Wireless Access

Bridging layer 2 is great over GRE, but when I create a layer 2 loop with a GRE tunnel spantree does not seem to block the loop

 

Anyone resolved this?

What version of code are you running?

Anybody feel free to tell me I'm wrong, but I'm pretty sure the L2 GREs don't forward STP. Therefore, you can't block loops down them using it.

You are correct, Racking.  Tunnel interfaces do not even show up in an STP forwarding table.

I am on the latest code version 6, is there any way around this or should I look for a layer 3 solution. This is all about a pair of internal controllers connecting to a pair of external controllers in a mesh of tunnels and bridging a common vlan. It would be nice if my network architect would allow me to use dot1q so I could bridge multiple vlans up from internal to dmz, frankly tunnelling through a firewall like this sort of achieves the same thing except I can't seem to run a trunk over a tunnel (maybe a solution there for a design problem on my part).. But he is the boss! And I DO respect that! Any thoughts?

If you want to stick with L2 instead of L3, and get resilience, what about setting the external end of the tunnels destined to a VRRP on the main controllers? Then each internal just has one tunnel going to the VRRP? Can't see why you'd need a tunnel between the internals? Depends on the main network topology I guess.

 

Maybe try that?

That idea is very cool. I have seen this kind of approach before with Cisco vpn termination on two routers.... Didn't even cross my mind in this context. Good thinking that man! Sorry you are right I didn't tunnel between the internals. I'll mull that one over :-)