Configuration Tasks

To configure transparent bridging on an E-series router:

1. Create a bridge group.
2. (Optional) Set optional attributes for the bridge group.
3. Configure bridge group interfaces.
4. (Optional) Configure nondefault subscriber policies for bridge interfaces.
5. (Optional) Enable concurrent routing and bridging.
6. (Optional) If CRB is enabled, configure explicit routing for IP, MPLS, or PPPoE protocols.

The following sections describe how to perform each of these tasks. See Configuration Examples for detailed sample configurations.

Note: For information about the maximum values that the router supports for transparent bridging, see JUNOSe Release Notes, Appendix A, System Maximums.

Creating Bridge Groups

To create a bridge group:

1. From Global Configuration mode, create a bridge group and give it an alphanumeric name.

   host1(config)#bridge westford01

   Note: Do not assign the bridge group the same name as an existing VR configured on your router.

2. (Optional) Repeat Step 1 to create additional bridge groups, one at a time.

   host1(config)#bridge westford02

   host1(config)#bridge westford03

3. (Optional) Use the appropriate show command to verify the bridge group creation.

   host1#show bridge groups

bridge

• Use to create a bridge group for transparent bridging.
• You must specify an alphanumeric name for the bridge group; the name can be a maximum of 32 characters and can use any combination of alphanumeric characters.
• Example

  host1(config)#bridge westford04

• Use the no version to remove the bridge group from the router.
• See bridge.

Configuring Optional Bridge Group Attributes

After you create a bridge group, you can configure the following optional attributes for the bridge group to manage the MAC address entries in the bridge group’s forwarding table:

• Enable or disable the bridge group’s ability to acquire dynamically learned MAC addresses; acquiring dynamic MAC addresses is enabled by default.

  host1(config)#bridge westford01 acquire

• Enable or disable the bridge group’s ability to filter (forward or discard) frames with a particular MAC source or destination address.

  host1(config)#bridge westford01 address 0090.1a40.4c7c forward atm 3/0.1

  host1(config)#bridge westford02 address 1011.22c2.333d discard

• Set the aging time of a dynamic (learned) entry in the forwarding table.

  host1(config)#bridge westford01 aging-time 200

• Set the maximum number of dynamic MAC addresses that a bridge group can learn.

  host1(config)#bridge westford02 learn 10000

You can also optionally enable SNMP link status processing for the bridge group. For example:

bridge acquire

• Use to enable or disable a specified bridge group’s ability to acquire dynamically learned MAC addresses; acquiring dynamic MAC addresses is enabled by default.
• Enables the bridge group to forward any frames it receives for nodes (stations) whose address it has learned dynamically.
• Example

  host1(config)#bridge westford01 acquire

• Use the no version to prevent the bridge group from acquiring dynamically learned MAC addresses and to limit forwarding only to those nodes that have a statically configured address entry in the forwarding table.
• See bridge acquire.

bridge address

• Use to enable or disable a specified bridge group’s ability to filter (forward or discard) frames based on their MAC address.
• Enables the bridge group to filter frames by their MAC address and add static (nonlearned) address entries to the forwarding table.
• Specify the following:
  • bridgeGroupName—Alphanumeric name of the bridge group specified in the bridge command
  • macAddress—Unique 48-bit (6-byte) physical address or hardware address of the LAN network interface card as a dotted triple of four-digit hexadecimal numbers
• Specify one of the following filter types:
  • forward—Forwards frames destined for the specified MAC address out the specified interface
  • discard—Discards (drops) frames sent from or destined for the specified MAC address without further processing
• If you use the forward keyword, you must additionally specify the following:
  • interfaceType—One of the following bridge interface types listed in Interface Types and Specifiers:
    • atm
    • fastEthernet
    • gigabitEthernet
    • tenGigabitEthernet
  • interfaceSpecifier—Particular interface; format varies according to interface type; see Interface Types and Specifiers for information
• Example 1—Forwards frames destined for the node with MAC address 0090.1a40.4c7c out the specified Fast Ethernet interface

  host1(config)#bridge westford02 address 0090.1a40.4c7c forward
  fastEthernet 3/0.1

• Example 2—Drops frames sent from or destined for the node with MAC address 1011.22b2.333c

  host1(config)#bridge westford03 address 1011.22b2.333c discard

• Use the no version to remove the static MAC address entry from the forwarding table.
• See bridge address.

