|
|
This chapter describes the function and displays the syntax of transparent bridging commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Router Products Command Reference publication.
access-list access-list-number {permit | deny} source source-mask
destination destination-mask offset size operator operand
Use the access-list (extended) global configuration command to provide extended access lists that allow finer granularity of control. These lists allow you to specify both source and destination addresses and arbitrary bytes in the packet.
| access-list- number | Integer from 1100 through 1199 that you assign to identify one or more permit/deny conditions as an extended access list. Note that a list number in the range 1100 through 1199 distinguishes an extended access list from other access lists. |
| permit | Allows a connection when a packet matches an access condition. The router stops checking the extended access list after a match occurs. All conditions must be met to make a match. |
| deny | Disallows a connection when a packet matches an access condition. The router stops checking the extended access list after a match occurs. All conditions must be met to make a match. |
| source | MAC Ethernet address in the form xxxx.xxxx.xxxx. |
| source-mask | Mask of MAC Ethernet source address bits to be ignored. The router uses the source and source-mask arguments to match the source address of a packet. |
| destination | MAC Ethernet value used for matching the destination address of a packet. |
| destination- mask | Mask of MAC Ethernet destination address bits to be ignored. The router uses the destination and destination-mask arguments to match the destination address of a packet. |
| offset | Range of values that must be satisfied in the access list. Specified in decimal or in hexadecimal format in the form 0xnn. The offset is the number of bytes from the destination address field; it is not an offset from the start of the packet. The number of bytes you need to offset from the destination address varies depending on the media encapsulation type you are using. |
| size | Range of values that must be satisfied in the access list. Must be an integer 1 through 4. |
| operator | Compares arbitrary bytes within the packet. Can be one of the following keywords:
lt--less than gt--greater than eq--equal neq--not equal and--bitwise and xor--bitwise exclusive or nop--address match only |
| operand | Compares arbitrary bytes within the packet. The value to be compared to or masked against. |
access-list access-list-number {permit | deny} address mask
no access-list access-list-number
Use the access-list (standard) global configuration command to establish MAC address access lists. Use the no form of this command to remove a single access list entry.
| access-list- number | Integer from 700 to 799 that you select for the list. |
| permit | Permits the frame. |
| deny | Denies the frame. |
| address mask | 48-bit MAC addresses written in dotted triplet form. The ones bits in the mask argument are the bits to be ignored in address. |
access-list access-list-number {permit | deny} type-code wild-mask
no access-list access-list-number
Use the access-list (type-code) global configuration command to build type-code access lists. Use the no form of this command to remove a single access list entry.
| access-list- number | User-selectable number between 200 and 299 that identifies the list. |
| permit | Permits the frame. |
| deny | Denies the frame. |
| type-code | 16-bit hexadecimal number written with a leading "0x"; for example, 0x6000. You can specify either an Ethernet type code for Ethernet-encapsulated packets, or a DSAP/SSAP pair for 802.3 or 802.5-encapsulated packets. Ethernet type codes are listed in the appendix "Ethernet Type Codes" in the Router Products Command Reference publication. |
| wild-mask | 16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument that should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be at least 0x0101. This is because these two bits are used for purposes other than identifying the SAP codes.) |
[no] bridge bridge-group acquire
Use the bridge acquire global configuration command to use the system default behavior of forwarding any frames for stations that it has learned about dynamically. Use the no form of this command to change the default behavior.
| bridge-group | Bridge-group number specified in the bridge protocol command. |
bridge bridge-group address mac-address {forward | discard}
[interface]
no bridge bridge-group address mac-address
Use the bridge address global configuration command to filter frames with a particular MAC layer station source or destination address. Use the no form of this command followed by the MAC address to disable the forwarding ability.
| bridge-group | Group number you assigned to the spanning tree. Must be the same as that specified in the bridge protocol command. |
| mac-address | 48-bit dotted-triplet hardware address such as that displayed by the EXEC show arp command, for example, 0800.cb00.45e9. It is either a station address, the broadcast address, or a multicast destination address. |
| forward | Frame sent from or destined to the specified address is forwarded as appropriate. |
| discard | Frame sent from or destined to the specified address is discarded without further processing. |
| interface | (Optional) Interface specification, such as Ethernet 0. It is added after the forward keyword to indicate the interface on which that address can be reached. |
bridge bridge-group circuit-group circuit-group pause milliseconds
Use the bridge circuit-group pause global configuration command to configure the interval during which transmission is suspended in a circuit group after circuit group changes take place.
| bridge-group | Number of the bridge group to which the interface belongs. |
| circuit-group | Number of the circuit group to which the interface belongs. |
| milliseconds | Forward delay interval. It must be a value in the range 0 through 10000 milliseconds. |
[no] bridge bridge-group circuit-group circuit-group source-based
Use the bridge circuit-group source-based global configuration command to use just the source MAC address for selecting the output interface. Use the no form of this command to remove the interface from the bridge group.
| bridge-group | Number of the bridge group to which the interface belongs. |
| circuit-group | Number of the circuit group to which the interface belongs. |
Use the bridge crb global configuration command to enable the router to both route and bridge a given protocol on separate interfaces within a single router. Use the no form of this command to disable the feature.
bridge bridge-group domain domain-number
no bridge bridge-group domain
Use the bridge domain global configuration command to establish a domain by assigning it a decimal value between 1 and 10. Use the no form of this command to return to the default single bridge domain.
| bridge-group | Bridge-group number specified in the bridge protocol ieee command. The dec keyword is not valid for this command. |
| domain-number | Domain number you choose. The default domain number is zero; this is the domain number required when communicating to IEEE bridges that do not support this domain extension. |
bridge bridge-group forward-time seconds
no bridge bridge-group forward-time
Use the bridge forward-time global configuration command to specify the forward delay interval for the router. Use the no form of this command to return the default interval.
| bridge-group | Bridge-group number specified in the bridge protocol command. |
| seconds | Forward delay interval. It must be a value in the range 10 through 200 seconds. The default is 30 seconds. |
[no] bridge-group bridge-group
Use the bridge-group interface configuration command to assign each network interface to a bridge group. Use the no form of this command to remove the interface from the bridge group.
| bridge-group | Number of the bridge group to which the interface belongs. The value must be in the range 1 through 9. |
[no] bridge-group bridge-group aging-time seconds
Use the bridge-group aging-time global configuration command to set the length of time that a dynamic entry can remain in the bridge table, from the time the entry was created or last updated. Use the no form of this command to return to the default aging time.
| bridge-group | Number of the bridge group to which the interface belongs. |
| seconds | Aging-time interval, in the range 0 to 1000000 seconds. The default is 300 seconds. |
[no] bridge-group bridge-group cbus-bridging
Use the bridge-group cbus-bridging interface configuration command to enable autonomous bridging on a ciscoBus2-resident interface. Use the no form of this command to disable autonomous bridging.
| bridge-group | Number of the bridge group to which the interface belongs. |
[no] bridge-group bridge-group circuit-group circuit-group
Use the bridge-group circuit-group interface configuration command to assign each network interface to a group. Use the no form of this command to remove the interface from the bridge group.
| bridge-group | Number of the bridge group to which the interface belongs. |
| circuit-group | Circuit group number. The range is 1 through 9. |
bridge-group bridge-group input-address-list
no bridge-group bridge-group input-address-list access-list-number
Use the bridge-group input-address-list interface configuration command to assign an access list to a particular interface. This access list is used to filter packets received on that interface based on their MAC source addresses. Use the no form of this command to remove an access list from an interface.
| bridge-group | Bridge-group number defined by the bridge-group command. It must be in the range 1 through 9. |
| access-list- number | Access-list number you assigned with the bridge access-list command. It must be in the range 700 through 799. |
[no] bridge-group bridge-group input-lat-service-deny group-list
Use the bridge-group input-lat-service-deny interface configuration command to specify the group codes by which to deny access upon input. Use the no form of this command to remove this access condition.
| bridge-group | Bridge-group number defined by the bridge-group command. It must be a value in the range 1 through 9. |
| group-list | List of LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group. |
[no] bridge-group bridge-group input-lat-service-permit group-list
Use the bridge-group input-lat-service-permit interface configuration command to specify the group codes by which to permit access upon input. Use the no form of this command to remove this access condition.
| bridge-group | Bridge-group number defined in the bridge-group command. It must be a value in the range 1 through 9. |
| group-list | LAT service groups. Single numbers and ranges are permitted. Specify a zero (0) to disable the LAT group code for the bridge group. |
[no] bridge-group bridge-group input-lsap-list access-list-number
Use the bridge-group input-lsap-list interface configuration command to filter IEEE 802.2-encapsulated packets on input. Use the no form of this command to disable this capability.
| bridge-group | Bridge-group number defined in the bridge-group command. It must be a value in the range 1 through 9. |
| access-list- number | Access-list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
[no] bridge-group bridge-group input-pattern access-list-number
Use the bridge-group input-pattern interface configuration command to associate an extended access list with a particular interface in a particular bridge group. Use the no form of this command to disable this capability.
| bridge-group | Bridge-group number defined in the bridge-group command. It must be a value in the range 1 through 9. |
| access-list- number | Access-list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the interface. |
[no] bridge-group bridge-group input-type-list access-list-number
Use the bridge-group input-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on input. Use the no form of this command to disable this capability.
| bridge-group | Bridge-group number defined in the bridge-group command. |
| access-list- number | Access-list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
[no] bridge-group bridge-group lat-compression
Use the bridge-group lat-compression interface configuration command to reduce the amount of bandwidth that LAT traffic consumes on the serial interface by specifying a LAT-specific form of compression. Use the no form of this command to disable LAT compression on the bridge group.
| bridge-group | Bridge-group number defined in the bridge-group command. |
[no] bridge-group bridge-group output-address-list
access-list-number
Use the bridge-group output-address-list interface configuration command to assign an access list to a particular interface for filtering the MAC destination addresses of packets that would ordinarily be forwarded out that interface. Use the no form of this command to remove an access list from an interface.
| bridge-group | Bridge-group number in the range 1 through 9, defined in the bridge-group command. |
| access-list- number | Access-list number assigned with the bridge access-list command. |
[no] bridge-group bridge-group output-lat-service-deny group-list
Use the bridge-group output-lat-service-deny interface configuration command to specify the group codes by which to deny access upon output. Use the no form of this command to cancel the specified group codes.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
| group-list | List of LAT groups. Single numbers and ranges are permitted. |
[no] bridge-group bridge-group output-lat-service-permit group-list
Use the bridge-group output-lat-service-permit interface configuration command to specify the group codes by which to permit access upon output. Use the no form of this command to cancel specified group codes.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
| group-list | LAT service advertisements. |
[no] bridge-group bridge-group output-lsap-list access-list-number
Use the bridge-group output-lsap-list interface configuration command to filter IEEE 802-encapsulated packets on output. Use the no form of this command to disable this capability.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
| access-list- number | Access-list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. |
[no] bridge-group bridge-group output-pattern-list
access-list-number
Use the bridge-group output-pattern-list interface configuration command to associate an extended access list with a particular interface. Use the no form of this command to disable this capability.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
| access-list- number | Extended access-list number assigned with the extended access-list command. Specify a zero (0) to disable the application of the access list on the interface. |
[no] bridge-group bridge-group output-type-list access-list-number
Use the bridge-group output-type-list interface configuration command to filter Ethernet- and SNAP-encapsulated packets on output. Use the no form of this command to disable this capability.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
| access-list- number | Access-list number assigned with the bridge access-list command. Specify a zero (0) to disable the application of the access list on the bridge group. This access list is applied just before sending out a frame to an interface. |
[no] bridge-group bridge-group path-cost cost
Use the bridge-group path-cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.
| bridge-group | Bridge-group number specified in the bridge-group command. |
| cost | Path cost can range from 1 through 65535, with higher values indicating higher costs. This range applies regardless of whether the IEEE or Digital spanning-tree protocol has been specified. |
bridge-group bridge-group priority number
Use the bridge-group priority interface configuration command to set an interface priority when two bridges tie for position as the root bridge. The priority you set breaks the tie.
| bridge-group | Bridge-group number specified in the bridge-group command. |
| number | Priority number ranging from 0 through 255 (Digital), or 0 through 64000 (IEEE). The defaults are: 128--Digital spanning-tree protocol 32768--IEEE spanning-tree protocol |
[no] bridge-group bridge-group spanning-disabled
Use the bridge-group spanning-disabled interface configuration command to disable the spanning tree on a given interface.
| bridge-group | Bridge-group number of the interface, specified in the bridge-group command. |
[no] bridge-group bridge-group sse
Use the bridge-group sse interface configuration command to enable Cisco's silicon switching engine (SSE) switching function. Use the no form of this command to disable SSE switching.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
bridge bridge-group hello-time seconds
no bridge bridge-group hello-time
Use the bridge hello-time global configuration command to specify the interval between Hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return the default interval.
| bridge-group | Bridge-group number specified in the bridge protocol command. |
| seconds | Interval between 1 and 10 seconds. The default is 1 second. |
[no] bridge bridge-group lat-service-filtering
Use the bridge lat-service-filtering global configuration command to specify LAT group-code filtering. Use the no form of this command to disable the use of LAT service filtering on the bridge group.
| bridge-group | Bridge group in which this special processing is to take place. |
bridge bridge-group max-age seconds
no bridge bridge-group max-age
Use the bridge max-age global configuration command to change the interval the bridge will wait to hear BPDUs from the root bridge. If a bridge does not hear BPDUs from the root bridge within this specified interval, it assumes that the network has changed and will recompute the spanning-tree topology. Use the no form of this command to return the default interval.
| bridge-group | Bridge-group number specified in the bridge protocol command. |
| seconds | Interval the bridge will wait to hear BPDUs from the root bridge. It must be a value in the range 10 through 200 seconds. The default is 15 seconds. |
[no] bridge bridge-group multicast-source
Use the bridge multicast-source global configuration command to configure bridging support to allow the forwarding, but not the learning, of frames received with multicast source addresses. Use the no form of this command to disable this function on the bridge.
| bridge-group | Bridge-group number specified in the bridge protocol command. |
bridge bridge-group priority number
Use the bridge priority global configuration command to configure the priority of an individual bridge, or the likelihood that it will be selected as the root bridge.
| bridge-group | Bridge-group number specified in the bridge protocol command. |
| number | The lower the number, the more likely the bridge will be chosen as root. When the IEEE spanning-tree protocol is enabled on the router, number ranges from 0 through 65535; the default is 32768. When the Digital spanning-tree protocol is enabled, number ranges from 0 through 255; the default is 128. |
[no] bridge bridge-group protocol {ieee | dec}
Use the bridge protocol global configuration command to define the type of spanning-tree protocol. Use the no form of this command, with the appropriate keywords and arguments, to delete the specified bridge group.
| bridge-group | Number in the range 1 through 9 that you choose to refer to a particular set of bridged interfaces. Frames are bridged only among interfaces in the same group. |
| ieee | IEEE Ethernet spanning-tree protocol. |
| dec | Digital spanning-tree protocol. |
[no] bridge bridge-group route {protocol}
Use the bridge route global configuration command to enable the routing of a specified protocol in a specified bridge group. Use the no form of this command to disable the routing of a specified protocol in a specified bridge group.
| bridge-group | Bridge-group number. |
| protocol | One of the following protocols: apollo, appletalk, clns, decnet, ip | ipx, vines , or xns. |
clear bridge bridge-group
Use the clear bridge EXEC command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any statically or system-configured entries.
| bridge-group | Bridge-group number in the range 1 through 9, specified in the bridge-group command. |
Use the clear sse privileged EXEC command to reinitialize the Silicon Switch Processor (SSP) on the Cisco 7000 series.
