3Com Router User Manual

							Configure Bridge’s Routing Function297
will be routed through IP. Certainly, if IP cannot find a route, it will discard the 
packet instead of forwarding it to the bridge for processing. If the packet uses a 
protocol other than IP (for example, if it is the packet from the network like 
AppleTalk or DecNet), it will be bridged.
For the 3Com Router series, if the bridging function is not enabled, all the IP 
packets will be routed through IP. If it is enabled, the packets in the bridge-set will 
be bridge forwarded.
Link-setWhen there are multiple parallel links between two bridge devices, and the 
corresponding link ports are all added to the bridge set, the spanning tree protocol 
can be used to avoid bridge loop, and can ensure that only one link is available to 
transmit data. Other corresponding link ports are all in congestion state. This can 
guarantee normal bridging between two bridge devices on the cost of wasting 
link bandwidth. The link set can guarantee the bridging function and save the link 
bandwidth. The solution is, adding multiple parallel links to a link set. Each 
corresponding link port can still independently take part in the spanning tree 
calculation, which guarantees the bridging function. During data forwarding, each 
link in the link set can share loads, thus utilizing all link bandwidths.
Configure Bridge’s 
Routing FunctionBridge configuration includes:
■Enable/Disable bridging functions
■Configure bridge-set
■Add ports to a bridge-set
■Configure bridging address table
■Configure parameters related to STP
■Create ACLs of bridge
■Apply ACLs on Ports
■Configure routing function
■Configure link-set
■Configure bridging over Frame Relay
■Configure bridging over BDR
■Configure bridging over LAPB
■Configure bridging over PPP
■Configure bridging over HDLC
■Configure bridging over VLAN
1Enable/Disable Bridging Functions
Perform the following configuration in system view.
Ta b l e 320   Enable/Disable bridging functions
By default, disable bridging functions.
OperationCommand
Enable bridging functionsbridge enable
Disable bridging functionsundo bridge enable 
						

							298CHAPTER 19: CONFIGURING BRIDGE
2Configure Bridge-Set
Each bridge set is independent, and packets can not be transmitted between the 
ports belonging to different bridge sets. That is, the packets received via one 
bridge set port can only be sent via the ports of the same bridge set. One physical 
interface can only be added to one bridge set.
The bridges support several STP versions and these versions are not compatible. 
Sometimes, different STP versions may result in bridge looping.
The 3Com Router series only support the STP defined in IEEE.
Perform the following configuration in system view.
Ta b l e 321   Specify the STP version supported by the bridge-set
By default, the bridge-set supports the STP version ieee.
3Add Ports to a Bridge-Set
One interface on the router cannot be added to more than one bridge set.
Perform the following configuration in interface view.
Ta b l e 322   Add ports to a bridge-set
By default, the port is not added to any bridge-set.
4Configure Bridging Address Table
Bridging address table records the correlation between the destination MAC 
addresses and the ports. According to it, a bridge implements forwarding.
aConfigure static address table entries
Normally, a bridging table is dynamically generated according to the correlation 
between the MAC addresses and the ports obtained by the bridge. However, 
there are still some static entries in the bridging address table, which are 
manually configured and maintained by the administrators and will not age 
forever.
Perform the following configuration in interface view.
Ta b l e 323   Configure static address table entries
By default, dynamic address table is adopted to forward frames.
bEnable/Disable forwarding by using dynamic address table
OperationCommand
Specify the STP version supported by the 
bridge-setbridge bridge-set stp ieee
Delete the STP version supported by the 
bridge-setundo bridge bridge-set stp ieee
OperationCommand
Add ports to a bridge-setbridge-set bridge-set
Remove ports from a bridge-setundo bridge-set bridge-set
OperationCommand
Configure static address table entriesbridge bridge-set mac-address 
mac-address { 
permit | deny } [ 
interface-type interface-number ]
Delete static address table entriesundo bridge bridge-set mac-address 
mac-address 
						

