1
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
3
Advanced Network
Theory: Bridging and
LAN Switching
Terms you’ll need to understand:
✓ Broadcasts
✓ Transparent bridging (TB)
✓ Source-route bridging (SRB)
✓ Source-route transparent (SRT)
✓ Source-route translational
bridging (SR/TLB)
✓ Integrated routing and bridging (IRB)
✓ Concurrent routing and bridging
(CRB)
✓ Encapsulated bridging
✓ Remote-source route bridging
(RSRB)
✓ Data-link switching (DLSw)
✓ Bridge Protocol Data Unit (BPDU)
✓ Spanning Tree Protocol (STP)
✓ Routing information fields (RIFs)
✓ Virtual LANs (VLANs)
✓ Inter-switch link (ISL)
✓ Fast Ethernet Channel (FEC)
✓ Cisco Discovery Protocol (CDP)
✓ Cisco Group Management Protocol
(CGMP)
✓ LAN emulation (LANE)
Techniques you’ll need to master:

✓ Describing and configuring
bridging modes on Cisco routers
✓ Using common commands to
enable bridging on a Cisco router
✓ Using LAN switching and
emulation
✓ Distinguishing between cut-
through and store and forward
switching
2
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
This chapter examines bridging methods available on a Cisco router. First, the
chapter covers bridging topics, and then LAN switching methods are reviewed.
The following CCIE blueprint objectives as determined by the Cisco Systems
CCIE program are covered in this chapter:
➤ Transparent Bridging—IEEE/DEC Spanning Tree Protocol, translational
bridging, Bridge Protocol Data Unit (BPDU), integrated routing and bridg-
ing (IRB), concurrent routing and bridging (CRB), access lists.
➤ Source Route Bridging—Source-route translational bridging (SR/TLB), source-
route transparent bridging (SRT), data-link switching (DLSw), remote source-
route bridging (RSRB), access lists.
➤ LAN Switching—Trunking, VLAN Trunk Protocol (VTP), inter-switch link
(ISL), Virtual LANs (VLANS), Fast Ethernet Channel (FEC), Cisco Dis-
covery Protocol (CDP), Cisco Group Management Protocol (CGMP).
➤ LANE—LAN Emulation Client (LEC), LAN Emulation Server (LES),
broadcast and unknown server (BUS), LAN Emulation Configuration Server
(LECS), Simple Server Replication Protocol (SSRP).
Additional information is provided for completeness and in preparation for addi-
tional subjects as the CCIE program expands.

Bridging Overview
Bridging is defined as a method used to allow communication between devices at
the Data Link Layer (layer 2) of the OSI model. Bridging is a topic that is de-
fined in the Cisco CCIE R/S blueprint with a focus on how Cisco IOS is used to
bridge frames over an IP network.
Why should you be concerned about bridging? Initially, when these non-routable
(for example, LAT or SNA) protocols were invented, they were only intended for
use on local area networks (LANs). In today’s networks, these non-routable proto-
cols are used between remote locations. Because these locations can only be reached
via a wide area network (WAN), non-routable protocols need to be bridged across
the wide area networks. Bridged protocols are typically broadcast intensive and can
cause a WAN link to reach high levels of utilization, resulting in slow response
times or protocol timeouts, which will affect the entire WAN to some degree.
You need to be concerned about bridging because protocols such as Local Area
Transport (LAT) and NetBEUI typically rely on broadcasts to gain access to
remote hosts or servers. Broadcasts can be excessive and the amount of broad-
casts can severely impact WAN bandwidth, resulting in slow response times. For
example, you might have a 10Mb Ethernet segment and a 64K WAN link on a
router. It is easy for a bridgeable protocol to overwhelm the slow WAN link with
3
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
excessive broadcasts. By default, a Cisco router is not configured for bridging and
will drop broadcasts, so for the purpose of this discussion, we can assume bridg-
ing has been enabled. Most bridgeable protocols rely on broadcasts to send user
information or data. These broadcasts can cause time delays. Typically, bridged
protocols, such as LAT and Systems Network Architecture (SNA), are not ac-
customed to time delays; hence, the data might be lost or the session might be
reinitiated, which can also result in lost user data. It is important to be aware of
the history and traditional use of bridges. In the 1980s, bridges were primarily

used to segment large networks into smaller domains and also to extend the length
of a LAN segment. Broadcasts were still sent out to all segments, but the WAN
link was protected from locally based traffic and forwarded traffic not destined
for remote locations across the WAN. Broadcasts would still be sent out all bridge
ports except the source port. Broadcasts were still a primary concern for layer 2
protocols, such as LAT and NetBEUI.
Keep in mind that a Cisco router will not modify the layer 2 MAC
address of a frame when any form of bridging is used to send the
frame across a bridged domain. Routing, on the other hand, is handled
differently. When a layer 3 packet arrives on any interface, the Cisco
router will buffer the packet and immediately strip the data link header
and copy its own header, which will contain its local MAC address and
the remote MAC address of the destination router.
Thus, you can see that bridging is concerned with layer 2, has no layer 3 address,
and cannot be routed. Routing has a layer 3 address and is routed.
A
broadcast domain
is a set of devices that will receive broadcast frames
originating from any device within the same group of devices. Routers
typically define the end of a broadcast domain, because routers do not
forward broadcast frames unless specifically configured for bridging.
Broadcast domains can alleviate the number of broadcasts and increase
the available bandwidth to end users by segmenting a single large broad-
cast domain into smaller broadcast domains.
There are many ways to bridge non-routable frames, and this chapter concen-
trates on how you can accomplish sending non-routable traffic over an existing
network without the need to configure every protocol on a Cisco router. You can
also tunnel some non-routable protocols, such as SNA and LLC, using an IP
tunnel. An IP tunnel enables you to transport legacy non-routable traffic over an
IP network. This will become important later in this chapter when advanced

forms of bridging are discussed. A tunnel is a Cisco IOS feature that allows you
to transport protocols over your IP network without having to configure bridging
over your core network. Table 3.1 shows where bridging, routing, and tunneling
occurs in the OSI model.
4
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
Bridging Overview
As mentioned previously, a bridge is basically a layer 2 device that can determine
where devices are in a network and forward frames based on a bridge forwarding
table. This table lists the location of layer 2 devices (or MAC addresses) to ports
on a bridge. Cisco’s term for this forwarding table on their switches is the content
addressable memory (CAM) table.
To view the CAM table on a Cisco 5000 or 6000 Catalyst switch, you
issue the show cam command.
Bridges can be used to perform the following:
➤ Increase available bandwidth by segmenting your network
➤ Filter packets based on many criteria, such as MAC addresses and
protocol types
➤ Base all forwarding decisions on MAC addresses
➤ Bridging Loop avoidance if spanning tree is configured
The following bridging modes are available with Cisco IOS:
➤ Transparent bridging (TB)
➤ Source-route bridging (SRB)
➤ Source-route transparent (SRT)
➤ Source-route translational bridging (SR/TLB)
➤ Concurrent routing and bridging (CRB)
Table 3.1 Where bridging occurs in the OSI model.
Layer Name Layer Number
Application Layer 7

Presentation Layer 6
Session Layer 5
Transport Layer 4
Network Layer 3 (routing and tunneling occurs here)
Data Link Layer 2 (bridging occurs here)
Physical Layer 1
5
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
➤ Integrated routing and bridging (IRB)
➤ Encapsulated bridging
➤ Remote source-route bridging (RSRB)
➤ Data-link switching (DLSw)
In the upcoming sections, we’ll review each of these bridging modes, beginning
with a discussion about transparent bridging and moving through the preceding
list to encapsulated bridging. At that point, we’ll look at access lists before wrap-
ping up this section by taking a look at RSRB and DLSw.
Transparent Bridging (TB)
Transparent bridging is the easiest bridging type to define, so we’ll look at it first.
In transparent bridging (TB), end devices are unaware of how packets are sent
across a network. The bridging process is transparent to end devices, because the
devices make no decisions regarding how their frames are handled by the net-
work. This method of operation, in which the end device is unaware of what’s
happening, is why this is called transparent bridging. Cisco routers can act as a
transparent bridge to bridge protocols, such as NetBEUI and LAT (Local Area
Transport). These protocols do not have a layer 3 (Network Layer) address and
cannot be routed, so they will need to be bridged.
When workstations or servers want to communicate with one another, the work-
station (or server) will send a broadcast to search for the destination device. The
first packet seen by the bridge will be examined for the source MAC address.

Then, the bridge places the packets source MAC address into a MAC forward-
ing table and notes the interface from which the frame was sent. Transparent
bridges typically have one or more interfaces that contain a group of end devices.
This stage of acquiring the location of new devices is called learning.
After the bridge has finished learning a particular bridge port (a bridge will con-
tinue to learn new devices), it will then forward the frame out all ports except the
port the frame was received on, if the destination MAC address is not in its
forwarding table. This forwarding process (in which frames are sent out on all
interfaces except the interface on which the frame was received) is called flooding.
The destination device will see and then respond to the packet. When the trans-
parent bridge receives the response from the destination device, it will again look
at the source address and check the forwarding table for an entry. If there is no
entry, the source address will be learned and entered into the bridges forwarding
table. The bridge will also look at the destination MAC address and forward it
via the appropriate interface. Figure 3.1 displays a typical bridge connecting two
Ethernet domains.
6
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
The bridge in Figure 3.1 has learned that the device is on Port 1 and has a MAC
address of 0080.0c00.0001 and the device on Port 2 has a MAC address of
0090.0d00.0002. Each device will be associated with a bridge port and will be
added to the forwarding table or the CAM.
In Figure 3.2, when Device A sends a frame trying to locate Device B, both
bridges initially forward the frames as broadcasts looking for Device B. There
will be two broadcasts on Device B’s segment. The two transparent bridges will
again see broadcast frames from one another as all broadcast frames are sent out
on all interfaces except the interface the frame was received from. Broadcasts are
then sent out onto Device A’s segment. The second transparent bridge will again
see the broadcast frame and send it out onto Device B’s segment. This process

will continue (described as a bridge loop) until you have a broadcast storm, in which
case both TBs will eventually run out of memory and your network will fail.
Loops at layer 2 are extremely harmful and will bring your network down. To
help avoid damage from layer 2 loops, you need to run a Spanning Tree Protocol
(STP), which can detect the loops and block the second path. STP automatically
activates a backup path if a bridge or link to a segment fails.
Now, let’s look at the bridging process a Cisco router will follow if transparent
bridging is enabled as shown in Figure 3.2. First, the router will determine whether
the packet is routable. If not, a decision will be made based on the configuration
to bridge or drop the packet. If there are multiple paths to a device, the second
transparent bridge will create a loop, unless you have some form of mechanism to
stop frames from going around forever. For example, look at Figure 3.3.
Fortunately, there is a way to detect multiple paths that will help prevent these
routing loops from occurring, the answer is the Spanning Tree Protocol.
Figure 3.1 Sample bridge forwarding table.
MAC address:
0080.0c00.0001
MAC address:
0090.0d00.0002
Transparent
bridge
Bridge forwarding table
Source MAC
Port address
Port 1 0080.0c00.0001
Port 1 ..........................
Port 2 0090.0d00.0002
Port 2 ..........................
Port 1
Port 2

7
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
Figure 3.2 Bridging decisions made by a transparent bridge.
Figure 3.3 Transparent bridging decision process on a Cisco router.
The Spanning Tree Protocol (STP) is defined as a method used to detect bridge
loops in a bridge or switched environment. STP ensures that no redundant paths
will create a second path to any destination network. There are three main Span-
ning Tree Protocols, two for Ethernet, and one for Token Ring (which is dis-
cussed in more detail later in this chapter):
Bridge 2
Bridge 1
Loop and
broadcast storm
Port 2
Port 1
Port 2
Port 1
Device A
Device B
Is this
packet
routable?
Is router
configured
for
bridging?
Discard
packet
End

Header
Data Trailer
Incoming data frame
Routed
Bridge
packet
accordingly
End
End
Y
Y
N
N
8
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
➤ IEEE 802.1D (Ethernet)
➤ DEC, by Digital Corporation (Ethernet)
➤ IBM spanning tree (Token Ring)
The basic function of Spanning Tree Protocols is to maintain a loop-free topol-
ogy and provide, as possible, a path between every pair of LANs. All TBs will go
through the following four stages of spanning tree:
➤ Listening—The bridge listens for frames. No end user data frames are for-
warded when the bridge is listening.
➤ Learning—The bridge starts to build a MAC address forwarding table. At
this stage no end user data is forwarded yet. Cisco’s term for the MAC ad-
dress forwarding table is the content addressable memory, or CAM, table. No
frames are forwarded is this stage.
➤ Forwarding—The bridge is transmitting end user data frames to their appro-
priate destination.

➤ Blocking—The bridge blocks frames to prevent a loop from occurring.
The STP process of listening, learning, and forwarding or blocking results in a
loop-free topology.
Returning to Figure 3.2, you can see that one of the bridges will block one of its ports
and remove any loop. Let’s assume that Bridge 1 will block on Port 2. If Bridge 2
fails on Port 2, then Bridge 1 will begin forwarding frames onto the Device B
segment in order to maintain network connectivity between the two networks.
Bridges maintain a loop-free topology by using special frames called Bridge Pro-
tocol Data Units (BPDU). These frames are also used by spanning tree to elect a
root bridge. The root bridge is responsible for maintaining a loop-free topology.
Every other bridge will maintain a loop-free path to the root bridge. The root
bridge will always forward on all ports (forwarding state), and other bridges will
block on duplicate paths (blocking state).
A Cisco router or bridge will send out a BPDU with a destination MAC
address of 01-80-c2-00-00-00 Ethernet. In a Token Ring environment,
the functional MAC address c0-00-00-00-01-00 is used.
The root bridge is elected to maintain a loop-free path based on its priority (this
is a configurable option and the lowest number wins) and MAC address. These
two parameters together are called the unique bridge identifier. After the root
bridge is elected, every other bridge will forward on a port with the least cost.
9
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
The default cost on a Cisco Catalyst 5000 switch is 32768. The cost can range
from 0 to 65535.
Cost is a configurable parameter that defines the associated interface cost on
each port on a bridge. The default cost on a Cisco router’s Ethernet interface is
100. The cost is a number in the range from 0 through 65,535.The cost param-
eter is used to enable the bridge to choose the least-cost path to the root bridge.
Hence, a path with a lower cost to the same destination will always be chosen by

a bridge over a path with a higher cost value.
For illustrative purposes, let’s configure a Cisco router for an IEEE spanning tree
and verify it will bridge properly.
TB on Cisco Routers
To configure transparent bridging on a Cisco router, you must issue several com-
mands. First, you must issue a global transparent bridge command, as follows:
bridge bridge-group protocol |ieee or dec|
Then, you need to issue the following interface command:
bridge-group bridge-group
In the preceding commands, bridge-group identifies a decimal number from 1
through 63, and you must choose a Spanning Tree Protocol. The available choices
are IEEE and DEC, which is Digital’s version. For additional modifiable param-
eters, refer to the references listed in the “Need To Know More” section at the
end of this chapter.
Make sure you can identify how to make a bridge become the root
bridge with the IOS command bridge-group priority <0-65535> with
0 being the highest priority.
Let’s assume you have a Cisco 4000 router with four Ethernet interfaces. You
want to allow transparent bridging on the first three only. Listing 3.1 details the
IOS commands you would use to accomplish this setup.
Listing 3.1 Transparent bridging configuration example.
interface E0
bridge-group 1 !Enables Transparent bridging
interface E1
bridge-group 1
Interface E2
bridge-group 1
bridge 1 protocol IEEE !enables IEEE spanning tree
10
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○

