Wireless Access

Reply
Frequent Contributor II

Spanning Tree & layer 2 loops on GRE tunnels

Bridging layer 2 is great over GRE, but when I create a layer 2 loop with a GRE tunnel spantree does not seem to block the loop

 

Anyone resolved this?

Aruba Employee

Re: Spanning Tree & layer 2 loops on GRE tunnels

What version of code are you running?

Re: Spanning Tree & layer 2 loops on GRE tunnels

Anybody feel free to tell me I'm wrong, but I'm pretty sure the L2 GREs don't forward STP. Therefore, you can't block loops down them using it.

Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba Employee

Re: Spanning Tree & layer 2 loops on GRE tunnels

You are correct, Racking.  Tunnel interfaces do not even show up in an STP forwarding table.

Frequent Contributor II

Re: Spanning Tree & layer 2 loops on GRE tunnels

I am on the latest code version 6, is there any way around this or should I look for a layer 3 solution. This is all about a pair of internal controllers connecting to a pair of external controllers in a mesh of tunnels and bridging a common vlan. It would be nice if my network architect would allow me to use dot1q so I could bridge multiple vlans up from internal to dmz, frankly tunnelling through a firewall like this sort of achieves the same thing except I can't seem to run a trunk over a tunnel (maybe a solution there for a design problem on my part).. But he is the boss! And I DO respect that! Any thoughts?

Re: Spanning Tree & layer 2 loops on GRE tunnels

If you want to stick with L2 instead of L3, and get resilience, what about setting the external end of the tunnels destined to a VRRP on the main controllers? Then each internal just has one tunnel going to the VRRP? Can't see why you'd need a tunnel between the internals? Depends on the main network topology I guess.

 

Maybe try that?

Kudos appreciated, but I'm not hunting! (ACMX 104)
Frequent Contributor II

Re: Spanning Tree & layer 2 loops on GRE tunnels

That idea is very cool. I have seen this kind of approach before with Cisco vpn termination on two routers.... Didn't even cross my mind in this context. Good thinking that man! Sorry you are right I didn't tunnel between the internals. I'll mull that one over :-)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: