From owner-freebsd-net@FreeBSD.ORG Sat Feb 19 14:13:44 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C759C106566B for ; Sat, 19 Feb 2011 14:13:44 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 999E38FC13 for ; Sat, 19 Feb 2011 14:13:44 +0000 (UTC) Received: by iyb26 with SMTP id 26so4551080iyb.13 for ; Sat, 19 Feb 2011 06:13:44 -0800 (PST) Received: by 10.231.159.206 with SMTP id k14mr1374597ibx.170.1298124823895; Sat, 19 Feb 2011 06:13:43 -0800 (PST) Received: from kkPC (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 8sm2889719iba.22.2011.02.19.06.13.41 (version=SSLv3 cipher=OTHER); Sat, 19 Feb 2011 06:13:42 -0800 (PST) From: "kevin" To: "'Nikos Vassiliadis'" References: <000c01cbcf94$35e76e20$a1b64a60$@com> <4D5FAC16.7080207@gmx.com> In-Reply-To: <4D5FAC16.7080207@gmx.com> Date: Sat, 19 Feb 2011 09:13:23 -0500 Message-ID: <00a201cbd03f$2bdc3540$83949fc0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Content-Language: en-us Thread-Index: AcvQKeqyZBxgG7mZRTylwVuqC7AjegAFMI9g Cc: freebsd-net@freebsd.org Subject: RE: Bridging + VLANS + RSTP / MSTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Feb 2011 14:13:44 -0000 >Could you send your ifconfig bridge output from both firewalls? >If STP is turned off on the four switch ports that the firewalls are >patched, one of the two firewalls must be root of the spanning tree. I believe if you don't specify 'stp' in the rc.conf ifconfig statement, freebsd by default sets the bridge as 'rstp' : sdh-fw# ifconfig em0: flags=8843 metric 0 mtu 1500 options=9b ether 00:1b:21:23:5e:34 inet x.x.x.x netmask 0xffffffc0 broadcast x.x.x.255 media: Ethernet autoselect (1000baseT ) status: active bge0: flags=8943 metric 0 mtu 1500 options=9b ether 00:0b:cd:82:19:d3 media: Ethernet autoselect (1000baseT ) status: active bge1: flags=8943 metric 0 mtu 1500 options=9b ether 00:0b:cd:82:19:c0 media: Ethernet autoselect (1000baseT ) status: active lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 pflog0: flags=141 metric 0 mtu 33200 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 bridge0: flags=8843 metric 0 mtu 1500 ether 06:c7:a9:50:41:17 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: bge1 flags=143 ifmaxaddr 0 port 3 priority 128 path cost 55 member: bge0 flags=143 ifmaxaddr 0 port 2 priority 128 path cost 55 >Be sure that STP is *really* turned off on the switch, use tcpdump on the >physical ports for this. Should I just turn off STP for every port on the switch or just the ports connected to the bridge? >Be sure that the FreeBSD's BPDUs are forwarded by the switch, so the one >bridging firewall can exchange BPDUs with the other. I see now. I will try this again and tcpdump on the non-active firewall when I manually fail over during my next test. Thank you very much for clarifying! ~k