cc/td/doc/product/software/ios102
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Transparent Bridging Commands

Transparent Bridging Commands

This chapter describes the function and displays the syntax of transparent bridging commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Router Products Command Reference publication.

access-list access-list-number {permit | deny} address mask
no access-list access-list-number

Use the access-list global configuration command to establish MAC address access lists. Use the no form to remove a single access list entry.

access-list-number Integer from 700 to 799 that you select for the list.
permit Permits the frame.
deny Denies the frame.
address mask 48-bit MAC addresses written in dotted triplet form. The ones bits in the mask argument are the bits to be ignored in address.

access-list access-list-number {permit | deny} source source-mask destination destination-mask offset size operator operand

Use the access-list global configuration command to provide extended access lists that allow finer granularity of control. These lists allow you to specify both source and destination addresses and arbitrary bytes in the packet.

access-list-number Integer from 1100 through 1199 that you assign to identify one or more permit/deny conditions as an extended access list. Note that a list number in the range 1100 through 1199 distinguishes an extended access list from other access lists.
permit Allows a connection when a packet matches an access condition. The router stops checking the extended access list after a match occurs. All conditions must be met to make a match.
deny Disallows a connection when a packet matches an access condition. The router stops checking the extended access list after a match occurs. All conditions must be met to make a match.
source MAC Ethernet address in the form xxxx.xxxx.xxxx.
source-mask Mask of MAC Ethernet source address bits to be ignored. The router uses the source and source-mask arguments to match the source address of a packet.
destination MAC Ethernet value used for matching the destination address of a packet.
destination-mask Mask of MAC Ethernet destination address bits to be ignored. The router uses the destination and destination-mask arguments to match the destination address of a packet.
offset Range of values that must be satisfied in the access list. Specified in decimal or in hexadecimal format in the form 0xnn. The offset is the number of bytes from the destination address field; it is not an offset from the start of the packet. The number of bytes you need to offset from the destination address varies depending on the media encapsulation type you are using.
size Range of values that must be satisfied in the access list. Must be an integer 1 through 4.
operator Compares arbitrary bytes within the packet. Can be one of the following keywords:

lt--less than

gt--greater than

eq--equal

neq--not equal

and--bitwise and

xor--bitwise exclusive or

nop--address match only

operand Compares arbitrary bytes within the packet. The value to be compared to or masked against.

access-list access-list-number {permit | deny} type-code wild-mask
no access-list access-list-number

Use the access-list global configuration command to build type-code access lists. Use the no form of the command to remove a single access list entry.

access-list-number User-selectable number between 200 and 299 that identifies the list.
permit Permits the frame.
deny Denies the frame.
type-code 16-bit hexadecimal number written with a leading "0x"; for example, 0x6000. You can specify either an Ethernet type code for Ethernet-encapsulated packets, or a DSAP/SSAP pair for 802.3 or 802.5-encapsulated packets. Ethernet type codes are listed in the appendix "Ethernet Typecodes" in the Router Products Command Reference publication.
wild-mask 16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument that should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be at least 0x0101. This is because these two bits are used for purposes other than identifying the SAP codes.)

[no] bridge bridge-group acquire

Use the bridge acquire global configuration command to use the system default behavior of forwarding any frames for stations that it has learned about dynamically. Use the no form of this command to change the default behavior.

bridge-group Bridge group number specified in the bridge protocol command

bridge bridge-group address mac-address {forward | discard}
[interface]
no bridge bridge-group address mac-address

Use the bridge address global configuration command to filter frames with a particular MAC layer station source or destination address. Use the no form of this command followed by the MAC address to disable the forwarding ability.

bridge-group Group number you assigned to the spanning tree. Must be the same as that specified in the bridge protocol command.
mac-address 48-bit dotted-triplet hardware address such as that displayed by the EXEC show arp command, for example, 0800.cb00.45e9. It is either a station address, the broadcast address, or a multicast destination address.
forward Frame sent from or destined to the specified address is forwarded as appropriate.
discard Frame sent from or destined to the specified address is discarded without further processing.
interface (Optional) Interface specification, such as Ethernet 0. It is added after the forward keyword to indicate the interface on which that address can be reached.

bridge bridge-group circuit-group circuit-group pause milliseconds

Use the bridge circuit-group pause global configuration command to configure the interval during which transmission is suspended in a circuit group after circuit group changes take place.

bridge-group Number of the bridge group to which the interface belongs.
circuit-group Number of the circuit group to which the interface belongs.
milliseconds Forward delay interval. It must be a value in the range 0 through 10000 milliseconds.

