Discussion in 'Cisco' started by pfisterfarm, Jun 24, 2011.

    I've got a situation where I need to connect two switches, a 4507R
    (our core switch) to a 3560, using two devices which are functioning
    as transparent bridges, connected in parallel. The devices are
    actually content filters (they're Lightspeed Rocket appliances if that
    makes any difference), and we'd like to have one online as a standby
    unit in case the first one fails. The only other thing connected to
    the 3560 is two PIX firewalls (active/standby) which are in a vlan
    from the core network. The two switch are EIGRP neighbors.

    I was hoping that spanning-tree would take care of selecting one
    device for production use and the other as a standby. When we tried
    it, there was no connectivity at all. It seemed like the switches were
    not agreeing on which device to use. Is there any way to maybe have
    the 4507R take care of the forwarding/blocking decisions and turn off
    spanning-tree on the 3560?
    pfisterfarm, Jun 24, 2011
    Mark Huizer Guest

    The wise pfisterfarm enlightened me with:
    What I've remember from quite a similar setup (but with different boxes,
    not sure anymore, Astaro or something like that) is that the boxes
    needed to specifically have spanning tree configured, which makes sense
    since SPT is a point-to-point thingy.
    I would ask your vendor or the producer of this appliance how to
    configure that.

    Mark Huizer, Jun 24, 2011
    alexd Guest

    Meanwhile, at the Job Justification Hearings,
    pfisterfarm chose the tried and tested strategy of:
    Do the content filters participate in STP at all? Ie, do they pass STP, do
    they block STP and not emit their own, or do they emit their own and not
    pass STP?
    alexd, Jun 25, 2011
