Transparent Bridging ? [7:7126]

[Philip Barker]

Hi Group,
I vill say ziss only vonce.

Okay, its my second attempt at trying to work out how I can bridge IP across
to 2500's.

I have 2 2500's configured with "no ip routing". 2 PC's are connected at
either end, i.e one to bridge 1
and one to bridge 2. I have a sniffer on both PC's. I am attempting to ping
from one PC to the other.
IEEE spanning tree is applied on both bridges. The bridges are connected via
a
serial cable and the serial
ports of the bridges as well as the Ethernet ports are in bridge group 1.

I have verified spanning tree operation and one of the serial ports has been
elected root port on bridge 1,
the other bridge is the designated bridge. Ref : Radia Perlman,
Interconnections p.83.
So far so good.

I have configured the PC's with a default gateway to the IP address of each
of
the bridges.
When I attempt to ping from one PC to the other, I can see from my Sniffer
trace that the PC ARP's for
the MAC Address of the bridge, this ARP is successful and the PC then sends
out an ICMP echo request.
This echo request appears to be my problem since the destination MAC address
of this packet contains
the Ethernet Mac address of the local bridge and the local bridge
consequently
disregards the packet.
Should the PC have an ARP entry installed for the destination IP address that
I am pinging ?

Has anyone achieved this scenario ? or am I way off mark with my thinking
here.

The reason I set this LAB up was because so many questions appear to be being
asked at CCIE written level
akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
(RSRB/DLSW+/SRB etc)

Any comments welcome.

Regards,

Phil.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7126&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Transparent Bridging ? [7:7126]

[Priscilla Oppenheimer]

The PC shouldn't ARP for a bridge. A bridge is transparent. It should ARP 
for the end station. Something is weird with addressing and submasks.

Priscilla

At 03:22 PM 6/4/01, Philip Barker wrote:
>Hi Group,
> I vill say ziss only vonce.
>
>Okay, its my second attempt at trying to work out how I can bridge IP across
>to 2500's.
>
>I have 2 2500's configured with "no ip routing". 2 PC's are connected at
>either end, i.e one to bridge 1
>and one to bridge 2. I have a sniffer on both PC's. I am attempting to ping
>from one PC to the other.
>IEEE spanning tree is applied on both bridges. The bridges are connected via
>a
>serial cable and the serial
>ports of the bridges as well as the Ethernet ports are in bridge group 1.
>
>I have verified spanning tree operation and one of the serial ports has been
>elected root port on bridge 1,
>the other bridge is the designated bridge. Ref : Radia Perlman,
>Interconnections p.83.
>So far so good.
>
>I have configured the PC's with a default gateway to the IP address of each
>of
>the bridges.
>When I attempt to ping from one PC to the other, I can see from my Sniffer
>trace that the PC ARP's for
>the MAC Address of the bridge, this ARP is successful and the PC then sends
>out an ICMP echo request.
>This echo request appears to be my problem since the destination MAC address
>of this packet contains
>the Ethernet Mac address of the local bridge and the local bridge
>consequently
>disregards the packet.
>Should the PC have an ARP entry installed for the destination IP address
that
>I am pinging ?
>
>Has anyone achieved this scenario ? or am I way off mark with my thinking
>here.
>
>The reason I set this LAB up was because so many questions appear to be
being
>asked at CCIE written level
>akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
>(RSRB/DLSW+/SRB etc)
>
>Any comments welcome.
>
>Regards,
>
>Phil.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7130&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Transparent Bridging ? [7:7126]

[Tom Pruneau]

It sounds to me like you still have a layer three address somehwere on one
of your routers, and that you maight still have a default gateway on one of
your PCs pointing to that adx.


I would pose the question, are both PC's configured to be on the same
network? DO they have the same mask?

If either of them have a default gateway configured I would turn that off
for the testing just to limit the number of variables.

