 700 permit 0000.0000.0000 FFFF.FFFF.FFFFinterface ethernet 1bridge-group 1 input-address-list 700Related Commands
access-list (type-code-ibm)
To build type-code access lists, use the access-list global configuration command. To remove a single access list entry, use the no form of this command.
access-list access-list-number {permit | deny} type-code wild-mask
no access-list access-list-number
Syntax Description
Defaults
No type-code access lists are built.
Command Modes
Global configuration
Command History
Usage Guidelines
Type-code access lists can have an impact on system performance; therefore, keep the lists as short as possible and use wildcard bit masks whenever possible.
Access lists are evaluated according to the following algorithm:
•
•
Packets are treated according to the following algorithm:
•
•
•
If the LSAP-code filtering is used, all SNAP and Ethernet Type II packets are bridged without obstruction. If type-code filtering is used, all LSAP packets are bridged without obstruction.
If you have both Ethernet Type II and LSAP packets on your network, you should set up access lists for both.
Examples
The following example permits only LAT frames (type 0x6004) and filters out all other frame types:
access-list 201 permit 0x6004 0x0000The following example filters out only type codes assigned to Digital (0x6000 to 0x600F) and lets all other types pass:
access-list 202 deny 0x6000 0x000Faccess-list 202 permit 0x0000 0xFFFFUse the last item of an access list to specify a default action; for example, permit everything else or deny everything else. If nothing else in the access list matches, the default action is normally to deny access; that is, filter out all other type codes.
Related Commands
bridge acquire
To forward any frames for stations that the system has learned about dynamically, use the bridge acquire global configuration command. To disable the behavior, use the no form of this command.
bridge bridge-group acquire
no bridge bridge-group acquire
Syntax Description
Defaults
Enabled
Command Modes
Global configuration
Command History
Usage Guidelines
When using the command default, the Cisco IOS software forwards any frames from stations that it has learned about dynamically. If you use the no form of this command, the bridge stops forwarding frames to stations it has dynamically learned about through the discovery process and limits frame forwarding to statically configured stations. That is, the bridge filters out all frames except those whose sourced-by or destined-to addresses have been statically configured into the forwarding cache. The no form of this command prevents the forwarding of a dynamically learned address.
Examples
The following example prevents the forwarding of dynamically determined source and destination addresses:
no bridge 1 acquireRelated Commands
Filters frames with a particular MAC-layer station source or destination address.
Defines the type of Spanning Tree Protocol.
bridge address
To filter frames with a particular MAC-layer station source or destination address, use the bridge address global configuration command. To disable the forwarding ability, use the no form of this command.
bridge bridge-group address mac-address {forward | discard} [interface]
no bridge bridge-group address mac-address
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Any number of addresses can be configured into the system without a performance penalty.
Note
Examples
The following example enables frame filtering with MAC address 0800.cb00.45e9. The frame is forwarded through Ethernet interface 1:
bridge 1 address 0800.cb00.45e9 forward ethernet 1The following example disables the ability to forward frames with MAC address 0800.cb00.45e9:
no bridge 1 address 0800.cb00.45e9Related Commands
bridge bitswap-layer3-addresses
To enable transparent bridging or source-route translational bridging or IP ARPs between canonical and noncanonical media types, use the bridge bitswap-layer3-addresses global configuration command. To revert to the default setting, use the no form of this command.
bridge bridge-group bitswap-layer3-addresses
no bridge bridge-group bitswap-layer3-addresses
Syntax Description
Defaults
Disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command "bitswaps" (to and from noncanonical format) the hardware addresses that are embedded in layer 3 of ARP and RARP frames. This function enables IP communication between Token Ring and non-Token Ring media in a transparent-bridging environment. Because transparent bridging views the source-route bridge domain as a Token Ring media, enabling this command for a transparent bridge group also enables this function for SRTLB.
The user must ensure the frames are small enough to be sent on all media types since there is no end to end bridging protocol to negotiate the largest frame size.
There is no attempt to reformat ARP frames between ARP and SNAP formats.
Examples
The following example enables bitswapping of addresses to and from noncanonical form in a transparent-bridged environment:
no ip routing!!int ethernet 0bridge-group 1!int token-ring 0bridge-group 1!!bridge 1 protocol ieeebridge 1 bitswap-layer3-addressesbridge bridge
To enable the bridging of a specified protocol in a specified bridge group, use the bridge bridge global configuration command. To disable the bridging of a specified protocol in a specified bridge group, use the no form of this command.
bridge bridge-group bridge protocol
no bridge bridge-group bridge protocol
Syntax Description
Defaults
Bridge every protocol.
Command Modes
Global configuration
Command History
Usage Guidelines
When integrated routing and bridging (IRB) is enabled, the default route/bridge behavior in a bridge group is to bridge all protocols. You do not have to use the bridge bridge command to enable bridging.
You can use the no bridge bridge command to disable bridging in a bridge group so that it does not bridge a particular protocol. When you disable bridging for a protocol in a bridge group, routable packets of this protocol are routed when the bridge is explicitly configured to route this protocol, and nonroutable packets are dropped because bridging is disabled for this protocol.
Note
Examples
The following example disables bridging of IP in bridge group 1:
no bridge 1 bridge ipRelated Commands
bridge circuit-group pause
To configure the interval during which transmission is suspended in a circuit group after circuit group changes take place, use the bridge circuit-group pause global configuration command.
bridge bridge-group circuit-group circuit-group pause milliseconds
Syntax Description
Defaults
The default forward delay interval is 0.
Command Modes
Global configuration
Command History
Usage Guidelines
Circuit-group changes include the addition or deletion of an interface and interface state changes.
There is not a no form for this command.
Examples
The following example sets the circuit group pause to 5000 ms:
bridge 1 circuit-group 1 pause 5000Related Commands
Uses just the source MAC address for selecting the output interface.
Assigns each network interface to a bridge group.
Defines the type of Spanning Tree Protocol.
bridge circuit-group source-based
To use just the source MAC address for selecting the output interface, use the bridge circuit-group source-based global configuration command. To remove the interface from the bridge group, use the no form of this command.
bridge bridge-group circuit-group circuit-group source-based
no bridge bridge-group circuit-group circuit-group source-based
Syntax Description
bridge-group
Bridge group number specified in the bridge protocol command.
circuit-group
Number of the circuit group to which the interface belongs.
Defaults
No bridge-group interface is assigned.
Command Modes
Global configuration
Command History
Usage Guidelines
For applications that depend on the ordering of mixed unicast and multicast traffic from a given source, load distribution must be based on the source MAC address only. The bridge circuit-group source-based command modifies the load distribution strategy to accommodate such applications.
Examples
The following example uses the source MAC address for selecting the output interface to a bridge group:
bridge 1 circuit-group 1 source-basedRelated Commands
bridge cmf
To enable constrained multicast flooding (CMF) for all configured bridge groups, use the bridge cmf global configuration command. To disable constrained multicast flooding, use the no form of this command.
bridge cmf
no bridge cmf
Syntax Description
This command has no arguments or keywords.
Defaults
Constrained multicast flooding is disabled.
Command Modes
Global configuration
Command History
Examples
The following example enables constrained multicast flooding for all configured bridge groups:
bridge cmfRelated Commands
Clears transparent bridging multicast state information.
Displays transparent bridging multicast state information.
bridge crb
To enable the Cisco IOS software to both route and bridge a given protocol on separate interfaces within a single router, use the bridge crb global configuration command. To disable the feature, use the no form of this command.
bridge crb
no bridge crb
Syntax Description
This command has no arguments or keywords.
Defaults
Concurrent routing and bridging is disabled.
When concurrent routing and bridging has been enabled, the default behavior is to bridge all protocols that are not explicitly routed in a bridge group.
Command Modes
Global configuration
Command History
Usage Guidelines
When concurrent routing and bridging is first enabled in the presence of existing bridge groups, it generates a bridge route configuration command for any protocol for which any interface in the bridge group is configured for routing. This is a precaution that applies only when concurrent routing and bridging is not already enabled, bridge groups exist, and the bridge crb command is encountered.
Once concurrent routing and bridging has been enabled, you must configure an explicit bridge route command for any protocol that is to be routed on interfaces in a bridge group (in addition to any required protocol-specific interface configuration).
Examples
The following command enables concurrent routing and bridging:
bridge crbRelated Commands
bridge domain
To establish a domain by assigning it a decimal value from 1 and 10, use the bridge domain global configuration command. To return to a single bridge domain by choosing domain zero (0), use the no form of this command.
bridge bridge-group domain domain-number
no bridge bridge-group domain
Syntax Description
Defaults
Single bridge domain. The default domain number is 0.
Command Modes
Global configuration
Command History
Usage Guidelines
Cisco has implemented a proprietary extension to the IEEE spanning-tree software in order to support multiple spanning-tree domains. You can place any number of routers within the domain. The routers in the domain, and only those routers, will then share spanning-tree information.
Use this feature when multiple routers share the same cable, and you wish to use only certain discrete subsets of these routers to share spanning-tree information with each other. This function is most useful when running other applications, such as IP UDP flooding, that use the IEEE Spanning Tree Protocol. It can also be used to reduce the number of global reconfigurations in large bridged networks.
Caution
Note
Examples
The following example places bridge group 1 in bridging domain 3. Only other routers that are in domain 3 will accept spanning-tree information from this router.
bridge 1 domain 3Related Commands
bridge forward-time
To specify the forward delay interval for the Cisco IOS software, use the bridge forward-time global configuration command. To return to the default interval, use the no form of this command.
bridge bridge-group forward-time seconds
no bridge bridge-group forward-time seconds
Syntax Description
bridge-group
Bridge group number specified in the bridge protocol command.
seconds
Forward delay interval. It must be a value in the range 10 to 200 seconds. The default is 30 seconds.
Defaults
30-second delay
Command Modes
Global configuration
Command History
Usage Guidelines
The forward delay interval is the amount of time the software spends listening for topology change information after an interface has been activated for bridging and before forwarding actually begins.
Each bridge in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge, regardless of what its individual configuration might be.
Examples
The following example sets the forward delay interval to 60 seconds:
bridge 1 forward-time 60Related Commands
bridge-group
To assign each network interface to a bridge group, use the bridge-group interface configuration command. To remove the interface from the bridge group, use the no form of this command.
bridge-group bridge-group
no bridge-group bridge-group
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
Defaults
No bridge group interface is assigned.
Command Modes
Interface configuration
Command History
Usage Guidelines
You can bridge on any interface, including any serial interface, regardless of encapsulation. Bridging can be configured between interfaces on different cards, although the performance is lower compared with interfaces on the same card. Also note that serial interfaces must be running with HDLC, X.25, or Frame Relay encapsulation.
Note
Examples
In the following example, Ethernet interface 0 is assigned to bridge-group 1, and bridging is enabled on this interface:
interface ethernet 0bridge-group 1Related Commands
bridge-group aging-time
To set the length of time that a dynamic entry can remain in the bridge table from the time the entry was created or last updated, use the bridge-group aging-time global configuration command. To return to the default aging-time interval, use the no form of this command.
bridge-group bridge-group aging-time seconds
no bridge-group bridge-group aging-time
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
seconds
Aging time, in the range 10 to 1000000 seconds. The default is 300 seconds.
Defaults
300 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
If hosts on a bridged network are likely to move, decrease the aging-time to enable the bridge to adapt quickly to the change. If hosts do not send continuously, increase the aging time to record the dynamic entries for a longer time and thus reduce the possibility of flooding when the hosts send again.
Examples
The following example sets the aging time to 200 seconds:
bridge-group 1 aging-time 200Related Commands
bridge-group cbus-bridging
To enable autonomous bridging on a ciscoBus2 controller, use the bridge-group cbus-bridging interface configuration command. To disable autonomous bridging, use the no form of this command.
bridge-group bridge-group cbus-bridging
no bridge-group bridge-group cbus-bridging
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
Defaults
Autonomous bridging is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
Normally, bridging takes place on the processor card at interrupt level. When autonomous bridging is enabled, bridging takes place entirely on the ciscoBus2 controller, significantly improving performance.
You can enable autonomous bridging on Ethernet, FDDI (FCIT) and HSSI interfaces that reside on a ciscoBus2 controller. Autonomous bridging is not supported on Token Ring interfaces, regardless of the type of bus in use.
To enable autonomous bridging on an interface, that interface must first be defined as part of a bridge group. When a bridge group includes both autonomously and normally bridged interfaces, packets are autonomously bridged in some cases, but bridged normally in others. For example, when packets are forwarded between two autonomously bridged interfaces, those packets are autonomously bridged. But when packets are forwarded between an autonomously bridged interface and one that is not, the packet must be normally bridged. When a packet is flooded, the packet is autonomously bridged on autonomously bridged interfaces, but must be normally bridged on any others.
Note
Note
Examples
In the following example, autonomous bridging is enabled on Ethernet interface 0:
interface ethernet 0bridge-group 1bridge-group 1 cbus-bridgingRelated Commands
bridge-group circuit-group
To assign each network interface to a bridge group, use the bridge-group circuit-group interface configuration command. To remove the interface from the bridge group, use the no form of this command.
bridge-group bridge-group circuit-group circuit-group
no bridge-group bridge-group circuit-group circuit-group
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
circuit-group
Circuit group number. The range is 1 to 9.
Defaults
No bridge group interface is assigned.
Command Modes
Interface configuration
Command History
Usage Guidelines
Circuit groups are primarily intended for use with HDLC-encapsulated serial interfaces. They are not supported for packet-switched networks such as X.25 or Frame Relay. Circuit groups are best applied to groups of serial lines of equal bandwidth, but can accommodate mixed bandwidths as well.
