[f-nsp] MLX with "route-only" port is forwarding VLAN1 BPDUs?
i3D.net - Martijn Schmidt
martijnschmidt at i3d.net
Fri Jun 24 18:08:11 EDT 2016
Hi Gerald,
There are more BPDU types than just spanning-tree.. :-) You should apply
"no fdp enable" and "no spanning-tree" on the physical interface ethe
1/2, as well as "no ip redirect" and "ipv6 nd suppress-ra" on the VE's
which are facing that interface. This should be enough to make the MLXe
shut up if "route-only" is also enabled on a global level (though it
should be ok with an interface-level "route-only" setting too).
Best regards,
Martijn Schmidt
On 06/24/2016 11:59 PM, Gerald wrote:
> Oh, maybe the trick is disabling STP an the port too:
>
> !
> vlan 666 name dummy-layer3-vlan
> untag eth 1/2
> spanning-tree ethernet 1/2 disable
> !
>
> Am 24.06.2016 um 23:54 schrieb Gerald:
>> All right, I've tested this and now the MLX seems to generate VLAN666
>> BPDUs by itself on this port. At least I can see that the "BPDU Config
>> tx" counter is still rising.
>>
>> So I can stop flooding VLAN1 BPDUs from other ports but now we have new
>> VLAN666 BPDUs on that port transmitted.
>>
>> From one hell to the other... which one is better :-/
>>
>>
>> Gerald
>>
>> Am 24.06.2016 um 23:35 schrieb Clement Cavadore:
>>> Yes thats it ;)
>>>
>>> Le 24 juin 2016 23:30:02 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
>>>> Oops, need sleep ;-)
>>>>
>>>> !
>>>> int eth 1/2
>>>> enable
>>>> route-only
>>>> ip addres 10.0.0.1/24
>>>> !
>>>> vlan 666 name dummy-layer3-vlan
>>>> untag eth 1/2
>>>> !
>>>>
>>>> Am 24.06.2016 um 23:27 schrieb Gerald:
>>>>> Thx Clement for this advice, did you mean something like this:
>>>>>
>>>>> !
>>>>> int eth 1/2
>>>>> enable
>>>>> route-only
>>>>> ip addres 10.0.0.1/14
>>>>> !
>>>>> vlan 666 name dummy-layer3-vlan
>>>>> untag eth 2/12
>>>>> !
>>>>>
>>>>>
>>>>> Gerald
>>>>>
>>>>> Am 24.06.2016 um 21:59 schrieb Clement Cavadore:
>>>>>> You should create some "dummy" vlans on route-only ports, to avoid
>>>> that.
>>>>>> No problem having untagged vlan on any port with IP/routing
>>>> configuration. You even ca do this without any disturbance.
>>>>>> Le 24 juin 2016 21:53:08 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
>>>>>>> The MLX got a reboot some weeks ago, this seems not to help. I'am
>>>>>>> afraid
>>>>>>> of your (1) note... :-(.
>>>>>>>
>>>>>>> Gerald
>>>>>>>
>>>>>>> Am 24.06.2016 um 21:27 schrieb Steven Raymond:
>>>>>>>>> On Jun 24, 2016, at 1:19 PM, Gerald <gerald at ax.tc> wrote:
>>>>>>>>>
>>>>>>>>> Is there a way to stop this? I would have my "route-only" ports
>>>>>>> Layer2
>>>>>>>>> free and not disturb other Layer2 systems behind.
>>>>>>>> Old old notes I found said basically 1) “bpdus are sent even with
>>>>>>> route-only”, and 2) "you should reboot after applying route-only".
>>>>>>>> Both of which may not helpful to you.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> foundry-nsp mailing list
>>>>>>> foundry-nsp at puck.nether.net
>>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list