|
|
This chapter describes the function and displays the syntax for transparent bridging commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Bridging and IBM Networking Command Reference.
Use the access-list global configuration command to provide extended access lists that allow more detailed access lists. These lists allow you to specify both source and destination addresses and arbitrary bytes in the packet.
access-list access-list-number {permit | deny} source source-mask destination| access-list-number | Integer from 1100 to 1199 that you assign to identify one or more permit/deny conditions as an extended access list. Note that a list number in the range 1100 to 1199 distinguishes an extended access list from other access lists. |
| permit | Allows a connection when a packet matches an access condition. The Cisco IOS software stops checking the extended access list after a match occurs. All conditions must be met to make a match. |
| deny | Disallows a connection when a packet matches an access condition. The software stops checking the extended access list after a match occurs. All conditions must be met to make a match. |
| source | Media Access Control (MAC) Ethernet address in the form xxxx.xxxx.xxxx. |
| source-mask | Mask of MAC Ethernet source address bits to be ignored. The software uses the source and source-mask arguments to match the source address of a packet. |
| destination | MAC Ethernet value used for matching the destination address of a packet. |
| destination-mask | Mask of MAC Ethernet destination address bits to be ignored. The software uses the destination and destination mask arguments to match the destination address of a packet. |
| offset | Range of values that must be satisfied in the access list. Specified in decimal or in hexadecimal format in the form 0xnn. The offset is the number of bytes from the destination address field; it is not an offset from the start of the packet. The number of bytes you need to offset from the destination address varies depending on the media encapsulation type you are using. |
| size | Range of values that must be satisfied in the access list. Must be an integer 1 to 4. |
| operator | Compares arbitrary bytes within the packet. Can be one of the following keywords:
lt--less than gt--greater than eq--equal neq--not equal and--bitwise and xor--bitwise exclusive or nop--address match only |
| operand | Compares arbitrary bytes within the packet. The value to be compared to or masked against. |
Use the access-list global configuration command to establish MAC address access lists. Use the no form of this command to remove a single access-list entry.
access-list access-list-number {permit | deny} address mask| access-list-number | Integer from 700 to 799 that you select for the list. |
| permit | Permits the frame. |
| deny | Denies the frame. |
| address mask | 48-bit MAC addresses written in dotted triplet form. The ones bits in the mask argument are the bits to be ignored in address. |
Use the access-list global configuration command to build type-code access lists. Use the no form of this command to remove a single access list entry.
access-list access-list-number {permit | deny} type-code wild-mask| access-list-number | User-selectable number between 200 and 299 that identifies the list. |
| permit | Permits the frame. |
| deny | Denies the frame. |
| type-code | 16-bit hexadecimal number written with a leading "0x"; for example, 0x6000. You can specify either an Ethernet type code for Ethernet-encapsulated packets, or a DSAP/SSAP pair for 802.3 or 802.5-encapsulated packets. |
| wild-mask | 16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument that should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be at least 0x0101. This is because these two bits are used for purposes other than identifying the SAP codes.) |
Use the bridge acquire global configuration command to forward any frames for stations that the system has learned about dynamically. Use the no form of this command to disable the behavior.
bridge bridge-group acquire| bridge-group | Bridge group number specified in the bridge protocol command. |
Use the bridge address global configuration command to filter frames with a particular MAC-layer station source or destination address. Use the no form of this command to disable the forwarding ability.
bridge bridge-group address mac-address {forward | discard} [interface]| bridge-group | Bridge group number. It must be the same number specified in the bridge protocol command. |
| mac-address | 48-bit dotted-triplet hardware address such as that displayed by the EXEC show arp command, for example, 0800.cb00.45e9. It is either a station address, the broadcast address, or a multicast destination address. |
| forward | Frame sent from or destined to the specified address is forwarded as appropriate. |
| discard | Frame sent from or destined to the specified address is discarded without further processing. |
| interface | (Optional) Interface specification, such as Ethernet 0. It is added after the forward or discard keyword to indicate the interface on which that address can be reached. |
Use the bridge bridge global configuration command to enable the bridging of a specified protocol in a specified bridge group. Use the no form of this command to disable the bridging of a specified protocol in a specified bridge group.
bridge bridge-group bridge protocol| bridge-group | Bridge-group number. It must be the same number specified in the bridge protocol command. |
| protocol | Any of the supported routing protocols. The default is to bridge all of these protocols. |
Use the bridge circuit-group pause global configuration command to configure the interval during which transmission is suspended in a circuit group after circuit group changes take place.
bridge bridge-group circuit-group circuit-group pause milliseconds| bridge-group | Bridge group number specified in the bridge protocol command. |
| circuit-group | Number of the circuit group to which the interface belongs. |
| milliseconds | Forward delay interval. It must be a value in the range 0 to 10000 ms. |
Use the bridge circuit-group source-based global configuration command to use just the source MAC address for selecting the output interface. Use the no form of this command to remove the interface from the bridge group.
bridge bridge-group circuit-group circuit-group source-based| bridge-group | Bridge group number specified in the bridge protocol command. |
| circuit-group | Number of the circuit group to which the interface belongs. |
Use the bridge cmf global configuration command to enable constrained multicast flooding (CMF) for all configured bridge groups. Use the no form of this command to disable constrained multicast flooding.
bridge cmfUse the bridge crb global configuration command to enable the Cisco IOS software to both route and bridge a given protocol on separate interfaces within a single router. Use the no form of this command to disable the feature.
bridge crbUse the bridge domain global configuration command to establish a domain by assigning it a decimal value between 1 and 10. Use the no form of this command to return it to a single bridge domain by choosing domain zero (0).
bridge bridge-group domain domain-number| bridge-group | Bridge group number specified in the bridge protocol ieee command. The dec keyword is not valid for this command. |
| domain-number | Domain ID number you choose. The default domain number is zero; this is the domain number required when communicating to IEEE bridges that do not support this domain extension. |
Use the bridge forward-time global configuration command to specify the forward delay interval for the Cisco IOS software. Use the no form of this command to return the default interval.
bridge bridge-group forward-time seconds| bridge-group | Bridge group number specified in the bridge protocol command. |
| seconds | Forward delay interval. It must be a value in the range 10 to 200 seconds. |
Use the bridge-group interface configuration command to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.
bridge-group bridge-group| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
Use the bridge-group aging-time global configuration command to set the length of time that a dynamic entry can remain in the bridge table from the time the entry was created or last updated. Use the no form of this command to return to the default aging-time interval.
bridge-group bridge-group aging-time seconds| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| seconds | Aging time, in the range 0 to 1000000 seconds. The default is 300 seconds. |
Use the bridge-group cbus-bridging interface configuration command to enable autonomous bridging on a ciscoBus2 controller. Use the no form of this command to disable autonomous bridging.
bridge-group bridge-group cbus-bridging| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
Use the bridge-group circuit-group interface configuration command to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.
bridge-group bridge-group circuit-group circuit-group| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| circuit-group | Circuit group number. The range is 1 to 9. |
Use the bridge-group input-address-list interface configuration command to assign an access list to a particular interface. This access list is used to filter packets received on that interface based on their MAC source addresses. Use the no form of this command to remove an access list from an interface.
bridge-group bridge-group input-address-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned with the access-list command. It must be in the range 700 to 799. |
Use the bridge-group input-lat-service-deny interface configuration command to specify the group codes by which to deny access upon input. Use the no form of this command to remove this access condition.
bridge-group bridge-group input-lat-service-deny group-list| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| group-list | List of LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group. |
Use the bridge-group input-lat-service-permit interface configuration command to specify the group codes by which to permit access upon input. Use the no form of this command to remove this access condition.
bridge-group bridge-group input-lat-service-permit group-list| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| group-list | LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group. |
Use the bridge-group input-lsap-list interface configuration command to filter IEEE 802.2-encapsulated packets on input. Use the no form of this command to disable this capability.
