[c-nsp] transparent lan via asr9k and calix c7 (ftth olt)

Scott Richardson srichard at uen.org
Thu Feb 13 17:17:14 EST 2014

We had a similar situation, with different VLAN numbers on each side.  Spanning Tree was putting the customer ports into blocking mode because they were receiving BPDUs with the wrong VLAN number.  We had to filter the BPDUs.  You can do this on a physical interface with the command spanning-tree bpdufilter enable.

If it is a sub-interface, you have to use a layer 2 access list such as this:

ethernet-services access-list l2acl
10 deny any host 0100.0ccc.cccd
 20 permit any any

And then apply it to the sub-interface:

ethernet-services access-group l2acl ingress

See this page for more info:  http://www.cisco.com/en/US/products/ps9853/products_tech_note09186a0080c18666.shtml
Scott Richardson
Network Engineer
Utah Education Network

On Feb 13, 2014, at 2:48 PM, Aaron <aaron1 at gvtc.com<mailto:aaron1 at gvtc.com>> wrote:

Perhaps someone out there can help.

I have a FTTH scenario where I have asr9k as core box and Calix C7 and (2)
subscriber sites wanting to be in the same transparent lan.  Cisco 3750 at
both customer prem.  Both subscriber sites are on same c7, but I put one
site in vlan 101 and other site in vlan 102 and flow them up northbound out
of c7 gige uplinks into asr9k and l2vpn them together into a single


3750-1 g1/0/1----- ont ----- c7 ------ g0/0/0/14.101 asr9k g0/0/0/4.102
------- (same c7 different gige link) ------ ont ------ g1/0/1 3750-2

End to end (3750 to 3750) results .

Cdp works

Vtp works

Ip works

STP (PVST+) doesn't work

Tshooting why stp is broke.

Here's what I'm seeing on a sniffer. looking/sniffing in this direction

3750-1 g1/0/1----- ont ----- c7 ------ g0/0/0/14.101 asr9k g0/0/0/4.102
------- (same c7 different gige link) ------ ont ------ g1/0/1 3750-2

Bpdu's seen at ont

Bdpu's seen c7 northbound interface prior to handoff to asr9k port 14

Bpdu's seen southbound off of asr9k port 4 prior to southbound handoff to c7

Bdpus's NOT seen on ont interface prior to handoff to 3750-2

If you have an answer for that I'd love to hear it.  Seems to be something
with c7 . maybe a tls stp tunneling setting I'm not getting quite right in

In the meantime J , if/when I set "l2protocol cpsv reverse-tunnel" on asr9k
interfaces g0/0/0/4.102 and/or g0/0/0/14.101 I suddenly start getting stp
packets out that ont interface!  But, that reverse tunnel seems to cause the
previous broken stp bpdu's to change from 01-00-0c-cc-cc-cd and
01:80:c2:00:00:00 to now be 01:00:0c:cd:cd:d0 (apparently GBPT..generic
bridge pdu tunneling)..

So I guess I/we could figure out how to make the vanilla stp bdpu's get
through the c7/ont OR get the 3750 to recognize gbpt stp bpdu's.


cisco-nsp mailing list  cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list