[c-nsp] spanning-tree for local switching on ASR920

Tassos Chatzithomaoglou achatz at forthnet.gr
Thu Oct 19 08:14:11 EDT 2017 

I believe you should use "l2protocol forward/tunnel stp" instead of
"l2protocol peer stp" under si 10, assuming FWs run STP (?) and it's
untagged.

But another questions comes to my mind: are the two FWs L2 connected by
some other media too, besides through the ASR920?


--
Tassos

Gert Doering wrote on 18/10/2017 4:39 μμ:
> Hi,
>
> apologies if I've overlooked the obvious, but my google fu is failing me,
> and my "read cli help and guess" fu is not better today.
>
> I have an ASR920 that is supposed to have gi0/0/10 and gi0/0/11 in
> the same bridge group, with a routed IP:
>
> interface GigabitEthernet0/0/10
>  no ip address
>  media-type auto-select
>  negotiation auto
>  cdp enable
>  service instance 10 ethernet
>   encapsulation untagged
>   l2protocol peer stp
>   bridge-domain 10
>  !
> interface GigabitEthernet0/0/11
>  no ip address
>  media-type auto-select
>  negotiation auto
>  cdp enable
>  service instance 10 ethernet
>   encapsulation untagged
>   l2protocol peer stp
>   bridge-domain 10
>  !
> interface BDI10
>  ip address .... 
> end
>
>
> (the goal is "customer wants to connect redundant firewalls to this box,
> and they need to see each other on L2, and see their routed interface
> on the ASR920").
>
> The basic part works, but now the interesting bit: spanning-tree.
>
> Connecting gi0/0/10 and gi0/0/11 shows how performant the hardware
> is...
>
>   5 minute input rate 945978000 bits/sec, 337840 packets/sec
>   5 minute output rate 945974000 bits/sec, 337840 packets/sec
>
> ... and how robust the control plane (no impact) - this is great news :-)
> - but I had *hoped* that spanning-tree would actually disable one of
> the ports, at least that's how I read the docs on CCO on "STP on ASR920".
>
> I have tried all variants with PVSTP and MST that I could think of, 
> but none lead to more than this:
>
> ASR920#show spanning-tree su
> Switch is in pvst mode
> Root bridge for: none
> EtherChannel misconfig guard is enabled
> Extended system ID           is enabled
> Portfast Default             is disabled
> PortFast BPDU Guard Default  is disabled
> Portfast BPDU Filter Default is disabled
> Loopguard Default            is disabled
> UplinkFast                   is disabled
> BackboneFast                 is disabled
> Pathcost method used         is short
>
> Name                   Blocking Listening Learning Forwarding STP Active
> ---------------------- -------- --------- -------- ---------- ----------
> Total                        0         0        0          0          0
> ASR920#show spanning-tree int g0/0/10
> no spanning tree info available for GigabitEthernet0/0/10
>
> ASR920#show spanning-tree int g0/0/11
> no spanning tree info available for GigabitEthernet0/0/11
>
> ... as in "there is no spanning tree running here", and I can't find a 
> way to make it.
>
> Before I open a TAC case here - has one of you a working example of
> this, that is
>
>   - ASR920
>   - two or more local ports (untagged or default) in the same bridge-group
>     ("forming a switch")
>   - spanning-tree enabled and working
>
> we do not want tagged (customer gear).  We could go with split-horizon,
> but we also want to understand the capabilities of this box, and why it
> is not behaving.
>
> IOS is asr920-universalk9_npe.03.18.03.S.156-2.S3-std.bin
>
> thanks,
>
> gert
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list