[no] bridge bridge-group circuit-group circuit-group source-based

Use the bridge circuit-group source-based global configuration command to use just the source MAC address for selecting the output interface. Use the no form of this command to remove the interface from the bridge group.

bridge-group Number of the bridge group to which the interface belongs
circuit-group Number of the circuit group to which the interface belongs

bridge bridge-group domain domain-number
no bridge bridge-group domain

Use the bridge domain global configuration command to establish a domain by assigning it a decimal value between 1 and 10. Use the no form of the command to return to the default single bridge domain.

bridge-group Bridge group number specified in the bridge protocol ieee command. The dec keyword is not valid for this command.
domain-number Domain number you choose. The default domain number is zero; this is the domain number required when communicating to IEEE bridges that do not support this domain extension.

bridge bridge-group forward-time seconds
no bridge bridge-group forward-time

Use the bridge forward-time global configuration command to specify the forward delay interval for the router. Use the no form of the command to return the default interval.

bridge-group Bridge group number specified in the bridge protocol command.
seconds Forward delay interval. It must be a value in the range 10 through 200 seconds. The default is 30 seconds.

bridge bridge-group hello-time seconds
no bridge bridge-group hello-time

Use the bridge hello-time global configuration command to specify the interval between Hello Bridge Protocol Data Units (BPDUs).Use the no form of the command to return the default interval.

bridge-group Bridge group number specified in the bridge protocol command.
seconds Any value between 1 and 10 seconds. The default is 1 second.

[no] bridge bridge-group lat-service-filtering

Use the bridge lat-service-filtering global configuration command to specify LAT group-code filtering. Use the no form of the command to disable the use of LAT service filtering on the bridge group.

bridge-group Bridge group in which this special processing is to take place

bridge bridge-group max-age seconds
no bridge bridge-group max-age

Use the bridge max-age global configuration command to change the interval the bridge will wait to hear BPDUs from the root bridge. If a bridge does not hear BPDUs from the root bridge within this specified interval, it assumes that the network has changed and will recompute the spanning-tree topology. Use the no form of the command to return the default interval.

bridge-group Bridge group number specified in the bridge protocol command.
seconds Interval the bridge will wait to hear BPDUs from the root bridge. It must be a value in the range 10 through 200 seconds. The default is 15 seconds.

[no] bridge bridge-group multicast-source

Use the bridge multicast-source global configuration command to configure bridging support to allow the forwarding, but not the learning, of frames received with multicast source addresses. Use the no form of this command to disable this function on the bridge.

bridge-group Bridge group number specified in the bridge protocol command

bridge bridge-group priority number

Use the bridge priority global configuration command to configure the priority of an individual bridge, or the likelihood that it will be selected as the root bridge.

bridge-group Bridge group number specified in the bridge protocol command
number The lower the number, the more likely the bridge will be chosen as root. When the IEEE spanning-tree protocol is enabled on the router, number ranges from 0 through 65535; the default is 32768. When the Digital spanning-tree protocol is enabled, number ranges from 0 through 255; the default is 128.

[no] bridge bridge-group protocol {ieee | dec}

Use the bridge protocol global configuration command to define the type of spanning-tree protocol. Use the no form of this command, with the appropriate keywords and arguments, to delete the specified bridge group.

bridge-group Number in the range 1 through 9 that you choose to refer to a particular set of bridged interfaces. Frames are bridged only among interfaces in the same group.
ieee IEEE Ethernet spanning-tree protocol.
dec Digital spanning-tree protocol.

[no] bridge-group bridge-group

Use the bridge-group interface configuration command to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.

bridge-group Number of the bridge group to which the interface belongs. The value must be in the range 1 through 9.

