• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Transparent bridge with STP

General pfSense Questions
2
2
512
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Mr_JinX
    last edited by Mr_JinX Jan 11, 2023, 2:45 PM Jan 11, 2023, 2:40 PM

    I'm trying to setup Pfsense as a transparent bridge to be able to protect a number of servers, I have setup the pfsense box inline in the sense that the IP address of the server does not change however it gets a new vlan tag of 1609 while the other end of the firewall gets the original vlan tag of 609 in an efford to put the firewall inline.

    🔒 Log in to view

    My problem is that spanning tree is blocking one of the ports at the switch level which then stops the traffic flowing. I have enabled STP on the Cisco switch and on the pfsense firewall to no avail. I have also made the two advanced tuning setting changes for a transparent bridge with NAT disabled.

    Is there something wrong or do i have a concept problem?

    From the switch:

    2023 Jan 11 15:35:26 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN0609. Inconsistent peer vlan.
    2023 Jan 11 15:35:26 switch -BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN1609. Inconsistent local vlan.
    2023 Jan 11 15:35:42 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN1609. Port consistency restored.
    2023 Jan 11 15:35:42 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN0609. Port consistency restored.
    2023 Jan 11 15:36:02 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN0609. Inconsistent peer vlan.
    2023 Jan 11 15:36:02 switch %STP-2-BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN1609. Inconsistent local vlan.
    2023 Jan 11 15:36:36 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN1609. Port consistency restored.
    2023 Jan 11 15:36:36 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN0609. Port consistency restored.
    2023 Jan 11 15:37:43 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN1609. Inconsistent peer vlan.
    2023 Jan 11 15:37:43 switch %STP-2-BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN0609. Inconsistent local vlan.
    2023 Jan 11 15:38:20 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN1609. Port consistency restored.
    2023 Jan 11 15:38:20 switch %STP-2-UNBLOCK_CONSIST_PORT: Unblocking port port-channel21 on VLAN0609. Port consistency restored.
    2023 Jan 11 15:38:22 switch %STP-2-BLOCK_PVID_PEER: Blocking port-channel21 on VLAN0609. Inconsistent peer vlan.
    2023 Jan 11 15:38:22 Wswitch %STP-2-BLOCK_PVID_LOCAL: Blocking port-channel21 on VLAN1609. Inconsistent local vlan.

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jan 11, 2023, 9:15 PM

      Hmm, so the switch sees the two VLANs bridged and complains. You could probably just disable STP on the switch. Or maybe block the STP traffic across the bridge. Or use two ports maybe?

      Steve

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.