bridge aging-time

• Use to set the length of time, in seconds, that a dynamic (learned) MAC address entry can remain in a specified bridge group’s forwarding table.
• When a dynamic entry reaches its configured aging time, it “ages out” of the forwarding table.
• The default aging time is 300 seconds.
• The aging-time range is 1–1000000 seconds.
• Example

  host1(config)#bridge westford04 aging-time 1000

• Use the no version to restore the default value, 300 seconds.
• See bridge aging-time.

bridge learn

• Use to set the maximum number of dynamic (learned) MAC address entries that a specified bridge group can learn.
• For information about the maximum number of learned MAC address entries combined for all bridge groups on an E-series router, see JUNOSe Release Notes, Appendix A, System Maximums.
• The default value is 0 (zero) learned addresses. This default implies that there is no maximum number of learned entries for an individual bridge group; that is, an individual bridge group can learn an unlimited number of MAC addresses, up to the maximum number that the router supports.
• Example

  host1(config)#bridge westford05 learn 2000

• Use the no version to restore the default value, 0 (zero) learned addresses.
• See bridge learn.

bridge snmp-trap link-status

• Use to enable SNMP link status processing for a specified bridge group and to enable SNMP traps for all bridge interfaces configured in the bridge group.
• Example

  host1(config)#bridge westford06 snmp-trap link-status

• Use the no version to disable SNMP link status processing for the bridge group.
• See bridge snmp-trap link-status.

Configuring Bridge Group Interfaces

To configure a bridge group interface:

1. From Global Configuration mode, select the ATM, Fast Ethernet, Gigabit Ethernet, or 10-Gigabit Ethernet interface or subinterface that you want to assign to the bridge group.
2. Assign the interface or subinterface to an existing bridge group to create the bridge interface.
3. (Optional) Configure the bridge group interface as a trunk (server) interface.
4. (Optional) Enable SNMP link status processing for the bridge group interface.
5. (Optional) Set the maximum number of dynamic MAC addresses that the bridge group interface can learn.

For detailed sample configurations that include bridge interfaces, see Configuration Examples.

bridge-group

• Use to assign a bridge interface to an existing bridge group.
• To create a subscriber (client) bridge group interface, which is the default, you must supply the alphanumeric name of the bridge group (specified in the bridge command) to which you want to assign the interface.
• Optionally, you can also choose one of the following keywords:
  • subscriber-trunk—Creates a trunk (server) bridge group interface
  • snmp-trap link-status—Enables SNMP link status processing for the specified interface in the specified bridge group; SNMP link status processing is disabled by default
  • learn addressCount—Sets the maximum number of MAC addresses that the bridge group interface can learn, where addressCount is an integer in the range 0–64000. A value of 0 indicates that an individual bridge group interface can learn an unlimited number of MAC addresses, up to the maximum number that the router supports.
• Example 1—Creates a subscriber (client) bridge group interface for a bridge group named westford02 with SNMP link status processing enabled

  host1(config-subif)#bridge-group westford02 snmp-trap link-status

• Example 2—Sets the maximum number of learned MAC addresses on the westford02 bridge interface to 1000

  host1(config-subif)#bridge-group westford02 learn 1000

• Example 3—Creates a trunk (server) interface for a bridge group named westford03

  host1(config-subif)#bridge-group westford03 subscriber-trunk

• Use the no version to remove the interface from the bridge group and to restore the default value for the keyword you specified.
• See bridge-group.

interface atm

• Use to select an ATM interface or subinterface type.
• Example

  host1(config)#interface atm 3/2.1

• Use the no version to remove the interface or subinterface.
• See interface atm.

interface fastEthernet

• Use to select a Fast Ethernet interface.
• Example

  host1(config)#interface fastEthernet 1/0.2

• Use the no version to remove the interface or subinterface. You must issue the no version from the highest level down; you cannot remove an interface or a subinterface if the one above it still exists.
• See interface fastEthernet.

interface gigabitEthernet

interface tenGigabitEthernet

• Use to select a Gigabit Ethernet interface or a 10-Gigabit Ethernet interface.
• Examples

  host1(config)#interface gigabitEthernet 1/0

  host1(config)#interface gigabitEthernet 4/0/1

  host1(config)#interface tenGigabitEthernet 4/0/1

• Use the no version to remove the interface or subinterface. You must issue the no version from the highest level down; you cannot remove an interface or subinterface if the one above it still exists.
• See interface gigabitEthernet.
• See interface tenGigabitEthernet.