							Configure Bridge’s Routing Function299
Perform the following configuration in system view.
Ta b l e 324   Enable/Disable forwarding by using dynamic address table
By default, the dynamic address table is used to forward frames.
cConfigure the aging time of dynamic address table
The aging time of dynamic address table refers to the time that an entry can 
remain in the address table before it is deleted. The aging time is controlled by 
the aging timer. Upon the expiration of the timer, the entry will be deleted from 
the bridge address table.
Perform the following configuration in system view.
Ta b l e 325   Configure the aging time of dynamic address table
By default, the aging time of dynamic address table is 300 seconds. The aging 
time is in the range of 10 to 1000000 seconds.
5Configure Parameters Related to STP
aDisable/Enable STP on ports
Only when STP is enabled on the ports can all the configured parameters 
related to STP take effect.
Perform the following configuration in interface view.
Ta b l e 326   Disable/Enable STP on ports
By default, STP is enabled on all ports.
bConfigure the bridge priority
Bridge Identifier is comprised of the bridge priority and the MAC address of the 
bridge. The bridge with smallest Bridge Identifier will be elected as the root 
bridge of the whole spanning tree. If the priorities of all the bridges in the 
network are the same, the bridge with the smallest MAC address will be 
elected as the root bridge. In the case that the STP is enabled, changing the 
priority of a bridge will cause the recompilation of the spanning tree.
Perform the following configuration in system view.
OperationCommand
Enable forwarding using the dynamic address tablebridge bridge-set learning
Disable forwarding using the dynamic address tableundo bridge bridge-set 
learning
OperationCommand
Configure the aging time of dynamic address tablebridge aging-time seconds
Restore the aging time of dynamic address table to 
the default valueundo bridge aging-time
OperationCommand
Disable STP on portsbridge-set bridge-set stp 
disable
Enable STP on portsundo bridge-set bridge-set stp 
disable 
						

							300CHAPTER 19: CONFIGURING BRIDGE
Ta b l e 327   Configure the bridge priority
By default, the bridge priority is 32768. It is valued in the range of 0 to 65535.
cConfigure the path cost of bridge port
The path cost of the port is related to its link speed. The higher the link speed 
is, the lower the path cost should be configured. 
If the port is configured with 
the default path cost, STP will automatically detect the current link speed of the 
port and accordingly compute the path cost on the port.
Perform the following configuration in interface view.
Ta b l e 328   Configure the path cost of bridge port
By default, the path cost of Ethernet port is 100, and the path cost of serial 
interface is 647. It is valued in the range 1 to 65535.
dConfigure the bridge port priority
In the case that path costs of the ports are the same, the port with lower ID is 
more likely to become the designated port. The port ID is comprised of Port 
Priority and Port Number. The smaller the port priority, the smaller the bridge 
port ID will be. Changing the bridge port priority will cause recomputation of 
the spanning tree. If all the bridge ports adopt the same priority, the smaller the 
port number is, the smaller the port ID will be.
Perform the following configuration in interface view.
Ta b l e 329   Configure the bridge port priority
By default, the bridge port priority is 128. It is in the range of 0 to 255.
eConfigure the interval for sending BPDUs
The Hello Time timer is used to control the interval to send BPDUs. Whenever a 
port enables the STP, it enables the Hello Time timer. Appropriate Hello Time 
ensures that the bridge can detect the link fault in the network promptly 
without consuming too many network resources.
Perform the following configuration in system view.
OperationCommand
Configure the bridge prioritybridge stp priority value
Restore the default value of the bridge priorityundo bridge stp priority
OperationCommand
Configure the path cost of bridge portbridge set bridge-set stp port 
pathcost
 cost
Restore the path cost on the bridge port to the 
default valueundo bridge-set bridge-set stp 
port
 pathcost
OperationCommand
Configure the bridge port prioritybridge-set bridge-set stp port 
priority value
Restore the default value of the bridge port 
priorityundo bridge-set bridge-set stp 
priority 
						

							Configure Bridge’s Routing Function301
Ta b l e 330   Configure the interval for sending BPDUs
By default, the value of Hello Time timer is 2 seconds. It is in the range of 1 to 
10 seconds.
When configuring the Hello Time timer, it should be noted that:
■In the spanning tree, all the bridges use the time value of Hello Time timer 
of the root bridge, and their own configurations take no effect.
■Too long a Hello Time will cause the bridge to recompute the spanning tree 
because it considers the packet dropping of the link as link fault, whereas 
too short a Hello Time will cause it to send BPDUs frequently and thus 
exacerbate the bridge CPU load. It is recommended that users use the 
default value.
fConfigure the forward delay for the port status transition
Link faults may cause the network to recompute the spanning tree topology. 
However, the recomputed new BPDU cannot be propagated throughout the 
network right away. If the newly elected root port and the designated port 
begin to forward data immediately, a temporary loop may be incurred. In STP, a 
transitional state mechanism is thus adopted. Specifically, the root port and the 
designated ports will undergo a transitional state for an interval of forward 
delay to enter the forwarding state to resume the data forwarding. Such a 
delay ensures that the new BPDU has already been propagated throughout the 
network before the data frames are forwarded according to the latest 
topology. The forward delay timer is thus used to control the interval for the 
system waiting to enter the Forwarding state.
Perform the following configuration in system view.
Ta b l e 331   Configure the forward delay for the port status transition
By default, the value of the forward delay timer is 15 seconds. It is in the range 
of 4 to 200 seconds.
When configuring the forward delay timer, note that:
■No matter what its individual configuration might be, all the bridges in the 
spanning tree should use the time value of the forward delay timer of the 
root bridge.
■If the forward delay is configured too short, temporary redundant paths 
may be introduced. If the forward delay is configured too long, however, 
the restoring of network connection may take a long time because the STP 
cannot converge to a stable state for a long period. It is recommended that 
users use the default value.
gConfigure the Max Age of BPDU
OperationCommand
Configure Hello Time timerbridge stp timer hello seconds
Restore the default value of the Hello Time timerundo bridge stp timer hello
OperationCommand
Configure the forward delay timerbridge stp timer 
forward-delay
 seconds
Restore the default value of the forward delay timerundo bridge stp timer 
forward-delay 
						

							302CHAPTER 19: CONFIGURING BRIDGE
The Max Age is the parameter used to judge whether the BPDUs are 
“timeout”. Users can configure it according to the actual network conditions. 
When a port enables the STP, the Max Age timer begins to time. If no BPDU is 
received in the specified period, it will assume that the link has failed and the 
STP will recompute the minimum spanning tree.
Perform the following configuration in system view.
Ta b l e 332   Configure the Max age of BPDU
By default, the value of the Max Age timer is 20 seconds. It is in the range of 6 
to 40 seconds.
When configuring the Max Age timer, it should be noted that:
■Spanning tree should use the value of the Max Age timer of the root bridge.
■Too short a Max Age will result in frequent recompilations of spanning tree 
and mistaking the network delay for link fault. On the other hand, too long 
a Max Age may make the bridge unable to detect link fault promptly and 
reduce the network self-sensing ability. It is recommended that users use 
the default value.
6Create ACLs of Bridge
aCreate an ACL based on MAC Ethernet addresses
Perform the following configuration in system view.
Ta b l e 333   Create an ACL based on MAC Ethernet addresses
By default, no ACL based on MAC Ethernet addresses is created.
When creating an ACL based on MAC Ethernet addresses, value the 
access-list-number in the range of 700 to 799. mac-address is an MAC 
Ethernet address in the format of xx-xx-xx-xx-xx-xx, which is used to match the 
source address of a packet.
 Mac-wildcard is the wildcard of the MAC Ethernet 
address.
bCreate ACLs based on varied Ethernet encapsulation formats
Perform the following configuration in system view.
Ta b l e 334   Create ACLs based on varied Ethernet encapsulation formats
By default, no ACL based on varied Ethernet encapsulation formats is created.
OperationCommand
Configure a time value for the Max Age timerbridge stp max-age seconds
Restore the default value of the Max Age timerundo bridge stp max-age
OperationCommand
Create an ACL based on MAC Ethernet 
addressesacl acl-number { permit | deny } 
mac-address mac-wildcard
Delete an ACL based on MAC Ethernet 
addressesundo acl acl--number
OperationCommand
Create ACLs based on varied Ethernet 
encapsulation formatsacl acl-number { permit | deny } 
type-code type-wildcard
Delete ACLs based on varied Ethernet 
encapsulation formatsundo acl acl- number 
						