Note
Examples
In the following example, Ethernet interface 0 is assigned to circuit group 1 of bridge group 1:
interface ethernet 0bridge-group 1 circuit-group 1Related Commands
bridge-group input-address-list
To assign an access list to a particular interface, use the bridge-group input-address-list interface configuration command. This access list is used to filter packets received on that interface based on their MAC source addresses. To remove an access list from an interface, use the no form of this command.
bridge-group bridge-group input-address-list access-list-number
no bridge-group bridge-group input-address-list access-list-number
Syntax Description
Defaults
No access list is assigned.
Command Modes
Interface configuration
Command History
Examples
The following example assumes you want to disallow the bridging of Ethernet packets of all Sun workstations on Ethernet interface 1. Software assumes that all such hosts have Ethernet addresses with the vendor code 0800.2000.0000. The first line of the access list denies access to all Sun workstations, while the second line permits everything else. You then assign the access list to the input side of Ethernet interface 1.
access-list 700 deny 0800.2000.0000 0000.00FF.FFFFaccess-list 700 permit 0000.0000.0000 FFFF.FFFF.FFFFinterface ethernet 1bridge-group 1 input-address-list 700Related Commands
bridge-group input-lat-service-deny
To specify the group codes by which to deny access upon input, use the bridge-group input-lat-service-deny interface configuration command. To remove this access condition, use the no form of this command.
bridge-group bridge-group input-lat-service-deny group-list
no bridge-group bridge-group input-lat-service-deny group-list
Syntax Description
Defaults
No group codes are specified.
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
This command prevents the system from bridging any LAT service advertisement that has any of the specified groups set.
Examples
The following example causes any advertisements with groups 6, 8, and 14 through 20 to be dropped:
interface ethernet 0bridge-group 1 input-lat-service-deny 6 8 14-20Related Commands
Assigns each network interface to a bridge group.
Specifies the group codes by which to permit access upon input.
Specifies the group codes by which to deny access upon output.
bridge-group input-lat-service-permit
To specify the group codes by which to permit access upon input, use the bridge-group input-lat-service-permit interface configuration command. To remove this access condition, use the no form of this command.
bridge-group bridge-group input-lat-service-permit group-list
no bridge-group bridge-group input-lat-service-permit group-list
Syntax Description
Defaults
No group codes are specified.
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
This command causes the system to bridge only those service advertisements that match at least one group in the group list specified by the group-list argument.
If a message specifies group codes in both the deny and permit list, the message is not bridged.
Examples
The following example bridges any advertisements from groups 1, 5, and 12 through 14:
interface ethernet 1bridge-group 1 input-lat-service-permit 1 5 12-14Related Commands
Specifies the group codes by which to deny access upon input.
Specifies the group codes by which to permit access upon output.
bridge-group input-lsap-list
To filter IEEE 802.2-encapsulated packets on input, use the bridge-group input-lsap-list interface configuration command. To disable this capability, use the no form of this command.
bridge-group bridge-group input-lsap-list access-list-number
no bridge-group bridge-group input-lsap-list access-list-number
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
This access list is applied to all IEEE 802.2 frames received on that interface prior to the bridge-learning process. SNAP frames must also pass any applicable Ethernet type-code access list.
Examples
The following example specifies access list 203 on Ethernet interface 1:
interface ethernet 1bridge-group 3 input-lsap-list 203Related Commands
Establishes MAC address access lists.
Assigns each network interface to a bridge group.
Filters IEEE 802-encapsulated packets on output.
bridge-group input-pattern-list
To associate an extended access list with a particular interface in a particular bridge group, use the bridge-group input-pattern-list interface configuration command. To disable this capability, use the no form of this command.
bridge-group bridge-group input-pattern-list access-list-number
no bridge-group bridge-group input-pattern-list access-list-number
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
Examples
The following command applies access list 1101 to bridge group 3 using the filter defined in group 1:
interface ethernet 0bridge-group 3 input-pattern-list 1101Related Commands
Establishes MAC address access lists.
Assigns each network interface to a bridge group.
Associates an extended access list with a particular interface.
bridge-group input-type-list
To filter Ethernet- and SNAP-encapsulated packets on input, use the bridge-group input-type-list interface configuration command. To disable this capability, use the no form of this command.
bridge-group bridge-group input-type-list access-list-number
no bridge-group bridge-group input-type-list access-list-number
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
For SNAP-encapsulated frames, the access list is applied against the 2-byte TYPE field given after the DSAP/SSAP/OUI fields in the frame.
This access list is applied to all Ethernet and SNAP frames received on that interface prior to the bridge learning process. SNAP frames must also pass any applicable IEEE 802 DSAP/SSAP access lists.
Examples
The following example shows how to configure a Token Ring interface with an access list that allows only the LAT protocol to be bridged:
interface tokenring 0ip address 131.108.1.1 255.255.255.0bridge-group 1bridge-group 1 input-type-list 201Related Commands
Establishes MAC address access lists.
Assigns each network interface to a bridge group.
Filters Ethernet- and SNAP-encapsulated packets on output.
bridge-group lat-compression
To reduce the amount of bandwidth that LAT traffic consumes on the serial interface by specifying a LAT-specific form of compression, use the bridge-group lat-compression interface configuration command. To disable LAT compression on the bridge group, use the no form of this command.
bridge-group bridge-group lat-compression
no bridge-group bridge-group lat-compression
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
Compression is applied to LAT frames being sent out the router through the interface in question.
LAT compression can be specified only for serial interfaces. For the most common LAT operations (user keystrokes and acknowledgment packets), LAT compression reduces LAT's bandwidth requirements by nearly a factor of two.
Examples
The following example compresses LAT frames on the bridge assigned to group 1:
bridge-group 1 lat-compressionRelated Commands
bridge-group output-address-list
To assign an access list to a particular interface for filtering the MAC destination addresses of packets that would ordinarily be forwarded out that interface, use the bridge-group output-address-list interface configuration command. To remove an access list from an interface, use the no form of this command.
bridge-group bridge-group output-address-list access-list-number
no bridge-group bridge-group output-address-list access-list-number
Syntax Description
Defaults
No access list is assigned.
Command Modes
Interface configuration
Command History
Examples
The following example assigns access list 703 to Ethernet interface 3:
interface ethernet 3bridge-group 5 output-address-list 703Related Commands
bridge-group output-lat-service-deny
To specify the group codes by which to deny access upon output, use the bridge-group output-lat-service-deny interface configuration command. To cancel the specified group codes, use the no form of this command.
bridge-group bridge-group output-lat-service-deny group-list
no bridge-group bridge-group output-lat-service-deny group-list
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
group-list
List of LAT groups. Single numbers and ranges are permitted.
Defaults
No group codes are assigned.
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
This command causes the system to not bridge onto this output interface any service advertisements that contain groups matching any of those in the group list.
Examples
The following example prevents bridging of LAT service announcements from groups 12 through 20:
interface ethernet 0bridge-group 1bridge-group 1 output-lat-service-deny 12-20Related Commands
bridge-group output-lat-service-permit
To specify the group codes by which to permit access upon output, use the bridge-group output-lat-service-permit interface configuration command. To cancel specified group codes, use the no form of this command.
bridge-group bridge-group output-lat-service-permit group-list
no bridge-group bridge-group output-lat-service-permit group-list
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
group-list
LAT service advertisements.
