Bridge-Group blocking traffic to LAN.

I had gotten this to work at one point by blindly trying stuff, but we havd a power and I lost those settings and I am at a loss to get it working again.

In short:

Cisco 871W

If my VLAN 10 interface has the "bridge-group" commands in it, ethernet/IP traffic does not flow to/from my lan on a switch. If I remove the "bridge-group" then traffic flows fine.

relevant bits:

bridge irb bridge 10 protocol ieee bridge 10 route ip ! interface BVI 10 no ip address no shutdown ! interface FastEthernet0 description Trunk to Switch 1 spanning-tree portfast switchport mode trunk switchport trunk encapsulation dot1q carrier-delay 10 ! ! interface Vlan10 description Intranet ip address 10.0.0.2 255.255.0.0 ip nat inside ip virtual-reassembly bridge-group 10 bridge-group 10 spanning-disabled

Without the bridge-group stuff, I can actually get the "router" portion to the ADSL cloud to work. But with the "bridge-group" (which is needed for the wireless interfaces) nothing works. And since the link to my dhcp server on the LAN doesn't work, the wireless stuff won't work either since it can't get DHCP responses.

I tried to set the fa0 interface to a switchport access vlan 10, but that didn't make a difference. (it won't let me do "bridge-group" on the ast ethernet interface).

QUESTION: is the bridge-group solely within the router or does it "leak" into trunk lines to other switches ? My 2924 switch doesn't know about bridge-groups.

If I want my router to have an IP address of 10.0.0.2 accessible by hosts in VLAN10, is the setting of the IP in the VLAN10 interface the correct way to do it ? Or shoudl it be in the BVI interface ?

Reply to
JF Mezei
Loading thread data ...

I guess you probably need something like this.

bridge irb bridge 10 protocol ieee bridge 10 route ip ! interface BVI 10 ip address 10.0.0.2 255.255.0.0 ip nat inside ip virtual-reassembly no shutdown ! interface FastEthernet0 description Trunk to Switch 1 spanning-tree portfast switchport mode trunk switchport trunk encapsulation dot1q carrier-delay 10 ! ! interface Vlan10 description Intranet bridge-group 10 bridge-group 10 spanning-disabled

Assumes Vlan 10 is being trunked via Fa0.

Reply to
bod43

Many Thanks. That did the trick.

Now, with BVI having an IP interface and the VLAN having none, it appears to work, (in terms of being able to reach the lan from the router and vice versa).

Would it be correct to state that all packets flow thorugh the BVI and it is the BVI that decides whether the packet is to go through a router interface or just a switched one ?

I take it that bridge 10 protocol ieee bridge 10 route ip end up defining the behaviour of the BVI 10 interface ?

(Now, I have to work on the right incantation and prayers to get the wrireless interface to work again :-( :-( ;-( :-(

Reply to
JF Mezei

You need to put the dot11 int into bridge group 10 too.

Without the wireless all you would need is

int vl 10 ip add....

no irb no bridge 10 protocol ieee no bridge 10 route ip

The wireless seems to add confusion in that you need to use the old bridging commands to joint the wireless interface to the rest of the VLAN.

What I mean is that on an ethernet interface you simply configure int fa 30 sw mode access sw access vl 10

But for some reason on the dot11 int that does not seem to work.

I guess it may be to do with the mixture of traditional router and switch that is an 871.

It gets even more mad when you want more than one SSID on the wireless. I simply can't understand that config at all even though I have it working. It's a miracle I got it going at all.

Look up integrated routing and bridging (IRB) for details of that aspect of it.

Reply to
bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.