|
This section describes the function and displays the syntax of transparent bridging commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Router Products Command Reference publication.
access-list access-list-number {permit | deny} address mask
no access-list access-list-number
Use the access-list global configuration command to establish MAC address access lists. Use the no form to remove a single access list entry.
access-list-number | Integer from 700 to 799 that you select for the list. |
permit | Permits the frame. |
deny | Denies the frame. |
address mask | 48-bit MAC addresses written in dotted triplet form. The ones bits in the mask argument are the bits to be ignored in address. |
access-list access-list-number {permit | deny} source source-mask
destination destination-mask offset size operator operand
Use the access-list global configuration command to provide extended access lists that allow finer granularity of control. These lists allow you to specify both source and destination addresses and arbitrary bytes in the packet.
access-list-number | Integer from 1100 through 1199 that you assign to identify one or more permit/deny conditions as an extended access list. Note that a list number in the range 1100 through 1199 distinguishes an extended access list from other access lists. |
permit | Allows a connection when a packet matches an access condition. The router stops checking the extended access list after a match occurs. All conditions must be met to make a match. |
deny | Disallows a connection when a packet matches an access condition. The router stops checking the extended access list after a match occurs. All conditions must be met to make a match. |
source | MAC Ethernet address in the form xxxx.xxxx.xxxx. |
source-mask | Mask of MAC Ethernet source address bits to be ignored. The router uses the source and source-mask arguments to match the source address of a packet. |
destination | MAC Ethernet value used for matching the destination address of a packet. |
destination-mask | Mask of MAC Ethernet destination address bits to be ignored. The router uses the destination and destination-mask arguments to match the destination address of a packet. |
offset | Range of values that must be satisfied in the access list. Specified in decimal or in hexadecimal format in the form 0xnn. The offset is the number of bytes from the destination address field; it is not an offset from the start of the packet. The number of bytes you need to offset from the destination address varies depending on the media encapsulation type you are using. |
size | Range of values that must be satisfied in the access list. Must be an integer 1 through 4. |
operator | Compares arbitrary bytes within the packet. Can be one of the following keywords:
lt--less than gt--greater than eq--equal neq--not equal and--bitwise and xor--bitwise exclusive or nop--address match only |
operand | Compares arbitrary bytes within the packet. The value to be compared to or masked against. |
access-list access-list-number {permit | deny} type-code wild-mask
no access-list access-list-number
Use the access-list global configuration command to build type-code access lists. Use the no form of the command to remove a single access list entry.
access-list-number | User-selectable number between 200 and 299 that identifies the list. |
permit | Permits the frame. |
deny | Denies the frame. |
type-code | 16-bit hexadecimal number written with a leading "0x"; for example, 0x6000. You can specify either an Ethernet type code for Ethernet-encapsulated packets or a DSAP/SSAP pair for 802.3 or 802.5-encapsulated packets. Ethernet type codes are listed in the appendix "Ethernet Type Codes" in the Router Products Command Reference publication. |
wild-mask | 16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument that should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be at least 0x0101. This is because these two bits are used for purposes other than identifying the SAP codes.) |
Use the bridge acquire global configuration command to use the system default behavior of forwarding any frames for stations that it has learned about dynamically. Use the no bridge acquire global configuration command to change the default behavior.
group | Bridge group number. Must be the same as that specified in the bridge protocol command. |
bridge bridge-group address mac-address {forward | discard}
[interface]
no bridge bridge-group address mac-address
Use the bridge address global configuration command to filter frames with a particular MAC layer station source or destination address. Use the no form of this command followed by the MAC address to disable the forwarding ability.
group | Group number you assigned to the spanning tree. Must be the same as that specified in the bridge protocol command. |
mac-address | 48-bit dotted-triplet hardware address such as that displayed by the EXEC show arp command, for example, 0800.cb00.45e9. It is either a station address, the broadcast address, or a multicast destination address. |
forward | Frame sent from or destined to the specified address is forwarded as appropriate. |
discard | Frame sent from or destined to the specified address is discarded without further processing. |
interface | (Optional) Interface type and number. It is added after the forward keyword to indicate the interface on which that address can be reached. |
bridge group domain domain-number
no bridge group domain
Use the bridge domain global configuration command to establish a domain by assigning it a decimal value between 1 and 10. Use the no form of the command to return to the default single bridge domain.