Defaults
No group codes are specified.
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
This command causes the system to bridge onto this output interface only those service advertisements that match at least one group in the specified group code list.
Note
Examples
The following example allows only LAT service announcements from groups 5, 12, and 20 on this bridge:
interface ethernet 0bridge-group 1 output-lat-service-permit 5 12 20Related Commands
Specifies the group codes by which to permit access upon input.
Specifies the group codes by which to deny access upon output.
bridge-group output-lsap-list
To filter IEEE 802-encapsulated packets on output, use the bridge-group output-lsap-list interface configuration command. To disable this capability, use the no form of this command.
bridge-group bridge-group output-lsap-list access-list-number
no bridge-group bridge-group output-lsap-list access-list-number
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
SNAP frames must also pass any applicable Ethernet type-code access list. This access list is applied just before sending out a frame to an interface.
For performance reasons, specify both input and output type code filtering on the same interface.
Access lists for Ethernet- and IEEE 802-encapsulated packets affect only bridging functions. It is not possible to use such access lists to block frames with protocols that are being routed.
Packets bearing an 802.2 LSAP of 0xAAAA qualify for LSAP filtering since they are inherently in 802.3 format. However, because they also carry a Type field, they are matched against any Type filters. Therefore, if you use LSAP filters on an interface that may bear SNAP encapsulated packets you must explicitly permit 0xAAAA.
Examples
The following example specifies access list 204 on Ethernet interface 0:
interface ethernet 0bridge-group 4 output-lsap-list 204Related Commands
Establishes MAC address access lists.
Assigns each network interface to a bridge group.
Filters IEEE 802.2-encapsulated packets on input.
bridge-group output-pattern-list
To associate an extended access list with a particular interface, use the bridge-group output-pattern-list interface configuration command. To disable this capability, use the no form of this command.
bridge-group bridge-group output-pattern-list access-list-number
no bridge-group bridge-group output-pattern-list access-list-number
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
Examples
The following example filters all packets sent by bridge group 3 using the filter defined in access-list 1102:
interface ethernet 0bridge-group 3 output-pattern-list 1102Related Commands
bridge-group output-type-list
To filter Ethernet- and SNAP-encapsulated packets on output, use the bridge-group output-type-list interface configuration command. To disable this capability, use the no form of this command.
bridge-group bridge-group output-type-list access-list-number
no bridge-group bridge-group output-type-list access-list-number
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Autonomous bridging must be disabled to use this command.
Examples
The following example specifies access-list 202 on Ethernet interface 0:
interface ethernet 0bridge-group 2 output-type-list 202Related Commands
Establishes MAC address access lists.
Assigns each network interface to a bridge group.
Filters Ethernet- and SNAP-encapsulated packets on input.
bridge-group path-cost
To set a different path cost, use the bridge-group path-cost interface configuration command. To choose the default path cost for the interface, use the no form of this command.
bridge-group bridge-group path-cost cost
no bridge-group bridge-group path-cost cost
Syntax Description
Defaults
The default path cost is computed from the interface's bandwidth setting. The following are IEEE default path cost values. The Digital path cost default values are different.
•
•
•
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
By convention, the path cost is 10000/data rate of the attached LAN (IEEE), or 100000/data rate of the attached LAN (Digital), in megabits per second.
Examples
The following example changes the default path cost for Ethernet interface 0:
interface ethernet 0bridge-group 1 path-cost 250Related Commands
bridge-group priority
To set an interface priority, use the bridge-group priority interface configuration command. The interface priority is used to select the designated port for this bridge-group on the connected media. One designated port on each media is needed to compute the spanning tree.
bridge-group bridge-group priority number
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
number
Priority number ranging from 0 to 255 (Digital), or 0 to 64000 (IEEE).
Defaults
When the IEEE Spanning Tree Protocol is enabled on the router: 32768
When the Digital Spanning Tree Protocol is enabled on the router: 128
Command Modes
Interface configuration
Command History
Usage Guidelines
The lower the number, the more likely it is that the bridge on the interface will be chosen as the root.
There is not a no form for this command.
Examples
The following example increases the likelihood that the root bridge will be the one on Ethernet interface 0 in bridge group 1:
interface ethernet 0bridge-group 1 priority 0The following example shows the bridge-group priority help information for 9-bit port number size:
Router(config-if)# bridge-group 1 priority ?<0-255> increments of 2 for IEEE or vlan-bridge, others 1The following example shows the bridge-group priority help information for 10-bit port number size:
Router(config-if)# bridge-group 1 priority ?<0-255> increments of 4 for IEEE or vlan-bridge, others 1Related Commands
Assigns each network interface to a bridge group.
Configures the priority of an individual bridge, or the likelihood that it will be selected as the root bridge.
bridge-group spanning-disabled
To disable the spanning tree on a given interface, use the bridge-group spanning-disabled interface configuration command.
bridge-group bridge-group spanning-disabled
no bridge-group bridge-group spanning-disabled
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range of 1 to 255.
Defaults
Spanning tree enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
To enable transparent bridging on an interface, use the bridge protocol command to specify the type of Spanning Tree Protocol to be used. The bridge-group spanning-disabled command can be used to disable that spanning tree on that interface.
When a loop-free path exists between any two bridged subnetworks, you can prevent BPDUs generated in one transparent bridging subnetwork from impacting nodes in the other transparent bridging subnetwork, yet still permit bridging throughout the bridged network as a whole.
For example, when transparently bridged LAN subnetworks are separated by a WAN, you can use this command to prevent BPDUs from traveling across the WAN link. You would apply this command to the serial interfaces connecting to the WAN in order to prevent BPDUs generated in one domain from impacting nodes in the remote domain. Because these BPDUs are prevented from traveling across the WAN link, using this command also has the secondary advantage of reducing traffic across the WAN link.
Note
Examples
In the following example, the spanning tree for the serial interface 0 is disabled:
interface serial 0bridge-group 1 spanning-disabledRelated Commands
Assigns each network interface to a bridge group.
Defines the type of Spanning Tree Protocol.
bridge-group sse
To enable the Cisco silicon switching engine (SSE) switching function, use the bridge-group sse interface configuration command. To disable SSE switching, use the no form of this command.
bridge-group bridge-group sse
no bridge-group bridge-group sse
Syntax Description
bridge-group
Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 255.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Examples
The following example enables SSE switching:
bridge-group 1 sseRelated Commands
bridge-group subscriber-loop-control
To enable loop control on virtual circuits associated with a bridge group, use the bridge-group subscriber-loop-control interface configuration command. To disable loop control, use the no form of this command.
bridge-group bridge-group subscriber-loop-control
no bridge-group bridge-group subscriber-loop-control
Syntax Description
bridge-group
Bridge group number, in the range from 1 to 256, specified in the bridge protocol command.
Defaults
Loop control is disabled.
Command Modes
Interface configuration
Command History
Examples
The following example enables loop control on virtual circuits associated with bridge group 1:
bridge-group 1 subscriber-loop-controlRelated Commands
bridge-group subscriber-trunk
To specify that an interface is at the upstream point of traffic flow, use the bridge-group subscriber-trunk interface configuration command. To remove the specification and reset the interface to a non-trunking port, use the no form of this command.
bridge-group bridge-group subscriber-trunk
no bridge-group bridge-group subscriber-trunk
Syntax Description
bridge-group
Bridge group number, in the range from 1 to 256, specified in the bridge protocol command.
Defaults
The interface is set to a non-trunking port.
Command Modes
Interface configuration
Command History
Examples
The following example sets bridge-group 1 as the upstream point of traffic flow:
bridge-group 1 subscriber-trunkRelated Commands
bridge hello-time
To specify the interval between hello bridge protocol data units (BPDUs), use the bridge hello-time global configuration command. To return the default interval, use the no form of this command.
bridge bridge-group hello-time seconds
no bridge bridge-group hello-time
Syntax Description
bridge-group
Bridge group number. It must be the same number specified in the bridge protocol command.
seconds
Interval between 1 and 10 seconds.
Defaults
1 second
Command Modes
Global configuration
Command History
Usage Guidelines
Each bridge in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge, regardless of what its individual configuration might be.
Examples
The following example sets the interval to 5 seconds:
bridge 1 hello-time 5Related Commands
bridge irb
To enable the Cisco IOS software to route a given protocol between routed interfaces and bridge groups or to route a given protocol between bridge groups, use the bridge irb global configuration command. To disable the feature, use the no form of this command.
bridge irb
no bridge irb
Syntax Description
This command has no arguments or keywords.
Defaults
Integrated routing and bridging (IRB) is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
IRB is supported for transparent bridging, but not for source-route bridging. IRB is supported on all interface media types except X.25 and ISDN bridged interfaces.
Examples
The following example enables integrated routing and bridging:
bridge irbRelated Commands
bridge lat-service-filtering
To specify LAT group-code filtering, use the bridge lat-service-filtering global configuration command. To disable the use of LAT service filtering on the bridge group, use the no form of this command.
bridge bridge-group lat-service-filtering
no bridge bridge-group lat-service-filtering
Syntax Description
Defaults
LAT service filtering is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command informs the system that LAT service advertisements require special processing.
Examples
The following example specifies that LAT service announcements traveling across bridge group 1 require some special processing:
bridge 1 lat-service-filteringRelated Commands
bridge max-age
To change the interval the bridge will wait to hear BPDUs from the root bridge, use the bridge max-age global configuration command. If a bridge does not hear BPDUs from the root bridge within this specified interval, it assumes that the network has changed and will recompute the spanning-tree topology. To return to the default interval, use the no form of this command.
bridge bridge-group max-age seconds
no bridge bridge-group max-age
Syntax Description
bridge-group
Bridge group number specified in the bridge protocol command.
seconds
Interval the bridge will wait to hear BPDUs from the root bridge. It must be a value in the range 10 to 200 seconds.
Defaults
15 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
Each bridge in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge, regardless of what its individual configuration might be.
Examples
The following example increases the maximum idle interval to 20 seconds:
bridge 1 max-age 20Related Commands
Specifies the forward delay interval for the Cisco IOS software.
Specifies that an interface is at the upstream point of traffic flow.
Defines the type of Spanning Tree Protocol.
bridge multicast-source
To configure bridging support to allow the forwarding, but not the learning, of frames received with multicast source addresses, use the bridge multicast-source global configuration command. To disable this function on the bridge, use the no form of this command.
bridge bridge-group multicast-source
no bridge bridge-group multicast-source
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
If you need to bridge Token Ring over another medium, remote source-route bridging (RSRB) is recommended.
Examples
The following example allows the forwarding, but not the learning, of frames received with multicast source addresses:
bridge 2 multicast-sourceRelated Commands
bridge priority
To configure the priority of an individual bridge, or the likelihood that it will be selected as the root bridge, use the bridge priority global configuration command.
bridge bridge-group priority number
Syntax Description
Defaults
When the IEEE Spanning Tree Protocol is enabled on the router: 32768
When the Digital Spanning Tree Protocol is enabled on the router: 128
Command Modes
Global configuration
Command History
Usage Guidelines
When two bridges tie for position as the root bridge, an interface priority determines which bridge will serve as the root bridge. Use the bridge-group priority interface configuration command to control an interface priority.
There is not a no form for this command.
Examples
The following example establishes this bridge as a likely candidate to be the root bridge:
bridge 1 priority 100Related Commands
bridge protocol
To define the type of Spanning Tree Protocol, use the bridge protocol global configuration command. To delete the bridge group, use the no form of this command with the appropriate keywords and arguments.
bridge bridge-group protocol {dec | ibm | ieee | vlan-bridge}
no bridge bridge-group protocol {dec | ibm | ieee | vlan-bridge}
Syntax Description
Defaults
No Spanning Tree Protocol is defined.
Command Modes
Global configuration
Command History
10.0
This command was introduced.
12.0(1)T
The ibm and vlan-bridge keywords were added.
Usage Guidelines
The routers support two Spanning Tree Protocols: the IEEE 802.1 standard and the earlier Digital Spanning Tree Protocol upon which the IEEE standard is based. Multiple domains are supported for the IEEE 802.1 Spanning Tree Protocol.
Note
Examples
The following example shows bridge 1 as using the Digital Spanning Tree Protocol:
bridge 1 protocol decRelated Commands
Establishes a domain by assigning it a decimal value from 1 to 10.
Assigns each network interface to a bridge group.
bridge route
To enable the routing of a specified protocol in a specified bridge group, use the bridge route global configuration command. To disable the routing of a specified protocol in a specified bridge group, use the no form of this command.
bridge bridge-group route protocol
no bridge bridge-group route protocol
Syntax Description
bridge-group
Bridge group number. It must be the same number specified in the bridge protocol command.
protocol
One of the following protocols: apollo, appletalk, clns, decnet, ip, ipx, vines, xns.
Defaults
No default bridge group or protocol is specified.
Command Modes
Global configuration
Command History
Examples
In the following example, AppleTalk and IP are routed on bridge group 1:
bridge crbbridge 1 protocol ieeebridge 1 route appletalkbridge 1 route ipRelated Commands
Enables the Cisco IOS software to both route and bridge a given protocol on separate interfaces within a single router.
Defines the type of Spanning Tree Protocol.
bridge subscriber-policy
To bind a bridge group with a subscriber policy, use the bridge subscriber-policy global configuration command. To disable the subscriber bridge group feature, use the no form of this command.
bridge bridge-group subscriber-policy policy
no bridge bridge-group subscriber-policy policy
Syntax Description
bridge-group
Bridge group number, in the range of 1 to 256, specified in the bridge protocol command.
policy
Subscriber policy number in the range of 1 to 100.
