Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    XG7100 - Internal Switch - Spanning Tree support?

    Official Netgate® Hardware
    3
    6
    112
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlacalamita last edited by

      Looking to confirm one way or the other if spanning tree and BPDU generation is a feature of the XG7100 internal switch.

      One of my colo ISPs will disable the upstream Internet switch port if they see BPDU from my XG7100 internal switch.

      Can't find documentation on this anywhere. Hoping to avoid having to connect it to a host with tcpdump capabitly and figuring out.

      If it is a feature how to disable/enable would be my next question.

      Thanks

      1 Reply Last reply Reply Quote 0
      • dragoangel
        dragoangel last edited by dragoangel

        What about SPF port? You can ask your ISP give you a connection over it?
        From quick reading of post https://forum.netgate.com/topic/103460/firewalling-mac-addresses/37 pfSense can't block L2 traffic by MAC, so SPF is easier way s

        1 Reply Last reply Reply Quote 0
        • J
          jlacalamita last edited by

          Is not the integrated switch somewhat "external" to the OS and pf? The interface that the rules operate on in this case is a lagg interface ie. lagg0.4089 present/seen by the OS. Hooks in the GUI/OS via some utility/API allow switch configuration. Probably this:

          etherswitchcfg -h
          etherswitchcfg: illegal option -- h
          usage: etherswitchctl
          etherswitchcfg [-f control file] info
          etherswitchcfg [-f control file] config command parameter
          config commands: vlan_mode
          etherswitchcfg [-f control file] phy phy.register[=value]
          etherswitchcfg [-f control file] portX [flags] command parameter
          port commands: pvid, media, mediaopt
          etherswitchcfg [-f control file] reg register[=value]
          etherswitchcfg [-f control file] laggroupX command parameter
          laggroup commands: members
          etherswitchcfg [-f control file] vlangroupX command parameter
          vlangroup commands: vlan, members

          I do not believe pf has direct control over what is generated/traversing the physical switch&ports. The switch just happens to be in the same chassis, uses same power supply and is hard wired to the SOC.

          1 Reply Last reply Reply Quote 0
          • dragoangel
            dragoangel last edited by

            You have webconfigurator on interface tab to configure internal switch, if you need it

            1 Reply Last reply Reply Quote 0
            • J
              jlacalamita last edited by

              I am still looking for a definitive answer on spanning tree capability of the embedded Marvell 6000 switch.
              Will be using SPF for 10G switch connections and only a copper hand-off from ISP so not an option.
              I am familiar with the GUI switch config, thx.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                No. It will pass it but not generate it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy