cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3742
Views
0
Helpful
9
Replies

vlan bridging by physically wiring two ports on the same switch

anadichaturvedi
Level 1
Level 1

q1. Recently i came to know to about vlan brdiging. i was told that suppose i have two ports say 1 and 2 belonging to vlan -x .now i have two other ports say 3 and 4 belonging to another vlan -y. now i have a pc connected to port 1 and another in port 4. ideally they should not be able to ping, right. but if i connect port 2 and 3 with a cable then everything works fine. why is that?

q2. Can we configure vlan bridging as well?

q3. Is it covered in ccnp?

kindly help

thanks in advnace

9 Replies 9

cadet alain
VIP Alumni
VIP Alumni

Hi,

bridging whether it be transparent bridging or  IRB are not covered in the CCNP curriculum and these are used on routers.

You can connect a switch in vlan 2 to a switch in vlan 3 with an access port and have clients in vlan 2 and 3 communicate without any routing device but i would not name this vlan bridging but rather vlan leaking and i would highly recommend against such practice.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

in some special cases such a design might help.

In a case you need to monitor all communication between two parts of a single subnet, e.g.

BR,

Milan

Hi Milan,

Could you explain further and explain the advantages versus a port mirroring for monitoring.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

sorry, I should have used a term "inspect" or "protect" instead of "monitor".

Imagine following scenario:

You've got a DMZ subnet with two internal routers (for high vailability) peering to several provider routers.

And you want to put an expensive IPS (or traffic shaper) between them.

So you need to put the device in-line, not only to a mirrored port.

The device provides a capability to fall into a simple pass-through (wire-like) mode in a case of failure.

You don't want to route on that device, because the device would create a single point of failure then (and the routing might also be too complex).

One solution for all these requests is to put your routers to one VLAN and provider routers to second VLAN.

Then interconnect the VLANs by connecting the IPS device to an access port in each of those VLANs.

The IPS is running like an invisible bridge then just forwarding all the traffic through (as long as it does not detect anything to drop).

(If you want a 100% reliability, you involve two pairs of VLANs and an IPS device with two pairs of ports connected to different switches, but it's another story of a complex design.)

Is this a good example?

BR,

Milan

Hi,

ok I understand what you mean now, but could we say it is the topology that the original poster talked about, i'm no quite sure. But thanks for clarification anyway.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

schaef350
Level 1
Level 1

The connection between the two VLANs should actually be shutdown when a BPDU flows from one port to another unless of course someone disable BPDUs on the interfaces.   I also am not sure what switch you are using so that plays in as well as differnt vendors switches had differnt defaults.

I would agree with cadet alain that its not best practice but can be done for differnt reasons with caution....

- Be sure to rate all helpful posts

Hi,

actually, the BPDUs will not shutdown the connection between the VLANs.

They will simply create one common STP tree with a single root bridge.

Generally, I agree this is a rare design for special purposes only.

BR,

Milan

Thanks for correcting me on that Milan.  I beleive I am thinging of access ports that have portfast enabled.  Is that correct? 

- Be sure to rate all helpful posts

Hi,

possibly portfast ports with bpduguard enabled?

See another recent discussion here :  https://supportforums.cisco.com/thread/2179326?tstart=0

BR,

Milan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: