[f-nsp] MLX with "route-only" port is forwarding VLAN1 BPDUs?
Mike Allen
mkallen at gmail.com
Fri Jun 24 18:18:41 EDT 2016
Spanning tree is off by default too on mlx code, so you shouldn't be seeing
those regardless on the new vlan.
Mike
On Jun 24, 2016 6:09 PM, "i3D.net - Martijn Schmidt" <martijnschmidt at i3d.net>
wrote:
> Hi Gerald,
>
> There are more BPDU types than just spanning-tree.. :-) You should apply
> "no fdp enable" and "no spanning-tree" on the physical interface ethe
> 1/2, as well as "no ip redirect" and "ipv6 nd suppress-ra" on the VE's
> which are facing that interface. This should be enough to make the MLXe
> shut up if "route-only" is also enabled on a global level (though it
> should be ok with an interface-level "route-only" setting too).
>
> Best regards,
> Martijn Schmidt
>
> On 06/24/2016 11:59 PM, Gerald wrote:
> > Oh, maybe the trick is disabling STP an the port too:
> >
> > !
> > vlan 666 name dummy-layer3-vlan
> > untag eth 1/2
> > spanning-tree ethernet 1/2 disable
> > !
> >
> > Am 24.06.2016 um 23:54 schrieb Gerald:
> >> All right, I've tested this and now the MLX seems to generate VLAN666
> >> BPDUs by itself on this port. At least I can see that the "BPDU Config
> >> tx" counter is still rising.
> >>
> >> So I can stop flooding VLAN1 BPDUs from other ports but now we have new
> >> VLAN666 BPDUs on that port transmitted.
> >>
> >> From one hell to the other... which one is better :-/
> >>
> >>
> >> Gerald
> >>
> >> Am 24.06.2016 um 23:35 schrieb Clement Cavadore:
> >>> Yes thats it ;)
> >>>
> >>> Le 24 juin 2016 23:30:02 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
> >>>> Oops, need sleep ;-)
> >>>>
> >>>> !
> >>>> int eth 1/2
> >>>> enable
> >>>> route-only
> >>>> ip addres 10.0.0.1/24
> >>>> !
> >>>> vlan 666 name dummy-layer3-vlan
> >>>> untag eth 1/2
> >>>> !
> >>>>
> >>>> Am 24.06.2016 um 23:27 schrieb Gerald:
> >>>>> Thx Clement for this advice, did you mean something like this:
> >>>>>
> >>>>> !
> >>>>> int eth 1/2
> >>>>> enable
> >>>>> route-only
> >>>>> ip addres 10.0.0.1/14
> >>>>> !
> >>>>> vlan 666 name dummy-layer3-vlan
> >>>>> untag eth 2/12
> >>>>> !
> >>>>>
> >>>>>
> >>>>> Gerald
> >>>>>
> >>>>> Am 24.06.2016 um 21:59 schrieb Clement Cavadore:
> >>>>>> You should create some "dummy" vlans on route-only ports, to avoid
> >>>> that.
> >>>>>> No problem having untagged vlan on any port with IP/routing
> >>>> configuration. You even ca do this without any disturbance.
> >>>>>> Le 24 juin 2016 21:53:08 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
> >>>>>>> The MLX got a reboot some weeks ago, this seems not to help. I'am
> >>>>>>> afraid
> >>>>>>> of your (1) note... :-(.
> >>>>>>>
> >>>>>>> Gerald
> >>>>>>>
> >>>>>>> Am 24.06.2016 um 21:27 schrieb Steven Raymond:
> >>>>>>>>> On Jun 24, 2016, at 1:19 PM, Gerald <gerald at ax.tc> wrote:
> >>>>>>>>>
> >>>>>>>>> Is there a way to stop this? I would have my "route-only" ports
> >>>>>>> Layer2
> >>>>>>>>> free and not disturb other Layer2 systems behind.
> >>>>>>>> Old old notes I found said basically 1) “bpdus are sent even with
> >>>>>>> route-only”, and 2) "you should reboot after applying route-only".
> >>>>>>>> Both of which may not helpful to you.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> foundry-nsp mailing list
> >>>>>>> foundry-nsp at puck.nether.net
> >>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160624/aeb3a397/attachment.html>
More information about the foundry-nsp
mailing list