Chapter 3
An important concept to remember is that a Spanning Tree Protocol
(STP) elects the root bridge based on the unique identifier. The identi-
fier is made with the priority and MAC address sometimes represented
as priority.MAC address. Note also that different STP protocols cannot
communicate. For example, if you have IEEE STP and DEC STP on two
separate bridges, there would be two spanning tree domains and two
root bridges.
To view how spanning tree is operating on a Cisco router, enter the IOS show
spanning-tree command. The display will show you the spanning tree state and
which bridge is the elected root bridge, as shown in Listing 3.2.
Listing 3.2 The show spanning-tree command.
R1#show spanning-tree
Bridge Group 1 is executing the IEEE compatible STP
Bridge Identifier has priority 32768, address 0060.7015.5e4d
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0000.0c75.cf24
Root port is 2 (Ethernet0), cost of root path is 200
Topology change flag not set, detected flag not set
Times: hold 1, topology change 30, notification 30
hello 2, max age 20, forward delay 15, aging 300
Timers: hello 0, topology change 0, notification 0
Port 2 (Ethernet0) of bridge group 1 is forwarding
Port path cost 100, Port priority 128
Designated root has priority 32768, address 0000.0c75.cf24
Designated bridge has priority 32768, address 0060.2f53.5900
Designated port is 129, path cost 100
Timers: message age 2, forward delay 0, hold 0
As you can see in Listing 3.2, the default priority setting is 32768. You can also
see that the router port (Ethernet 0 on bridge group 1) is in a forwarding state. In

the event of a tie on priority, the lowest MAC address will be the root bridge.
Listing 3.2 displays the root bridge with the MAC address of 0000.0c75.cf24
(lower MAC address) and a priority set to 32768.
With transparent bridging or translational bridging, it is important to
remember that the MAC address or layer 2 information is not modified
as the frame passes from one bridge to another. When routing a
packet, the layer 2 header is modified with the router inserting its own
header that contains the router’s local MAC address and the remote
router’s address.
11
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
Source-Route Bridging (SRB)
Source-route bridging is a method in which the source device determines the
path to the remote device. Hence, the term source-route.
When a device needs to find a remote device, it performs a number of steps.
First, it sends a test frame locally to see if the destination device is local. If the test
frame receives no response, the device then sends either a single-route explorer
frame or an all-routes explorer frame. Figure 3.4 shows how an SRB device can
detect whether a device has received its frame. The source-route bridge between
two devices A and B will forward test frames by adding the local bridge number
and ring number until the destination device responds. As a result, the end sta-
tions “test/explore” the path between end stations prior to sending any data. Once
the path-finding process is complete, the device will select a preferred path based
on criteria such as bridge hop count and forward frames on that routing informa-
tion field (RIF) path. SRB devices are susceptible to failures. If a SRB fails, a new
path or RIF must be found.
This path-finding process enables the collection of a RIF (routing information
field). A RIF is a hexadecimal value that represents the path traversed by a test frame
and enables a source station to determine the best path based upon SRB settings.

A RIF basically consists of two main fields within the IEEE802.5 Header—the
routing control field (RCF) and the route descriptor field (RDF):
➤ The routing control field identifies the length and direction of the RIF, the
type of test frame, and the largest frame code indicating the largest frame
accepted en route to the destination.
➤ The route descriptor field identifies the ring numbers and bridge numbers. A
ring number is a unique number given to a Token Ring network. A bridge
number is a number assigned to a bridge to uniquely identify it from other
source-route bridges when the router is connected to more than one ring.
Let’s look at an example. First, view the network shown in Figure 3.4, which
contains two stations and four source-route bridges. All SRBs have been assigned
a bridge number that is the same as the local ring number (that is, Ring 1 is
Bridge 1, Ring 2 is Bridge 2, and so forth).
There are three types of explorer frames:
➤
Single route explorer (SRE)
—An explorer frame sent to a specific
device.
➤
All-routes explorer (ARE)
—An explorer frame sent to all interfaces
in the SRB domain.
➤
Spanning tree explorer (STE)
—An explorer frame sent only on a
predefined part of a spanning tree domain.
12
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
In Figure 3.4, when Device A wants to communicate to Device B the following

steps occur:
1. Device A sends a local test frame first onto the ring. Because Device B is on
another network, Device A’s local test frame will not be replied to.
2. When no answer is received from Device B, Device A then sends an all-
route explorer (ARE) frame. Each SRB will then add its local bridge and ring
number and forward it out all of its interfaces except the interface on which
the explorer frame was received.
3. Each SRB will not forward a RIF to a segment or ring that already contains
its own path in the RIF to avoid the same RIF being sent continuously over
the network. Eventually, the remote station, Device B in this example, will
Device B
Device B responds to
both explorer frames
Token
Ring
Token
Ring
Device A
Token
Ring
Token
Ring
Local test
frame followed
by all routes
explorer
Ring 1
SRB
Reply
Reply

Reply
Two replies received
Reply
Ring 4 Ring 3
Ring 2
Two frames
are transmitted
Bridge 1Bridge 2
Bridge 4 Bridge 3
Figure 3.4 How a source-route bridge device sends data.
13
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
receive two ARE test frames and reply to both by reversing the RIF or read-
ing the RIF in the opposite direction.
4. A bit called the direction field is used to indicate how the RIF is read from
right to left or left to right. (See Chapter 4 for a detailed explanation on this
direction field.)
5. Device A, receives two replies and makes an intelligent decision regarding
which path to use. Typically, the path that replies first or the path with the
least number of hops is the selected path.
You should understand how SRB stations determine a RIF and how RIFs
are calculated. Be sure to note whether a scenario represents ring or
bridge numbers as decimal or hexadecimal. For example, 0x019 in hex
is 25 in decimal (1x16
1
+9x16
0
=25).
Routing Information Fields (RIFs)

Now, let’s take a closer look at RIFs. SRB identifies whether a RIF is present by
examining the first bit of the first byte of a source address. This is known as the
routing information indicator (RII). If the first bit of the RII is set to 1, a RIF is
present; if it is set to 0, then no RIF is present.
In Figure 3.5, notice the number of bits assigned to each field. In particular,
because the bridge number is only 4 bits, you can assign numbers from 1 through
F (1 to 15 in decimal). These bridge numbers are represented in hexadecimal, so
the bridge numbers must be in the range from 0x1 through 0xF. Zero is reserved
for RIF frames to indicate the destination ring. Furthermore, the ring number is
12 bits, or from 1 through 4,095, or, in hex, from 0x001 through 0xFFF.
True IBM bridges only support 8 rings or hops and 7 bridges, whereas
IEEE 802.5 supports 14 bridges and 13 rings or hops.
The best way to explain a RIF is to use some examples. In Figure 3.4—assuming
that Bridge 1 is connected to Ring 1, Bridge 2 is connected to Ring 2, Bridge 3 is
connected to Ring 3, and Bridge 4 is connected to Ring 4—you can see that the
two RIFs will be as follows:
➤ 0810.0011.0033.0040—Note that the end bridge number is set to 0 to sig-
nify the end where the device is located. Hence, the path is through the local
ring 1, bridge 1, remote ring 3, bridge 3, and finally to ring 4. The routing
control 0810 signifies the RIF is 8 bytes and is a directed frame. To deduce
this, you can break up the route descriptor (refer to Figure 3.4 also) in binary.
14
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
0810 in binary is 0000.1000.0001.0000. The first 3 bits (000) indicate an all-
routes broadcast. The next 5 bits indicate the length of the RIF, which is 8
bytes (01000). The next bit is set to 0, which indicates that the RIF must be
read from left to right. The next 3 bits are set to 001, which indicates the
length of the frame is no larger than 1,500 bytes. The last four bits are re-
served and set to all zeros.

➤ 0810.0011.0022.0040—Note that this path specifies local ring 1, bridge 1,
remote ring 2, bridge 2, and destination ring 4 (the last field is set to 0).
For further clarification, let’s look at another, more-complex RIF example where
the local ring numbers are 0x1 (1), 0x1F4 (500), and 0x2 (2):
Routing Control Route Descriptor
2 bytes Up to 14 bytes (7 hops)
X signifies a don t care bit.
BBX indicates the explorer frame type (0XX indicates a single route frame, 10X is a spanning
explorer, 11X is an all routers broadcast explorer).
LLLLL indicates the length of the RIF.
D identifies the direction the RIF should be read. A 1 bit indicates the RIF is read left to right,
and a 0 bit is read right to left.
FFF indicates the largest frame size contained in the frame. Possible combinations are:
Routing Control (16 bits)
B B X L L L L L D F F F X X X X
000 up to 512 bytes
001 up to 1,500 bytes
010 up to 2,052 bytes
011 up to 4,472 bytes
100 up to 8,144 bytes
101 up to 11,407 bytes
110 up to 17,800 bytes
111 is used in broadcast frames only
XXXX are reserved bits.
Route Descriptor (up to 14 bytes)
R R R R R R R R R R R R B B B B
R indicates the ring number with possible values from 0x0 to 0xFFF (0 to 4,095).
B indicates the bridge number with possible values from 0x0 to 0xF (1 to 15).
,
,,

,,
Figure 3.5 The RIF 802.5 format.
15
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
➤ C810.0011.1F41.0020—In this RIF example, the first two bytes make up the
route descriptor, which defines that this RIF is 8 bytes in length and a maxi-
mum frame size of 1,500 bytes (by examining the following description of the
RIF in binary format and using the explanation in Figure3.5). The route de-
scriptor when displayed in binary is described as follows:
C810 is 1100.1000.0001.xxxx.
The first 3 bits are set to 110, which indicates a spanning tree broadcast frame.
The next 5 bits are set to 01000, which indicates the length of the RIF is 8
bytes. The next bit is 0, which specifies that the RIF must be read from left to
right. The next 3 bits are set to 001, which indicates the largest frame size for
this frame no greater than 1,500 bytes. The last fours bits, xxxx, are reserved
for future use and are set to zero or 0000.
The path moves through ring 0x001, bridge 1, ring 0x1F4, bridge 1, and finally
to the destination ring 0x020.
Ring numbers are configured on Cisco routers in decimal but are
converted to hexadecimal when the frame traverses the medium.
Displaying the status of the SRB domain with the show source
command also displays the rings in hexadecimal.
Table 3.2 contains a useful conversion index for numbers being converted from
binary to decimal to hexadecimal.
Table 3.2 Binary to decimal to hexadecimal conversion chart.
Binary Decimal Hexidecimal
00000000 0 0x0
00000001 1 0x1
00000010 2 0x2

00000011 3 0x3
00000100 4 0x4
00000101 5 0x5
00000110 6 0x6
00000111 7 0x7
00001000 8 0x8
00001001 9 0x9
00001010 10 0xA
00001011 11 0xB
(continued)
16
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
Ring
0x100
Token
Ring
Ring
100
Token
Ring
tok1
tok0
Figure 3.6 Sample RIF calculation.
Table 3.2 Binary to decimal to hexadecimal conversion chart
(continued)
.
Binary Decimal Hexidecimal
00001100 12 0xC
00001101 13 0xD

00001110 14 0xE
00001111 15 0xF
Source Route Bridging on Cisco Routers
In this section, we’ll examine the network in Figure 3.6 and configure the router
named R1 for source-route bridging. In this example, Token Ring segments 0
and 1 must be able to communicate to each other.
Notice in Figure 3.6 that one ring has been displayed in decimal as ring 100 and
the other in hexadecimal as 0x100 (which is 256 in decimal). The relevant IOS
command required to configure the SRB on each interface is:
Source-bridge <local 1-4095> <bridge-number 1-16> <target ring>
Listing 3.3 details the configuration required on Router R1.
Listing 3.3 SRB configuration on R1.
Interface Tokenring 0
ring-speed 16
source-bridge 100 1 256
source-bridge spanning
Interface Tokenring 1
ring-speed 16
source-bridge 256 1 100
source-bridge spanning
Note in Listing 3.3 you need to configure the ring speed or the interface will not
insert into the ring. You have two options of 4MB or 16MB. The first number
under the source-bridge command is the local ring. The middle number repre-
sents the unique bridge number connecting the local ring to the target ring. The
last number represents the target ring. The source-bridge spanning command
17
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
puts the interface into a forwarding state so that forwarding of spanning tree
explorers will take place on this interface. This configuration will allow Token

Ring 0 to communicate with Token Ring 1 via source route bridging across the
router in the middle:
source-bridge spanning 1
The preceding command permits you to manually forward spanning tree explor-
ers. Spanning tree explorers are frames sent out by SRB devices that transverse
the spanning tree path only. For instance, in a large SRB domain, there might be
several SRB ports in a blocking state. Any spanning tree explorer packet received
will not be forwarded out a blocked port. This can help reduce the number of
explorers you have in your network.
Now, consider what will happen if you have more than two rings connected to a
local router. Legacy IBM bridges came with only two Token Ring ports, which
was very limited. For instance, how would four Token Ring interfaces communi-
cate among each other? Cisco accommodates this type of scenario with virtual
rings (also called software rings). A virtual ring setup is also sometimes referred to
as a multiport configuration. Virtual rings allow more than two rings to communi-
cate. To illustrate, let’s look at an example router with four local rings as displayed
in Figure 3.7.
Ring
0x100
Token
Ring
Ring
100
Token
Ring
tok1
tok0
Token
Ring
Token

Ring
Ring 102
Ring 103
tok3
tok2
Figure 3.7 Mulitport configuration on a Cisco router.
18
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
To define a virtual ring, use the following IOS command:
source-bridge ring-group <ring number>
Listing 3.4 provides the configuration required to allow the four rings (namely
Token Ring interfaces 0, 1, 2, and 3 in Figure 3.7) to communicate.
Listing 3.4 Multiport configuration example.
source-bridge ring-group 200!Virtual ring created by administrator
Interface Tokenring 0
ring-speed 16
source-bridge 100 1 200
source-bridge spanning
Interface Tokenring 1
ring-speed 16
source-bridge 256 1 200
source-bridge spanning
Interface Tokenring 2
ring-speed 16
source-bridge 102 1 200
source-bridge spanning
Interface Tokenring 3
ring-speed 16
source-bridge 103 1 200

source-bridge spanning
The preceding configuration enables four Token Rings to communicate with
each other using the virtual ring 200. After the configuration is in place, the IOS
does the rest and enables communication among all rings.
If you have a device that does not use or understand RIFs, then your device needs
SRT bridging.
Source-Route Transparent (SRT) Bridging
Basically, a source-route transparent bridge looks at a frame and examines the
fields that identify whether a RIF is present, namely the routing information
indicator (RII). If the RII is present, the source route transparent bridge will
forward the frame; if the RII is not present, the frame will be transparently bridged.
Some devices do not support RIF frames like Windows 95. To allow communi-
cation using bridges between LAN segments SRT is a possible resolution for
devices that are not capable of understanding RIF formatted frames. The dia-
gram in Figure 3.8 summarizes how an SRT bridges frames.
19
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
Source Route Transparent Bridging on Cisco Routers
Now, in preparation for the CCIE exam, let’s configure the router shown in Fig-
ure 3.8 for SRT. In Figure 3.8, the devices on Token Ring 0 do not use RIFs, but
the devices on Token Ring 1 do. Listing 3.5 shows the configuration used to
enable SRT. The Cisco router will internally run both transparent bridging for
device’s on Ring 100 and SRB for devices on Ring 101.
Listing 3.5 SRT configuration example.
interface tokenring0
bridge-group 1
source-bridge spanning
interface tokenring1
source-bridge 101 1 100