If the routers arte configured to be bridges they should be totally
transparent. You should not be able to ARP them because ARP requires a
destination IP address, and if they are just bridges they won't have any IP
addresses


my $.02





At 03:22 PM 06/04/2001 -0400, Philip Barker wrote:
>Hi Group,
>I vill say ziss only vonce.
>
>Okay, its my second attempt at trying to work out how I can bridge IP across
>to 2500's.
>
>I have 2 2500's configured with "no ip routing". 2 PC's are connected at
>either end, i.e one to bridge 1
>and one to bridge 2. I have a sniffer on both PC's. I am attempting to ping
>from one PC to the other.
>IEEE spanning tree is applied on both bridges. The bridges are connected via
>a
>serial cable and the serial
>ports of the bridges as well as the Ethernet ports are in bridge group 1.
>
>I have verified spanning tree operation and one of the serial ports has been
>elected root port on bridge 1,
>the other bridge is the designated bridge. Ref : Radia Perlman,
>Interconnections p.83.
>So far so good.
>
>I have configured the PC's with a default gateway to the IP address of each
>of
>the bridges.
>When I attempt to ping from one PC to the other, I can see from my Sniffer
>trace that the PC ARP's for
>the MAC Address of the bridge, this ARP is successful and the PC then sends
>out an ICMP echo request.
>This echo request appears to be my problem since the destination MAC address
>of this packet contains
>the Ethernet Mac address of the local bridge and the local bridge
>consequently
>disregards the packet.
>Should the PC have an ARP entry installed for the destination IP address
that
>I am pinging ?
>
>Has anyone achieved this scenario ? or am I way off mark with my thinking
>here.
>
>The reason I set this LAB up was because so many questions appear to be
being
>asked at CCIE written level
>akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
>(RSRB/DLSW+/SRB etc)
>
>Any comments welcome.
>
>Regards,
>
>Phil.
Tom Pruneau 
Trainer Network Operations

GENUITY
3 Van de Graff Drive Burlington Ma. 01803
24 Hr. Network Operations Center 800-436-8489
If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri

---
This email is composed of 82% post consumer recycled data bits
---

"Once in a while you get shown the light 
in the strangest of places if you look at it right"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7143&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Transparent Bridging ? [7:7126]

[Philip Barker]

Jeepers,
 Its working, though I'm not convinced as to why !!!
Maybe it was when I swore at the bridges and told them Priscilla was on the
case that they just through the towel in ???

Regards,

Phil.

PS : I'm gonna strip it down now working backwards until I break it again.

- Original Message -
From: "Priscilla Oppenheimer" 
To: "Philip Barker" ;

Sent: Monday, June 04, 2001 8:27 PM
Subject: Re: Transparent Bridging ? [7:7126]


> The PC shouldn't ARP for a bridge. A bridge is transparent. It should ARP
> for the end station. Something is weird with addressing and submasks.
>
> Priscilla
>
> At 03:22 PM 6/4/01, Philip Barker wrote:
> >Hi Group,
> > I vill say ziss only vonce.
> >
> >Okay, its my second attempt at trying to work out how I can bridge IP
across
> >to 2500's.
> >
> >I have 2 2500's configured with "no ip routing". 2 PC's are connected at
> >either end, i.e one to bridge 1
> >and one to bridge 2. I have a sniffer on both PC's. I am attempting to
ping
> >from one PC to the other.
> >IEEE spanning tree is applied on both bridges. The bridges are connected
via
> >a
> >serial cable and the serial
> >ports of the bridges as well as the Ethernet ports are in bridge group 1.
> >
> >I have verified spanning tree operation and one of the serial ports has
been
> >elected root port on bridge 1,
> >the other bridge is the designated bridge. Ref : Radia Perlman,
> >Interconnections p.83.
> >So far so good.
> >
> >I have configured the PC's with a default gateway to the IP address of
each
> >of
> >the bridges.
> >When I attempt to ping from one PC to the other, I can see from my
Sniffer
> >trace that the PC ARP's for
> >the MAC Address of the bridge, this ARP is successful and the PC then
sends
> >out an ICMP echo request.
> >This echo request appears to be my problem since the destination MAC
address
> >of this packet contains
> >the Ethernet Mac address of the local bridge and the local bridge
> >consequently
> >disregards the packet.
> >Should the PC have an ARP entry installed for the destination IP address
that
> >I am pinging ?
> >
> >Has anyone achieved this scenario ? or am I way off mark with my thinking
> >here.
> >
> >The reason I set this LAB up was because so many questions appear to be
being
> >asked at CCIE written level
> >akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
> >(RSRB/DLSW+/SRB etc)
> >
> >Any comments welcome.
> >
> >Regards,
> >
> >Phil.
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7146&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Transparent Bridging ? [7:7126]

[Charles Manafa]

Check your addressing. Both PCs should be on the same subnet, and do not
require a default gateway. A PC should not be configured with the IP address
of a bridge as the default gateway.