group | Bridge group number. It must be the same as that specified in the bridge protocol ieee command. The dec keyword is not valid for this command. |
domain-number | Domain number you choose. The default domain number is zero; this is the domain number required when communicating to IEEE bridges that do not support this domain extension. |
bridge group forward-time seconds
Use the bridge forward-time global configuration command to specify the forward delay interval for the router.
group | Bridge group number. It must be the same as specified in the bridge protocol command. |
seconds | Forward delay interval. It must be a value in the range 10 through 200 seconds. The default is 30 seconds. |
bridge group hello-time seconds
Use the bridge hello-time global configuration command to specify the interval between Hello Bridge Protocol Data Units (BPDUs).
group | Bridge group number. It must be the same as specified in the bridge protocol command. |
seconds | Any value between 1 and 10 seconds. The default is 1 second. |
[no] bridge group lat-service-filtering
Use the bridge lat-service-filtering global configuration command to specify LAT group-code filtering. Use the no form of the command to disable the use of LAT service filtering on the bridge group.
group | Bridge group in which this special processing is to take place |
Use the bridge max-age global configuration command to change the interval the bridge will wait to hear BPDUs from the root bridge. If a bridge does not hear BPDUs from the root bridge within this specified interval, it assumes that the network has changed and will recompute the spanning-tree topology.
group | Bridge group number. It must be the same as specified in the bridge protocol command. |
seconds | Interval the bridge will wait to hear BPDUs from the root bridge. It must be a value in the range 10 through 200 seconds. The default is 15 seconds. |
[no] bridge group multicast-source
Use the bridge multicast-source global configuration command to configure bridging support to allow the forwarding, but not the learning, of frames received with multicast source addresses. Use the no form of this command to disable this function on the bridge.
group | Bridge group number. It must be the same as specified in the bridge protocol command. |
Use the bridge priority global configuration command to configure the priority of an individual bridge, or the likelihood that it will be selected as the root bridge.
group | The bridge group number. It must be the same as specified in the bridge protocol command. |
number | The lower the number, the more likely the bridge will be chosen as root. When the IEEE spanning-tree protocol is enabled on the router, number ranges from 0 through 65535; the default is 32768. When the Digital spanning-tree protocol is enabled, number ranges from 0 through 255; the default is 128. |
[no] bridge group protocol {ieee | dec}
Use the bridge protocol global configuration command to define the type of spanning-tree protocol. Use the no bridge protocol command, with the appropriate keywords and arguments, to delete the bridge group.
group | Number in the range 1 through 9 that you choose to refer to a particular set of bridged interfaces. Frames are bridged only among interfaces in the same group. You will use the group number you assign in subsequent bridge configuration commands. |
ieee | IEEE Ethernet spanning-tree protocol. |
dec | Digital spanning-tree protocol. |
Use the bridge-group interface configuration to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.
group | Number of the bridge group to which the interface belongs. |
[no] bridge-group group cbus-bridging
Use the bridge-group cbus-bridging interface configuration command to enable autonomous bridging on a ciscoBus II-resident interface. Use the no form of this command to disable autonomous bridging.
group | Number of the bridge group to which the interface belongs |
[no] bridge-group group circuit number
Use the bridge-group circuit interface configuration command to establish load balancing by assigning a set of serial lines to a circuit group. Use the no form of this command to remove the assigned bridge group number.
group | Bridge group number. |
number | Circuit group number. It can be in the range 1 through 254. Specify a zero (0) to disable the circuit group number. |
bridge-group group input-address-list
no bridge-group group input-address-list access-list-number
Use the bridge-group input-address-list interface configuration command to assign an access list to a particular interface. This access list is used to filter packets received on that interface based on their MAC source addresses. Use the no form of this command to remove an access list from an interface.
