On Tue, 8 Dec 2020 at 10:39, BASSAGET Cédric <[email protected]> wrote: > > Hello, > > I need to interconnect two L2 domains. I was planning to use a me3600 for > this : > > interface port-channel 1 > ... > service instance 1439 ethernet > encapsulation dot1q 1439 second-dot1q 1-4094 > rewrite ingress tag pop 1 > bridge-domain 1439 > ! > service instance 1440 ethernet > encapsulation dot1q 1440 second-dot1q 1-4094 > rewrite ingress tag pop 1 > bridge-domain 1439 > ! > > Works fine, hosts on same C-VLAN on both sides of bridge-domain can ping. > > As I need my interconnection to be STP-transparent, I tried to add > "l2protocol forward stp" on these 2 EVCs. > > This resulted in side effects on my backbone, and I saw STP events on the > other side of my port-channel (n3k switch) : > 2020 Dec 8 06:32:37 N3K-eqx-pa3-1 %STP-2-BLOCK_PVID_LOCAL: Blocking > port-channel1 on MST0000. Inconsistent local vlan. > > Question : why is the port-channel affected by l2protocol forward on an EVC > ? > > I guess I'll have to remove the "second-dot1q 1-4094" to allow untagged > trafic on EVCs, and make L2CP work correctly. > > Is this the right way to do ? > Thanks for your help. > Regards, > Cédric
Hi Cédric, STP frames aren't really supposed to be VLAN tagged so the STP frames won't match your encapsulation statements; "encapsulation dot1q 1439 second-dot1q 1-4094" or "encapsulation dot1q 1440 second-dot1q 1-4094" unless you are VLAN tagging your STP frames. If you match untagged frames into the bridge domain that might work, but the error you have provided is on your Nexus device: > 2020 Dec 8 06:32:37 N3K-eqx-pa3-1 %STP-2-BLOCK_PVID_LOCAL: Blocking > port-channel1 on MST0000. Inconsistent local vlan. What does this mean; has the Nexus received no BPDUs so it's blocked the port, because it was expected BPDUs? Also it looks to me like your Nexus is running MSTP - where are the STP frames coming from on the ME3600 side, the ME3600 itself or another device? Are you mixing STP and MSTP, or is this because the Nexus only supports MSTP? My two pence is that you should try to re-design this solution. I don't know why you'd have STP frames being allowed through the port-channel, and S-VLANs 1439 and 1440 only, but then have other S-VLANs being bridged somewhere else. If everything that comes into the port-channel can go to the Nexus just relax the EVC encapsulations to capture everything. It sounds to me like the L2 topology is being split by this ME3600, so I'd definitely try and find another design instead. Cheers, James. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
