Redundant Dot1Q Tunnels

Hello group,

I have requirement that needs redundant Dot1Q Tunnels between switches:

SW1===FastEthernet===SW2
SW1===GigabitEthernet===SW2

SW1 is configured with normal dot1q trunks. SW2 is configured with dot1q
tunnel.

I made a test in the lab and this setup creates a spanning-tree loop. This
is because SW2 has bpdu filtering enabled. And this is internal, the command
"spanning-tree bpdufilter disable" doesn't have any effect.

In the lab I made the test with FastEthernet interfaces only:

SW1===F0/13===F0/13===SW2
SW1===F0/14===F0/14===SW2

+++++++++++++++++
SW1 the CE switch
+++++++++++++++++
SW1#sh run int f0/13
Building configuration...

Current configuration : 150 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20
 switchport mode trunk
 load-interval 30
end

SW1#sh run int f0/14
Building configuration...

Current configuration : 150 bytes
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20
 switchport mode trunk
 load-interval 30
end

SW1#

+++++++++++++++++
SW2 the PE switch
+++++++++++++++++
SW2#sh run int f0/13
Building configuration...

Current configuration : 140 bytes
!
interface FastEthernet0/13
 switchport access vlan 100
 switchport mode dot1q-tunnel
 no cdp enable
 spanning-tree bpdufilter enable
end

SW2#
SW2#sh run int f0/14
Building configuration...

Current configuration : 141 bytes
!
interface FastEthernet0/14
 switchport access vlan 100
 switchport mode dot1q-tunnel
 no cdp enable
 spanning-tree bpdufilter disable
end

SW2#

+++++++++++++++++
bpdufilter disable has no effect
+++++++++++++++++
SW2#sh spanning-tree int f0/13 detail
 Port 15 (FastEthernet0/13) of VLAN0100 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.15.
   Designated root has priority 32868, address 000f.f76d.ac80
   Designated bridge has priority 32868, address 001f.2711.d580
   Designated port id is 128.15, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   Bpdu filter is enabled internally <-----------------------------
   BPDU: sent 0, received 0
SW2#
SW2#sh spanning-tree int f0/14 detail
 Port 16 (FastEthernet0/14) of VLAN0100 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.16.
   Designated root has priority 32868, address 000f.f76d.ac80
   Designated bridge has priority 32868, address 001f.2711.d580
   Designated port id is 128.16, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   Bpdu filter is enabled internally <-----------------------------
   BPDU: sent 0, received 0
SW2#

This creates a loop, both SW1 and SW2 are forwarding on both links for all
vlans involved (10 and 20 on the CE side and 100 on the PE side).

This is the kind of messages we never want to see in our lives but it
happens :)

*Mar 1 01:26:53.402: %SW_MATM-4-MACFLAP_NOTIF: Host 0011.21c4.5d00 in vlan
10 is flapping between port Fa0/13 and port Fa0/14
*Mar 1 01:26:53.947: %SW_MATM-4-MACFLAP_NOTIF: Host 0011.21c4.5d00 in vlan
20 is flapping between port Fa0/13 and port Fa0/14

In the real scenario, I have a 1Gbps link between the switches and a 200Mbps
port-channel as well. The objective is to have the 200M backup if the 1G
fails.

If I'm not wrong, this is impossible to achieve. Or am I missing something ?

Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
amsoares_at_netcabo.pt
http://www.ccie18473.net

Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 26 2013 - 00:06:36 ART