Defaults
Table 4 shows the default values that are applied if no forward or filter decisions have been specified for the subscriber policy:
Table 4 Packet Default Values
ARP
Permit
Broadcast
Deny
CDP
Deny/Disable
Multicast
Permit
Spanning Tree Protocol
Deny/Disable
Unknown Unicast
Deny
Command Modes
Global configuration
Command History
Usage Guidelines
Standard access lists can coexist with the subscriber policy. However, subscriber policy will take precedence over the access list by being checked first. A packet permitted by the subscriber policy will be checked against the access list if it is specified. A packet denied by subscriber policy will be dropped with no further access list checking.
Examples
The following example forms a subscriber bridge group using policy 1:
bridge 1 subscriber-policy 1Related Commands
Defines the type of Spanning Tree Protocol.
Displays the details of a subscriber policy.
Defines or modifies the forward and filter decisions of the subscriber policy.
clear bridge
To remove any learned entries from the forwarding database and to clear the transmit and receive counts for any statically or system-configured entries, use the clear bridge privileged EXEC command.
clear bridge bridge-group
Syntax Description
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows the use of the clear bridge command:
clear bridge 1Related Commands
Filters frames with a particular MAC-layer station source or destination address.
Defines the type of Spanning Tree Protocol.
clear bridge multicast
To clear transparent bridging multicast state information, use the clear bridge multicast EXEC command.
clear bridge [bridge-group] multicast [router-ports | groups | counts] [group-address] [interface-unit] [counts]
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Command History
Usage Guidelines
If you do not specify arguments or keywords as part of the command, the command clears router ports, group ports, and counts for all configured bridge groups.
Use the show bridge multicast command to list transparent bridging multicast state information, then use specific pieces of state information in the clear bridge multicast command.
Examples
The following example clears router ports, group ports, and counts for bridge group 1:
clear bridge 1 multicastThe following example clears the group and count information for the group identified as 235.145.145.223, interface Ethernet 0/3 for bridge group 1:
clear bridge 1 multicast groups 235.145.145.223 Ethernet0/3 countRelated Commands
Enables CMF for all configured bridge groups.
Displays transparent bridging multicast state information.
clear vlan statistics
To remove virtual LAN statistics from any statically or system-configured entries, use the clear vlan statistics privileged EXEC command.
clear vlan statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Examples
The following example clears VLAN statistics:
clear vlan statisticsframe-relay map bridge broadcast
To bridge over a Frame Relay network, use the frame-relay map bridge broadcast interface configuration command. To delete the mapping entry, use the no form of this command.
frame-relay map bridge dlci broadcast
no frame-relay map bridge dlci broadcast
Syntax Description
Defaults
No mapping entry is established.
Command Modes
Interface configuration
Command History
Usage Guidelines
Bridging over a Frame Relay network is supported both on networks that support a multicast facility and those that do not.
Examples
The following example allows bridging over a Frame Relay network:
frame-relay map bridge 144 broadcastRelated Commands
interface bvi
To create the bridge-group virtual interface (BVI) that represents the specified bridge group to the routed world and links the corresponding bridge group to the other routed interfaces, use the interface bvi interface configuration command. To delete the BVI, use the no form of this command.
interface bvi bridge-group
no interface bvi bridge-group
Syntax Description
bridge-group
Bridge group number. It must be the same number specified in the bridge protocol command.
Defaults
No BVI is created.
Command Modes
Interface configuration
Command History
Usage Guidelines
You must enable IRB before attempting to create a BVI.
When you intend to bridge and route a given protocol in the same bridge group, you must configure the network-layer attributes of the protocol on the BVI. Do not configure protocol attributes on the bridged interfaces. No bridging attributes can be configured on the BVI.
Examples
The following example creates a bridge-group virtual interface and associates it with bridge group 1:
interface bvi 1Related Commands
Enables the Cisco IOS software to route a given protocol between routed interfaces and bridge groups or to route a given protocol between bridge groups.
show bridge
To display classes of entries in the bridge forwarding database, use the show bridge privileged EXEC command.
show bridge [bridge-group] [interface] [address [mask]] [verbose]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command first appeared in Cisco IOS Release 10.0. The verbose keyword first appeared in
Cisco IOS Release 11.0.The following are possible variations of the show bridge command:
show bridge ethernet 0show bridge 0000.0c00.0000 0000.00FF.FFFFshow bridge 0000.0c00.0e1ashow bridgeshow bridge verboseIn the sample output, the first command would display all entries for hosts reachable via Ethernet interface 0, the second command would display all entries with the vendor code of 0000.0c00.0000, and the third command would display the entry for address 0000.0c00.0e1a. In the fourth command, all entries in the forwarding database would be displayed. The fifth command provides additional detail. In all five lines, the bridge group number has been omitted.
Examples
The following is sample output from the show bridge command. The second display is output from the
show bridge command with the verbose argument.Router# show bridgeTotal of 300 station blocks, 280 freeCodes: P - permanent, S - selfBridge Group 32:Bridge Group 32:Address Action Interface Age RX count TX count0180.c200.0000 receive - S 0 0ffff.ffff.ffff receive - S 0 00900.2b01.0001 receive - S 0 00300.0c00.0001 receive - S 0 00000.0c05.1000 forward Ethernet0/1 4 1 00000.0c04.4b5b receive - S 0 00000.0c04.4b5e receive - S 0 00000.0c04.4b5d receive - S 0 00000.0c04.4b5c receive - S 0 00000.0c05.4a62 forward Ethernet0/1 4 1 0aa00.0400.2108 forward Ethernet0/1 0 42 00000.0c12.b888 forward Ethernet0/2 4 1 00000.0c12.b886 forward Ethernet0/1 4 1 0aa00.0400.4d09 forward Ethernet0/1 4 1 00000.0c06.fb9a forward Ethernet0/1 4 1 00000.0c04.b039 forward Ethernet0/1 4 1 0router# show bridge verboseTotal of 300 station blocks, 287 freeCodes: P - permanent, S - selfBG Hash Address Action Interface DLCI Age RX count TX count32 00/0 0180.c200.0000 receive - - S 0 032 00/1 ffff.ffff.ffff receive - - S 0 032 01/0 0900.2b01.0001 receive - - S 0 032 01/1 0300.0c00.0001 receive - - S 0 032 10/0 0000.0c04.4b5b receive - - S 0 032 15/0 0000.0c04.4b5e receive - - S 0 032 16/0 0000.0c04.4b5d receive - - S 0 032 17/0 0000.0c04.4b5c receive - - S 0 032 29/0 aa00.0400.2108 forward Ethernet0/1 - 0 48 032 30/0 0000.0c12.b888 forward Ethernet0/2 - 0 1 032 A4/0 0800.2002.ff5b forward Ethernet0/1 - 0 6 032 E2/0 aa00.0400.e90b forward Ethernet0/1 - 0 65 032 F2/0 0000.0c04.b042 forward Ethernet0/2 - 3 2 0Table 5 describes significant fields shown in the display.