CM

-Original Message-
From: Philip Barker
To: [EMAIL PROTECTED]
Sent: 04/06/01 20:22
Subject: Transparent Bridging ? [7:7126]

Hi Group,
I vill say ziss only vonce.

Okay, its my second attempt at trying to work out how I can bridge IP
across
to 2500's.

I have 2 2500's configured with "no ip routing". 2 PC's are connected at
either end, i.e one to bridge 1
and one to bridge 2. I have a sniffer on both PC's. I am attempting to
ping
from one PC to the other.
IEEE spanning tree is applied on both bridges. The bridges are connected
via
a
serial cable and the serial
ports of the bridges as well as the Ethernet ports are in bridge group
1.

I have verified spanning tree operation and one of the serial ports has
been
elected root port on bridge 1,
the other bridge is the designated bridge. Ref : Radia Perlman,
Interconnections p.83.
So far so good.

I have configured the PC's with a default gateway to the IP address of
each
of
the bridges.
When I attempt to ping from one PC to the other, I can see from my
Sniffer
trace that the PC ARP's for
the MAC Address of the bridge, this ARP is successful and the PC then
sends
out an ICMP echo request.
This echo request appears to be my problem since the destination MAC
address
of this packet contains
the Ethernet Mac address of the local bridge and the local bridge
consequently
disregards the packet.
Should the PC have an ARP entry installed for the destination IP address
that
I am pinging ?

Has anyone achieved this scenario ? or am I way off mark with my
thinking
here.

The reason I set this LAB up was because so many questions appear to be
being
asked at CCIE written level
akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
(RSRB/DLSW+/SRB etc)

Any comments welcome.

Regards,

Phil.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7147&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Transparent Bridging ? [7:7126]

[Vijay Ramcharan]

Indeed.  Bridging using two 2500s as mentioned makes the routers operate
strictly at layer 2.  They will not forward packets of any kind using
layer 3 methodology.  In effect, they will not use any layer 3
forwarding mechanism so you cannot point a PC's def. gtwy to their local
interface.  Your PC will operate just fine without any gateway if all
you need to do is establish connectivity to the other PC across the
bridge.  Both PCs should be in the same network of course.  If they
aren't then you know that you need to route and not bridge.

Vijay Ramcharan


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Charles Manafa
Sent: Monday, June 04, 2001 4:17 PM
To: [EMAIL PROTECTED]
Subject: RE: Transparent Bridging ? [7:7126]


Check your addressing. Both PCs should be on the same subnet, and do not
require a default gateway. A PC should not be configured with the IP
address of a bridge as the default gateway.

CM

-Original Message-
From: Philip Barker
To: [EMAIL PROTECTED]
Sent: 04/06/01 20:22
Subject: Transparent Bridging ? [7:7126]

Hi Group,
I vill say ziss only vonce.

Okay, its my second attempt at trying to work out how I can bridge IP
across to 2500's.

I have 2 2500's configured with "no ip routing". 2 PC's are connected at
either end, i.e one to bridge 1 and one to bridge 2. I have a sniffer on
both PC's. I am attempting to ping from one PC to the other. IEEE
spanning tree is applied on both bridges. The bridges are connected via
a serial cable and the serial ports of the bridges as well as the
Ethernet ports are in bridge group 1.

I have verified spanning tree operation and one of the serial ports has
been elected root port on bridge 1, the other bridge is the designated
bridge. Ref : Radia Perlman, Interconnections p.83. So far so good.

I have configured the PC's with a default gateway to the IP address of
each of the bridges. When I attempt to ping from one PC to the other, I
can see from my Sniffer trace that the PC ARP's for the MAC Address of
the bridge, this ARP is successful and the PC then sends out an ICMP
echo request. This echo request appears to be my problem since the
destination MAC address of this packet contains the Ethernet Mac address
of the local bridge and the local bridge consequently disregards the
packet. Should the PC have an ARP entry installed for the destination IP
address that I am pinging ?

Has anyone achieved this scenario ? or am I way off mark with my
thinking here.

The reason I set this LAB up was because so many questions appear to be
being asked at CCIE written level akin to this setup i.e can PC 1 ping
PC 2 in similar arrangement using (RSRB/DLSW+/SRB etc)

Any comments welcome.

Regards,

Phil.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7151&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Transparent Bridging ? [7:7126]

[Rick Seiler]

OK, more than you ever wanted to know...