Configuring Subscriber Policies

To configure a nondefault client subscriber policy:

1. From Global Configuration mode, create the subscriber policy and assign it an alphanumeric name.

   host1(config)#subscriber-policy client01

   This command accesses Subscriber Policy Configuration mode.

2. From Subscriber Policy Configuration mode, define the rules for each packet or attribute type for which you want to change the default value. (All other packet or attribute types will continue to use the default values listed in Table 22.)

   host1(config-policy)#broadcast permit

   host1(config-policy)#multicast deny

   host1(config-policy)#relearn deny

3. Exit Subscriber Policy Configuration mode.

   host1(config-policy)#exit

4. From Global Configuration mode, associate the new subscriber policy with the bridge group in which the subscriber (client) interface resides.

   host1(config)#bridge westford02 subscriber-policy client01

5. (Optional) Use the appropriate show commands to verify the creation of the subscriber policy and its association with the bridge group interface.

   host1#show subscriber-policy client01

   host1#show bridge westford02

arp

• Use to modify the subscriber policy for ARP to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) ARP packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• ARP packets are forwarded by default.
• Example

  host1(config-policy)#arp deny

• Use the no version to restore the default value.
• See arp.

bridge subscriber-policy

• Use to associate a subscriber (client) bridge interface with a nondefault subscriber policy.
• Specify the following:
  • bridgeGroupName—Alphanumeric name of the bridge group specified in the bridge command
  • subscriberPolicyName—Alphanumeric name of the subscriber policy specified in the subscriber-policy command
• Example

  host1(config)#bridge westford02 subscriber-policy client01

• Use the no version to remove the association with the subscriber policy.

  Note: You cannot change the default subscriber policy values for a trunk (server) bridge interface. As a result, you cannot use the bridge subscriber-policy command to associate a nondefault subscriber policy with a trunk bridge interface.

• See bridge subscriber-policy.

broadcast

• Use to modify the subscriber policy for the broadcast protocol to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) broadcast packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• Broadcast packets are filtered or dropped by default.
• Example

  host1(config-policy)#broadcast permit

• Use the no version to restore the default value.
• See broadcast.

ip

• Use to modify the subscriber policy for IP to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) IP packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• IP packets are forwarded by default.
• Example

  host1(config-policy)#ip deny

• Use the no version to restore the default value.
• See ip.

mpls

• Use to modify the subscriber policy for MPLS to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) MPLS packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• MPLS packets are forwarded by default.
• Example

  host1(config-policy)#mpls deny

• Use the no version to restore the default value.
• See mpls.

multicast

• Use to modify the subscriber policy for the multicast protocol to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) multicast packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• Multicast packets are forwarded by default.
• Example

  host1(config-policy)#multicast deny

• Use the no version to restore the default value.
• See multicast.

pppoe

• Use to modify the subscriber policy for PPPoE to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) PPPoE packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• PPPoE packets are forwarded by default.
• Example

  host1(config-policy)#pppoe deny

• Use the no version to restore the default value.
• See pppoe.

relearn

• Use to modify the relearning policy for a subscriber (client) bridge interface.
• The relearn command defines whether the bridge interface can relearn a MAC address entry on a different interface from the one initially associated with this entry in the forwarding table.
• Specify one of the following keywords:
  • permit—Enables relearning
  • deny—Prohibits relearning and forces the bridge interface to wait until an entry “ages out” of the forwarding table to relearn it on the new interface
• Relearning is enabled by default.
• Example

  host1(config-policy)#relearn deny

• Use the no version to restore the default value.
• See relearn.

subscriber-policy

• Use to create a nondefault subscriber policy for a subscriber (client) bridge interface.
• A subscriber policy is a set of forwarding and filtering rules that defines how the bridge interface handles various packet types.
• You must specify an alphanumeric name for the subscriber policy; the name can be a maximum of 32 characters and can use any combination of alphanumeric characters.
• Example

  host1(config)#subscriber-policy client01

• Use the no version to remove the nondefault subscriber policy.

  Note: You cannot change the default subscriber policy values for a trunk (server) bridge interface. As a result, you cannot use the subscriber-policy command to create a nondefault subscriber policy for a trunk interface.

