1
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
3
Advanced Network
Theory: Bridging and
LAN Switching
Terms you’ll need to understand:
✓ Broadcasts
✓ Transparent bridging (TB)
✓ Source-route bridging (SRB)
✓ Source-route transparent (SRT)
✓ Source-route translational
bridging (SR/TLB)
✓ Integrated routing and bridging (IRB)
✓ Concurrent routing and bridging
(CRB)
✓ Encapsulated bridging
✓ Remote-source route bridging
(RSRB)
✓ Data-link switching (DLSw)
✓ Bridge Protocol Data Unit (BPDU)
✓ Spanning Tree Protocol (STP)
✓ Routing information fields (RIFs)
✓ Virtual LANs (VLANs)
✓ Inter-switch link (ISL)
✓ Fast Ethernet Channel (FEC)
✓ Cisco Discovery Protocol (CDP)
✓ Cisco Group Management Protocol
(CGMP)
✓ LAN emulation (LANE)
Techniques you’ll need to master:

Bridging Overview
Bridging is defined as a method used to allow communication between devices at
the Data Link Layer (layer 2) of the OSI model. Bridging is a topic that is de-
fined in the Cisco CCIE R/S blueprint with a focus on how Cisco IOS is used to
bridge frames over an IP network.
Why should you be concerned about bridging? Initially, when these non-routable
(for example, LAT or SNA) protocols were invented, they were only intended for
use on local area networks (LANs). In today’s networks, these non-routable proto-
cols are used between remote locations. Because these locations can only be reached
via a wide area network (WAN), non-routable protocols need to be bridged across
the wide area networks. Bridged protocols are typically broadcast intensive and can
cause a WAN link to reach high levels of utilization, resulting in slow response
times or protocol timeouts, which will affect the entire WAN to some degree.
You need to be concerned about bridging because protocols such as Local Area
Transport (LAT) and NetBEUI typically rely on broadcasts to gain access to
remote hosts or servers. Broadcasts can be excessive and the amount of broad-
casts can severely impact WAN bandwidth, resulting in slow response times. For
example, you might have a 10Mb Ethernet segment and a 64K WAN link on a
router. It is easy for a bridgeable protocol to overwhelm the slow WAN link with
3
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
excessive broadcasts. By default, a Cisco router is not configured for bridging and
will drop broadcasts, so for the purpose of this discussion, we can assume bridg-
ing has been enabled. Most bridgeable protocols rely on broadcasts to send user
information or data. These broadcasts can cause time delays. Typically, bridged
protocols, such as LAT and Systems Network Architecture (SNA), are not ac-
customed to time delays; hence, the data might be lost or the session might be
reinitiated, which can also result in lost user data. It is important to be aware of
the history and traditional use of bridges. In the 1980s, bridges were primarily

forms of bridging are discussed. A tunnel is a Cisco IOS feature that allows you
to transport protocols over your IP network without having to configure bridging
over your core network. Table 3.1 shows where bridging, routing, and tunneling
occurs in the OSI model.
4
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
Bridging Overview
As mentioned previously, a bridge is basically a layer 2 device that can determine
where devices are in a network and forward frames based on a bridge forwarding
table. This table lists the location of layer 2 devices (or MAC addresses) to ports
on a bridge. Cisco’s term for this forwarding table on their switches is the content
addressable memory (CAM) table.
To view the CAM table on a Cisco 5000 or 6000 Catalyst switch, you
issue the show cam command.
Bridges can be used to perform the following:
➤ Increase available bandwidth by segmenting your network
➤ Filter packets based on many criteria, such as MAC addresses and
protocol types
➤ Base all forwarding decisions on MAC addresses
➤ Bridging Loop avoidance if spanning tree is configured
The following bridging modes are available with Cisco IOS:
➤ Transparent bridging (TB)
➤ Source-route bridging (SRB)
➤ Source-route transparent (SRT)
➤ Source-route translational bridging (SR/TLB)
➤ Concurrent routing and bridging (CRB)
Table 3.1 Where bridging occurs in the OSI model.
Layer Name Layer Number
Application Layer 7

