How to Bridge two VLANs on a Cisco 6509 and eliminate STP issues
I have a pair of application firewalls that are logically inline to two VLANs on a pair of Cisco 6509 switches. The application FW's are doing transparent bridging between the two VLANs, and I need to remove them from the equation to upgrade them (and then post upgrade completion place them back inline). The application firewalls are in active passive mode and each one is connected to a different 6509 also in an active/passive configuration. The app firewalls have three ports involved. A management port that you connect to the appliance through and two bridge ports where each bridge port is configured to a different VLAN placing the appliance logically inline. I proposed the following config to make the two VLANs bridge themselves while minimizing STP bridge loop issues:
interface Vlan50
bridge-group 1
!
interface Vlan821
bridge-group 1
!
bridge 1 protocol vlan-bridge
bridge 1 priority 8192
The last line is what is supposed to minimize possible STP bridge loops according to Cisco online documentation I found. The onsite CCIE says he's not sure this will work, hence my question. I'm asking you all to vette out this problem and either verify my code will work or propose code that will.
Please help.
interface Vlan50
bridge-group 1
!
interface Vlan821
bridge-group 1
!
bridge 1 protocol vlan-bridge
bridge 1 priority 8192
The last line is what is supposed to minimize possible STP bridge loops according to Cisco online documentation I found. The onsite CCIE says he's not sure this will work, hence my question. I'm asking you all to vette out this problem and either verify my code will work or propose code that will.
Please help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm afraid I cannot help you - I'm sure other Experts will be answering your question
Thank you
CCIE/RS/#3476_
Thank you
CCIE/RS/#3476_
Your configuration looks pretty reasonable to me. Have you set any root bridges other than the default in your VLAN? For testing purposes I'd use two unused VLAN to see if everthing works the way you like. You don't have to use a looped topology with these, then you can test the forwarding only.
ASKER
Therein is one of my issues which is that I have no test environment. I was hoping either someone has already done this and had some "gotchas" or a "try this" to avoid...etc. Whats the commands again to determine whats the root bridge? I'm not at work to look into that yet, but I will when I get there. What are we trying to determine with what's the root bridge?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We didnt go forward with bridging the two VLANs together so I have accepted your answer as partial, but I'm fairly certain my code would have worked.
What type of firewall is it?
Can you provide a logical diagram?