[no] bridge-group bridge-group aging-time seconds

Use the bridge-group aging-time global configuration command to set the length of time that a dynamic entry can remain in the bridge table, from the time the entry was created or last updated. Use the no form of this command to return to the default aging time.

bridge-group Number of the bridge group to which the interface belongs
seconds Aging-time interval, in the range 0 to 1000000 seconds

[no] bridge-group bridge-group cbus-bridging

Use the bridge-group cbus-bridging interface configuration command to enable autonomous bridging on a ciscoBus II-resident interface. Use the no form of this command to disable autonomous bridging.

bridge-group Number of the bridge group to which the interface belongs

[no] bridge-group bridge-group circuit-group circuit-group

Use the bridge-group circuit-group interface configuration command to assign each network interface to a group. Use the no form of this command to remove the interface from the bridge group.

bridge-group Number of the bridge group to which the interface belongs.
circuit-group Circuit group number. The range is 1 through 9.

bridge-group bridge-group input-address-list
no bridge-group bridge-group input-address-list access-list-number

Use the bridge-group input-address-list interface configuration command to assign an access list to a particular interface. This access list is used to filter packets received on that interface based on their MAC source addresses. Use the no form of this command to remove an access list from an interface.

bridge-group Bridge group number defined by the bridge-group command. It must be in the range 1 through 9.
access-list-number Access list number you assigned with the bridge access-list command. It must be in the range 700 through 799.

[no] bridge-group bridge-group input-lat-service-deny group-list

Use the bridge-group input-lat-service-deny interface configuration command to specify the group codes by which to deny access upon input. Use the no form of this command to remove this access condition.

bridge-group Bridge group number defined by the bridge-group command. It must be a value in the range 1 through 9.
group-list List of LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group.

[no] bridge-group bridge-group input-lat-service-permit group-list

Use the bridge-group input-lat-service-permit interface configuration command to specify the group codes by which to permit access upon input. Use the no form of this command to remove this access condition.

bridge-group Bridge group number defined in the bridge-group command. It must be a value in the range 1 through 9.
group-list LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group.

[no] bridge-groupbridge-group input-lsap-list access-list-number

Use the bridge-group input-lsap-list interface configuration command to filter IEEE 802.2-encapsulated packets on input. Use the no form of this command to disable this capability.

bridge-group Bridge group number defined in the bridge-group command. It must be a value in the range 1 through 9.
access-list-number Access list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group.

[no] bridge-group bridge-group input-pattern access-list-number

Use the bridge-group input-pattern interface configuration command to associate an extended access list with a particular interface in a particular bridge group. Use the no form of this command to disable this capability.

bridge-group The bridge group number defined in the bridge-group command. It must be a value in the range 1 through 9.
access-list-number Access list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the interface.

[no] bridge-group bridge-group input-type-list access-list-number

Use the bridge-group input-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on input. Use the no form of this command to disable this capability.

bridge-group Bridge group number defined in the bridge-group command.
access-list-number Access list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group.

[no] bridge-group bridge-group lat-compression

Use the bridge-group lat-compression interface configuration command to reduce the amount of bandwidth that LAT traffic consumes on the serial interface by specifying a LAT-specific form of compression. Use the no form of this command to disable LAT compression on the bridge group.

bridge-group Bridge group number defined in the bridge-group command

[no] bridge-group bridge-group output-address-list
access-list-number

Use the bridge-group output-address-list interface configuration command to assign an access list to a particular interface for filtering the MAC destination addresses of packets that would ordinarily be forwarded out that interface. Use the no form of this command to remove an access list from an interface.

bridge-group Bridge group number in the range 1 through 9, defined in the bridge-group command.
access-list-number Access list number assigned with the bridge access-list command.

[no] bridge-group bridge-group output-lat-service-deny group-list

Use the bridge-group output-lat-service-deny interface configuration command to specify the group codes by which to deny access upon output. Use the no form of this command to cancel the specified group codes.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command.
group-list List of LAT groups. Single numbers and ranges are permitted.

[no] bridge-group bridge-group output-lat-service-permit group-list

Use the bridge-group output-lat-service-permit interface configuration command to specify the group codes by which to permit access upon output. Use the no form of this command to cancel specified group codes.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command.
group-list LAT service advertisements.

[no] bridge-group bridge-group output-lsap-list access-list-number

Use the bridge-group output-lsap-list interface configuration command to filter IEEE 802-encapsulated packets on output. Use the no form of this command to disable this capability.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command.
access-list-number Access list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group.

[no] bridge-group bridge-group output-pattern-list
access-list-number

Use the bridge-group output-pattern-list interface configuration command to associate an extended access list with a particular interface. Use the no form of this command to disable this capability.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command.
access-list-number Extended access list number assigned with the extended access-list command. Specify a zero (0) to disable the application of the access list on the interface.

