Bridge configuration on version 2.3.2p1

78firebird

I have attempted the bridge interface configuration several different ways without success. 
My final configuration will be attempting to bridge an OpenVPN network for backup/failover offsite servers.

Interface setup:
EM0: WAN
EM1: Admin
EM2: VLAN 551
EM3: VLAN 552
Brg551552: Bridge of 551/552

net.link.bridge.pfil_member Packet filter on the member interface 0
net.link.bridge.pfil_bridge Packet filter on the bridge interface 1

As soon as I add 551 to the Bridge interface, I loose local connection from the PC 10.5.5.70 to the router 10.5.5.1.  All firewall rules are allowing any/any on all internal interfaces.  Are there any other settings required to add an existing interface to a bridge group?

Below is the detailed interface setup.

WAN Interface (wan, em0)
Status
up
MAC Address
00:0c:29:d8:10:cd
IPv4 Address
206.30.30.178
Subnet mask IPv4
255.255.255.252
Gateway IPv4

21ADMIN Interface (lan, em1)
Status
up
MAC Address
00:0c:29:d8:10:d7
IPv4 Address
10.201.1.70
Subnet mask IPv4
255.255.255.0

TEST551 Interface (opt1, em2)
Status
up
MAC Address
00:0c:29:d8:10:e1
IPv4 Address
10.5.5.1
Subnet mask IPv4
255.255.255.0
IPv6 Link Local
fe80::20c:29ff:fed8:10e1%em2
MTU
1500
Media
1000baseT <full-duplex>In/out packets
2962/4603 (265 KiB/5.72 MiB)
In/out packets (pass)
2962/4603 (265 KiB/5.72 MiB)
In/out packets (block)
92/0 (7 KiB/0 B)
In/out errors
0/0
Collisions
0
Bridge (bridge0)
learning

TEST552 Interface (opt2, em3)
Status
up
MAC Address
00:0c:29:d8:10:eb
IPv6 Link Local
fe80::20c:29ff:fed8:10eb%em3
MTU
1500
Media
1000baseT <full-duplex>In/out packets
5/3 (334 B/304 B)
In/out packets (pass)
5/3 (334 B/304 B)
In/out packets (block)
13/0 (857 B/0 B)
In/out errors
0/0
Collisions
0
Bridge (bridge0)
learning

BRG551552 Interface (opt4, bridge0)
Status
up
MAC Address
02:ac:43:2f:d6:00
MTU
1500
In/out packets
10/5 (668 B/334 B)
In/out packets (pass)
10/5 (668 B/334 B)
In/out packets (block)
10/0 (1 KiB/0 B)
In/out errors
0/0
Collisions
0</full-duplex></full-duplex>

78firebird

Fixed.  Since bridging anything is just a bad idea, the Cisco 3850 was blocking it through spanning-tree.  Once spanning-tree was disabled, everything is up and colliding normally… :-\

johnpoz

"Since bridging anything is just a bad idea"

Hey there you go your getting it ;)

So I am really confused with this statement

EM2: VLAN 551
EM3: VLAN 552
Brg551552: Bridge of 551/552

So your 2 different vlans are on the same layer 3 network?  Makes Zero sense.. If your wanting to bridge 2 layer 2 networks.  This would become 1 vlan..  With 1 layer 3 network on it.  So why would you call it 2 different vlans with 2 different vlan tags??

"Once spanning-tree was disabled"

That seems like a really bad idea if you ask me…