• See subscriber-policy.

unicast

• Use to modify the subscriber policy for the unicast (user-to-user) protocol to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) unicast packets.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• Unicast packets are forwarded by default.
• Example

  host1(config-policy)#unicast deny

• Use the no version to restore the default value.
• See unicast.

unknown-destination

• Use to modify the subscriber policy for packets with unknown unicast DAs to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) packets with unknown unicast DAs.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• Packets with unknown unicast DAs are filtered or dropped by default.
• Example

  host1(config-policy)#unknown-destination permit

• Use the no version to restore the default value.
• See unknown-destination.

unknown-protocol

• Use to modify the subscriber policy for packets containing an unknown protocol to define whether a subscriber (client) bridge interface permits (forwards) or denies (filters or drops) these packets.
• An unknown protocol is any protocol other than ARP, IP, MPLS, or PPPoE.
• Specify one of the following keywords:
  • permit—Forwards packets of this type
  • deny—Filters or drops packets of this type
• Packets containing an unknown protocol are forwarded by default.
• Example

  host1(config-policy)#unknown-protocol deny

• Use the no version to restore the default value.
• See unknown-protocol.

Enabling Concurrent Routing and Bridging

To enable concurrent routing and bridging (CRB) for all bridge groups on the router:

1. From Global Configuration mode, issue the bridge crb command.

   host1(config)#bridge crb

2. (Optional) Use the appropriate show command to verify that CRB is enabled for the bridge groups on your router.

   host1#show bridge groups details

bridge crb

• Use to enable concurrent routing and bridging (CRB) for all bridge groups configured on an E-series router.
• CRB is disabled by default.
• When CRB is enabled, the router can route a protocol among a group of interfaces in one bridge group and concurrently bridge the same protocol among a separate group of interfaces in a different bridge group.
• The command takes effect for all bridge groups on an E-series router; you cannot enable CRB for some bridge groups on the router but not for others.
• Example

  host1(config)#bridge crb

• Use the no version to disable CRB on all bridge groups and restore the default bridging capability.
• See bridge crb.

Configuring Explicit Routing

After you enable concurrent routing and bridging, you may need to issue the bridge route command to configure explicit routing for IP, MPLS, or PPPoE protocols if both of the following conditions are true:

• You configure new IP, MPLS, or PPPoE interfaces after you issue the bridge crb command to enable concurrent routing and bridging.
• The IP, MPLS, or PPPoE interface is the first occurrence of this protocol in the bridge group.

For example, assume that you want to route (rather than bridge) IP, MPLS, and PPPoE interfaces, but only IP and MPLS interfaces are configured when you issue the bridge crb command. The router detects the IP and MPLS interfaces and issues implicit bridge route commands to route these protocols.

If you subsequently add a new IP interface to a bridge group, you do not need to issue the bridge route command because the implicit bridge route command for IP is still in effect. However, if you subsequently add a new PPPoE interface to the bridge group, you must issue an explicit bridge route command for PPPoE to direct the bridge group to route PPPoE packets.

You can also use the bridge route command as a way to filter packets by routing. If you issue an explicit bridge route command for a protocol that is not currently configured in any of your bridge groups, the bridge group must route rather than bridge that protocol, but does not have the required interface stacking to do so. As a result, the bridge group discards (drops) those packets.

To configure explicit routing:

1. Ensure that you have enabled concurrent routing and bridging. (See Enabling Concurrent Routing and Bridging for details.)
2. From Global Configuration mode, enable routing of IP, MPLS, or PPPoE packets in a specified bridge group.

   host1(config)#bridge westford02 route ip

   host1(config)#bridge westford02 route mpls

   host1(config)#bridge westford03 route pppoe

3. (Optional) Use the appropriate show command to verify that routing is enabled for the specified protocols in the bridge group.

   host1#show bridge westford02

bridge route

• Use to enable the routing of IP, MPLS, or PPPoE packets in a specified bridge group when concurrent routing and bridging (CRB) is enabled.
• If you issue this command for a protocol that is not configured in any bridge groups on your router, the bridge group discards (drops) those packets.
• You must specify the alphanumeric name of the bridge group specified in the bridge command.
• Choose one of the following keywords to indicate the protocol type that the bridge group routes: ip, mpls, or pppoe.
• Example

  host1(config)#bridge westford02 route ip

• Use the no version to disable routing of the specified protocol in the specified bridge group.
• See bridge route.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.