group | Bridge group number. It must be in the range 1 through 9 and the same as defined by the bridge-group command. |
access-list-number | Access list number you assigned with the bridge access-list command. It must be in the range 700 through 799. |
[no] bridge-group group input-lat-service-deny group-list
Use the bridge-group input-lat-service-deny interface configuration command to specify the group codes by which to deny access upon input. Use the no form of this command to remove this access condition.
group | Bridge group number defined by the bridge-group command. It must be a value in the range 1 through 9. |
group-list | List of LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group. |
[no] bridge-group group input-lat-service-permit group-list
Use the bridge-group input-lat-service-permit interface configuration command to specify the group codes by which to permit access upon input. Use the no form of this command to remove this access condition.
group | Bridge group number defined in the bridge-group command. It must be a value in the range 1 through 9. |
group-list | LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group. |
[no] bridge-group group input-lsap-list access-list-number
Use the bridge-group input-lsap-list interface configuration command to filter IEEE 802.2-encapsulated packets on input. Use the no form of this command to disable this capability.
group | Bridge group number. It must be the same as defined in the bridge-group command. It must be a value in the range 1 through 9. |
access-list-number | Access list number you assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
[no] bridge-group group input-pattern access-list-number
Use the bridge-group input-pattern interface configuration command to associate an extended access list with a particular interface in a particular bridge group. Use the no form of this command to disable this capability.
group | Bridge group number. It must be the same as defined in the bridge-group command. It must be a value in the range 1 through 9. |
access-list-number | Access list number you assigned using the bridge access-list command. Specify a zero (0) to disable the application of the access list on the interface. |
[no] bridge-group group input-type-list access-list-number
Use the bridge-group input-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on input. Use the no form of this command to disable this capability.
group | Bridge group number. It must be the same as defined in the bridge-group command. |
access-list-number | Access list number you assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
[no] bridge-group group lat-compression
Use the bridge-group lat-compression interface configuration command to reduce the amount of bandwidth that LAT traffic consumes on serial interface by specifying a LAT-specific form of compression. Use the no form of this command to disable LAT compression on the bridge group.
group | Bridge group number. It must be the same as defined in the bridge-group command. |
[no] bridge-group group output-address-list access-list-number
Use the bridge-group output-address-list interface configuration command to assign an access list to a particular interface for filtering the MAC destination addresses of packets that would ordinarily be forwarded out that interface. Use the no form of this command to remove an access list from an interface.
group | Bridge group number in the range 1 through 9. It must be the same as defined in the bridge-group command. |
access-list-number | Access list number you assigned with the bridge access-list command. |
[no] bridge-group group output-lat-service-deny group-list
Use the bridge-group output-lat-service-deny interface configuration command to specify the group codes by which to deny access upon output. Use the no form of this command to cancel the specified group codes.
group | Bridge group number in the range 1 through 9. It must be the same as specified in the bridge-group command. |
group-list | List of LAT groups. Single numbers and ranges are permitted. |
[no] bridge-group group output-lat-service-permit group-list
Use the bridge-group output-lat-service-permit interface configuration command to specify the group codes by which to permit access upon output. Use the no form of this command to cancel specified group codes.
group | Bridge group number in the range 1 through 9. It must be the same as specified in the bridge-group command. |
group-list | LAT service advertisements. |
[no] bridge-group group output-lsap-list access-list-number
Use the bridge-group output-lsap-list interface configuration command to filter IEEE 802-encapsulated packets on output. Use the no form of this command to disable this capability.
group | Bridge group number in the range 1 through 9. It must be the same as specified in the bridge-group command. |
access-list-number | Access list number you assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
[no] bridge-group group output-pattern access-list-number
Use the bridge-group output-pattern interface configuration command to associate an extended access list with a particular interface. Use the no form of this command to disable this capability.
group | Bridge group number in the range 1 through 9. It must be the same as specified in the bridge-group command. |
access-list-number | Extended access list number you assigned using the extended access-list command. Specify a zero (0) to disable the application of the access list on the interface. |
[no] bridge-group group output-type-list access-list-number
Use the bridge-group output-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on output. Use the no form of this command to disable this capability.
