Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    XG7100 - Internal Switch - Spanning Tree support?

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    6 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlacalamita
      last edited by

      Looking to confirm one way or the other if spanning tree and BPDU generation is a feature of the XG7100 internal switch.

      One of my colo ISPs will disable the upstream Internet switch port if they see BPDU from my XG7100 internal switch.

      Can't find documentation on this anywhere. Hoping to avoid having to connect it to a host with tcpdump capabitly and figuring out.

      If it is a feature how to disable/enable would be my next question.

      Thanks

      1 Reply Last reply Reply Quote 0
      • dragoangelD
        dragoangel
        last edited by dragoangel

        What about SPF port? You can ask your ISP give you a connection over it?
        From quick reading of post https://forum.netgate.com/topic/103460/firewalling-mac-addresses/37 pfSense can't block L2 traffic by MAC, so SPF is easier way s

        Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
        Unifi AP-AC-LR with EAP RADIUS, US-24

        1 Reply Last reply Reply Quote 0
        • J
          jlacalamita
          last edited by

          Is not the integrated switch somewhat "external" to the OS and pf? The interface that the rules operate on in this case is a lagg interface ie. lagg0.4089 present/seen by the OS. Hooks in the GUI/OS via some utility/API allow switch configuration. Probably this:

          etherswitchcfg -h
          etherswitchcfg: illegal option -- h
          usage: etherswitchctl
          etherswitchcfg [-f control file] info
          etherswitchcfg [-f control file] config command parameter
          config commands: vlan_mode
          etherswitchcfg [-f control file] phy phy.register[=value]
          etherswitchcfg [-f control file] portX [flags] command parameter
          port commands: pvid, media, mediaopt
          etherswitchcfg [-f control file] reg register[=value]
          etherswitchcfg [-f control file] laggroupX command parameter
          laggroup commands: members
          etherswitchcfg [-f control file] vlangroupX command parameter
          vlangroup commands: vlan, members

          I do not believe pf has direct control over what is generated/traversing the physical switch&ports. The switch just happens to be in the same chassis, uses same power supply and is hard wired to the SOC.

          1 Reply Last reply Reply Quote 0
          • dragoangelD
            dragoangel
            last edited by

            You have webconfigurator on interface tab to configure internal switch, if you need it

            Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
            Unifi AP-AC-LR with EAP RADIUS, US-24

            1 Reply Last reply Reply Quote 0
            • J
              jlacalamita
              last edited by

              I am still looking for a definitive answer on spanning tree capability of the embedded Marvell 6000 switch.
              Will be using SPF for 10G switch connections and only a copper hand-off from ISP so not an option.
              I am familiar with the GUI switch config, thx.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                No. It will pass it but not generate it.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.