Hi Rick.

Many thanks for your help. I have attached 3 configs, SpokeA, Internet_Sim, and HubA.[Very basic]. I applied the bridge-group command on the WAN interfaces too but to no avail. Could you point me in the right direction of a config which does work? I understand Cisco may not support bridging over GRE but a working config may give me some idea of where I am going wrong.

Many thanks for your help.

Ziad

There are a number of issues and ambiguities in the configs that you have posted.

- you are configuring IRB and specifying that IP is routed. So what traffic are you going to bridge?

- you have configured bridge-group only on the tunnel interface. For bridging to work there must be a bridge-group on at least 2 interfaces, an interface where the bridged traffic arrives and the interface where the bridged traffic exits.

- you have configured EIGRP 100 to run over the tunnel. But since it runs on no other interfaces it has nothing to advertise. What good is a dynamic routing protocol if it has nothing to advertise?

I see that you have configured keepalives on the GRE tunnel. Do the tunnels come up and stay up (do the keepalives work)?

HTH

Rick

Hi Rick,

Thanks for the info, the EIGRP is part of a legacy setup and I have now removed it. I?ve also removed IRB completely ? this is so I have a base setup and can work my way upwards. The keepalives do work, debugs are at the end of the HUB-A config.

At the Hub end it looks promising?

HUB-A#show bridge verbose

Total of 300 station blocks, 300 free

Codes: P - permanent, S - self

Flood ports (BG 1) RX count TX count

FastEthernet0/1 58 0

Tunnel2 0 58

However the spoke end doesn?t RX or TX anything.

I?ve attached the updated configs too.

Many thanks.

Ziad

I have looked at the new config files that you posted. I am glad to see the EIGRP and the IRB removed from the configs. I agree that establishing a base setup is good and you can work up from there. In that way I would suggest that you remove the crypto map from the physical interfaces in both routers. Lets take IPSec VPN out of the picture until you have bridging working and have the GRE tunnels working.

I notice on the spoke router that the FastEthernet0/0 is configured with no keepalive. I wonder why this is? Is there something connected on this port to generate traffic and to receive traffic? If not bridging will have a difficult time working.

HTH

Rick

Hi Rick.

I've removed the crypto, enabled keepalive on the LAN interface. Looks worse than before, now the hub end doesn?t register an TX/RX.

I have also include show arp, show bridge group, and bridge verbose.

Many thanks for your help.

Ziad

These configs do seem to get us to the point where we have a basic config and this will allow us to focus on the fundamentals of getting bridged traffic over the GRE tunnels. In terms of the mechanics of the config and of syntax these are now configs that should work.

I believe that there is a conceptual question which we now need to address. In several of my previous posts I have asked questions that I now believe are central to the problem:

Is there non-routed (bridged) traffic - non IP traffic - going through this interface?

and

you are configuring IRB and specifying that IP is routed. So what traffic are you going to bridge?

I believe that the crux of the problem now is what traffic will be bridged? If you are routing IP then IP can not be bridged. So what traffic is there that will be bridged? If there were IPX traffic, or SNA traffic, or some other non-routed protocol traffic on the FastEthernet interface then I believe that it would be bridged and carried over the tunnel. But what traffic is there that should be bridged?

HTH

Rick

Hi Rick.

SNA traffic needs to be bridged and unfortunately I do not have access to an AS400.

I think I may have to test the config in a live envornment.