ISR4300 Spanning-tree issues with BDI

Baz1977 · ‎11-13-2020

Hello friends

I am in need of a help.

I am currently working on a setup for a client. Topology is simple. There are 2 sites connected together over 2 P2P links. These are both layer 2 links.

I recently replaced their EoL cisco 3500 switches ( 4 they had ) with 2 ISR 4300 to act as their routers and 2 3750 for one of the P2P links.

See below diagram :

CE1:

int BDI 666
encapsulation dot1Q 666
ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet0/0/2

service instance 666 ethernet
encapsulation dot1q 666
rewrite ingress tag pop 1 symmetric
bridge-domain 666

!

interface GigabitEthernet0/0/0

service instance 666 ethernet
encapsulation dot1q 2100 second-dot1q 666
rewrite ingress tag pop 2 symmetric
bridge-domain 666

l2ptotocol peer

!

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 666 priority 24576

!

CE2:

int vlan 666

ip add 192.168.1.2 255.255.255.0

!

int f 0/1

sw mod trunk

sw trunk allowed vlan 666

!

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 666 priority 20480

!

interface G 0/2

sw mod trunk

sw trunk allowed vlan none

!

CE3:

int vlan 666

ip add 192.168.1.3 255.255.255.0

!

int f 0/1

sw mod trunk

sw trunk allowed vlan 666

!

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 666 priority 12350

!

interfave gi 0/2

sw mod trunk

sw trunk allowed vlan none

CE4:

int BDI 666
encapsulation dot1Q 666
ip address 192.168.1.4 255.255.255.0

!

interface GigabitEthernet0/0/2

service instance 666 ethernet
encapsulation dot1q 666
rewrite ingress tag pop 1 symmetric
bridge-domain 666

!

interface GigabitEthernet0/0/0

service instance 666 ethernet
encapsulation dot1q 2100 second-dot1q 666
rewrite ingress tag pop 2 symmetric
bridge-domain 666

l2ptotocol peer

!

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 666 priority 8192

!

All works great at the moment as the link between CE2 and CE3 is not allowing vlan 666.

I can ping all 4 devices from everywhere.

As soon as I allow the vlan through the trunk between CE2 and CE3 , I see a loop ( mac address flap ) and I lose the network.

I allowed it for 30second to make sure it is not spanning tree sorting itself out, but no, kept getting the message.

So I am at a bit of a loss as I seem to have followed the setup guides I have seen here but still getting the issue

It should be noted that if I issue the command:

sh spanning-tree vlan 666 on the ISR, I only see the G0/0/2 being listed in the output and not gi 0/0/0.

but if I do sh spanning-tree bridge, then I see

vlan666

vlan2200

and I can't see the status of the port to see if it is forwarding or blocking or ... when I use the command sh spanning-tree bridge

Any help will be appreciated as I am struggling with this and time is noton my side.

Thanks

Reza Sharifi · ‎11-13-2020

Hi,

The ISR routers are mainly used for layer-3 routing and not so much for layer-2 switching. I am not sure, why you would replace 2 switches for 2 routers when everything is layer-2. If everything is layer-2, why do you have OSPF area 0 in the middle of the diagram? If you want to keep everything as layer-2 and extended vlan 666 from one site to another, replace the 2 routers with 2 switches and move the second connection (marked in red) to the switches that are directly connected together (c2 and c3), and create a Portchannel. This will give you link redundancy and you can use both links at the same time without being concern about STP.

C1------C2--PO--C3-----C4

HTH

Baz1977 · ‎11-13-2020

Hi Reza

There is a l3mpls going into the isr routers. I haven't got that in the picture as it is not relevant here. Hence the need for the ISR.