bridge-group bridge-group input-lsap-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
Use the bridge-group input-pattern-list interface configuration command to associate an extended access list with a particular interface in a particular bridge group. Use the no form of this command to disable this capability.
bridge-group bridge-group input-pattern-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned using the standard access-list command. Specify a zero (0) to disable the application of the access list on the interface. |
Use the bridge-group input-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on input. Use the no form of this command to disable this capability.
bridge-group bridge-group input-type-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
Use the bridge-group lat-compression interface configuration command to reduce the amount of bandwidth that LAT traffic consumes on the serial interface by specifying a LAT-specific form of compression. Use the no form of this command to disable LAT compression on the bridge group.
bridge-group bridge-group lat-compression| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
Use the bridge-group output-address-list interface configuration command to assign an access list to a particular interface for filtering the MAC destination addresses of packets that would ordinarily be forwarded out that interface. Use the no form of this command to remove an access list from an interface.
bridge-group bridge-group output-address-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned with the standard access-list command. |
Use the bridge-group output-lat-service-deny interface configuration command to specify the group codes by which to deny access upon output. Use the no form of this command to cancel the specified group codes.
bridge-group bridge-group output-lat-service-deny group-list| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| group-list | List of LAT groups. Single numbers and ranges are permitted. |
Use the bridge-group output-lat-service-permit interface configuration command to specify the group codes by which to permit access upon output. Use the no form of this command to cancel specified group codes.
bridge-group bridge-group output-lat-service-permit group-list| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| group-list | LAT service advertisements. |
Use the bridge-group output-lsap-list interface configuration command to filter IEEE 802-encapsulated packets on output. Use the no form of this command to disable this capability.
bridge-group bridge-group output-lsap-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
Use the bridge-group output-pattern-list interface configuration command to associate an extended access list with a particular interface. Use the no form of this command to disable this capability.
bridge-group bridge-group output-pattern-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Extended access list number you assigned using the extended access-list command. Specify a zero (0) to disable the application of the access list on the interface. |
Use the bridge-group output-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on output. Use the no form of this command to disable this capability.
bridge-group bridge-group output-type-list access-list-number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| access-list-number | Access list number you assigned with the standard access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. This access list is applied just before sending out a frame to an interface. |
Use the bridge-group path-cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.
bridge-group bridge-group path-cost cost| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| cost | Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies regardless of whether the IEEE or Digital Spanning-Tree Protocol has been specified. |
Use the bridge-group priority interface configuration command to set an interface priority when two bridges tie for position as the root bridge. The priority you set breaks the tie.
bridge-group bridge-group priority number| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
| number | Priority number ranging from 0 to 255 (Digital), or 0 to 64000 (IEEE). |
Use the bridge-group spanning-disabled interface configuration command to disable the spanning tree on a given interface.
bridge-group bridge-group spanning-disabled| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
Use the bridge-group sse interface configuration command to enable Cisco's silicon switching engine (SSE) switching function. Use the no form of this command to disable SSE switching.
bridge-group bridge-group sse| bridge-group | Number of the bridge group to which the interface belongs. It must be a number in the range 1 to 63. |
Use the bridge hello-time global configuration command to specify the interval between hello bridge protocol data units (BPDUs). Use the no form of this command to return the default interval.
bridge bridge-group hello-time seconds| bridge-group | Bridge group number. It must be the same number specified in the bridge protocol command. |
| seconds | Interval between 1 and 10 seconds. |
Use the bridge irb global configuration command to enable the Cisco IOS software to route a given protocol between routed interfaces and bridge groups or to route a given protocol between bridge groups. Use the no form of this command to disable the feature.
bridge irbUse the bridge lat-service-filtering global configuration command to specify LAT group-code filtering. Use the no form of this command to disable the use of LAT service filtering on the bridge group.
bridge bridge-group lat-service-filtering| bridge-group | Bridge group number specified in the bridge protocol command. |
Use the bridge max-age global configuration command to change the interval the bridge will wait to hear BPDUs from the root bridge. If a bridge does not hear BPDUs from the root bridge within this specified interval, it assumes that the network has changed and will recompute the spanning-tree topology. Use the no form of this command to return the default interval.
bridge bridge-group max-age seconds| bridge-group | Bridge group number specified in the bridge protocol command. |
| seconds | Interval the bridge will wait to hear BPDUs from the root bridge. It must be a value in the range 10 to 200 seconds. |
Use the bridge multicast-source global configuration command to configure bridging support to allow the forwarding, but not the learning, of frames received with multicast source addresses. Use the no form of this command to disable this function on the bridge.
bridge bridge-group multicast-source| bridge-group | Bridge group number specified in the bridge protocol command. |
Use the bridge priority global configuration command to configure the priority of an individual bridge, or the likelihood that it will be selected as the root bridge.
bridge bridge-group priority number| bridge-group | Bridge group number specified in the bridge protocol command. |
| number | The lower the number, the more likely the bridge will be chosen as root. When the IEEE Spanning-Tree Protocol is enabled, number ranges from 0 to 65535 (default is 32768). When the Digital Spanning-Tree Protocol is enabled, number ranges from 0 to 255 (default is 128). |
Use the bridge protocol global configuration command to define the type of Spanning-Tree Protocol. Use the no form of this command, with the appropriate keywords and arguments, to delete the bridge group.
bridge bridge-group protocol {ieee | dec}| bridge-group | Number in the range 1 to 63 that you choose to refer to a particular set of bridged interfaces. Frames are bridged only among interfaces in the same group. You will use the group number you assign in subsequent bridge configuration commands. |
| ieee | IEEE Ethernet Spanning-Tree Protocol. |
| dec | Digital Spanning-Tree Protocol. |
Use the bridge route global configuration command to enable the routing of a specified protocol in a specified bridge group. Use the no form of this command to disable the routing of a specified protocol in a specified bridge group.
bridge bridge-group route protocol| bridge-group | Bridge-group number. It must be the same number specified in the bridge protocol command. |
| protocol | One of the following protocols: apollo, appletalk, clns, decnet, ip, ipx, vines, xns. |
Use the clear bridge privileged EXEC command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any statically or system configured entries.
clear bridge bridge-group| bridge-group | Bridge group number specified in the bridge protocol command. |
Use the clear bridge multicast EXEC command to clear transparent bridging multicast state information.
clear bridge [bridge-group] multicast [router-ports | groups | counts] [group-address]| bridge-group | (Optional) Bridge group number specified in the bridge protocol command. |
| router-ports | (Optional) Clear multicast router ports. |
| groups | (Optional) Clear multicast groups. |
| counts | (Optional) Clear RX and TX counts. |
| group-address | (Optional) Multicast IP address associated with a specific multicast group. |
| interface-unit | (Optional) Specific interface, such as Ethernet 0. |
Use the clear sse privileged EXEC command to reinitialize the Silicon Switch Processor (SSP) on the Cisco 7000 series routers with RSP7000.
clear sseUse the clear vlan statistics privileged EXEC command to remove virtual LAN statistics from any statically or system configured entries.
clear vlan statisticsUse the encapsulation isl subinterface configuration command to enable the Inter-Switch Link (ISL), a Cisco proprietary protocol for interconnecting multiple switches and maintaining VLAN information as traffic goes between switches.
encapsulation isl domain| domain | VLAN domain number. |
Use the encapsulation sde subinterface configuration command to enable IEEE 802.10 Secure Data Exchange (SDE) encapsulation of transparently bridged traffic on a specified interface within an assigned bridge group.
encapsulation sde said| said | Security association identifier. The valid range is 0 through 0xFFF. |
Use the ethernet-transit-oui interface configuration command to choose the Organizational Unique Identifier (OUI) code to be used in the encapsulation of Ethernet Type II frames across Token Ring backbone networks. Various versions of this OUI code are used by Ethernet/Token Ring translational bridges. The default OUI form is 90-compatible, which can be chosen with the no form of this command.
