From owner-freebsd-net@FreeBSD.ORG  Tue Feb 22 12:20:47 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 583E81065679
	for <freebsd-net@freebsd.org>; Tue, 22 Feb 2011 12:20:47 +0000 (UTC)
	(envelope-from k@kevinkevin.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 265988FC08
	for <freebsd-net@freebsd.org>; Tue, 22 Feb 2011 12:20:46 +0000 (UTC)
Received: by iyj12 with SMTP id 12so1850570iyj.13
	for <freebsd-net@freebsd.org>; Tue, 22 Feb 2011 04:20:46 -0800 (PST)
Received: by 10.42.217.132 with SMTP id hm4mr1271245icb.93.1298377246394;
	Tue, 22 Feb 2011 04:20:46 -0800 (PST)
Received: from kkPC (not.enough.unixsluts.com [76.10.166.187])
	by mx.google.com with ESMTPS id d21sm6204308ibg.15.2011.02.22.04.20.41
	(version=SSLv3 cipher=OTHER); Tue, 22 Feb 2011 04:20:42 -0800 (PST)
From: "kevin" <k@kevinkevin.com>
To: "'Tom Judge'" <tom@tomjudge.com>
References: <000c01cbcf94$35e76e20$a1b64a60$@com>
	<4D5FAC16.7080207@gmx.com>	<00a201cbd03f$2bdc3540$83949fc0$@com>
	<4D5FD91F.20704@gmx.com>	<4D5FDCF1.6050909@gmx.com>
	<00a501cbd04f$2276b5b0$67642110$@com> <4D5FFE9C.30005@tomjudge.com>
In-Reply-To: <4D5FFE9C.30005@tomjudge.com>
Date: Tue, 22 Feb 2011 07:20:36 -0500
Message-ID: <003f01cbd28a$ea03d2b0$be0b7810$@com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Content-Language: en-us
Thread-Index: AcvQWvebJ/t04wk6Qr+mKJ8/6bZOlgCLzM0g
Cc: freebsd-net@freebsd.org, 'Nikos Vassiliadis' <nvass@gmx.com>
Subject: RE: Bridging + VLANS + RSTP / MSTP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2011 12:20:47 -0000

>There is a also the caveat:  The switch will probably _not_ forward the STP
BPDU's from one port to another. 

You were correct -- my initial testing confirmed this. Would the same issue
arise if I employed a gateway IP on the /bridge/ instead, and used CARP as a
failover mechanism? The firewall no longer becomes transparent pass
through/firewall. I have not done carp with bridges and I'm not 100% certain
the same STP forwarding problems wouldn't arise, even with an IP assigned.

Such as :

[switch 1 (vlan 1)]
   |       |
 [fw1 gw1] -- CARP -- [fw2 gw1]
   |       |
[switch 1 (vlan 2)]


Thanks,

Kevin