bridge-group 1
source-bridge spanning
bridge 1 protocol IEEE
The preceding configuration will allow communication between ring 100 and 101.
Ring 101
Token
Ring
Ring 100
Token
Ring
tok1
tok0
Uses RIFs
Does not use RIFs
Remove RIF and use
TB engine
Add RIF and use
SRB engine
Figure 3.8 How SRT handles frames.
20
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
Source-Route Translational Bridging (SR/TLB)
SR/TLB is a feature that allows a device in a transparent bridging (Ethernet)
domain to communicate with a device in a source-route bridge domain through
a Cisco router. When you use SR/TLB, Cisco routers look after bit ordering
when frames are converted from Ethernet frames to Token Ring frames, MTU
sizes, and RIF removals and additions. Your configuration requirements entail
that you make the Ethernet domain appear as an SRB domain to Token Ring
users. When a frame is sent from the SRB domain to the frame to the Ethernet

domain, the routing information field is removed. When a frame is sent from the
Ethernet domain to the SRB domain, a RIF is added. Figure 3.9 demonstrates a
typical SR/TLB requirement where an Ethernet device, such as a PC, needs to
talk at layer 2 (bridge) to a device on Token Ring, such as a file server.
The IOS software in the Cisco router performing SR/TLB does the following:
➤ Adds and removes RIFs as needed
➤ Performs bit ordering
➤ Assigns MTU sizes (the default MTU for Ethernet is 1,500 bytes and Token
Ring is 4,464 bytes; see Chapter 2 for more information)
Token
Ring
The Etherent domain
appears as source-router
bridging domain to the
users on token ring 100
Ethernet
Domain
e0
Cisco router
performing SR/TLB
tok0
Ring 100
Source-route
bridging domain
Add RIF
Remove RIF
Figure 3.9 Source-route translational bridging sample network scenario.
21
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching

➤ Identifies frame format differences, because Ethernet and Token Ring do not
have the same frame formats (for more information, see Chapter 2)
The IOS command to create the pseudo ring that appears on an SRB domain is:
source-bridge transparent <ring-group> <pseudo ring number> ..
<Cod.. <TB bridge number>
Note: A psuedo ring makes an Ethernet domain appear to be an SRB domain.
Now, let’s look at an example router configuration.
Configuring SR/TLB on Cisco Routers
Let’s say that you have been asked to ensure that local users on Ethernet and
Token Ring can communicate using the NetBEUI protocol. You are using 200 as
the pseudo ring number, bridge 10 for the transparent bridging domain, and
bridge 1 for the transparent bridge group for the source bridge domain. Listing
3.6 describes the required Cisco configuration.
Listing 3.6 SR/TLB configuration example.
source-bridge transparent 100 200 1 10
interface e0
bridge-group 10
interface tokenring0
source-bridge 100 1 200
source-bridge spanning
Bridge 10 protocol ieee
In Listing 3.6, the first line defines the local SRB ring number as 100, the pseudo
ring as 200 (this number must be unique), and the TB bridge number as 1 (which
specifies the bridge that ties to the transparent bridging domain). The last num-
ber, 10, signifies the transparent bridge group that you want to tie into your source-
route bridged domain.
In the IOS command to configure SR/TLB, the second keyword is
transparent and not translational, although translational would
seem to make more sense. You must be proficient with the IOS
command set.

Concurrent and Integrated Routing Bridging
(CRB and IRB)
In addition to the bridging methods discussed in the preceding sections, Cisco
supports two propriety methods of bridging—concurrent routing and bridging
(CRB) and integrated routing and bridging (IRB):
22
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
➤ Concurrent routing and bridging (CRB)—If a bridgeable or routable frame is
received, it is sent to an interface configured for bridging or routing, but you
cannot receive a bridgeable frame and route it or similarly receive a routed
packet and bridge the frame.
➤ Integrated routing and bridging (IRB)—The limitation of not being able to
bridge a frame out of a routing interface is removed with IRB. You can route
or bridge a packet out of any interface on a Cisco router with IRB. IRB is
only available in IOS release 11.2 and later.
Study the IBM bridging guide on the Cisco Web site at: http://cco/
univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_c/
index.htm
As new versions of IOS are released, the documentation is also
updated. This URL is for IOS release 12.
Encapsulated Bridging
Another form of bridging supported by Cisco routers is encapsulated bridging.
Encapsulated bridging is basically a form of transporting one access method,
such as Ethernet, across another access method, such as Fiber Distributed Data
Interface (FDDI) or serial interfaces. Figure 3.10 shows an example of encapsu-
lated bridging.
In Figure 3.10, the following occurs:
1. The router receives the Ethernet frames.
2. The Ethernet frames from the Ethernet network are encapsulated on Router