Then, the bridge places the packets source MAC address into a MAC forward-
ing table and notes the interface from which the frame was sent. Transparent
bridges typically have one or more interfaces that contain a group of end devices.
This stage of acquiring the location of new devices is called learning.
After the bridge has finished learning a particular bridge port (a bridge will con-
tinue to learn new devices), it will then forward the frame out all ports except the
port the frame was received on, if the destination MAC address is not in its
forwarding table. This forwarding process (in which frames are sent out on all
interfaces except the interface on which the frame was received) is called flooding.
The destination device will see and then respond to the packet. When the trans-
parent bridge receives the response from the destination device, it will again look
at the source address and check the forwarding table for an entry. If there is no
entry, the source address will be learned and entered into the bridges forwarding
table. The bridge will also look at the destination MAC address and forward it
via the appropriate interface. Figure 3.1 displays a typical bridge connecting two
Ethernet domains.
6
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
The bridge in Figure 3.1 has learned that the device is on Port 1 and has a MAC
address of 0080.0c00.0001 and the device on Port 2 has a MAC address of
0090.0d00.0002. Each device will be associated with a bridge port and will be
added to the forwarding table or the CAM.
In Figure 3.2, when Device A sends a frame trying to locate Device B, both
bridges initially forward the frames as broadcasts looking for Device B. There
will be two broadcasts on Device B’s segment. The two transparent bridges will
again see broadcast frames from one another as all broadcast frames are sent out
on all interfaces except the interface the frame was received from. Broadcasts are
then sent out onto Device A’s segment. The second transparent bridge will again
see the broadcast frame and send it out onto Device B’s segment. This process

7
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
Figure 3.2 Bridging decisions made by a transparent bridge.
Figure 3.3 Transparent bridging decision process on a Cisco router.
The Spanning Tree Protocol (STP) is defined as a method used to detect bridge
loops in a bridge or switched environment. STP ensures that no redundant paths
will create a second path to any destination network. There are three main Span-
ning Tree Protocols, two for Ethernet, and one for Token Ring (which is dis-
cussed in more detail later in this chapter):
Bridge 2
Bridge 1
Loop and
broadcast storm
Port 2
Port 1
Port 2
Port 1
Device A
Device B
Is this
packet
routable?
Is router
configured
for
bridging?
Discard
packet
End

➤ Blocking—The bridge blocks frames to prevent a loop from occurring.
The STP process of listening, learning, and forwarding or blocking results in a
loop-free topology.
Returning to Figure 3.2, you can see that one of the bridges will block one of its ports
and remove any loop. Let’s assume that Bridge 1 will block on Port 2. If Bridge 2
fails on Port 2, then Bridge 1 will begin forwarding frames onto the Device B
segment in order to maintain network connectivity between the two networks.
Bridges maintain a loop-free topology by using special frames called Bridge Pro-
tocol Data Units (BPDU). These frames are also used by spanning tree to elect a
root bridge. The root bridge is responsible for maintaining a loop-free topology.
Every other bridge will maintain a loop-free path to the root bridge. The root
bridge will always forward on all ports (forwarding state), and other bridges will
block on duplicate paths (blocking state).
A Cisco router or bridge will send out a BPDU with a destination MAC
address of 01-80-c2-00-00-00 Ethernet. In a Token Ring environment,
the functional MAC address c0-00-00-00-01-00 is used.
The root bridge is elected to maintain a loop-free path based on its priority (this
is a configurable option and the lowest number wins) and MAC address. These
two parameters together are called the unique bridge identifier. After the root
bridge is elected, every other bridge will forward on a port with the least cost.
9
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
The default cost on a Cisco Catalyst 5000 switch is 32768. The cost can range
from 0 to 65535.
Cost is a configurable parameter that defines the associated interface cost on
each port on a bridge. The default cost on a Cisco router’s Ethernet interface is
100. The cost is a number in the range from 0 through 65,535.The cost param-
eter is used to enable the bridge to choose the least-cost path to the root bridge.
Hence, a path with a lower cost to the same destination will always be chosen by

Chapter 3
An important concept to remember is that a Spanning Tree Protocol
(STP) elects the root bridge based on the unique identifier. The identi-
fier is made with the priority and MAC address sometimes represented
as priority.MAC address. Note also that different STP protocols cannot
communicate. For example, if you have IEEE STP and DEC STP on two
separate bridges, there would be two spanning tree domains and two
root bridges.
To view how spanning tree is operating on a Cisco router, enter the IOS show
spanning-tree command. The display will show you the spanning tree state and
which bridge is the elected root bridge, as shown in Listing 3.2.
Listing 3.2 The show spanning-tree command.
R1#show spanning-tree
Bridge Group 1 is executing the IEEE compatible STP
Bridge Identifier has priority 32768, address 0060.7015.5e4d
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0000.0c75.cf24
Root port is 2 (Ethernet0), cost of root path is 200
Topology change flag not set, detected flag not set
Times: hold 1, topology change 30, notification 30
hello 2, max age 20, forward delay 15, aging 300
Timers: hello 0, topology change 0, notification 0
Port 2 (Ethernet0) of bridge group 1 is forwarding
Port path cost 100, Port priority 128
Designated root has priority 32768, address 0000.0c75.cf24
Designated bridge has priority 32768, address 0060.2f53.5900
Designated port is 129, path cost 100
Timers: message age 2, forward delay 0, hold 0
As you can see in Listing 3.2, the default priority setting is 32768. You can also
see that the router port (Ethernet 0 on bridge group 1) is in a forwarding state. In

A RIF basically consists of two main fields within the IEEE802.5 Header—the
routing control field (RCF) and the route descriptor field (RDF):
➤ The routing control field identifies the length and direction of the RIF, the
type of test frame, and the largest frame code indicating the largest frame
accepted en route to the destination.
➤ The route descriptor field identifies the ring numbers and bridge numbers. A
ring number is a unique number given to a Token Ring network. A bridge
number is a number assigned to a bridge to uniquely identify it from other
source-route bridges when the router is connected to more than one ring.
Let’s look at an example. First, view the network shown in Figure 3.4, which
contains two stations and four source-route bridges. All SRBs have been assigned
a bridge number that is the same as the local ring number (that is, Ring 1 is
Bridge 1, Ring 2 is Bridge 2, and so forth).
There are three types of explorer frames:
➤
Single route explorer (SRE)
—An explorer frame sent to a specific
device.
➤
All-routes explorer (ARE)
—An explorer frame sent to all interfaces
in the SRB domain.
➤
Spanning tree explorer (STE)
—An explorer frame sent only on a
predefined part of a spanning tree domain.
12
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
In Figure 3.4, when Device A wants to communicate to Device B the following

Reply
Two replies received
Reply
Ring 4 Ring 3
Ring 2
Two frames
are transmitted
Bridge 1Bridge 2
Bridge 4 Bridge 3
Figure 3.4 How a source-route bridge device sends data.
13
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
receive two ARE test frames and reply to both by reversing the RIF or read-
ing the RIF in the opposite direction.
4. A bit called the direction field is used to indicate how the RIF is read from
right to left or left to right. (See Chapter 4 for a detailed explanation on this
direction field.)
5. Device A, receives two replies and makes an intelligent decision regarding
which path to use. Typically, the path that replies first or the path with the
least number of hops is the selected path.
You should understand how SRB stations determine a RIF and how RIFs
are calculated. Be sure to note whether a scenario represents ring or
bridge numbers as decimal or hexadecimal. For example, 0x019 in hex
is 25 in decimal (1x16
1
+9x16
0
=25).
Routing Information Fields (RIFs)

➤ 0810.0011.0022.0040—Note that this path specifies local ring 1, bridge 1,
remote ring 2, bridge 2, and destination ring 4 (the last field is set to 0).
For further clarification, let’s look at another, more-complex RIF example where
the local ring numbers are 0x1 (1), 0x1F4 (500), and 0x2 (2):
Routing Control Route Descriptor
2 bytes Up to 14 bytes (7 hops)
X signifies a don t care bit.
BBX indicates the explorer frame type (0XX indicates a single route frame, 10X is a spanning
explorer, 11X is an all routers broadcast explorer).
LLLLL indicates the length of the RIF.
D identifies the direction the RIF should be read. A 1 bit indicates the RIF is read left to right,
and a 0 bit is read right to left.
FFF indicates the largest frame size contained in the frame. Possible combinations are:
Routing Control (16 bits)
B B X L L L L L D F F F X X X X
000 up to 512 bytes
001 up to 1,500 bytes
010 up to 2,052 bytes
011 up to 4,472 bytes
100 up to 8,144 bytes
101 up to 11,407 bytes
110 up to 17,800 bytes
111 is used in broadcast frames only
XXXX are reserved bits.
Route Descriptor (up to 14 bytes)
R R R R R R R R R R R R B B B B
R indicates the ring number with possible values from 0x0 to 0xFFF (0 to 4,095).
B indicates the bridge number with possible values from 0x0 to 0xF (1 to 15).
,
,,

00000011 3 0x3
00000100 4 0x4
00000101 5 0x5
00000110 6 0x6
00000111 7 0x7
00001000 8 0x8
00001001 9 0x9
00001010 10 0xA
00001011 11 0xB
(continued)
16
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
Ring
0x100
Token
Ring
Ring
100
Token
Ring
tok1
tok0
Figure 3.6 Sample RIF calculation.
Table 3.2 Binary to decimal to hexadecimal conversion chart
(continued)
.
Binary Decimal Hexidecimal
00001100 12 0xC
00001101 13 0xD

Ring 0 to communicate with Token Ring 1 via source route bridging across the
router in the middle:
source-bridge spanning 1
The preceding command permits you to manually forward spanning tree explor-
ers. Spanning tree explorers are frames sent out by SRB devices that transverse
the spanning tree path only. For instance, in a large SRB domain, there might be
several SRB ports in a blocking state. Any spanning tree explorer packet received
will not be forwarded out a blocked port. This can help reduce the number of
explorers you have in your network.
Now, consider what will happen if you have more than two rings connected to a
local router. Legacy IBM bridges came with only two Token Ring ports, which
was very limited. For instance, how would four Token Ring interfaces communi-
cate among each other? Cisco accommodates this type of scenario with virtual
rings (also called software rings). A virtual ring setup is also sometimes referred to
as a multiport configuration. Virtual rings allow more than two rings to communi-
cate. To illustrate, let’s look at an example router with four local rings as displayed
in Figure 3.7.
Ring
0x100
Token
Ring
Ring
100
Token
Ring
tok1
tok0
Token
Ring
Token

source-bridge spanning
The preceding configuration enables four Token Rings to communicate with
each other using the virtual ring 200. After the configuration is in place, the IOS
does the rest and enables communication among all rings.
If you have a device that does not use or understand RIFs, then your device needs
SRT bridging.
Source-Route Transparent (SRT) Bridging
Basically, a source-route transparent bridge looks at a frame and examines the
fields that identify whether a RIF is present, namely the routing information
indicator (RII). If the RII is present, the source route transparent bridge will
forward the frame; if the RII is not present, the frame will be transparently bridged.
Some devices do not support RIF frames like Windows 95. To allow communi-
cation using bridges between LAN segments SRT is a possible resolution for
devices that are not capable of understanding RIF formatted frames. The dia-
gram in Figure 3.8 summarizes how an SRT bridges frames.
19
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching
Source Route Transparent Bridging on Cisco Routers
Now, in preparation for the CCIE exam, let’s configure the router shown in Fig-
ure 3.8 for SRT. In Figure 3.8, the devices on Token Ring 0 do not use RIFs, but
the devices on Token Ring 1 do. Listing 3.5 shows the configuration used to
enable SRT. The Cisco router will internally run both transparent bridging for
device’s on Ring 100 and SRB for devices on Ring 101.
Listing 3.5 SRT configuration example.
interface tokenring0
bridge-group 1
source-bridge spanning
interface tokenring1
source-bridge 101 1 100