Use the encapsulation sde subinterface configuration command to enable IEEE 802.10 Secure Data Exchange (SDE) encapsulation of transparently bridged traffic on a specified interface within an assigned bridge group.
| said | Security Association Identifier. The valid range is 0 through 0xFFF. |
ethernet-transit-oui [90-compatible | standard | cisco]
no ethernet-transit-oui
Use the ethernet-transit-oui interface configuration command to choose the Organizational Unique Identifier (OUI) code to be used in the encapsulation of Ethernet Type II frames across Token Ring backbone networks. Various versions of this OUI code are used by Ethernet/Token Ring translational bridges. The default OUI form is 90-compatible, which can be chosen with the no form of this command.
| 90-compatible | (Optional) Default OUI form. |
| standard | (Optional) Standard OUI form. |
| cisco | (Optional) Cisco's OUI form. |
frame-relay map bridge dlci broadcast
no frame-relay map bridge dlci
Use the frame-relay map bridge broadcast global configuration command to bridge over a Frame Relay network. Use the no form of this command to delete the mapping entry.
| dlci | DLCI number in the range 16 through 1007. |
[no] ip routing
Use the ip routing global configuration command to enable IP routing. Use the no form of this command to disable IP routing so that you can then bridge IP.
show bridge [bridge-group] [interface]
show bridge [bridge-group] [address [mask]] [verbose]
Use the show bridge privileged EXEC command to view classes of entries in the bridge forwarding database.
| bridge-group | (Optional) Number you chose that specifies a particular spanning tree. |
| interface | (Optional) Specific interface, such as Ethernet 0. |
| address | (Optional) 48-bit canonical (Ethernet ordered) MAC address. This may be entered with an optional mask of bits to be ignored in the address, which is specified with the mask argument. |
| mask | (Optional) Bits to be ignored in the address. You must specify the address argument if you want to specify a mask. |
| verbose | (Optional) Shows additional detail, including any Frame Relay DLCI associated with a station address. |
show bridge [bridge-group] circuit-group [[circuit-group]
[src-mac-address] [dst-mac-address]]
Use the show bridge circuit-group EXEC command to display the interfaces configured in each circuit group and show whether they are currently participating in load distribution.
| bridge-group | (Optional) Number that specifies a particular bridge group. |
| circuit-group | (Optional) Number that specifies a particular circuit group. |
| src-mac-address | (Optional) 48-bit canonical (Ethernet ordered) source MAC address. |
| dst-mac-address | (Optional) 48-bit canonical (Ethernet ordered) destination MAC address. |
show bridge group [verbose]
Use the show bridge group privileged EXEC command to display the status of each bridge group.]
| verbose | (Optional) Displays detailed information. |
show bridge vlan
Use the show bridge vlan privileged EXEC command to view virtual LAN subinterfaces.
Use the show interfaces crb privileged EXEC command to display the configuration for each interface that has been configured for routing or bridging.
show span
Use the show span EXEC command to display the spanning-tree topology known to the router.
Use the show sse summary EXEC command to display a summary of Silicon Switch Processor (SSP) statistics.
x25 map bridge x.121-address broadcast [options-keywords]
no x25 map bridge
Use the x25 map bridge interface configuration command to configure the bridging of packets in X.25 frames. Use the no form of this command to disable the Internet-to-X.121 mapping.
| x.121-address | The X.121 address. |
| broadcast | Required keyword for bridging over X.25. |
| options-keywords | (Optional) The services that can be added to this map These services are listed under the x25 map command in "X25 and LAPB Commands" chapter of the Router Products Command Reference publication. |
|
|