Thank you Ben. I did configure MSTP and saw other issues with the config, but I don't believe that I tried VSTP. I'll give that a go this coming weekend. I appreciate your input!
------------------------ -----Original Message----- From: Ben Dale [mailto:bd...@comlinx.com.au] Sent: Monday, January 02, 2012 5:18 AM To: Paulhamus, Jon Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] SRX650 cluster - ethernet switching issue Hi John, > > My issue is that I have 2 trunk links on each firewall passing completely > different VLAN's but when I enable any form of spanning tree, I'm seeing one > of those links blocked (3 out of the 4 links get blocked by STP). I've tried > rstp, stp and mstp - all with the same issue. This is expected behaviour. Neither RSTP nor STP are VLAN-aware, so they simply see a topology containing 3 bridges (SRX, EX, EX-VC) in a loop and block the port "furtherest" from the root bridge. A simple fix would be VSTP (per-VLAN Spanning-Tree), but the SRX platform didn't support it last time I checked. You can use MSTP can solve this issue by allowing multiple forwarding topologies, but it will require specific configuration all three devices - if you simply enable it with defaults, it will behave exactly the same way as RSTP. Plenty of info on the specifics of MSTP can be found here: http://www.juniper.net/techpubs/en_US/junos9.4/topics/example/spanning-trees-ex-series-mstp-configuring.html http://kb.juniper.net/library/CUSTOMERSERVICE/technotes/8010065-001-EN.pdf Good luck! Ben _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
