02-12-2007 05:30 AM - edited 03-05-2019 02:18 PM
Hello,
Is it possible to handle more VLANs with IRB. Because as I have seen BVI interface doesn't support subinterfaces, and VLAN tagging. I would like to have on fast ethernet 3 VLAN-s and ip address coresponding to those VLANa. Is it possible with IRB?
Thanks in advance
Solved! Go to Solution.
02-12-2007 11:26 AM
antonio
If I understand correctly what you need I would think that the solution would be to create 3 bridge groups and 3 BVI interfaces. Bridge-group 1 and interface BVI 1 for VLAN 1, Bridge-group 4 and interface BVI 4 for VLAN 4, and bridge-group 10 and interface BVI 10 for VLAN 10 (adjust for whatever your VLAN numbers are).
HTH
Rick
02-12-2007 06:13 AM
Do you need to bridge is the question. If not all you need to do is put the subinterfaces on the fastethernet interface and put the addresses on the subinterface and this will allow you to trunk down to switches with the appropriate trunking statements on the subinterfaces . . A little more info on what you are trying to do would help us help you .
02-12-2007 06:46 AM
Yes I need bridging, because I need to connect router with two interfaces for redundancy, and spanning tree will keep one of interfaces in blocking state. Problem is that I have 3 VLANs.
02-12-2007 11:26 AM
antonio
If I understand correctly what you need I would think that the solution would be to create 3 bridge groups and 3 BVI interfaces. Bridge-group 1 and interface BVI 1 for VLAN 1, Bridge-group 4 and interface BVI 4 for VLAN 4, and bridge-group 10 and interface BVI 10 for VLAN 10 (adjust for whatever your VLAN numbers are).
HTH
Rick
02-14-2007 06:13 AM
Thank you very much. I think that would be the solution.
02-14-2007 06:35 AM
Rick just a question for my knowledge , would he need multiple BVI's or just one BVI and put the same bridge group on all interfaces ?
02-14-2007 01:56 PM
Glen
If he defines a single BVI and a single bridge group and assigns the same bridge group on all interfaces then he bridges all the VLANs together and he really has a single VLAN and not 3 VLANs. A VLAN is a broadcast domain. When you bridge different interfaces together you are putting them into the same broadcast domain. If he wants to maintain 3 VLANs then he neds 3 BVIs.
HTH
Rick
02-14-2007 02:59 PM
Guess i am a little confused as to what he wants, if he wants additional vlans why doesn't he just use additional subinterfaces on the fast ether . Bridging is normally used for unroutable protocols like LAT so he would not reallly have 1 vlan , he would still 3 vlans but with one bridge group for unroutable protocols with its own spanning tree .
02-14-2007 05:11 PM
Glen
I agree that there may be some confusion about what he is trying to do and it may be that my understanding is flawed. I believe that the key is in one of the follow up messages in which he says that he needs to bridge because he wants two interfaces on the router to be active in the same subnet (same VLAN) to provide redundancy. To get two interfaces in the same subnet/VLAN he needs to bridge and to bridge the interfaces and to route IP he needs IRB with BVI. And if he has 3 VLANs and wants to keep the 3 VLANs separate then he needs 3 BVIs (and 3 bridge groups).
HTH
Rick
02-13-2019 08:02 PM
12-03-2019 12:30 PM - edited 12-03-2019 12:33 PM
Hi, sorry to revive this old thread, but i have few questions about IRB:
Fom the cisco document, Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature :
When in figure 3, we apply Bridging IP feature(transparent bridging?):
"Eventhough the PCs are now in the same subnet this design results in two physially separate VLANs that may or may not have the same VLAN number."
And in figure 4, with IRB IP:
"The VLAN now spans the router, and the VLAN header is maintained as the frame transits the router."
I have tested a lots of combinations, and i see no difference in regular bridging and IRB bridging, in terms of VLAN headers as they past the router (ofc. main difference is that with IRB one can bridge AND route protocol at the same time..but as for bridging, they both do the same).
I have uploaded a picture with examples
==
Examples 1 and 2 are regular bridging, where PCs are in same vlan (2) and in different vlan (2 and 3)
Examples 3 and 4 are IRB bridge.
PCs are in the same subnet.
PCleft pings PCright, and red triangles are packets tagged with vlan2 or vlan3 tag.
===
Can you please clarify me following:
note1: Looks like even with iRB bridging, PCa and PCb can still be in the different VLAN. (ex.4)
Question1: how can i be sure that "IRB maintains the VLAN header", or simply replace VLAN tag2 coming on left interface of router, with VLAN tag2 exiting right interface of router (in the example 3).
note2: We can see from ex.4, IRB doesnt maintain the VLAN header, but the router apply tag 3 on f0/1.3 subinterface.
Quote from the document:
"On a single physical interface, the IRB can be created with two VLAN sub-interfaces (802.1Q tagging); one VLAN sub-interface has an IP address that is used for routing, and the other VLAN sub-interface bridges between the sub-interface used for routing and the other physical interface on the router."
Isn't more precise to say: "..and the other VLAN sub-interface is bridged with other physical interface".
What i configured is in example in second uploaded picture.
Is it the right configuration, related to that quote?Is that what the quote is saying ?
Quote from some older Cisco document:
To route a received VLAN packet the Cisco IOS software VLAN switching code first extracts the VLAN
ID from the packet header (this is a 10-bit field in the case of ISL and a 4-byte entity known as the
security association identifier in the case of IEEE 802.10), then demultiplexes the VLAN ID value into
a subinterface of the receiving port. If the VLAN color does not resolve to a subinterface, the Cisco IOS
software can transparently bridge the foreign packet natively (without modifying the VLAN header) on
the condition that the Cisco IOS software is configured to bridge on the subinterface itself. For VLAN
packets that bear an ID corresponding to a configured subinterface, received packets are then classified
by protocol type before running the appropriate protocol specific fast switching engine.
Question2: how can i configure router to test this statement ? (p.s. it says about ISL protocol, but i guess the same can be applied for 802.1q standard). I have tried to achieve this in my first picture,example4, by enabling f0/0.4 subinterface on router (instead of f0/0.2), but when the packet from left pc (tagged with vlan tag 2) comes at router, it doesnt pass the router (arp request for 1.1.1.3, tagged with vlan 2, doesnt pass the router). So, what am i missing ?
Thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: