Configuring Transparent Bridging
Transparent and SRT Bridging Configuration Task List
BC-47
Cisco IOS Bridging and IBM Networking Configuration Guide
You can filter frames with a particular MAC-layer station source or destination address. Any number of
addresses can be configured into the system without a performance penalty. To filter by MAC-layer
address, use the following command in global configuration mode:
When filtering specific MAC destination addresses, allow for multicast or broadcast packets that are
required by the bridged network protocols. Refer to the example in the section “Multicast or Broadcast
Packets Bridging Example” later in this chapter to guide you in building your configuration to allow for
multicast or broadcast packets.
Filtering by Vendor Code
The bridging software allows you to create access lists to administratively filter MAC addresses. These
access lists can filter groups of MAC addresses, including those with particular vendor codes. There is
no noticeable performance loss in using these access lists, and the lists can be of indefinite length. You
can filter groups of MAC addresses with particular vendor codes by performing the first task and one or
both of the other tasks that follow:
•Establish a vendor code access list
•Filter source addresses
•Filter destination addresses
To establish a vendor code access list, use the following command in global configuration mode:
The vendor code is the first three bytes of the MAC address (left to right). For an example of how to filter
by vendor code, see “Multicast or Broadcast Packets Bridging Example” later in this chapter.
Note Remember that, as with any access list using MAC addresses, Ethernets swap their MAC
address bit ordering, and Token Rings and FDDI do not. Therefore, an access list that works
for one medium might not work for others.
Once you have defined an access list to filter by a particular vendor code, you can assign an access list
to a particular interface for filtering on the MAC source addresses of packets received on that interface
or the MAC destination addresses of packets that would ordinarily be forwarded out that interface. To
filter by source or destination addresses, use one of the following commands in interface configuration
mode:
Command Purpose
bridge bridge-group address mac-address {forward |
discard}[interface]
Filters particular MAC-layer station addresses.
Command Purpose
access-list access-list-number {permit |
deny} address mask
Prepares access control information for filtering of frames by canonical
(Ethernet-ordered) MAC address.