Problem
You want to set up DLSw to allow Token Ring to Ethernet bridging.
Solution
DLSw includes the capability to bridge different kinds of media. One common example of this is bridging an Ethernet segment to a Token Ring. In this example, we will suppose that we are connecting an Ethernet branch to the same central Token Ring DLSw router from Recipe 15.2:
dlsw-ether-branch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. dlsw-ether-branch(config)#interface Loopback0 dlsw-ether-branch(config-if)#ip address 10.1.3.5 255.255.255.252 dlsw-ether-branch(config-if)#exit dlsw-ether-branch(config)#access-list 200 permit 0x0000 0x0D0D dlsw-ether-branch(config)#source-bridge ring-group 101 dlsw-ether-branch(config)#dlsw local-peer peer-id 10.1.3.5 dlsw-ether-branch(config)#dlsw timer explorer-wait-time 5 dlsw-ether-branch(config)#dlsw remote-peer 0 tcp 10.1.1.5 lf 1470 lsap-output-list 200 dlsw-ether-branch(config)#dlsw bridge-group 1 dlsw-ether-branch(config)#dlsw transparent switch-support dlsw-ether-branch(config)#dlsw allroute-sna dlsw-ether-branch(config)#interface Ethernet0 dlsw-ether-branch(config-if)#description branch Ethernet dlsw-ether-branch(config-if)#bridge-group 1 dlsw-ether-branch(config-if)#bridge 1 protocol ieee dlsw-ether-branch(config-if)#exit dlsw-ether-branch(config)#end dlsw-ether-branch#
Discussion
Before looking at this in detail, we need to stress that routable protocols such as TCP/IP always behave better when they are routed. So you should only use bridging between different media, as in this example, when there are unroutable protocols that must communicate between them. Perhaps the most common example is when LLC2 SNA devices must be accessed from an Ethernet segment.
The important differences between this Ethernet branch example and the preceding Token Ring example are highlighted. The first difference is in the remote-peer command, where we added the flag lf 1470. This restricts the MTU of the bridged network to 1470 bytes so that the larger Token Ring frames cannot use the bridge. Token Ring supports much larger frames than Ethernet does. In a bridged network, there is no packet fragmentation facility as there is in routed networks. So if large Token Ring packets cross the bridge to an Ethernet segment, they must be dropped.
Ideally, this MTU restriction should be made on the remote-peer commands at both ends. If your central router must support both Ethernet and Token Ring branches, then it makes sense to configure two remote-peer commands on the central router, one for each type of remote medium. The command that the central router uses for bridging to Ethernet segments should then have the MTU restricted in the same way with the lf 1470 flag. If you like, you could also have a separate statement on the central router for remote Token Ring peers that can use the default value.
The next important difference between this Ethernet branch and the previous Token Ring branch is the presence of the command dlsw transparent switch-support. This is used in cases when the Ethernet segment that the router is connecting to the bridge is itself bridged. This would be the case if the local Ethernet segment contains an Ethernet switch. Remember from the Introduction of this chapter that all Ethernet switches are transparent bridges. This command is particularly important when there are two redundant DLSw routers on this Ethernet segment. In such a case, the switch will become confused by the fact that the same downstream MAC addresses appear from both routers. If you are using Ethernet hubs, this command is not necessary.
The interface configuration for Ethernet is completely different from the Token Ring example. There are three commands in this example that define the bridging characteristics of the Ethernet interface. The first is the bridge-group command, found in the Ethernet interface configuration block. This command tells the router to associate this interface with the first logical bridge group in the router. This number is purely local to the router. You could build a bridge between two Ethernet interfaces on the same router as follows:
Router(config)#interface Ethernet0 Router(config-if)#bridge-group 1 Router(config-if)#exit Router(config)#interface Ethernet1 Router(config-if)#bridge-group 1 Router(config-if)#exit
But in the example, we want to connect this Ethernet port to a Token Ring on another router, so we have associated this bridge group instead with DLSw by using the dlsw bridge-group global configuration command:
dlsw-ether-branch(config)#dlsw bridge-group 1 dlsw-ether-branch(config)#interface Ethernet0 dlsw-ether-branch(config-if)#bridge-group 1
Then the bridging behaviour is defined with the following command:
dlsw-ether-branch(config-if)#bridge 1 protocol ieee
This command tells the router to use the IEEE 802.1d Spanning Tree Protocol for avoiding loops when creating the bridge, instead of the older and incompatible Digital Equipment Corporation (DEC) standard. Unless you are connecting to extremely old equipment that doesn't support the IEEE standard, you should always use this command.
Ethernet II or 802.3 framing
Bridging Ethernet frames to Token Ring frames actually introduces an important ambiguity. There are two different Ethernet framing standards: the older Ethernet II standard that is commonly used for TCP/IP, and the newer IEEE 802.3 standard that is used for many other protocols. The most immediately important difference between 802.3 and Ethernet standards is whether the header field immediately after the destination and source addresses is a length (less than 1500), as in 802.3, or a type (greater than 1500), as in Ethernet II.
The translation for 802.3 Ethernet frames is relatively clean because the Token Ring frames have a similar format, as they both share the same 802.2 header format. So this is the default, and this is what is shown in the example above. However, if you want to use Ethernet II framing for the bridged protocols on the Ethernet side, you have to configure the router to understand this frame type.
As an aside, you should bear in mind that you can run different Ethernet frame types for different protocols running on the same Ethernet segment. For example, it is relatively common to use 802.3 framing for IPX, while IP is always Ethernet II. There is no inherent conflict in running both of these frame types at the same time. It only becomes a problem if, for example, some of the IPX devices used one frame type and some used the other.
The Ethernet II frame type field has a value of 0x80d5 when bridging Ethernet II to Token Ring. This frame type technically refers to SNA traffic, although it applies equally to any traffic bridged from a Token Ring. To tell the router to use Ethernet II framing, you must apply this globally to all source-route bridging as follows:
dlsw-ether-branch(config)#source-bridge enable-80d5
Note this is a global command affecting all Ethernet interfaces on the router. You cannot have some interfaces using Ethernet II and others using 802.3 framing for bridging.
See Also
Recipe 15.2
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index