VLANs / Bridging / BPDU

Peter Wood peter at alastria.net
Thu Sep 1 20:57:48 GMT 2005 

Evening,

I'm having an issue with using vlans and bridging. The issue is probably 
something that can be fixed in either FreeBSD or in the Cisco IOS.

I'll explain what I have. I've got a external router that's sitting on 
vlan 20, also on 20 is a FreeBSD gateway which I intend to use as a 
firewall for the raw internet. The gateway also sits on 10 to pass the 
data to the machines protected by it.

Or that was the plan anyway, a shortened (snipped media/mac) version of 
my ifconfig is as follows:

raw0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         status: active
         vlan: 20 parent interface: em0
dmz0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         inet 10.3.0.101 netmask 0xfff80000 broadcast 10.7.255.255
         status: active
         vlan: 10 parent interface: em0

So the idea is raw0 (renamed vlan interface) accepts the traffic from 
the router, lets ipfw do it's work and then spits it back out via dmz0. 
As you can see both cloned vlan interfaces are on em0 on a 802.1Q trunk 
to a Cisco 2950.

I am however having an issue with BPDU, the Cisco recognizes what it 
considers to be a loop in the topology. What I assume is that the Cisco 
is sending a BPDU packet out on VLAN10, the FreeBSD machine is passing 
that packet back out via VLAN20 (as I guess the bridge should), which 
the Cisco receives again, assumes a switch loop and blocks both of the 
vlan interfaces.

Cisco errors are as follows:

%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 
20 on GigabitEthernet0/1 VLAN10.
%SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/1 on VLAN0020. 
Inconsistent peer vlan.
%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on VLAN0010. 
Inconsistent local vlan.

Now after writing this I'm thinking it's more a switch issue then a 
FreeBSD one, especially as the only other hit for the first Cisco 
message (apart from Cisco docs) is a thread for linux describing exactly 
the same problem with their bridging.

Of which can be seen at:
http://www.mail-archive.com/bridge@lists.osdl.org/msg00147.html

However if anyone has any suggestions or has seen this issue, I'd be 
very greatful. Would it be possible to get the bridge to block BPDU 
(ugly hack I'm sure).

Cheers,

Pete.
-- 
Peter Wood BSc (Hons) :: <peter at alastria.net> :: Tel +44 1606 828010

More information about the freebsd-net mailing list