[c-nsp] spanning-tree for local switching on ASR920

Mark Tinka mark.tinka at seacom.mu
Thu Oct 19 05:02:39 EDT 2017



On 19/Oct/17 10:48, James Bensley wrote:

> We wouldn't offer dual connections to the same layer 3 edge device as
> a "resilient" service nor have it participate in layer 2 service if it
> is layer 3 edge. I'd stick a switch in place, the FW could have two
> links to the switch and the switch can participate in STP and have one
> uplink to the ASR920/PE for layer 3 termination/upstream.

Yes, we do exactly the same.

We've had to reject a number of requests from customers that have
multiple firewalls and want our ASR920 edge router to participate in
their LAN.

We've always told them to present a router to us, and decide,
internally, whatever it is they want to do with their firewalls and
leave us out of that decision. We are not in the habit of sharing Layer
2 broadcast domains with customers.

Mark.


More information about the cisco-nsp mailing list