							Configure Bridge’s Routing Function303
When creating an ACL based on Ethernet type code (Ethernet-II, SNAP or 
LSAP), you can specify aclt-number in the range of 200 to 299. type-code is a 
16-bit hexadecimal number written with a leading “0x”, corresponding to the 
type-code field in the Ethernet-II or SNAP frames. type-wildcard is a 16-bit 
hexadecimal number written with a leading “0x” and used to specify the 
shielded bits.
When creating an ACL, note that:
■The rules will be compared in the order in which they are configured.
■If no rule is matched, Ethernet frames should still be permitted to pass.
■The number of created rules cannot exceed 200.
7Apply ACLs on Ports
Perform the following configuration in interface view.
aApply ACLs based on MAC addresses on ports
Ta b l e 335   Apply ACLs based on MAC addresses on ports
By default, no ACL is applied on the port.
bApply an ACL encapsulated in the form of IEEE 802.2 on the port
Ta b l e 336   Apply an ACL encapsulated in the form of IEEE 802.2 on the port
By default, no ACL is applied on the port.
cApply an ACL encapsulated in the form of Ethernet-II/Ethernet-SNAP on the 
port
Ta b l e 337   Apply an ACL encapsulated in the form of IEEE 802.2 on the port
OperationCommand
Apply ACLs based on MAC addresses in the 
input direction of portsbridge-set bridge-set source-mac 
acl acl
-number
Remove the application of ACLs based on 
MAC addresses in the input direction of portsundo bridge-set bridge-set 
source-mac acl acl
 -number
Apply ACLs based on MAC addresses in the 
output direction of portsbridge-set bridge-set dest-mac acl 
acl
-number
Remove the application of ACLs based on 
MAC addresses in the input direction of portsundo bridge-set bridge-set 
dest-mac acl acl
-number
OperationCommand
Apply an ACL encapsulated in the form of 
IEEE 802.2 to the input side of the portbridge-set bridge-set inbound-lsap 
acl acl
-number
Remove the application of the ACL 
encapsulated in the form of IEEE 802.2 to the 
input side of the portundo bridge-set bridge-set 
inbound-lsap acl acl
-number
Apply the ACL encapsulated in the form of 
IEEE 802.2 to the output side of the portbridge-set bridge-set 
outbound-lsap acl 
-number
Remove the application of the ACL 
encapsulated in the form of IEEE 802.2 to the 
output side of the portundo bridge-set bridge-set 
outbound-lsap acl acl
-number
OperationCommand
Apply an ACL encapsulated in the form of 
Ethernet-II or Ethernet-SNAP to the input side 
of the portbridge-set bridge-set 
inbound-type acl acl
-number 
						

							304CHAPTER 19: CONFIGURING BRIDGE
By default, no ACL is applied on the port.
When applying an ACL on the port, note that:
■Add the port to a bridge-set first, then apply the ACL on that port.
■If ACLs of the same type are applied to the same port, the latest ACL 
applied will replace the previous ones.
8Configure Routing Function
aEnable routing function
For the data of a specified protocol, they will be bridged if the communication 
is carried out between the bridge ports. If the communication with a network 
outside the bridge-set is needed, the data can be routed. If the 
bridge’s routing 
is not enabled yet, the data of all the protocols can only be bridged. Once the 
bridge’s routing is enabled, you can specify both bridging and routing for the 
packets of a particular protocol. You can flexibly switch over between them 
through configuring the command.
Perform the following configuration in system view.
Ta b l e 338   Enable/Disable bridge’s routing
By default, bridge’s routing function is disabled.
bCreate bridge-template interface
Bridge-template interface exists on the router, it does not support bridging, but 
it represents the whole bridge-set corresponding to the routed interface on the 
router. 
Bridge-template interface uses the same number of the bridge-set 
represented by it. 
All kinds of network layer attributes can be configured on 
the bridge-template interface.
 Each bridge-set can have only one 
bridge-template interface.
Perform the following configuration in system view.
Ta b l e 339   Configure a bridge-template interface
cConfigure bridge set to route or bridge the network layer protocol
Perform the following configuration in system view.
Remove the application of the ACL 
encapsulated in the form of Ethernet-II or 
Ethernet-SNAP to the input side of the portundo bridge-set bridge-set 
inbound-type acl acl
-number
Apply an ACL encapsulated in the form of 
Ethernet-II or Ethernet-SNAP to the output 
side of the portbridge-set bridge-set 
outbound-type acl acl
-number
Remove the application of the ACL 
encapsulated in the form of Ethernet-II or 
Ethernet-SNAP to the output side of the portundo bridge-set bridge-set 
outbound-type acl acl
-number
OperationCommand
Enable bridge’s routing functionbridge routing-enable
Disable bridge’s routing functionundo bridge routing-enable
OperationCommand
Create a bridge-template interface to connect 
the specified bridge-set to the routing network.interface bridge-template 
bridge-set 
						

