Allowing BPDU traffic on Switched Network

fibernet570 · ‎07-09-2010

I need to allow BPDU traffic for a department, will this work?

Switch1
interface fast 4/1
description "IT-Helpdesk Dept"
switchport
switchport mode dot1q-tunnel
switchport access vlan 800
speed 10
duplex full
no cdp enable
no snmp trap link-status
end
interface gig 7/1
description "Trunk between Switch1 and Switch2"
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,800-848
end

Switch2
interface fast 4/1
description "IT-Helpdesk Dept"
switchport
switchport mode dot1q-tunnel
switchport access vlan 800
speed 10
duplex full
no cdp enable
no snmp trap link-status
end
interface gig 7/1
description "Trunk between Switch2 and Switch1"
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,800-848
end

I did a "show spanning-tree vlan 800 detail":
Switch1
BPDU: sent 44965, received 0

Switch2
BPDU: sent 44844, received 0

Giuseppe Larosa · ‎07-09-2010

Hello Fibernet,

if you want to enable transport of STP BPDUs over the 802.1Q tunnel transport session you need to enable L2 transport as explained here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/guide/swtunnel.html#wp1006657

you need

l2protocol-tunnel stp

in interface configuraton of dot1q tunnel ports of SP switches, other commands are available for tuning as explained in the above link.

the dot1q tunnel port automatically enables STP bpdu filter on tunnel side to avoid to mix STP between L2 customer and L2 service provider but the L2 transport will allow the two CE switches to exchange BPDUs: one of them will win the designated port election for the segment and that will be the only one sending STP bpdus that wll be received by the other CE device like if they were directly connected.

SP switches don't take part in customer STP

Hope to help

Giuseppe

fibernet570 · ‎07-09-2010

Thnks for the rapid response, what if the interfaces were plain access ports?

Switch1
interface fast 4/1
description "IT-Helpdesk Dept"
switchport
switchport mode access
switchport access vlan 800
speed 10
duplex full
no cdp enable
no snmp trap link-status
end
interface gig 7/1
description "Trunk between Switch1 and Switch2"
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,800-848
end

Switch2
interface fast 4/1
description "IT-Helpdesk Dept"
switchport

switchport mode access
switchport access vlan 800
speed 10
duplex full
no cdp enable
no snmp trap link-status
end
interface gig 7/1
description "Trunk between Switch2 and Switch1"
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,800-848
end

Giuseppe Larosa · ‎07-09-2010

Hello Fibernet,

if the target is to extend only vlan 800 you can do it in this way

note: 802.1Q tunnel ports could be used to extend multiple vlans between the two sites, but if all is part of an enterprise network you can do it adding vlan 800 in all trunk links (both sides of each link) on the path.

Hope to help

Giuseppe

fibernet570 · ‎07-09-2010

Its spanning floors within a building. IT wants to send BPDU traffic. I just wanted to know if turning the tunnel ports into access ports, do I need to add anything in order to allow BPDU traffic? As you mentioned, tunnel ports require "l2protocol-tunnel stp", do access ports require anything? I wanted to compare and have options, I thought access ports would be simpler.

-Manny