Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent bridge with STP

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mr_JinXM
      Mr_JinX
      last edited by Mr_JinX

      I'm trying to setup Pfsense as a transparent bridge to be able to protect a number of servers, I have setup the pfsense box inline in the sense that the IP address of the server does not change however it gets a new vlan tag of 1609 while the other end of the firewall gets the original vlan tag of 609 in an efford to put the firewall inline.

      stp.drawio.png

      My problem is that spanning tree is blocking one of the ports at the switch level which then stops the traffic flowing. I have enabled STP on the Cisco switch and on the pfsense firewall to no avail. I have also made the two advanced tuning setting changes for a transparent bridge with NAT disabled.

      Is there something wrong or do i have a concept problem?

      From the switch:

      2023 Jan 11 15:35:26 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN0609. Inconsistent peer vlan.
      2023 Jan 11 15:35:26 switch -BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN1609. Inconsistent local vlan.
      2023 Jan 11 15:35:42 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN1609. Port consistency restored.
      2023 Jan 11 15:35:42 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN0609. Port consistency restored.
      2023 Jan 11 15:36:02 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN0609. Inconsistent peer vlan.
      2023 Jan 11 15:36:02 switch %STP-2-BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN1609. Inconsistent local vlan.
      2023 Jan 11 15:36:36 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN1609. Port consistency restored.
      2023 Jan 11 15:36:36 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN0609. Port consistency restored.
      2023 Jan 11 15:37:43 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN1609. Inconsistent peer vlan.
      2023 Jan 11 15:37:43 switch %STP-2-BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN0609. Inconsistent local vlan.
      2023 Jan 11 15:38:20 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN1609. Port consistency restored.
      2023 Jan 11 15:38:20 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN0609. Port consistency restored.
      2023 Jan 11 15:38:22 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN0609. Inconsistent peer vlan.
      2023 Jan 11 15:38:22 Wswitch %STP-2-BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN1609. Inconsistent local vlan.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Hmm, so the switch sees the two VLANs bridged and complains. You could probably just disable STP on the switch. Or maybe block the STP traffic across the bridge. Or use two ports maybe?

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.