We purchased a pair of these bridges to uplink a nearby building.
After consulting with our Cisco rep, this model was decided on due to it's ability to trunk multiple VLANs across the connection, a desire/requirement that we had.
I've configured the bridges, have them up and connected, but have discovered an issue that I'm having difficulty getting resolution on via TAC.
Our network is configured to utilize an unused VLAN for the trunk native VLAN, and keeping the management VLAN seperate, thereby preventing any potential VLAN hopping attacks (detailed by Cisco here:
In my case, VLAN51 is the native VLAN for trunk links, and VLAN100 is our management subnet.
I have BVI1 configured with an IP in VLAN100. I can only access the bridges via that IP when I have them plugged into an access switchport in that VLAN.
Once I change their uplink port configuration to a trunk link in VLAN51, I lose the ability to access the bridges via CLI or GUI. They are, however, fully functional in all other respects - properly linked, bridged and trunked, passing all VLANs that I need.
TAC is telling me that BVI1 must have an IP in the native VLAN to function, however, that directly contradicts Cisco's advice in the link above. Further, it is incongruous to the configuration/function of trunk links on our switches.
I've requested that my TAC case be escalated, but figured I'd stop in here to see if anyone has experienced something similar, and if they know of a fix.
After consulting with our Cisco rep, this model was decided on due to it's ability to trunk multiple VLANs across the connection, a desire/requirement that we had.
I've configured the bridges, have them up and connected, but have discovered an issue that I'm having difficulty getting resolution on via TAC.
Our network is configured to utilize an unused VLAN for the trunk native VLAN, and keeping the management VLAN seperate, thereby preventing any potential VLAN hopping attacks (detailed by Cisco here:
In my case, VLAN51 is the native VLAN for trunk links, and VLAN100 is our management subnet.
I have BVI1 configured with an IP in VLAN100. I can only access the bridges via that IP when I have them plugged into an access switchport in that VLAN.
Once I change their uplink port configuration to a trunk link in VLAN51, I lose the ability to access the bridges via CLI or GUI. They are, however, fully functional in all other respects - properly linked, bridged and trunked, passing all VLANs that I need.
TAC is telling me that BVI1 must have an IP in the native VLAN to function, however, that directly contradicts Cisco's advice in the link above. Further, it is incongruous to the configuration/function of trunk links on our switches.
I've requested that my TAC case be escalated, but figured I'd stop in here to see if anyone has experienced something similar, and if they know of a fix.