[f-nsp] MLX with "route-only" port is forwarding VLAN1 BPDUs?

Ryan Harden hardenrm at uchicago.edu
Fri Jun 24 18:19:45 EDT 2016 

You can look into this as well.

'no dual-mode-default-vlan’ 

As I understand, it turns off the ‘all ports are part of VLAN1’ (or whatever your default VLAN is) ‘feature’.

/Ryan

Ryan Harden
Research and Advanced Networking Architect
University of Chicago - ASN160
P: 773.834.5441




> On Jun 24, 2016, at 5:08 PM, i3D.net - Martijn Schmidt <martijnschmidt at i3d.net> wrote:
> 
> Hi Gerald,
> 
> There are more BPDU types than just spanning-tree.. :-) You should apply
> "no fdp enable" and "no spanning-tree" on the physical interface ethe
> 1/2, as well as "no ip redirect" and "ipv6 nd suppress-ra" on the VE's
> which are facing that interface. This should be enough to make the MLXe
> shut up if "route-only" is also enabled on a global level (though it
> should be ok with an interface-level "route-only" setting too).
> 
> Best regards,
> Martijn Schmidt
> 
> On 06/24/2016 11:59 PM, Gerald wrote:
>> Oh, maybe the trick is disabling STP an the port too:
>> 
>> !
>> vlan 666 name dummy-layer3-vlan
>> untag eth 1/2
>> spanning-tree ethernet 1/2 disable
>> !
>> 
>> Am 24.06.2016 um 23:54 schrieb Gerald:
>>> All right, I've tested this and now the MLX seems to generate VLAN666
>>> BPDUs by itself on this port. At least I can see that the "BPDU Config
>>> tx" counter is still rising.
>>> 
>>> So I can stop flooding VLAN1 BPDUs from other ports but now we have new
>>> VLAN666 BPDUs on that port transmitted.
>>> 
>>> From one hell to the other... which one is better :-/
>>> 
>>> 
>>> Gerald
>>> 
>>> Am 24.06.2016 um 23:35 schrieb Clement Cavadore:
>>>> Yes thats it ;)
>>>> 
>>>> Le 24 juin 2016 23:30:02 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
>>>>> Oops, need sleep ;-)
>>>>> 
>>>>> !
>>>>> int eth 1/2
>>>>> enable
>>>>> route-only
>>>>> ip addres 10.0.0.1/24
>>>>> !
>>>>> vlan 666 name dummy-layer3-vlan
>>>>> untag eth 1/2
>>>>> !
>>>>> 
>>>>> Am 24.06.2016 um 23:27 schrieb Gerald:
>>>>>> Thx Clement for this advice, did you mean something like this:
>>>>>> 
>>>>>> !
>>>>>> int eth 1/2
>>>>>> enable
>>>>>> route-only
>>>>>> ip addres 10.0.0.1/14
>>>>>> !
>>>>>> vlan 666 name dummy-layer3-vlan
>>>>>> untag eth 2/12
>>>>>> !
>>>>>> 
>>>>>> 
>>>>>> Gerald
>>>>>> 
>>>>>> Am 24.06.2016 um 21:59 schrieb Clement Cavadore:
>>>>>>> You should create some "dummy" vlans on route-only ports, to avoid
>>>>> that. 
>>>>>>> No problem having untagged vlan on any port with IP/routing
>>>>> configuration. You even ca do this without any disturbance.
>>>>>>> Le 24 juin 2016 21:53:08 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
>>>>>>>> The MLX got a reboot some weeks ago, this seems not to help. I'am
>>>>>>>> afraid
>>>>>>>> of your (1) note... :-(.
>>>>>>>> 
>>>>>>>> Gerald
>>>>>>>> 
>>>>>>>> Am 24.06.2016 um 21:27 schrieb Steven Raymond:
>>>>>>>>>> On Jun 24, 2016, at 1:19 PM, Gerald <gerald at ax.tc> wrote:
>>>>>>>>>> 
>>>>>>>>>> Is there a way to stop this? I would have my "route-only" ports
>>>>>>>> Layer2
>>>>>>>>>> free and not disturb other Layer2 systems behind.
>>>>>>>>> Old old notes I found said basically 1) “bpdus are sent even with
>>>>>>>> route-only”, and 2) "you should reboot after applying route-only". 
>>>>>>>>> Both of which may not helpful to you.
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> foundry-nsp mailing list
>>>>>>>> foundry-nsp at puck.nether.net
>>>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list