The setup of the PCs is really no different than if they are on the same
hub, switch vlan, or directly connected via a twist cable. The configuration
of the PCs has to be done in one of two ways:

1. Set the PCs to the same ip subnet and mask (the default gateway doesn't
matter, it won't be used).

2. Set the PCs to entirely different ip subnets (or the same, as long as the
ip address is not identical or a broadcast address) and set the default
gateway the same as the ip address.

First Option:
-

Set the PCs to the same ip subnet and mask (the default gateway doesn't
matter, it won't be used).

For example:

PC#1:
IP: 10.100.1.20
MASK: 255.255.255.0
GW: 0.0.0.0 (or blank, depending on OS)

PC#2:
IP: 10.100.1.21
MASK: 255.255.255.0
GW: 0.0.0.0

The reason the default gateway doesn't matter is because both PC's are on
the same IP subnet.  The default gateway is only used if you try to
communicate (ping) an ip subnet that is not local to the PC.

On PC#1, ping your loopback (ping localhost on Windows),
then ping your interface (ping 10.100.1.20) see above,
then ping the other PC (ping 10.100.1.21).

The reason for pinging your loopback and your own interface is to verify
that your IP stack is functioning and configured properly before you blame
the 'network'.

Since the two PCs don't actually use the IP addresses to communicate, you
can see what is actually going on by typing 'arp -a' in Windows to see the
local ARP cache.  You should see the IP address of PC#2 (10.100.1.21) and
the MAC address.  When you typed 'ping 10.100.1.21' on PC#1 (above), PC#1
actually:

a. Sent an ARP request on the wire (you will see this on your sniffer)
looking for the MAC address that answers to IP address 10.100.1.21.

b. Provided only one machine on this segment (hub, switch vlan, etc.) is
configured with this IP address, PC#2 will be the only PC to answer that ARP
request.

c. PC#1 will populate its local ARP cache with the IP address to MAC address
mapping

d. All communication with PC#2 will be with the MAC Address of PC#2 (not the
IP Address).  The reason for the IP address is to make it easier for humans
to manage device addressing, the computers use only layer 1 (the cabling,
hub) and layer 2 (mac address, bridge) to send information to each other.

This is why you cannot ping an IP address on a different subnet
(192.168.255.1 for example).  The PC will try to use a default gateway to
get there, which isn't configured and doesn't exist.


To illustrate this point a little better, let me explain the second option
for configuring the PCs:

Second Option:
--

Set the PCs to entirely different ip subnets (or the same, as long as the ip
address is not identical or a broadcast address) and set the default gateway
the same as the ip address.

For example:

PC#1:
IP: 192.168.255.26
MASK: 255.255.255.0
GW: 192.168.255.26

PC#2:
IP: 10.1.50.201
MASK: 255.0.0.0
GW: 10.1.50.201

Notice that the IP address and default gateway are identical on each
individual PC.

Now, why would you ever do this?  To illustrate a point.  If you would ping
PC#2 (10.1.50.201) from PC#1 (192.168.255.26), it will work!!! (Assuming you
started by verifying that you could ping localhost and your own interface).

Why does this work?  Because, by setting the ip address and default gateway
the same, you tell the PC to ARP for everything.  Even though the two PCs
are configured on different IP subnets, the PCs don't care because they
really use their MAC addresses to communicate. So, PC#1 sends and arp
request for 10.1.50.201 on the wire and PC#2 responds, PC#1 adds the MAC
address to its ARP cache and will send all further IP packets destined for
10.1.50.201 to the MAC address of PC#2.


Does this clear anything up?  Here are sample configs for your two routers:

R1
--

! the following line is NOT necessary if you don't put ip addresses
! on the individual interfaces, like this config
!
no ip routing 
!
interface ethernet0
  no ip address
  bridge-group 1
  no shut
!
interface serial0
  desc DCE
  no ip address
  clockrate 56000
  bridge-group 1
  no shut
!
bridge 1 protocol ieee
!
end


R2
--

! the following line is NOT necessary if you don't put ip addresses
! on the individual interfaces, like this config
!
no ip routing 
!
interface ethernet0
  no ip address
  bridge-group 1
  no shut
!
interface serial0
  desc DTE
  no ip address
  bridge-group 1
  no shut
!
bridge 1 protocol ieee
!
end


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7181&t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Transparent Bridging ? [7:7126]

[Philip Barker]

Thanks for the excellent answer Rick. I now have it hammered down. PS : for
all those who spotted my Gaff, I was on different networks at either end.
Blush.

Regards,

Phil.

- Original Message -
From: "Rick Seiler" 
To: 
Sent: Tuesday, June 05, 2001 1:04 AM
Subject: RE: Transparent Bridging ? [7:7126]


> OK, more than you ever wanted to know...
>
> The setup of the PCs is really no different than if they are on the same
> hub, switch vlan, or directly connected via a twist cable. The
configuration
> of the PCs has to be done in one of two ways:
>
> 1. Set the PCs to the same ip subnet and mask (the default gateway doesn't
> matter, it won't be used).
>
> 2. Set the PCs to entirely different ip subnets (or the same, as long as
the
> ip address is not identical or a broadcast address) and set the default
> gateway the same as the ip address.
>
> First Option:
> -
>
> Set the PCs to the same ip subnet and mask (the default gateway doesn't
> matter, it won't be used).
>
> For example:
>
> PC#1:
> IP: 10.100.1.20
> MASK: 255.255.255.0
> GW: 0.0.0.0 (or blank, depending on OS)
>
> PC#2:
> IP: 10.100.1.21
> MASK: 255.255.255.0
> GW: 0.0.0.0
>
> The reason the default gateway doesn't matter is because both PC's are on
> the same IP subnet.  The default gateway is only used if you try to
> communicate (ping) an ip subnet that is not local to the PC.
>
> On PC#1, ping your loopback (ping localhost on Windows),
> then ping your interface (ping 10.100.1.20) see above,
> then ping the other PC (ping 10.100.1.21).
>
> The reason for pinging your loopback and your own interface is to verify
> that your IP stack is functioning and configured properly before you blame
> the 'network'.
>
> Since the two PCs don't actually use the IP addresses to communicate, you
> can see what is actually going on by typing 'arp -a' in Windows to see the
> local ARP cache.  You should see the IP address of PC#2 (10.100.1.21) and
> the MAC address.  When you typed 'ping 10.100.1.21' on PC#1 (above), PC#1
> actually:
>
> a. Sent an ARP request on the wire (you will see this on your sniffer)
> looking for the MAC address that answers to IP address 10.100.1.21.
>
> b. Provided only one machine on this segment (hub, switch vlan, etc.) is
> configured with this IP address, PC#2 will be the only PC to answer that
ARP
> request.
>
> c. PC#1 will populate its local ARP cache with the IP address to MAC
address
> mapping
>
> d. All communication with PC#2 will be with the MAC Address of PC#2 (not
the
> IP Address).  The reason for the IP address is to make it easier for
humans
> to manage device addressing, the computers use only layer 1 (the cabling,
> hub) and layer 2 (mac address, bridge) to send information to each other.
>
> This is why you cannot ping an IP address on a different subnet
> (192.168.255.1 for example).  The PC will try to use a default gateway to
> get there, which isn't configured and doesn't exist.
>
>
> To illustrate this point a little better, let me explain the second option
> for configuring the PCs:
>
> Second Option:
> --
>
> Set the PCs to entirely different ip subnets (or the same, as long as the
ip
> address is not identical or a broadcast address) and set the default
gateway
> the same as the ip address.
>
> For example:
>
> PC#1:
> IP: 192.168.255.26
> MASK: 255.255.255.0
> GW: 192.168.255.26
>
> PC#2:
> IP: 10.1.50.201
> MASK: 255.0.0.0
> GW: 10.1.50.201
>
> Notice that the IP address and default gateway are identical on each
> individual PC.
>
> Now, why would you ever do this?  To illustrate a point.  If you would
ping
> PC#2 (10.1.50.201) from PC#1 (192.168.255.26), it will work!!! (Assuming
you
> started by verifying that you could ping localhost and your own
interface).
>
> Why does this work?  Because, by setting the ip address and default
gateway
> the same, you tell the PC to ARP for everything.  Even though the two PCs
> are configured on different IP subnets, the PCs don't care because they
> really use their MAC addresses to communicate. So, PC#1 sends and arp
> request for 10.1.50.201 on the wire and PC#2 responds, PC#1 adds the MAC
> address to its ARP cache and will send all further IP packets destined for
> 10.1.50.201 to the MAC address of PC#2.
>
>
> Does this clear anything up?  Here are sample configs for your two
routers:
>
> R1
> --
>
> ! the following line is NOT necessary if you don't put ip addresses
> ! on the individual interfaces, like this config
> !
> no ip routing
> !
> interface ethernet0
>   no ip address