XG7100 - Internal Switch - Spanning Tree support?

jlacalamita

Looking to confirm one way or the other if spanning tree and BPDU generation is a feature of the XG7100 internal switch.

One of my colo ISPs will disable the upstream Internet switch port if they see BPDU from my XG7100 internal switch.

Can't find documentation on this anywhere. Hoping to avoid having to connect it to a host with tcpdump capabitly and figuring out.

If it is a feature how to disable/enable would be my next question.

Thanks

dragoangel

What about SPF port? You can ask your ISP give you a connection over it?
From quick reading of post https://forum.netgate.com/topic/103460/firewalling-mac-addresses/37 pfSense can't block L2 traffic by MAC, so SPF is easier way s

jlacalamita

Is not the integrated switch somewhat "external" to the OS and pf? The interface that the rules operate on in this case is a lagg interface ie. lagg0.4089 present/seen by the OS. Hooks in the GUI/OS via some utility/API allow switch configuration. Probably this:

etherswitchcfg -h
etherswitchcfg: illegal option -- h
usage: etherswitchctl
etherswitchcfg [-f control file] info
etherswitchcfg [-f control file] config command parameter
config commands: vlan_mode
etherswitchcfg [-f control file] phy phy.register[=value]
etherswitchcfg [-f control file] portX [flags] command parameter
port commands: pvid, media, mediaopt
etherswitchcfg [-f control file] reg register[=value]
etherswitchcfg [-f control file] laggroupX command parameter
laggroup commands: members
etherswitchcfg [-f control file] vlangroupX command parameter
vlangroup commands: vlan, members

I do not believe pf has direct control over what is generated/traversing the physical switch&ports. The switch just happens to be in the same chassis, uses same power supply and is hard wired to the SOC.

dragoangel

You have webconfigurator on interface tab to configure internal switch, if you need it

jlacalamita

I am still looking for a definitive answer on spanning tree capability of the embedded Marvell 6000 switch.
Will be using SPF for 10G switch connections and only a copper hand-off from ISP so not an option.
I am familiar with the GUI switch config, thx.

Derelict

No. It will pass it but not generate it.