group | Bridge group number in the range 1 through 9. It must be the same as specified in the bridge-group command. |
access-list-number | Access list number you assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. This access list is applied just before sending out a frame to an interface. |
[no] bridge-group group path-cost cost
Use the bridge-group path-cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.
group | Bridge group number. It must be the same as specified in the bridge-group command. |
cost | Path cost can range from 1 through 65535, with higher values indicating higher costs. This range applies regardless of whether the IEEE or Digital spanning-tree protocol has been specified. |
bridge-group group priority number
Use the bridge-group priority interface configuration command to set an interface priority when two bridges tie for position as the root bridge. The priority you set breaks the tie.
group | Bridge group number. It must be the same as specified in the bridge-group command. |
number | Priority number ranging from 0 through 255 (Digital), or 0 through 64000 (IEEE). The defaults are: 128--Digital spanning-tree protocol 32768--IEEE spanning-tree protocol. |
[no] bridge-group group spanning-disabled
Use the bridge-group spanning-disabled interface configuration command to disable the spanning tree on a given interface.
group | Bridge group number of the interface. It must be the same as specified in the bridge-group command. |
[no] bridge-group bridge-group sse
Use the bridge-group sse interface configuration command to enable Cisco's silicon switching engine (SSE) switching function. Use the no form of this command to disable SSE switching.
bridge-group | Bridge group number in the range 1 through 9, specified in the bridge-group command |
Use the clear bridge EXEC command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any statically or system-configured entries.
group | Bridge group number. It must be a value in the range 1 through 9. |
Use the clear sse privileged EXEC command to reinitialize the Silicon Switch Processor (SSP) on the Cisco 7000 series.
ethernet-transit-oui [90-compatible | standard | cisco]
no ethernet-transit-oui
Use the ethernet-transit-oui interface configuration command to choose the Organizational Unique Identifier (OUI) code to be used in the encapsulation of Ethernet Type II frames across Token Ring backbone networks. Various versions of this OUI code are used by Ethernet/Token Ring translational bridges. The default OUI form is 90-compatible, which can be chosen with the no form of the command.
90-compatible | (Optional) Default OUI form. |
standard | (Optional) Standard OUI form. |
cisco | (Optional) Cisco's OUI form. |
frame-relay map bridge dlci broadcast
no frame-relay map bridge dlci
Use the frame-relay map bridge broadcast global configuration command to bridge over a Frame Relay network. Use the no form of this command to delete the mapping entry.
dlci | DLCI number in the range 16 through 1007. |
Use the ip routing global configuration command to enable IP routing. Use the no form of the command to disable IP routing so that you can then bridge IP.
show bridge [group] [interface]
show bridge [group] [address [mask]]
Use the show bridge privileged EXEC command to view classes of entries in the bridge forwarding database.
group | (Optional) Number you chose that specifies a particular spanning tree. |
interface | (Optional) Interface type and number. |
address | (Optional) 48-bit canonical (Ethernet ordered) MAC address. This may be entered with an optional mask of bits to be ignored in the address, which is specified with the mask argument. |
mask | (Optional) Bits to be ignored in the address. You must specify the address argument if you want to specify a mask. |
Use the show span privileged EXEC command to display the spanning-tree topology known to the router/bridge. The display includes whether or not LAT group code filtering is in effect.
Use the show sse summary EXEC command to display a summary of Silicon Switch Processor (SSP) statistics.
x25 map bridge x.121-address broadcast [options-keywords]
no x25 map bridge
Use the x25 map bridge broadcast interface configuration command to configure the bridging of packets in X.25 frames. Use the no form of this command to disable the Internet-to-X.121 mapping.
x.121-address | The X.121 address. |
options-keywords | (Optional) Services that can be added to this map. These services are listed in the X.25 map options command in the "X.25 and LAPB Commands" chapter in the Router Products Command Reference. |
|