domain, the routing information field is removed. When a frame is sent from the
Ethernet domain to the SRB domain, a RIF is added. Figure 3.9 demonstrates a
typical SR/TLB requirement where an Ethernet device, such as a PC, needs to
talk at layer 2 (bridge) to a device on Token Ring, such as a file server.
The IOS software in the Cisco router performing SR/TLB does the following:
➤ Adds and removes RIFs as needed
➤ Performs bit ordering
➤ Assigns MTU sizes (the default MTU for Ethernet is 1,500 bytes and Token
Ring is 4,464 bytes; see Chapter 2 for more information)
Token
Ring
The Etherent domain
appears as source-router
bridging domain to the
users on token ring 100
Ethernet
Domain
e0
Cisco router
performing SR/TLB
tok0
Ring 100
Source-route
bridging domain
Add RIF
Remove RIF
Figure 3.9 Source-route translational bridging sample network scenario.
21
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Advanced Network Theory: Bridging and LAN Switching

Concurrent and Integrated Routing Bridging
(CRB and IRB)
In addition to the bridging methods discussed in the preceding sections, Cisco
supports two propriety methods of bridging—concurrent routing and bridging
(CRB) and integrated routing and bridging (IRB):
22
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
➤ Concurrent routing and bridging (CRB)—If a bridgeable or routable frame is
received, it is sent to an interface configured for bridging or routing, but you
cannot receive a bridgeable frame and route it or similarly receive a routed
packet and bridge the frame.
➤ Integrated routing and bridging (IRB)—The limitation of not being able to
bridge a frame out of a routing interface is removed with IRB. You can route
or bridge a packet out of any interface on a Cisco router with IRB. IRB is
only available in IOS release 11.2 and later.
Study the IBM bridging guide on the Cisco Web site at: http://cco/
univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_c/
index.htm
As new versions of IOS are released, the documentation is also
updated. This URL is for IOS release 12.
Encapsulated Bridging
Another form of bridging supported by Cisco routers is encapsulated bridging.
Encapsulated bridging is basically a form of transporting one access method,
such as Ethernet, across another access method, such as Fiber Distributed Data
Interface (FDDI) or serial interfaces. Figure 3.10 shows an example of encapsu-
lated bridging.
In Figure 3.10, the following occurs:
1. The router receives the Ethernet frames.
2. The Ethernet frames from the Ethernet network are encapsulated on Router

R1
R2
Data
Ethernet Header
FDDI FRAME
with own header
and trailer
2.
Data
Ethernet Header
3.
Data
Ethernet Header
1.
Figure 3.10 Encapsulated bridging over a FDDI network.
24
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 3
In Listing 3.7, access lists 700 and 1100 also have hardware masks that are used to
identify bits that match and bits that can be ignored. Furthermore, access list 1100
permits packets from MAC addresses 000c.1bxx.xxxx to pass to devices with
MAC addresses 000c.1axx.xxxx. You do not need to be concerned about the last
six bits. This access list is an example of allowing certain vendors’ network interface
cards to access the network, because the first 3 bytes represent the vendor code.
Remote Source-Route Bridging (RSRB) and Data-Link
Switching (DLSw)
RSRB and DLSw are advanced bridging techniques used to provide solutions to
large bridged environments. Legacy protocols, such as SNA, are typically transported
over IP networks. RSRB and DLSw provide excellent techniques to accomplish stable
network design and redundancy. RSRB and DLSW are grouped together here be-

capsulation to pass frames over a single physical network connection between
two routers attached to Token Rings. Direct encapsulation provides better
performance than TCP, for instance, because it involves fewer overheads.
➤ Fast-Sequenced Transport (FST)—Uses IP encapsulation with few overheads.
FST provides medium overhead, but it’s less reliable than TCP because IP is
connectionless and will rely on packets arriving in the same order as they
were sent.
➤ Transport Control Protocol (TCP)—Uses a TCP connection, which contains
the usual overheads of TCP. TCP is very reliable when compared to IP or
direct encapsulation, but it requires more overheads. TCP segments contain
many overheads that ensure safe delivery and segment reordering.
To enable RSRB, a number of tasks are required. First, you must choose your
encapsulation method and create your virtual ring. Using Figure 3.12, let’s con-
figure RSRB using all three encapsulation methods.
Token
Ring
FDDI
Token
Ring
Token
Ring
IP network
Figure 3.11 Bridging in a complex network.