Re: Redundant Dot1Q Tunnels from Adam Booth on 2013-02-25 (Ccielab archives 02/2013)

From: Adam Booth <adam.booth_at_gmail.com>
Date: Tue, 26 Feb 2013 11:33:43 +1000

Hi Antonio,

Have you tried to see if flex links (switchport backup interface) is a
possible solution as it doesn't rely on STP?

Cheers,
Adam

On Tue, Feb 26, 2013 at 10:06 AM, Antonio Soares <amsoares_at_netcabo.pt>wrote:

> Hello group,
>
> I have requirement that needs redundant Dot1Q Tunnels between switches:
>
> SW1===FastEthernet===SW2
> SW1===GigabitEthernet===SW2
>
> SW1 is configured with normal dot1q trunks. SW2 is configured with dot1q
> tunnel.
>
> I made a test in the lab and this setup creates a spanning-tree loop. This
> is because SW2 has bpdu filtering enabled. And this is internal, the
> command
> "spanning-tree bpdufilter disable" doesn't have any effect.
>
> In the lab I made the test with FastEthernet interfaces only:
>
> SW1===F0/13===F0/13===SW2
> SW1===F0/14===F0/14===SW2
>
> +++++++++++++++++
> SW1 the CE switch
> +++++++++++++++++
> SW1#sh run int f0/13
> Building configuration...
>
> Current configuration : 150 bytes
> !
> interface FastEthernet0/13
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 10,20
> switchport mode trunk
> load-interval 30
> end
>
> SW1#sh run int f0/14
> Building configuration...
>
> Current configuration : 150 bytes
> !
> interface FastEthernet0/14
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 10,20
> switchport mode trunk
> load-interval 30
> end
>
> SW1#
>
> +++++++++++++++++
> SW2 the PE switch
> +++++++++++++++++
> SW2#sh run int f0/13
> Building configuration...
>
> Current configuration : 140 bytes
> !
> interface FastEthernet0/13
> switchport access vlan 100
> switchport mode dot1q-tunnel
> no cdp enable
> spanning-tree bpdufilter enable
> end
>
> SW2#
> SW2#sh run int f0/14
> Building configuration...
>
> Current configuration : 141 bytes
> !
> interface FastEthernet0/14
> switchport access vlan 100
> switchport mode dot1q-tunnel
> no cdp enable
> spanning-tree bpdufilter disable
> end
>
> SW2#
>
> +++++++++++++++++
> bpdufilter disable has no effect
> +++++++++++++++++
> SW2#sh spanning-tree int f0/13 detail
> Port 15 (FastEthernet0/13) of VLAN0100 is designated forwarding
> Port path cost 19, Port priority 128, Port Identifier 128.15.
> Designated root has priority 32868, address 000f.f76d.ac80
> Designated bridge has priority 32868, address 001f.2711.d580
> Designated port id is 128.15, designated path cost 19
> Timers: message age 0, forward delay 0, hold 0
> Number of transitions to forwarding state: 1
> Link type is point-to-point by default
> Bpdu filter is enabled internally <-----------------------------
> BPDU: sent 0, received 0
> SW2#
> SW2#sh spanning-tree int f0/14 detail
> Port 16 (FastEthernet0/14) of VLAN0100 is designated forwarding
> Port path cost 19, Port priority 128, Port Identifier 128.16.
> Designated root has priority 32868, address 000f.f76d.ac80
> Designated bridge has priority 32868, address 001f.2711.d580
> Designated port id is 128.16, designated path cost 19
> Timers: message age 0, forward delay 0, hold 0
> Number of transitions to forwarding state: 1
> Link type is point-to-point by default
> Bpdu filter is enabled internally <-----------------------------
> BPDU: sent 0, received 0
> SW2#
>
> This creates a loop, both SW1 and SW2 are forwarding on both links for all
> vlans involved (10 and 20 on the CE side and 100 on the PE side).
>
> This is the kind of messages we never want to see in our lives but it
> happens :)
>
> *Mar 1 01:26:53.402: %SW_MATM-4-MACFLAP_NOTIF: Host 0011.21c4.5d00 in vlan
> 10 is flapping between port Fa0/13 and port Fa0/14
> *Mar 1 01:26:53.947: %SW_MATM-4-MACFLAP_NOTIF: Host 0011.21c4.5d00 in vlan
> 20 is flapping between port Fa0/13 and port Fa0/14
>
>
> In the real scenario, I have a 1Gbps link between the switches and a
> 200Mbps
> port-channel as well. The objective is to have the 200M backup if the 1G
> fails.
>
> If I'm not wrong, this is impossible to achieve. Or am I missing something
> ?
>
>
> Thanks.
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares_at_netcabo.pt
> http://www.ccie18473.net
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 26 2013 - 11:33:43 ART

This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART