[c-nsp] Briding 2 Vlans on a 2950 switch with a security appliance

Gert Doering gert at greenie.muc.de
Sat May 21 18:08:49 EDT 2005


Hi,

On Sat, May 21, 2005 at 03:10:33PM +0200, Christian Zeng wrote:
> I'm not sure what happens to the root status for both VLANs when such a
> BPDU is received. Because of PVST I think that the switch detects the
> misconfiguration - it receives a BPDU with information for VLAN #1 on
> VLAN #2 and therefore puts the port in inconsistent state. This happens
> in a distributed topology too, when non-root bridges receiving wrong
> BPDU frames from a neighbour (can be also non-root).

As long as the ports in question are not configured as trunk ports,
the switch has no idea whether the other end is in the same VLAN or
in something else.  The packets are not tagged, and there is nothing
in STP that tells "I'm a STP packet for VLAN #2".

So your theory won't work.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list