							Configure Bridge’s Routing Function305
Ta b l e 340   Configure bridge set to route or bridge the network layer protocol
By default, the bridging is enabled, the routing is disabled.
You can execute the display bridge bridge-set bridge-template 
command to view the configuration of routing and bridging on each interface.
9Configure Link-Set
aDefine a link-set
The link set can bundle multiple parallel links between two bridges, thus 
sharing loads among multiple links and enhancing link bandwidth utilization 
ratio when there is no bridge loop
.
Perform the following configuration in interface view.
Ta b l e 341   Define a link-set
bShare load by source MAC address
Perform the following configuration in system view.
Ta b l e 342   Share load by source MAC address
By default, the load is shared by packets instead of source MAC address. 
However, the load will be shared by source MAC address, if it is configured.
Executing the display bridge bridge-set link-set command can display 
the configuration of the link-set on each bridge as well as whether it is sharing 
the load.
10Configure Bridging over Frame Relay
When establishing a bridge, mapping between the bridge address and DLCI 
address should be specified. 
Perform the following configuration in interface view.
OperationCommand
Enable the bridge set to route the network layer 
protocolbridge bridge-set routing { ip 
| ipx 
}
Disable the bridge set to route the network layer 
protocolundo bridge bridge-set routing 
{ ip | ipx 
}
Enable the bridge set to bridge the network layer 
protocolbridge bridge-set bridging { ip 
| ipx 
}
Disable the bridge set to bridge the network layer 
protocolundo bridge bridge-set bridging 
{ ip | ipx 
}
OperationCommand
Assign a port to a link-set.bridge-set bridge-set link-set 
link-set
OperationCommand
Bind the ports to a link-set to share the load 
by source MAC addressbridgebridge-set link-set link-set 
origin
Disable the load sharing by source addressundo bridge bridge-set link-set 
link-set origin 
						

							306CHAPTER 19: CONFIGURING BRIDGE
Ta b l e 343   Map the bridge address to DLCI
11Configure Bridging over BDR
Perform the following configuration in system view.
aDefine a dialer list
Ta b l e 344   Define a dialer list
bConfigure the bridge interface
Perform the following configuration in interface view.
Ta b l e 345   Configuration on the interface
12Configure Bridging over LAPB
Perform the following configuration in interface view.
Ta b l e 346   Configure the link layer protocol of the interface to LAPB
13Configure Bridging over PPP
Perform the following configuration in interface view.
Ta b l e 347   Configure the link layer protocol of the interface to PPP
14Configure Bridging over HDLC
Perform the following configuration in interface view.
Ta b l e 348   Configure the link layer protocol of the interface to HDLC
15Configure Bridging over VLAN
Perform the following configuration in interface view.
OperationCommand
Configure a Frame Relay mapping forwarded to the 
bridgefr map bridge dlci broadcast
OperationCommand
Define a dialer list.dialer-rule dialer-group 
bridge { permit | deny }
OperationCommand
Add the interface to the dialer-groupdialer-group dialer-group
Map the bridge address to BDRdialer route bridge broadcast 
string
OperationCommand
Configure the link layer protocol of the 
interface to LAPBlink-protocol lapb [ dte | dce ] 
[ multi-protocol ]
OperationCommand
Configure the link layer protocol of the interface 
to PPPlink-protocol ppp
OperationCommand
Configure the link layer protocol of the interface 
to HDLClink-protocol hdlc