[no] bridge-group bridge-group output-type-list access-list-number

Use the bridge-group output-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on output. Use the no form of this command to disable this capability.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command.
access-list-number Access list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. This access list is applied just before sending out a frame to an interface.

[no] bridge-group bridge-group path-cost cost

Use the bridge-group path-cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.

bridge-group Bridge group number specified in the bridge-group command.
cost Path cost can range from 1 through 65535, with higher values indicating higher costs. This range applies regardless of whether the IEEE or Digital spanning-tree protocol has been specified.

bridge-group bridge-group priority number

Use the bridge-group priority interface configuration command to set an interface priority when two bridges tie for position as the root bridge. The priority you set breaks the tie.

bridge-group Bridge group number specified in the bridge-group command.
number Priority number ranging from 0 through 255 (Digital), or 0 through 64000 (IEEE). The defaults are
128--Digital spanning-tree protocol
32768--IEEE spanning-tree protocol

[no] bridge-group bridge-group spanning-disabled

Use the bridge-group spanning-disabled interface configuration command to disable the spanning tree on a given interface.

bridge-group Bridge group number of the interface, specified in the bridge-group command.

[no] bridge-group bridge-group sse

Use the bridge-group sse interface configuration command to enable Cisco's silicon switching engine (SSE) switching function. Use the no form of this command to disable SSE switching.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command

clear bridge bridge-group

Use the clear bridge EXEC command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any statically or system-configured entries.

bridge-group Bridge group number in the range 1 through 9, specified in the bridge-group command

clear sse

Use the clear sse privileged EXEC command to reinitialize the Silicon Switch Processor (SSP) on the Cisco 7000 series.

ethernet-transit-oui [90-compatible | standard | cisco]
no ethernet-transit-oui

Use the ethernet-transit-oui interface configuration command to choose the Organizational Unique Identifier (OUI) code to be used in the encapsulation of Ethernet Type II frames across Token Ring backbone networks. Various versions of this OUI code are used by Ethernet/Token Ring translational bridges. The default OUI form is 90-compatible, which can be chosen with the no form of the command.

90-compatible (Optional) Default OUI form
standard (Optional) Standard OUI form
cisco (Optional) Cisco's OUI form

frame-relay map bridge dlci broadcast
no frame-relay map bridge dlci

Use the frame-relay map bridge broadcast global configuration command to bridge over a Frame Relay network. Use the no form of this command to delete the mapping entry.

dlci DLCI number in the range 16 through 1007

[no] ip routing

Use the ip routing global configuration command to enable IP routing. Use the no form of the command to disable IP routing so that you can then bridge IP.

show bridge [bridge-group] [interface]
show bridge [bridge-group] [address [mask]]

Use the show bridge privileged EXEC command to view classes of entries in the bridge forwarding database.

bridge-group (Optional) Number you chose that specifies a particular spanning tree.
interface (Optional) Specific interface, such as Ethernet 0.
address (Optional) 48-bit canonical (Ethernet ordered) MAC address. This may be entered with an optional mask of bits to be ignored in the address, which is specified with the mask argument.
mask (Optional) Bits to be ignored in the address. You must specify the address argument if you want to specify a mask.

show bridge [bridge-group] circuit-group [circuit-group] [src-mac-address] dst-mac-address]]

Use the show bridge circuit-group EXEC command to display the interfaces configured in each circuit group and show whether they are currently participating in load distribution.

bridge-group (Optional) Number that specifies a particular bridge group.
circuit-group (Optional) Number that specifies a particular circuit group.
src-mac-address (Optional) 48-bit canonical (Ethernet ordered) source MAC address.
dst-mac-address (Optional) 48-bit canonical (Ethernet ordered) destination MAC address.

show span

Use the show span privileged EXEC command to display the spanning-tree topology known to the router/bridge. The display indicates whether LAT group code filtering is in effect.

show sse summary

Use the show sse summary EXEC command to display a summary of Silicon Switch Processor (SSP) statistics.

x25 map bridge x.121-address broadcast [options-keywords]
no x25 map bridge

Use the x25 map bridge broadcast interface configuration command to configure the bridging of packets in X.25 frames. Use the no form of this command to disable the Internet-to-X.121 mapping.

x.121-address The X.121 address.
options-keywords (Optional) The services that can be added to this map; these services are listed in the "Setting Address Mappings" section of the Router Products Configuration Guide.

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1997 © Cisco Systems Inc.