[c-nsp] spanning-tree for local switching on ASR920
Peter Rathlev
peter at rathlev.dk
Thu Mar 15 10:14:00 EDT 2018
On Thu, 2018-03-15 at 13:29 +0000, Nick Cutting wrote:
> In the output of show spanning tree - is the port with the untagged
> service instance forwarding on vlan 4093?
> Unless something changed from 16.6 -> 16.7 I imagine that it is only
> forwarding and processing BPDU's on vlans 2 and 10.
Correct, just VLANs 2, 10 and 2302 are STP enabled. There is no PVST
instance for the untagged bridge domains 4093/4094. So it indeed seems
like there's no way to run STP for untagged traffic.
If your primary concern is to react to cabling errors then maybe you
could use ports that sends BPDUs on an arbitrary tagged VLAN and has
"spanning-tree bpduguard enable" configured. On top of having a service
instance take the untagged traffic of course. Something like this:
interface GigabitEthernet0/0/0
no ip address
negotiation auto
spanning-tree bpduguard enable
service instance 1 ethernet
encapsulation untagged
l2protocol peer cdp lldp
bridge-domain 500
!
service instance 2 ethernet
encapsulation dot1q 3000
l2protocol peer stp
bridge-domain 3000
!
!
I haven't had the opportunity to test it, but it should at least shut
down two such ports that are connected directly. Indirect connection
via other equipment should lead to shutdown unless they discard the
tagged BPDUs.
--
Peter
More information about the cisco-nsp
mailing list