show bridge circuit-group
To display the interfaces configured in each circuit group and show whether they are currently participating in load distribution, use the show bridge circuit-group EXEC command.
show bridge [bridge-group] circuit-group [circuit-group] [src-mac-address] [dst-mac-address]
Syntax Description
Command Modes
EXEC
Command History
Examples
The following is sample output from various show bridge circuit-group command strings:
RouterA> show bridge circuit-groupBridge group 1 Circuit group 1:Interface Serial0 : inserted, learning, forwardingInterface Serial3 : inserted, learning, forwardingBridge group 1 Circuit group 2:Interface Serial2 : inserted, learning, forwardingRouterA> show bridge 1 circuit-group 1Bridge group 1 Circuit group 1:Interface Serial0 : inserted, learning, forwardingInterface Serial3 : inserted, learning, forwardingRouterA> show bridge 1 circuit-group 2Bridge group 1 Circuit group 2:Interface Serial2 : inserted, learning, forwardingRouterA> show bridge 1 circuit-group 1 0000.6502.23EA 0000.1234.4567Output circuit group interface is Serial3RouterA> show bridge 1 circuit-group 1 0000.6502.23EA%Destination MAC address requiredRouterB> show bridge 1 circuit-group 1Bridge group 1 Circuit group 1:Transmission pause interval is 250msOutput interface selection is source-basedInterface Serial0 : inserted, learning, forwardingInterface Serial3 : inserted, learning, forwardingInterface Serial2 is unavailableRouterB> show bridge 1 circuit-group 1 0000.6502.23EA 0000.1234.4567%Please enter source MAC address onlyTable 6 describes significant fields shown in the display.
show bridge group
To display the status of each bridge group, use the show bridge group privileged EXEC command.
show bridge group [verbose]
Syntax Description
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output from the show bridge group command:
Router# show bridge groupBridge Group 1 is running the DEC compatible Spanning Tree ProtocolPort 7 (ATM0.1 LANE Ethernet) of bridge group 1 is downPort 4 (TokenRing0) of bridge group 1 is forwarding"Forwarding" and "down" indicate the port state as determined by the spanning-tree algorithm or via configuration.
The following examples are for bridge group 30 and bridge group 40 of a PA-12E/2FE port adapter in slot 3:
Router# show bridge groupBridge Group 30 is running the IEEE compatible Spanning Tree ProtocolPort 19 (Fast Ethernet3/0) of bridge group 30 is forwardingPort 20 (Fast Ethernet3/1) of bridge group 30 is forwardingPort 21 (Ethernet3/2) of bridge group 30 is forwardingPort 22 (Ethernet3/3) of bridge group 30 is forwardingPort 23 (Ethernet3/4) of bridge group 30 is forwardingPort 24 (Ethernet3/5) of bridge group 30 is forwardingPort 25 (Ethernet3/6) of bridge group 30 is forwardingBridge Group 40 is running the IEEE compatible Spanning Tree ProtocolPort 26 (Ethernet3/7) of bridge group 40 is downPort 27 (Ethernet3/8) of bridge group 40 is downPort 28 (Ethernet3/9) of bridge group 40 is downPort 29 (Ethernet3/10) of bridge group 40 is downPort 30 (Ethernet3/11) of bridge group 40 is downPort 31 (Ethernet3/12) of bridge group 40 is downPort 32 (Ethernet3/13) of bridge group 40 is downshow bridge multicast
To display transparent bridging multicast state information, use the show bridge multicast EXEC command.
show bridge [bridge-group] multicast [router-ports | groups] [group-address]
Syntax Description
Command Modes
EXEC
Command History
Examples
The following is sample output from the show bridge multicast command:
Router# show bridge multicastMulticast router ports for bridge group 1:2 multicast router portsFddi2/0 REthernet0/4 RMulticast groups for bridge group 1:235.145.145.223 RX count TX countFddi2/0 R 0 2Ethernet0/4 R 0 3Ethernet0/3 G 1 0235.5.5.5 RX count TX countFddi2/0 R 0 2Ethernet0/4 R 0 3Ethernet0/3 G 1 0235.4.4.4 RX count TX countFddi2/0 R 0 2Ethernet0/4 R 0 3Ethernet0/3 G 1 0Table 7 describes significant fields shown in the display.
show bridge vlan
To display virtual LAN subinterfaces, use the show bridge vlan privileged EXEC command.
show bridge vlan
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output from the show bridge vlan command:
Router# show bridge vlanBridge Group: 50Virtual LAN Trunking Interface(s): vLAN Protocol: vLAN ID: StateFddi2/0.1000 IEEE 802.10 1000 forwardingFast Ethernet4/0.500 Inter Switch Link 500 listeningVirtual LAN Native Interface(s): StateEthernet0/1 forwardingSerial1/1 downTable 8 describes the fields shown in the display.
show interfaces crb
To display the configuration for each interface that has been configured for routing or bridging, use the show interfaces crb privileged EXEC command.
show interfaces crb
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output from the show interfaces crb command:
Router# show interfaces crbEthernet0/0Routed protocols on Ethernet0/0:appletalk decnet ip novellEthernet0/1Routed protocols on Ethernet0/1:appletalk decnet ip novellEthernet0/2Routed protocols on Ethernet0/2:appletalk ipBridged protocols on Ethernet0/2:clns decnet vines apollonovell xnsSoftware MAC address filter on Ethernet0/2Hash Len Address Matches Act Type0x00: 0 ffff.ffff.ffff 0 RCV Physical broadcast0x00: 1 ffff.ffff.ffff 0 RCV Appletalk zone0x2A: 0 0900.2b01.0001 0 RCV DEC spanning tree0x49: 0 0000.0c36.7a45 0 RCV Interface MAC address0xc0: 0 0100.0ccc.cccc 20 RCV CDP0xc2: 0 0180.c200.0000 0 RCV IEEE spanning tree0xF8: 0 0900.07ff.ffff 0 RCV Appletalk broadcastEthernet0/3Routed protocols on Ethernet0/3:appletalk ipBridged protocols on Ethernet0/3:clns decnet vines apollonovell xnsSoftware MAC address filter on Ethernet0/3Hash Len Address Matches Act Type0x00: 0 ffff.ffff.ffff 0 RCV Physical broadcast0x00: 1 ffff.ffff.ffff 0 RCV Appletalk zone0x2A: 0 0900.2b01.0001 0 RCV DEC spanning tree0x49: 0 0000.0c36.7a45 0 RCV Interface MAC address0xc0: 0 0100.0ccc.cccc 48 RCV CDP0xc2: 0 0180.c200.0000 0 RCV IEEE spanning tree0xF8: 0 0900.07ff.ffff 0 RCV Appletalk broadcastTable 9 describes significant fields shown in the display.
show interfaces irb
To display the configuration for each interface that has been configured for integrated routing or bridging, use the show interfaces irb privileged EXEC command.
show interfaces {ethernet | fastethernet} [interface | slot/port] irb
Syntax Description
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output from the show interfaces irb command:
Router# show interfaces ethernet 2 irbEthernet 2Routed protocols on Ethernet 2:appletalk ipBridged protocols on Ethernet 2:appletalk clns decnet vinesapollo ipx xnsSoftware MAC address filter on Ethernet 2Hash Len Address Matches Act Type0x00: 0 ffff.ffff.ffff 4886 RCV Physical broadcast0x1F: 0 0060.3e2b.a221 7521 RCV Appletalk zone0x1F: 1 0060.3e2b.a221 0 RCV Bridge-group Virtual Interface0x2A: 0 0900.2b01.0001 0 RCV DEC spanning tree0x05: 0 0900.0700.00a2 0 RCV Appletalk zone0xC2: 0 0180.c200.0000 0 RCV IEEE spanning tree0xF8: 0 0900.07ff.ffff 2110 RCV Appletalk broadcastThe following example shows that IP is configured for the first PA-12E/2FE interface of the port adapter in slot 3:
Router# show interfaces fastethernet 3/0 irbFast Ethernet3/0Routed protocols on Fast Ethernet3/0:ipBridged protocols on Fast Ethernet3/0:appletalk clns decnet ipvines apollo ipx xnsSoftware MAC address filter on Ethernet3/0Hash Len Address Matches Act Type0x00: 0 ffff.ffff.ffff 0 RCV Physical broadcast0x2A: 0 0900.2b01.0001 0 RCV DEC spanning tree0xC2: 0 0180.c200.0000 0 RCV IEEE spanning tree0xC7: 0 00e0.f7a4.5130 0 RCV Interface MAC address0xC7: 1 00e0.f7a4.5130 0 RCV Bridge-group Virtual InterfaceTable 10 describes significant fields shown in the displays.
show spanning-tree
To display information regarding which Spanning Tree Protocol is running, use the show spanning-tree configuration command.
show spanning-tree bridge-group
Syntax Description
bridge-group
Bridge group number, in the range of 1 to 256, specified in the bridge protocol command.
Command Modes
EXEC
Command History
Examples
The following example shows that Bridge group 1 is running the VLAN Bridge Spanning Tree Protocol.
Router# show spanning-tree 1Bridge group 1 is executing the VLAN Bridge compatible Spanning Tree ProtocolBridge Identifier has priority 32768, address 0000.0c37.b055Configured hello time 2, max age 30, forward delay 20We are the root of the spanning treePort Number size is 10 bitsTopology change flag not set, detected flag not setTimes: hold 1, topology change 35, notification 2hello 2, max age 30, forward delay 20Timers: hello 0, topology change 0, notification 0bridge aging time 300Port 8 (Ethernet1) of Bridge group 1 is forwardingPort path cost 100, Port priority 128Designated root has priority 32768, address 0000.0c37.b055Designated bridge has priority 32768, address 0000.0c37.b055Designated port is 8, path cost 0Timers: message age 0, forward delay 0, hold 0BPDU: sent 184, received 0show subscriber-policy
To display the details of a subscriber policy, use the show subscriber-policy EXEC command.
show subscriber-policy range
Syntax Description
Command Modes
EXEC
Command History
Examples
The following is sample output from the show subscriber-policy command:
Router# show subscriber-policy 1ARP: PermitBroadcast: DenyMulticast: PermitUnknown: DenySTP: DisableCDP: DisableRelated Commands
show vlans
To view virtual LAN (VLAN) subinterfaces, use the show vlans privileged EXEC command.
show vlans
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output from the show vlans command:
RouterC7xxx# show vlansVirtual LAN ID: 300 (IEEE 802.10 Encapsulation)vLAN Trunk Interface: FDDI 1/1.10Protocols Configured: Address: Received: Transmitted:IP 31.108.1.1 642 645Virtual LAN ID: 400 (ISL Encapsulation)vLAN Trunk Interface: Fast Ethernet 2/1.20Protocols Configured: Address: Received: Transmitted:IP 171.69.2.2 123456 654321Bridge Group 50 5190 8234Virtual LAN ID: 500 (ISL Encapsulation)vLAN Trunk Interface: Fast Ethernet 2/1.30Protocols Configured: Address: Received: Transmitted:IPX 1000 987654 456789Virtual LAN ID: 600 (ISL Encapsulation)vLAN Trunk Interface: Fast Ethernet 2/1.30Protocols Configured: Address: Received: Transmitted:IP 198.92.3.3 8114 4508IPX 1001 2 3Bridge Group 50 8234 5190Table 11 describes the fields shown in the display.
subscriber-policy
To define or modify the forward and filter decisions of the subscriber policy, use the subscriber-policy global configuration command. To restore the default forward and filter values, use the no or default form of this command.
subscriber-policy policy [[no | default] packet [permit | deny]]
Syntax Description
Defaults
Table 12 shows the default values that are applied if no forward or filter decisions have been specified for the subscriber policy:
Table 12 Packet Default Values
ARP
Permit
Broadcast
Deny
CDP
Deny/Disable
Multicast
Permit
Spanning Tree Protocol
Deny/Disable
Unknown Unicast
Deny
Command Modes
Global configuration
Command History
Usage Guidelines
As an alternative to the command syntax described above, you can enter subscriber-policy policy, followed by the specific forward or filter decisions for each packet.
There is not a no form for this command.
Examples
The following example changes the ARP behavior and the multicast behavior from permit to deny, using the command syntax shown in the Command Syntax section:
subscriber-policy 3 arp denysubscriber-policy 3 multicast denyThe following example changes the ARP behavior and the multicast behavior from permit to deny, using the alternative syntax shown in the Usage Guidelines section:
subscriber-policy 3arp denymulticast denyRelated Commands
Defines the type of Spanning Tree Protocol.
Binds a bridge group with a subscriber policy.
Displays the details of a subscriber policy.
x25 map bridge
To configure the an Internet-to-X.121 address mapping for bridging over X.25, use the x25 map bridge interface configuration command. To disable the Internet-to-X.121 mapping, use the no form of this command.
x25 map bridge x.121-address broadcast [options-keywords]
no x25 map bridge x.121-address broadcast [options-keywords]
Syntax Description
x.121-address
The X.121 address.
broadcast
Required keyword for bridging over X.25.
options-keywords
(Optional) Additional functionality that can be specified for originated calls. Can be any of the options listed in Table 13.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
The X.25 bridging software uses the same spanning-tree algorithm as the other bridging functions, but allows packets to be encapsulated in X.25 frames and sent across X.25 media. This command specifies IP-to-X.121 address mapping and maintains a table of both the Ethernet and X.121 addresses.
The X.25 bridging implementation supports the map options listed in Table 13.
Examples
The following example allows bridging over an X.25 network:
x25 map bridge 31370054065 broadcastRelated Commands
x25 address
Sets the X.121 address on the interface.
x25 map
Sets the maximum number of virtual circuits a protocol can have open simultaneously to one host.
