Configures VLAN Ethernet bridging parameters. Use this command to configure a Bridge NAT or Bridge VLAN settings
Configuring bridge NAT (Network Address Translation) parameters, allows management of Internet traffic originating at a remote site. In addition to traditional NAT functionality, bridge NAT provides a means of configuring NAT for bridged traffic through an access point. NAT rules are applied to bridged traffic through the access point, and matching packets are NATed to the WAN link instead of being bridged on their way to the router. Using bridge NAT, a tunneled VLAN (extended VLAN) is created between the NOC and a remote location. When a remote client needs to access the Internet, Internet traffic is routed to the NOC, and from there routed to the Internet. This increases the access time for the end user on the client. To resolve latency issues, bridge NAT identifies and segregates traffic heading towards the NOC and outwards towards the Internet. Traffic towards the NOC is allowed over the secure tunnel. Traffic towards the Internet is switched to a local WLAN link with access to the Internet.
A VLAN (Virtual LAN) is a separately administrated virtual network within the same physical managed network. VLANs are broadcast domains defined within wireless controllers or service platforms to allow control of broadcast, multicast, unicast, and unknown unicast within a layer 2 device. Administrators often need to route traffic between different VLANs. Bridging VLANs are only for non-routable traffic, like tagged VLAN frames destined to some other device, which will untag it. When a data frame is received on a port, the VLAN bridge determines the associated VLAN based on the port of reception. Using forwarding database information, the bridge VLAN forwards the data frame on the appropriate port(s). VLANs are useful to set separate networks to isolate some computers from others, without actually having to have separate cabling and Ethernet switches. Controllers can do this on their own, without need for the computer or other gear to know itself what VLAN it is on (this is called port-based VLAN, since it is assigned by port of the switch). Another common use is to put specialized devices like VoIP Phones on a separate network for easier configuration, administration, security, or service quality.
bridge
[nat|vlan]bridge nat source list <IP-ACCESS-LIST-NAME> precedence <1-500> interface [<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [(address|interface| overload|pool <NAT-POOL-NAME>)]
bridge vlan [<1-4094>|<VLAN-ALIAS-NAME>]
bridge nat source list <IP-ACCESS-LIST-NAME> precedence <1-500> interface [<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [(address|interface|overload| pool <NAT-POOL-NAME>)]
| nat | Configures bridge NAT parameters |
| source | Configures NAT source addresses |
| list <IP-ACCESS-LIST-NAME> precedence <1-500> | Associates an
access control list (ACL) with this bridge NAT policy. The ACL specifies the
IP address permit/deny rules applicable to this bridge NAT policy.
|
| interface [<LAYER3-INTERFACE-NAME>| pppoe1|vlan <1-4094>| wwan1] | Selects one of
the following as the primary interface (between the source and destination
points):
|
| [(address|interface| overload|pool <NAT-POOL-NAME>)] | The following
keywords are recursive and common to all interface types:
|
bridge vlan [<1-4094>|<VLAN-ALIAS-NAME>]
| vlan <1-4094> | Configures the
numerical identifier for the Bridge VLAN when it was initially created.
|
| vlan <VLAN-ALIAS-NAME> | Configures the
VLAN alias (should be existing and configured) identifying the bridge
VLAN
|
Creating customized filter schemes for bridged networks limits the amount of unnecessary traffic processed and distributed by the bridging equipment.
If a bridge does not hear Bridge Protocol Data Units (BPDUs) from the root bridge within the specified interval, defined in the max-age (seconds) parameter, assume the network has changed and recomputed the spanning-tree topology.
nx9500-6C8809(config-profile-default-rfs4000)#bridge vlan 1
nx9500-6C8809(config-profile-default-rfs4000-bridge-vlan-1)#?
Bridge VLAN Mode commands:
Bridge VLAN Mode commands:
bridging-mode Configure how packets on this
VLAN are bridged
captive-portal Captive Portal
captive-portal-enforcement Enable captive-portal enforcement
on this extended VLAN
description Vlan description
edge-vlan Enable edge-VLAN mode
firewall Enable vlan firewall(IPv4)
http-analyze Forward URL and Data to
controller
ip Internet Protocol (IP)
ipv6 Internet Protocol version 6
(IPv6)
l2-tunnel-broadcast-optimization Enable broadcast optimization
l2-tunnel-forward-additional-packet-types Forward additional packet types
not normally forwarded by l2
broadcast optimization
mac-auth Enable mac-auth for this bridge
vlan
name Vlan name
no Negate a command or set its
defaults
stateful-packet-inspection-l2 Enable stateful packet inspection
in layer2 firewall
registration Enable dynamic registration of
device (or) user
tunnel Vlan tunneling settings
tunnel-over-level2 Tunnel extended VLAN traffic over
level 2 MiNT links
use Set setting to use
clrscr Clears the display screen
commit Commit all changes made in this
session
do Run commands from Exec mode
end End current mode and change to
EXEC mode
exit End current mode and down to
previous mode
help Description of the interactive
help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to
memory or terminal
nx9500-6C8809(config-profile-default-rfs4000-bridge-vlan-1)#