The 4000 series does things a little differently with Bridge groups then older ISRs. The below is on a Cisco ISR 4331. In this case I needed to have a bridge group to go to two separate switches, one port would be blocked by spanning tree to keep loops out.
a Bridge-group, Groups the physical interfaces into one logical group. and the Bridge Virtual Interface (BVI) is the layer 3 routing interface associated to that bridge group.
In this scenario I have two vlans 4006 and 4007, I will create a bridge group so basically the two ports of the bridge group are a switch. Spanning tree will pass through the bridge group and one of my ports will be blocked. The reason for the bridge group if that I have two Distro switches and I want to have switch redundancy (Yes, I know the router is still a single point of failure). If one of my core switches die, it should be only a few seconds and I will be back up and going at Layer2 to my core. In this scenario I have a reason to not use ECMP or routing on the router interconnects – I need to keep them at layer 2.
Config:
bridge-domain 4006
bridge-domain 4007
interface GigabitEthernet0/0/0
description **Connected to Primary Core**
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
!
service instance 4006 ethernet
encapsulation dot1q 4006
rewrite ingress tag pop 1 symmetric
bridge-domain 4006
!
service instance 4007 ethernet
encapsulation dot1q 4007
rewrite ingress tag pop 1 symmetric
bridge-domain 4007
!
int gig 0/0/2
description **Connected to Primary Core2**
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
!
service instance 4006 ethernet
encapsulation dot1q 4006
rewrite ingress tag pop 1 symmetric
bridge-domain 4006
!
service instance 4007 ethernet
encapsulation dot1q 4007
rewrite ingress tag pop 1 symmetric
bridge-domain 4007
!
!
interface BDI1
no ip address
shutdown
!
interface BDI4006
ip address 1.1.1.1 255.255.255.0
!
interface BDI4007
ip address 2.2.2.1 255.255.255.0
no ip redirects
!
Thats, it. The Vlan and vlan interfaces are up and working. When I check spanning-tree on the switch I see the correct one blocked – which could totally be load balanced or modified.
Recent Comments