Netonix Forums

I have a wireless link that we setup for a enterprise client that is using the link as a backup to fiber. The problem is they are passing multiple VLANs over the link and using Cisco PV-RSTP and they wish to configure the root bridge at different sides for different vlans. If I enable RSTP on our netonix it overrides any of the individual vlan STPs.

The setup is as follows: Client building#1----UBNT AC station1-----------UBNT AC AP1---Our Tower------UBNT AC AP2------------UBNT AC Station2-----Client Building#2

The cleint locations do not have direct LOS to each other and hence we're the midway point relay. The APs are way up and we have a WS-6 up on the tower that we use for another one of our APs and we planned to use it to power the two APs for the client and maintain management using a tagged vlan.

I would like to have it setup as follows:

Port5 AP1
Port6 AP2

WS-6 has vlan 4040 defined and both port 5 and 6 are untagged on vlan 4040 and all other vlans or excluded from port 5 and 6. We tag vlan 4040 on port1 (the interface to our router) and then apply a vlan inside vlan 4040 on the router to gain management access. All of this works fine, the issue is the client BPDU's getting ate by the ws-6.

At this point I believe if I can turn port 5 and 6 into a transparent bridge and get the BPDU's passing it will solve the issue. Is there a way to do this?

Thanks,

I would try with Q-in-Q for this case to isolate your network (service network) form their network (customer network) so use the Q instead of the U or T at the VLAN configuration. You can use any VLAN of your choice so can leave default VLAN 1 and just use Q at port pointing at building 1 and building 2.

QinQ solves all the issues with PVRSTP on all the tagged vlans, but the native vlan (untagged) still can't pass BPDU packets which causes a loop on vlan1. Generally speaking I believe if STP is turned off for a port BPDU's should just pass through. If that switch isn't doing anything with them then it would be better to pass them on and let a downstream device that may actively participate in the networks spanning-tree use them. Otherwise by the switch stripping them it makes it easier for a loop to occur. In the worse case the originator would gets it's own packet back and prevent the loop it's self.

I will look into adding this feature in a future version.

When STP is disable, BPDU should be drop (filter), not pass through. You don't want the customer network to interact with yours, only pass through everything including BPDU.

The service VLAN should encapsulate the customer BPDU just like customer VLANs. BPDU should pass through the service network just like it was a long cable between the 2 customer's sites. Have you try without disabling STP ? Maybe the switch drop BPDU before it's encapsulated if STP is disabled on port.

Just find this out. Maybe vitesse switch include something similar as "protocol tunneling".

If protocol tunneling is not enabled on 802.1Q tunneling ports, remote switches at the receiving end of the service-provider network do not receive the BPDUs and cannot properly run STP, CDP, 802.1X, and VTP.

Source: http://www.cisco.com/c/en/us/td/docs/sw ... tunnel.pdf
Page 9-5

mike99 wrote:When STP is disable, BPDU should be drop (filter), not pass through. You don't want the customer network to interact with yours, only pass through everything including BPDU.

The service VLAN should encapsulate the customer BPDU just like customer VLANs. BPDU should pass through the service network just like it was a long cable between the 2 customer's sites. Have you try without disabling STP ? Maybe the switch drop BPDU before it's encapsulated if STP is disabled on port.

I agree that BPDUs should be confined to the VLAN in which they originated especially in a tagged case like this. The problem when enabling rstp on the switch is there is only one spanning-tree instance supported on the netonix and that causes bleed over to our network.

I'm not sure what model switches the customer is using but I believe our gear is connected to cat4500s running IOS. Unfortunately my contract was to provide this link within these confines and i can't go making changes on their network to support the link.

I did reach a solution, it's messy but works. WS6 to a RB PowerBox and both links into the RB and then I created a software bridge. I still pulled 92Mbps through the link

Thanks for the help, I'd never played with QinQ on any of WS till now.

Eric Stern wrote:I will look into adding this feature in a future version.

Thanks for looking at it Eric, I'd be very happy with just a CLI option ;)

I only run into the need when mixing with data center links and topology. Our main AF24HD link between our two data centers had to be dropped right into the nexus 6ks on both sides to overcome the same weirdness. It scares the crap out of me every time we have a lightning storm now!