Hi Ross, On 29 Apr 2015, at 1:43 am, Ross Vandegrift <r...@kallisti.us> wrote:
> Hi all, > > The documentation for SRX secure wire has thrown me for a loop. It > says: secure wire is a kind of transparent mode, and transparent mode > interfaces pass all ARP and non-IP broadcast/multicast. So a secure > wire should pass BPDUs and LACPDUs. > > I think that's a mistake. If both secure wire interfaces land on the > same switch, RSTP/MSTP ought to block one of the interfaces. Separate > switches won't help if both are multihomed to common distribution > switches. The secure wire will look like two edge interfaces were > cabled together, and RSTP/MSTP will block. > > I setup a test with two ex4200s and a secure wire between them. No > BPDUs or LACPDUs make it across. Seems good, but now I'm nervous > that the behavior doesn't match the documentation. > > Have I missed something? Case is open, but it stalled at the repeat > the documentation stage. > > https://www.juniper.net/techpubs/en_US/junos12.3x48/topics/concept/layer-2-secure-wire-understanding.html > > Ross > The doco needs a slight update (or better yet, a cross-reference) to the link below. In the documentation for Transparent Mode, it mentions the Layer 2 bridging exceptions on SRX that apply when using a bridge-domain for transparent-mode, which is the same method SecureWire uses for tying interfaces together. http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/layer-2/index.html?topic-52744.html You'll see there that xSTP is specifically called out. Cheers, Ben _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp