cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

921
Views
15
Helpful
8
Replies
Highlighted
Participant

Firepower 2130 - Rapid spanning tree configurable

Greetings,

 

Could someone please share their experience / knowledge regarding below query.

 

Is Rapid spanning tree configurable on Firepower 2130? We need to connect this firewall to ring topology of Cisco 9500 switches in different distant location as shown in attached PIC

8 REPLIES 8
Highlighted
VIP Advisor

Hi @adeebtaqui 

You don't need to configure spanning-tree on the firewall

Highlighted

But it will be connected between switches configured with RSTP for ring topology.  How will the BPDU or hello messages be passed between switches for checking if RSTP is up or needs to unblock another link?

Highlighted

@adeebtaqui What mode are you intending to use, routed or transparent mode?

In FTD routed mode BPDU's will not pass as it's Layer 3, in transparent mode BPDU's will pass.

Highlighted

Oh ok. For routing, switches are using OSPF and for ring topology redundancy they are using Rapid STP.

 

The main switch needs to have access to all switches and if any link in ring breaks then should be able to access through other way in same ring by unblocking the blocked Switch port due to STP.

Highlighted

I was referring to routed or transparent mode on the FTD. If you want to let BPDU pass through the FTD you need to configure the FTD in transparent mode.

 

Reference here

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html#id_90253

Highlighted
VIP Mentor

what mode these FW deployed ? i am sure North VLAN not Longer exist in south, so you should be fine.

 

I am sure you running Rapid PVST.?

BB
*** Rate All Helpful Responses ***
Highlighted

Yes switches running rapid pvst. 

 

What config should be done on FPR 2130 interfaces connecting the switches connected in ring topology(using RPVST for this)

Highlighted

To allow BPDUs between the switches you should install the firewalls in transparent mode.  BPDUs are allowed by default between interfaces in the same bridge group.

--
Please remember to select a correct answer and rate helpful posts
Content for Community-Ad