STP active per default?

sgw

At a customer I run a Netgate 1100 with pfSense-23.05 and a rather simple WAN/LAN setup. No VLANs (aside from the underlying "default VLANs" for WAN/LAN).

A few days ago the switch ports were disabled because the bpduguard noticed BPDUs coming from the pfSense. Is that possible?

How could I check that, how can I disable that? Searched the forum and the docs, only found pointers to network bridges, which I don't have.

Could it somehow be related to the fact that WAN and LAN basically have the same MAC on a SG-1100 (sharing the same switch under the hood)?

JKnott

@sgw

Many switches use STP or similar proprietary to avoid loops, so yes it's possible. There may be something in the config for it to disable STP, but I'm not familiar with that hardware.

stephenw10

The switch i the 1100 does not support STP. I assume the ports you saw shutdown were on some other attached switch?

sgw

@stephenw10 ah, interesting.

The upstream admins noticed BPDUs on the ports where the SG110 is plugged in.

I have to ask in more detail what happened.

What might be an issue:

both WAN and LAN are plugged into the same switch, but 2 VLANs: upstream connectivity is realized in one VLAN, and the LAN behind the pfsense is realized with 4 other ports and another VLAN.

In that LAN there are 2 servers running QEMU/KVM on network bridges. brctl show shows STP off there, but maybe these servers play a role here.

The network admins recommend to disable STP. And I don't know where ;-)

stephenw10

Definitely not the 1100 internal switch. But, yes, could be a bridge somewhere if you have any defined. Bridges in pfSense do support STP.