Bridge configuration on version 2.3.2p1
-
I have attempted the bridge interface configuration several different ways without success.
My final configuration will be attempting to bridge an OpenVPN network for backup/failover offsite servers.Interface setup:
EM0: WAN
EM1: Admin
EM2: VLAN 551
EM3: VLAN 552
Brg551552: Bridge of 551/552net.link.bridge.pfil_member Packet filter on the member interface 0
net.link.bridge.pfil_bridge Packet filter on the bridge interface 1As soon as I add 551 to the Bridge interface, I loose local connection from the PC 10.5.5.70 to the router 10.5.5.1. All firewall rules are allowing any/any on all internal interfaces. Are there any other settings required to add an existing interface to a bridge group?
Below is the detailed interface setup.
WAN Interface (wan, em0)
Status
up
MAC Address
00:0c:29:d8:10:cd
IPv4 Address
206.30.30.178
Subnet mask IPv4
255.255.255.252
Gateway IPv421ADMIN Interface (lan, em1)
Status
up
MAC Address
00:0c:29:d8:10:d7
IPv4 Address
10.201.1.70
Subnet mask IPv4
255.255.255.0TEST551 Interface (opt1, em2)
Status
up
MAC Address
00:0c:29:d8:10:e1
IPv4 Address
10.5.5.1
Subnet mask IPv4
255.255.255.0
IPv6 Link Local
fe80::20c:29ff:fed8:10e1%em2
MTU
1500
Media
1000baseT <full-duplex>In/out packets
2962/4603 (265 KiB/5.72 MiB)
In/out packets (pass)
2962/4603 (265 KiB/5.72 MiB)
In/out packets (block)
92/0 (7 KiB/0 B)
In/out errors
0/0
Collisions
0
Bridge (bridge0)
learningTEST552 Interface (opt2, em3)
Status
up
MAC Address
00:0c:29:d8:10:eb
IPv6 Link Local
fe80::20c:29ff:fed8:10eb%em3
MTU
1500
Media
1000baseT <full-duplex>In/out packets
5/3 (334 B/304 B)
In/out packets (pass)
5/3 (334 B/304 B)
In/out packets (block)
13/0 (857 B/0 B)
In/out errors
0/0
Collisions
0
Bridge (bridge0)
learningBRG551552 Interface (opt4, bridge0)
Status
up
MAC Address
02:ac:43:2f:d6:00
MTU
1500
In/out packets
10/5 (668 B/334 B)
In/out packets (pass)
10/5 (668 B/334 B)
In/out packets (block)
10/0 (1 KiB/0 B)
In/out errors
0/0
Collisions
0</full-duplex></full-duplex> -
Fixed. Since bridging anything is just a bad idea, the Cisco 3850 was blocking it through spanning-tree. Once spanning-tree was disabled, everything is up and colliding normally… :-\
-
"Since bridging anything is just a bad idea"
Hey there you go your getting it ;)
So I am really confused with this statement
EM2: VLAN 551
EM3: VLAN 552
Brg551552: Bridge of 551/552So your 2 different vlans are on the same layer 3 network? Makes Zero sense.. If your wanting to bridge 2 layer 2 networks. This would become 1 vlan.. With 1 layer 3 network on it. So why would you call it 2 different vlans with 2 different vlan tags??
"Once spanning-tree was disabled"
That seems like a really bad idea if you ask me…