ethernet-transit-oui [90-compatible | standard | cisco]| 90-compatible | (Optional) Default OUI form. |
| standard | (Optional) Standard OUI form. |
| cisco | (Optional) Cisco's OUI form. |
Use the frame-relay map bridge broadcast interface configuration command to bridge over a Frame Relay network. Use the no form of this command to delete the mapping entry.
frame-relay map bridge dlci broadcast| dlci | DLCI number. The valid range is 16 to 1007. |
Use the interface bvi interface configuration command to create the bridge-group virtual interface (BVI) that represents the specified bridge group to the routed world and links the corresponding bridge group to the other routed interfaces. Use the no form of this command to delete the BVI.
interface bvi bridge-group| bridge-group | Bridge-group number. It must be the same number specified in the bridge protocol command. |
Use the ip routing command to enable IP routing. Use the no form of this command to disable IP routing so that you can then bridge IP.
ip routingUse the show bridge privileged EXEC command to view classes of entries in the bridge forwarding database.
show bridge [bridge-group] [interface] [address [mask]] [verbose]| bridge-group | (Optional) Number that specifies a particular spanning tree. |
| interface | (Optional) Specific interface, such as Ethernet 0. |
| address | (Optional) 48-bit canonical (Ethernet ordered) MAC address. This may be entered with an optional mask of bits to be ignored in the address, which is specified with the mask argument. |
| mask | (Optional) Bits to be ignored in the address. You must specify the address argument if you want to specify a mask. |
| verbose | (Optional) Shows additional detail, including any Frame Relay DLCI associated with a station address. |
Use the show bridge circuit-group EXEC command to display the interfaces configured in each circuit group and show whether they are currently participating in load distribution.
show bridge [bridge-group] circuit-group [circuit-group] [src-mac-address]| bridge-group | (Optional) Number that specifies a particular bridge group. |
| circuit-group | (Optional) Number that specifies a particular circuit group. |
| src-mac-address | (Optional) 48-bit canonical (Ethernet ordered) source MAC address. |
| dst-mac-address | (Optional) 48-bit canonical (Ethernet ordered) destination MAC address. |
Use the show bridge group privileged EXEC command to display the status of each bridge group.
show bridge group [verbose]| verbose | (Optional) Displays detailed information. |
Use the show bridge multicast EXEC command to display transparent bridging multicast state information.
show bridge [bridge-group] multicast [router-ports | groups] [group-address]| bridge-group | (Optional) Bridge group number specified in the bridge protocol command. |
| router-ports | (Optional) Display information for multicast router ports. |
| groups | (Optional) Display information for multicast groups. |
| group-address | (Optional) Multicast IP address associated with a specific multicast group. |
Use the show bridge vlan privileged EXEC command to view virtual LAN subinterfaces.
show bridge vlanUse the show interfaces crb privileged EXEC command to display the configuration for each interface that has been configured for routing or bridging.
show interfaces crbUse the show interfaces irb privileged EXEC command to display the configuration for each interface that has been configured for integrated routing or bridging.
show interfaces [interface] irb| interface | (Optional) Specific interface, such as Ethernet 0. |
Use the show span privileged EXEC command to display the spanning-tree topology known to the router. The display indicates whether LAT group code filtering is in effect.
show spanUse the show sse summary EXEC command to display a summary of Silicon Switch Processor (SSP) statistics:
show sse summaryUse the show vlans privileged EXEC command to view virtual LAN subinterfaces.
show vlansUse the x25 map bridge interface configuration command to configure the bridging of packets in X.25 frames. Use the no form of this command to disable the Internet-to-X.121 mapping.
x25 map bridge x.121-address broadcast [options-keywords]| x.121-address | The X.121 address. |
| broadcast | Required keyword for bridging over X.25. |
| options-keywords | (Optional) Additional functionality that can be specified for originated calls. |
|
|