1 (that is, a header is placed around the data) and sent across the FDDI
network.
3. Then, the header is stripped on Router R1, and an Ethernet frame is trans-
mitted across the wire.
Another example of encapsulated bridging is when you enable local area trans-
port (LAT is a non-routable LAN protocol) across a WAN.
Cisco provides a number of ways to control how their routers manage bridged
traffic. It is important to appreciate that control bridged protocols can improve
your network performance. We will now discuss how access lists can be used to
control bridging on Cisco routers before we move onto more complex bridging
solutions available with Cisco IOS. Access lists are used to manage broadcasts
and network reachability.
23
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
Access Lists Used for Bridging
Access lists are used to manage all types of bridged traffic. The access lists that control
whether layer 2 information is bridged or dropped can be accomplished using ac-
cess list ranges from 200 through 299, 700 through 799, and 1100 through 1199.
After you have defined your access list, it is a simple matter of applying the list to
the required interface. You can apply the criteria on inbound or outbound pack-
ets. Of course, the default configuration on all access lists is to deny anything not
explicitly permitted. Listing 3.7 provides three simple examples of applying an
access list.
Listing 3.7 Three Access list examples.
access-list 200 permit 0x0404 0x0101...permits SAP 04 through only
access-list 700 permit 4000.2399.70cd 0000.0000.0000
access-list 1100 permit 000c.1b00.0000 0000.00ff.ffff...
...000c.1a00.0000 0000.00ff.ffff
FDDI

R1
R2
Data
Ethernet Header
FDDI FRAME
with own header
and trailer
2.
Data
Ethernet Header
3.
Data
Ethernet Header
1.
Figure 3.10 Encapsulated bridging over a FDDI network.
24
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
In Listing 3.7, access lists 700 and 1100 also have hardware masks that are used to
identify bits that match and bits that can be ignored. Furthermore, access list 1100
permits packets from MAC addresses 000c.1bxx.xxxx to pass to devices with
MAC addresses 000c.1axx.xxxx. You do not need to be concerned about the last
six bits. This access list is an example of allowing certain vendors’ network interface
cards to access the network, because the first 3 bytes represent the vendor code.
Remote Source-Route Bridging (RSRB) and Data-Link
Switching (DLSw)
RSRB and DLSw are advanced bridging techniques used to provide solutions to
large bridged environments. Legacy protocols, such as SNA, are typically transported
over IP networks. RSRB and DLSw provide excellent techniques to accomplish stable
network design and redundancy. RSRB and DLSW are grouped together here be-

cause they were developed to solve the same problem, bridging over an IP network.
We have covered many bridging types and understand that bridging is compli-
cated. But, what happens if you do not want to bridge across your WAN? What
can you do to support the non-routable protocols? All the bridgeable protocols
cannot be removed overnight, so there needs to be some alternative that will
allow the protocols to run over existing WAN protocols. In this case, the proto-
cols can be transported across the WAN using the Internet Protocol (IP).
By implementing a tunnel, you do not need to configure bridging across every
Cisco network interface. The method to achieve the ability to transport bridge-
able protocols over an IP network is to tunnel them across an IP backbone. As
mentioned earlier in this chapter, tunneling is a software feature that allows pro-
tocols, such as SNA and LAT, to operate over an IP network.
You need t be able to demonstrate your understanding of RSRB and
DLSw. Study the major differences between them and when you should
use each method.
To illustrate tunneling, let’s say you have the simple network shown in Figure 3.11,
and you need to support bridging across all media types. You can see how com-
plex the bridging will be, even with only three routers. The solution to the com-
plex bridging scenario shown in Figure 3.11 is to use RSRB or DLSw and tunnel
the frames across an IP network.
Remote Source-Route Bridging (RSRB)
RSRB encapsulates frames from Token Ring domains and transports them across
an IP network. With RSRB, you can support Ethernet networks as long as your
local router is running SR/TLB. The concept of the virtual ring is applied here,
which allows you to use the entire IP cloud as one hop.
25
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
You can use the following three encapsulation methods when using RSRB:
➤ Direct Encapsulation—Uses an High-Level Data Link Control (HDLC) en-

capsulation to pass frames over a single physical network connection between
two routers attached to Token Rings. Direct encapsulation provides better
performance than TCP, for instance, because it involves fewer overheads.
➤ Fast-Sequenced Transport (FST)—Uses IP encapsulation with few overheads.
FST provides medium overhead, but it’s less reliable than TCP because IP is
connectionless and will rely on packets arriving in the same order as they
were sent.
➤ Transport Control Protocol (TCP)—Uses a TCP connection, which contains
the usual overheads of TCP. TCP is very reliable when compared to IP or
direct encapsulation, but it requires more overheads. TCP segments contain
many overheads that ensure safe delivery and segment reordering.
To enable RSRB, a number of tasks are required. First, you must choose your
encapsulation method and create your virtual ring. Using Figure 3.12, let’s con-
figure RSRB using all three encapsulation methods.
Token
Ring
FDDI
Token
Ring
Token
Ring
IP network
Figure 3.11 Bridging in a complex network.