Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
1
Replies

MSTP with inline firewall

SJ K
Level 5
Level 5

‎07-21-2020 12:56 AM - edited ‎07-21-2020 12:58 AM

Hi all

 

Does MSTP block if it receives its own BPDU ?

 

mstp.png

e.g.  - send BPDU on 1/0/1

        - received own BPDU on 1/0/5

        - will MSTP block 1/0/5 ?

 

Thank you

Labels:
0 Helpful
1 Reply 1

brselzer
Cisco Employee
Cisco Employee

‎07-21-2020 05:27 AM

Hello,

 

Yes. MSTP will block if it receives a BPDU from itself. This is to prevent two end of the same cable being plugged into the same switch. 

 

You will need to block the BPDUs on the firewall or (not sure if possible) get the firewall to participate in spanning-tree. This means it would send its own vlan 3 BPDU on the one port and vlan 5 BPDU on the other port. 

 

Alternatively you can turn on BPDU Filter on 1/0/1 and 1/0/5 which will prevent BPDUs from being sent at all so that they are not detected on the other side. You are increasing your risk of causing a loop with this setup. If vlan 3 and vlan 5 accidentally get bridged somewhere else in the network where it would normally fix itself with spanning-tree, it might not be able to in this case. 

 

Hope that helps! 

-Bradley Selzer
CCIE# 60833
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card